Skip to content

Instantly share code, notes, and snippets.

View alukach's full-sized avatar
🍊

Anthony Lukach alukach

🍊
98 followers · 151 following
View GitHub Profile
@alukach
alukach / foss4g-2025.md
Last active July 8, 2025 01:39

FOSS4G2025 Proposals

Securing STAC APIs: Auth*n Patterns and a Proxy-Based Approach

Abstract

Learn how to secure STAC APIs using OIDC, CQL filtering, and existing STAC extensions. We present stac-auth-proxy, a backend-agnostic FastAPI proxy for enforcing flexible auth policies, including integration with Open Policy Agent.

Summary

@alukach
alukach / filtered.geojson
Last active May 9, 2025 14:46
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@alukach
alukach / auth.py
Created August 7, 2024 21:39
FordConnect API
import logging
from dataclasses import dataclass
from typing import Dict
import requests
logger = logging.getLogger(__name__)
@alukach
alukach / README.md
Created May 15, 2024 21:53
MCP CDK Bootstrap

To successfully bootstrap into an MCP account, we need to do the following:

  1. Dump the boostrap template to a local file: npx cdk bootstrap --show-template > template.yaml. Manually append a permission boundary to every role created within the template (see change.diff below). Use this updated template when deploying: npx cdk bootstrap --template template.yaml
  2. Use the custom permissions boundary flag: --custom-permissions-boundary mcp-tenantOperator-APIG
  3. Disable setting the public access block configuration on the S3 assets bucket: --public-access-block-configuration false

Putting it all together, bootstrapping will look something like this:

npx cdk bootstrap \
@alukach
alukach / ecs-rds-connector.py
Last active February 12, 2024 17:12
AWS Helper Scripts
"""
This script provides a CLI to select an AWS ECS Service and multiple RDS Instances
and makes the required Security Group edits to allow the ECS Service to make network
connections to the RDS Instances
"""
from typing import List, Dict
import boto3
from botocore.exceptions import ClientError
@alukach
alukach / create-contractor-accounts.sh
Last active February 5, 2024 20:05
Script to create a contractor group and multiple users on an AWS account
#!/bin/bash
# Check if at least two arguments are provided (group name and at least one user)
if [ "$#" -lt 2 ]; then
echo "Usage: $0 <GroupName> <User1> [<User2> ...]"
exit 1
fi
# The first argument is the group name
GROUP="$1"
@alukach
alukach / list-bucket-metrics.py
Created January 30, 2024 20:29
List bytes and objects per storage type for all buckets in an AWS account
import boto3
import csv
import threading
from datetime import datetime, timedelta
# List of storage types
storage_types = [
"StandardStorage",
"IntelligentTieringFAStorage",
@alukach
alukach / multiprocessing_asyncio.py
Created May 4, 2023 05:21
Multiprocessing + Asyncio
"""
An example of a script that does CPU-bound work (checksum calculation) followed by
IO-bound work (upload to server) in a performant manner.
Inspiration: https://stackoverflow.com/questions/21159103/what-kind-of-problems-if-any-would-there-be-combining-asyncio-with-multiproces#29147750
"""
import asyncio
import datetime
import hashlib
import multiprocessing
@alukach
alukach / should-i-use-a-nat.md
Last active April 26, 2023 07:32
Should I use a NAT in my project?

A quick dump of criteria for deciding whether your project needs a NAT and, if so, what type it should be.

graph TD
    A(Do you need a NAT?) --> B
    B{Do you have services in a Private Subnet that\nneed to access resources outside of the network?}
    
    B -->|No| NotNeeded[You don't need a NAT]
    B -->|Yes| C
    C{Can you move those resources in a Public Subnet?} -->|Yes| PublicSubnet[Move to a Public Subnet instead] --> NotNeeded
@alukach
alukach / app.yaml
Last active July 24, 2024 13:54
An example Github Actions for Python + Pipenv + Postgres + Pyright
# .github/workflows/app.yaml
name: My Python Project
on: push
jobs:
test:
runs-on: ubuntu-latest
timeout-minutes: 10
services: