Skip to content

Instantly share code, notes, and snippets.

View MattHealy's full-sized avatar

Matt Healy MattHealy

View GitHub Profile
@obeattie
obeattie / s3signurl.py
Created July 19, 2011 10:27
Quick, dirty Python script that spits out a signed url for Amazon S3
#!/usr/bin/env python
import optparse
import sys
from boto.s3.connection import S3Connection
def sign(bucket, path, access_key, secret_key, https, expiry):
c = S3Connection(access_key, secret_key)
return c.generate_url(
expires_in=long(expiry),
@mzupan
mzupan / lambda.py
Last active June 8, 2021 05:19
AWS Lambda job to backup RDS instances
import boto3
import datetime
def lambda_handler(event, context):
print("Connecting to RDS")
client = boto3.client('rds')
print("RDS snapshot backups stated at %s...\n" % datetime.datetime.now())
client.create_db_snapshot(
DBInstanceIdentifier='web-platform-slave',
@pmp
pmp / envelope_encryption_kms_boto_pycrypto.md
Last active November 17, 2021 16:35
Envelope Encryption using AWS KMS, Python Boto, and PyCrypto.

If you use Amazon AWS for nearly anything, then you are probably familiar with KMS, the Amazon Key Management Service.

KMS is a service which allows API-level access to cryptographic primitives without the expense and complexity of a full-fledged HSM or CloudHSM implementation. There are trade-offs in that the key material does reside on servers rather than tamper-proof devices, but these risks should be acceptable to a wide range of customers based on the care Amazon has put into the product. You should perform your own diligence on whether KMS is appropriate for your environment. If the security profile is not adequate, you should consider a stronger product such as CloudHSM or managing your own HSM solutions.

The goal here is to provide some introductory code on how to perform envelope encrypt a message using the AWS KMS API.

KMS allows you to encrypt messages of up to 4kb in size directly using the encrypt()/decrypt() API. To exceed these limitations, you must use a technique called "envelope encryptio

How to setup AWS lambda function to talk to the internet and VPC

I'm going to walk you through the steps for setting up a AWS Lambda to talk to the internet and a VPC. Let's dive in.

So it might be really unintuitive at first but lambda functions have three states.

  1. No VPC, where it can talk openly to the web, but can't talk to any of your AWS services.
  2. VPC, the default setting where the lambda function can talk to your AWS services but can't talk to the web.
  3. VPC with NAT, The best of both worlds, AWS services and web.
@leonardofed
leonardofed / README.md
Last active November 14, 2024 13:37
A curated list of AWS resources to prepare for the AWS Certifications


A curated list of AWS resources to prepare for the AWS Certifications

A curated list of awesome AWS resources you need to prepare for the all 5 AWS Certifications. This gist will include: open source repos, blogs & blogposts, ebooks, PDF, whitepapers, video courses, free lecture, slides, sample test and many other resources.


@crazygit
crazygit / get_autosaling_name.sh
Created April 14, 2017 06:54
get aws ec2 autoscaling group name
# get current ec2 AutoScaling group name
# note: change region option as yours
aws autoscaling describe-auto-scaling-instances --region us-east-1 --output text --query=AutoScalingInstances[].AutoScalingGroupName --instance-ids=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
@jthomerson
jthomerson / delete-all-cloudsearch-documents.sh
Created April 24, 2017 14:50
Delete all CloudSearch documents in a given domain
#!/bin/bash
# This script will delete *all* documents in a CloudSearch domain.
# USE WITH EXTREME CAUTION
# Note: depends on the AWS CLI SDK being installed, as well as jq
# For jq, see: https://stedolan.github.io/jq/ and https://jqplay.org/
if [[ ! $# -eq 2 || $1 != "--doc-domain" || ! $2 =~ ^https://.*$ ]]; then
echo "Must define --doc-domain argument (e.g. --doc-domain https://somedomain.aws.com)";