Skip to content

Instantly share code, notes, and snippets.

View acumenix's full-sized avatar

Acumenix acumenix

77 followers · 1.9k following
View GitHub Profile
@mstemm
mstemm / JQ Filters for K8s Audit Events
Last active November 30, 2023 00:43
# Split all objects and pass them to each filter below
# Create/Delete Namespace
(select(.verb == "create" and .objectRef.resource=="namespaces") |
"[" + .stageTimestamp + "] " + "Namespace Created: name=" + .objectRef.name),
(select(.verb == "delete" and .objectRef.resource=="namespaces") |
"[" + .stageTimestamp + "] " + "Namespace Deleted: name=" + .objectRef.name),
# Create/Delete Deployment
@qoomon
qoomon / aws-cloudformation-deploy-watcher.sh
Last active May 26, 2020 06:24
Watch CloudFormation Events during `aws cloudformation deploy`
#!/usr/bin/env bash
set -o errexit # exit when a command line fails
set -o pipefail # pipes exit code will be the last non-zero exit code of all pipe commands
set -o nounset # exit on read a undeclared variable
#set -o xtrace # enable debug logging
#### Source: https://gist.github.com/qoomon/d6633abe35eea297f475260478f86c8c
### Usage ###
#
@mateobur
mateobur / kubernetesmetadata.txt
Created March 1, 2019 11:59
Kubernetes monitoring, metadata for a pod
$ kubectl describe pod db-6b8968c69-dq2v2
Name: db-6b8968c69-dq2v2
Namespace: example-voting-app
Node: ip-10-0-0-12.ec2.internal/10.0.0.12
Controlled By: ReplicaSet/db-6b8968c69
Labels: app=example-voting-app
name=db
pod-template-hash=264524725
role=sqldb
IP: 10.129.0.140
@pietervogelaar
pietervogelaar / filter_detect_parser.rb
Created February 14, 2019 15:18
Fluentd parser detection with Kubernetes annotations
require 'fluent/plugin/filter'
# This filter detects the parser to use based on Kubernetes annotations.
#
# Annotation: fluentd.org/parser[_stream][-container]
#
# Suggest a pre-defined parser. The parser must be already registered by Fluentd. If present,
# the stream (stdout or stderr) will restrict that specific stream. If present, the container can
# override a specific container in a Pod.
#
@pavgup
pavgup / aws-resource-count-ucsf.sh
Created November 20, 2018 23:29
Updated RedLock Count Resources (command line argument for credentials profile)
#!/bin/bash
aws_regions=(us-east-1 us-east-2 us-west-1 us-west-2 ap-south-1 ap-northeast-1 ap-northeast-2 ap-southeast-1 ap-southeast-2 eu-central-1 eu-west-1 sa-east-1 eu-west-2 ca-central-1)
echo "Total regions: "${#aws_regions[@]}
ec2_instance_count=0;
rds_instance_count=0;
elb_count=0;
elasticache_count=0;
redshift_count=0;
@bzcorn
bzcorn / aws_log_splitter.py
Created November 19, 2018 09:52
This is for a lambda to respond to new cloudtrail or config logs hitting an s3 bucket and forwarding to sumologic. Some logs are >65kb in size and need to be broken up and sent to Sumologic. Package this (along with the requisite python libs) and have it listen to ObjectCreate events in your S3 bucket that cloudtrail/config logs are sent to. Thi…
import aiohttp
import asyncio
import async_timeout
import gzip
import os
import json
import boto3
import urllib.parse
import botocore
@alexanderilyin
alexanderilyin / README.md
Created November 15, 2018 00:58
Auto-increment Minor Semantic Version using Docker Hub API v2

For example your latest image with semantic versioning looks like this:

${DOCKER_HUB_ORG}/${DOCKER_HUB_REPO}:v1.20.0

Example provided above will do the folowing:

  1. Generate token using your github username and password.
  2. Get list of all tags from repository.
@tallclair
tallclair / gke-node-security.md
Created September 28, 2018 21:19
Software Engineering Position: Google Kubernetes Engine - Node Security

Software Engineering Position:
Google Kubernetes Engine - Node Security

Full-time
Based in Sunnyvale, CA

Mission

To secure critical node infrastructure in Kubernetes, the open source platform that is taking the cloud by storm ;D

@pkazi
pkazi / cloudTrailEventNames.list
Last active February 8, 2025 07:28
List of values for parameter EventName in AWS Cloudtrail events
AbortDocumentVersionUpload
AbortEnvironmentUpdate
AbortMultipartUpload
AbortVaultLock
AcceptAccountMapping
AcceptCertificateTransfer
AcceptDelegate
AcceptDirectConnectGatewayAssociationProposal
AcceptFxPaymentCurrencyTermsAndConditions
AcceptHandshake
@jiehan1029
jiehan1029 / Building on AWS.md
Last active August 9, 2019 04:38
AWS, summary

This is the note for AWS course 1 on edX. List selected AWS services in alphabetic order. Course link is here.

Workflow

Building on AWS --

  • Create VPC which simulates a local network that contains all your servers and databases.
  • Create IAM policy, user/role which has permission to specific AWS services, but not all -- this adds security overall.
  • Create S3 bucket (login as specific IAM user) which will be used to store assets.
  • Create RDS database instance (login as specific IAM user) as database server.
  • Create Cloud9 environment (login as specific IAM user) which is an online IDE that you can build & save your project.
  • Create EC2 instance (login as specific IAM user) and deploy the application via user data. This EC2 instance should have corresponding IAM role (to allow EC2 instance to call AWS service) and security group (to allow web t