Skip to content

Instantly share code, notes, and snippets.

View alsmola's full-sized avatar

Alex Smolen alsmola

30 followers · 3 following
View GitHub Profile
@alsmola
alsmola / VerifyCognitoALBToken.js
Created February 3, 2020 04:37
Verifies ALB token from Cognito
// Get OIDC JWT from headers
const encodeJwt = req.headers["x-amzn-oidc-data"];
const jwtHeaders = encodeJwt.split(".")[0];
const decodedJwtHeaders = Buffer.from(jwtHeaders, "base64");
const decodedJson = JSON.parse(decodedJwtHeaders);
const kid = decodedJson["kid"];
// Lookup ALB public key for JWT
const region = "us-east-1";
const url = `https://public-keys.auth.elb.${region}.amazonaws.com/${kid}`;
@alsmola
alsmola / clever-openvpn-split-tunnel-config.md
Created March 21, 2020 22:01
Settings for Clever OpenVPN Split Tunnel

From https://www.smartspate.com/bypass-website-blocking-without-directing-traffic-vpn/

Advanced VPN > Additonal OpenVPN Config Directives
push "route 44.228.121.66 255.255.255.255 vpn_gateway" # DEIP databases
push "route 54.203.187.138 255.255.255.255 vpn_gateway"
push "route 54.188.185.98 255.255.255.255 vpn_gateway"
push "route 44.231.10.48 255.255.255.255 vpn_gateway"
push "route 35.167.142.219 255.255.255.255 vpn_gateway"
push "route 54.70.205.111 255.255.255.255 vpn_gateway"
@alsmola
alsmola / aws_multifactorauthpresent.snippet
Last active March 29, 2020 17:45
Use of aws:MultiFactorAuthPresent global condition context key
/* Dangerous - allows long-term access keys */
...
"Effect": "Deny",
"Condition":
{ "Bool": {"aws:MultiFactorAuthPresent": "false"}}
...
"Effect": "Allow",
"Condition":
{"Null": {"aws:MultiFactorAuthPresent": "false"}}
...
@alsmola
alsmola / background.js
Created September 12, 2020 18:41
Chrome extension to use AWS IoT Credentials Endpoint
'use strict';
chrome.runtime.onMessage.addListener(
function (request, sender, sendResponse) {
if (request.contentScriptQuery == "getCredentials") {
const url = "https://{credentials-endpoint}.credentials.iot.us-east-1.amazonaws.com/role-aliases/chromeiot/credentials";
const params = { headers: { "x-amzn-iot-thingname": "{thingName}" } }
fetch(url, params)
.then(response => response.json())
.then(data => sendResponse(data.credentials));
@alsmola
alsmola / okta_aws_account_access.go
Last active February 10, 2021 21:37
List Okta account access to AWS IAM roles
package main
import (
"context"
"encoding/csv"
"errors"
"fmt"
"log"
"os"
"regexp"
@alsmola
alsmola / serverless.yml
Last active March 6, 2021 21:58
Template for Serverless Slack Block Kit application.
service: pupster # change service name
provider:
name: aws
runtime: go1.x
region: us-east-1 #update region
iamRoleStatements: # add IAM statements here
package:
exclude:
- ./**
@alsmola
alsmola / Makefile
Last active March 6, 2021 21:58
Template for Makefile for Serverless Slack Block Kit application
.PHONY: build clean deploy
build:
env GOOS=linux go build -ldflags="-s -w" -o bin/interactionsBin interactions/main.go
env GOOS=linux go build -ldflags="-s -w" -o bin/eventHandlerBin eventhandler/main.go
env GOOS=linux go build -ldflags="-s -w" -o bin/authCallbackBin authcallback/main.go
env GOOS=linux go build -ldflags="-s -w" -o bin/selectMenuBin selectmenu/main.go
clean:
rm -rf ./bin ./vendor Gopkg.lock
@alsmola
alsmola / main.go
Last active March 26, 2021 02:03
Template for Lambda interactions handler for Serverless Slack Block Kit application
package main
import (
"context"
"encoding/json"
"fmt"
"net/url"
"strings"
"github.com/aws/aws-lambda-go/events"
"github.com/aws/aws-lambda-go/lambda"
@alsmola
alsmola / main.go
Last active March 26, 2021 02:04
Template for Lambda events handler for Serverless Slack Block Kit application
package main
import (
"context"
"encoding/json"
"fmt"
"log"
"net/http"
"os"
"github.com/aws/aws-lambda-go/events"
@alsmola
alsmola / main.go
Created March 6, 2021 22:25
Template for Lambda auth callback handler for Serverless Slack Block Kit application
package main
import (
"context"
"fmt"
"log"
"net/http"
"os"
"github.com/aws/aws-lambda-go/events"
"github.com/aws/aws-lambda-go/lambda"