MatthewJDavis’s gists

MatthewJDavis / main.tf

Last active December 15, 2021 16:29

Terraform example using Azure blob storage for backend state.

	terraform {
	required_providers {
	azuread = {
	version = "=1.6.0"
	}
	}
	backend "azurerm" {
	key = "msgraphapp.tfstate"
	resource_group_name = "terraform-state-demo"
	storage_account_name = "update-with-storage-account-name"

MatthewJDavis / terraform.tfvars

Last active November 30, 2021 20:53

Variable file for Azure AD app with secret.

	application_name="MS Graph Directory Role Application"
	homepage_url = "https://localhost"
	logout_url = "https://localhost/logout"
	identifier_uris = ["https://msgdra"]
	redirect_uris = ["https://msgdra/"]

MatthewJDavis / main.tf

Last active November 30, 2021 20:53

Terraform Azure AD application.

MatthewJDavis / Get-GlobalAdminUPN.ps1

Last active July 6, 2021 23:00

Azure AD priv roles

	# Script to get all User Principal Names of users in the Global Administrators role in Azure Active Directory.
	# Uses the MSGraph beta endpoint and requires the correct permissions to access the data. See: https://docs.microsoft.com/en-us/graph/api/rbacapplication-list-roledefinitions?view=graph-rest-beta&tabs=http#permissions.

	Select-MgProfile -Name "beta"
	Connect-MgGraph -Scopes 'RoleManagement.Read.Directory'

	$memberList = [System.Collections.Generic.List[string]]::new()
	$roleId = (Get-MgDirectoryRole -Filter "DisplayName eq 'Global Administrator'").Id
	$userList = Get-MgDirectoryRoleMember -DirectoryRoleId $roleId

MatthewJDavis / psMSGraphModule.ps1

Last active June 11, 2021 22:22

PowerShell MS Graph Module useful commans

	# Don't use MS Account, use account in AzureAD
	Install-Module microsoft.graph
	Select-MgProfile -Name "beta"
	Connect-MgGraph -Scopes "User.Read.All"

	# View auth commands
	Get-Command -Module Microsoft.Graph.Authentication

	# Check scopes
	# Permission: https://docs.microsoft.com/en-us/graph/permissions-reference

MatthewJDavis / Get-MDOktaGroupMember.ps1

Created April 5, 2021 21:59

Use PowerShell to get the members of an Okta group

	# Returns the login names of all the user in a specified Okta group.
	# Requires an API token to be generated: https://developer.okta.com/docs/guides/create-an-api-token/overview/

	$apiToken = Get-Secret -Name 'okta-api-token'
	$oktaUri = 'example-admin.okta.com'
	$groupId = ''
	$uri = "https://$oktaUri/api/v1/groups/$groupId/users"

	$headers = @{
	'Authorization' = "SSWS $apiToken"

MatthewJDavis / Get-EmailFromString.ps1

Last active March 3, 2021 00:24

Use regex to extract an email address from a sting in PowerShell

	# Extract just the email address of user from string.

	$regex = "[a-z0-9!#\$%&'+/=?^_`{\|}~-]+(?:\.[a-z0-9!#\$%&'+/=?^_`{\|}~-]+)@(?:[a-z0-9](?:[a-z0-9-][a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?"
	$userList = 'Mick Jagger <[email protected]>', 'Keith Richards [email protected]', 'Ronnie W [[email protected]]'
	$emailList = [System.Collections.Generic.List[string]]::new()

	foreach ($user in $userList) {
	$user -match $regex \| Out-Null
	$emailList.Add($Matches.values)
	}

MatthewJDavis / get-aws-cw-target-id.sh

Created February 4, 2021 14:06

Get ID of AWS cloudwatch event target

	# To use the terraform import aws_cloudwatch_event_target provider, we need the rule name and target ID. To find the target ID,
	# run the following with the AWS cli.

	aws events list-targets-by-rule --rule "ruleName"

	# This will return the following and the ID can be used to import the resource.

	#{
	# "Targets": [
	# {

MatthewJDavis / main.tf

Created January 28, 2021 22:11

Main terraform file for okta app

	terraform {
	required_providers {
	okta = {
	source = "oktadeveloper/okta"
	version = "~> 3.6"
	}
	}
	}

	# Configure the Okta Provider - API token set in env var.

MatthewJDavis / variables.tf

Last active January 28, 2021 23:10

Vars for the okta app demo

Matthew Davis MatthewJDavis