Skip to content

Instantly share code, notes, and snippets.

View MattHealy's full-sized avatar

Matt Healy MattHealy

18 followers · 18 following
View GitHub Profile
@MattHealy
MattHealy / README.md
Created August 7, 2016 02:11 — forked from leonardofed/README.md
A curated list of AWS resources to prepare for the AWS Certifications


A curated list of AWS resources to prepare for the AWS Certifications

A curated list of awesome AWS resources you need to prepare for the all 5 AWS Certifications. This gist will include: open source repos, blogs & blogposts, ebooks, PDF, whitepapers, video courses, free lecture, slides, sample test and many other resources.

Index:

@MattHealy
MattHealy / envelope_encryption_kms_boto_pycrypto.md
Created August 7, 2016 11:57 — forked from pmp/envelope_encryption_kms_boto_pycrypto.md
Envelope Encryption using AWS KMS, Python Boto, and PyCrypto.

If you use Amazon AWS for nearly anything, then you are probably familiar with KMS, the Amazon Key Management Service.

KMS is a service which allows API-level access to cryptographic primitives without the expense and complexity of a full-fledged HSM or CloudHSM implementation. There are trade-offs in that the key material does reside on servers rather than tamper-proof devices, but these risks should be acceptable to a wide range of customers based on the care Amazon has put into the product. You should perform your own diligence on whether KMS is appropriate for your environment. If the security profile is not adequate, you should consider a stronger product such as CloudHSM or managing your own HSM solutions.

The goal here is to provide some introductory code on how to perform envelope encrypt a message using the AWS KMS API.

KMS allows you to encrypt messages of up to 4kb in size directly using the encrypt()/decrypt() API. To exceed these limitations, you must use a technique called "envelope encryptio

@MattHealy
MattHealy / s3.pl
Created August 23, 2016 05:38
A little Perl subroutine for signing an Amazon S3 URL
sub AmazonSignURL() {
my ($url,$expiresin,$key,$secret) = @_;
use Digest::SHA qw(hmac_sha1_base64);
use URI::Escape;
my $expires = time() + $expiresin;
my $path = $url;
@MattHealy
MattHealy / remove_public.py
Created September 22, 2016 05:27
Python script to remove public access from all objects in an AWS S3 bucket
#!/usr/bin/env python
#remove public read right for all keys within a directory
#usage: remove_public.py bucketName folderName
import sys
import boto
from boto import connect_s3
@MattHealy
MattHealy / listkeys.py
Created January 6, 2017 00:14
List redis keys and their contents
#!/usr/bin/env python
import json
import redis
keys = []
r = redis.StrictRedis(host = 'localhost')
for key in r.keys():
keys.append(key)
@MattHealy
MattHealy / encrypt_all_objects.py
Created June 26, 2017 02:05
Python script to encrypt all existing objects in an S3 bucket
#!/usr/bin/env python
# set SSE on all existing objects
#usage: encrypt_all_objects.py bucketname
import sys
import boto
from boto import connect_s3
@MattHealy
MattHealy / how-to-setup-lambda-to-talk-to-internet-and-vpc.md
Created June 27, 2017 00:59 — forked from reggi/how-to-setup-lambda-to-talk-to-internet-and-vpc.md

How to setup AWS lambda function to talk to the internet and VPC

I'm going to walk you through the steps for setting up a AWS Lambda to talk to the internet and a VPC. Let's dive in.

So it might be really unintuitive at first but lambda functions have three states.

  1. No VPC, where it can talk openly to the web, but can't talk to any of your AWS services.
  2. VPC, the default setting where the lambda function can talk to your AWS services but can't talk to the web.
  3. VPC with NAT, The best of both worlds, AWS services and web.
@MattHealy
MattHealy / rotate-ami-launch-config.sh
Created August 8, 2017 12:43
Update an existing AWS Launch Configuration to use a new AMI image
#!/bin/bash
oldconfigname="$1"
newconfigname="$2"
ami="$3"
KEYNAME="my_keypair_name"
ASGROUP="my_autoscaling_group_name"
SECURITYGROUP="sg-1234"
INSTANCETYPE="t2.micro"
@MattHealy
MattHealy / config
Created October 23, 2017 05:02 — forked from justinpawela/config
AWS CodeCommit Multiple Account Config
# This file is: ~/.ssh/config
# You may have other (non-CodeCommit) SSH credentials stored in this
# config file – in addition to the CodeCommit settings shown below.
# NOTE: Make sure to run [ chmod 600 ~/.ssh/config ] after creating this file!
# Credentials for Account1
Host awscc-account1 # 'awscc-account1' is a name you pick
Hostname git-codecommit.us-east-1.amazonaws.com # This points to CodeCommit in the 'US East' region
@MattHealy
MattHealy / .bash_profile
Created October 23, 2017 05:08
Add to .bash_profile for AWS profile switching
switch() {
export AWS_DEFAULT_PROFILE=$1
PS1="\h:\W \u\$ ($1)$ "
}