Alan McGinlay amcginlay
amcginlay
/ appmesh-nginx.sh
Last active
March 27, 2021 13:12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ####################################################################### | |
| # TOPICS | |
| ####################################################################### | |
| # 0. ASSUMPTIONS | |
| # 1. CONFIGURE CLOUD9 (EC2) ENVIRONMENT | |
| # 2. INSTALL APPMESH | |
| # 3. DEPLOY OUR APPS TO K8S WITHOUT APPMESH | |
| # 4. MESHIFY THE BACKEND COMPONENTS | |
| # 5. MESHIFY THE FRONTEND COMPONENTS | |
| # 6. WEIGHTING THE ROUTES |
amcginlay
/ cfn-helper-demo.yaml
Last active
August 3, 2021 07:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # use https://amcginlay-cfn.s3.amazonaws.com/cfn-helper-demo-v1.yaml | |
| # Commands to be run from EC2 Instance Connect terminal sessions | |
| # [1] while true; do curl localhost; date; sleep 1; done | |
| # [2] tail -f /var/log/cfn-hup.log | |
| # [3] mysql | |
| # NOTE when applied, a stack policy can prohibit updates to any (*) resources, for example: | |
| # {"Statement" : [{"Effect" : "Deny", "Action" : "Update:*", "Principal": "*", "Resource" : "*"}]} |
amcginlay
/ assume-role-cli.sh
Last active
July 11, 2021 16:57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # To switch role from the command line: | |
| role_name_to_assume="Role-EC2-EKSClusterAdmin" | |
| account_id=$(aws sts get-caller-identity --query Account --output text) | |
| session_name=$(aws sts get-caller-identity --query Arn --output text | rev | cut -d/ -f1 | rev) | |
| role_arn="arn:aws:iam::${account_id}:role/${role_name_to_assume}" | |
| temp_creds=($(aws sts assume-role --role-arn ${role_arn} --role-session-name ${session_name} --duration-seconds 3600 --output text | grep "^CREDENTIALS")) | |
| unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN | |
| export AWS_ACCESS_KEY_ID=${temp_creds[1]} AWS_SECRET_ACCESS_KEY=${temp_creds[3]} AWS_SESSION_TOKEN=${temp_creds[4]} | |
| aws sts get-caller-identity |
amcginlay
/ traffic-mirroring
Last active
September 5, 2021 09:56
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWS Traffic mirroring demo (from https://www.youtube.com/watch?v=ZYr8Uc3PJJQ) | |
| Three ec2 instances: SENDER, RECIPIENT and WILDCARD (Make these SSM session compatible) | |
| SENDER - fake compromised machine | |
| RECIPIENT - where the mirror gets sent to. | |
| WILDCARD - another machine to which traffic can be sent | |
| Create Mirror Target, then Filter, then Session | |
| Target, eth0 for RECIPIENT | |
| Filter, nothing will show unless you state that it's expected. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # inspired by https://www.youtube.com/watch?v=4l4Kuds8O3s | |
| cluster=dev | |
| # grab the k8s api server endpoint and the encoded authentication token | |
| eks_token=$(aws eks get-token --cluster-name ${cluster} | jq .status.token --raw-output) | |
| eks_endpoint=$(aws eks describe-cluster --name ${cluster} | jq .cluster.endpoint --raw-output) |
amcginlay
/ k8s-admin-config
Last active
December 16, 2021 14:10
Create an admin service account in the default namespace, then register in kubeconfig and use
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # rm ~/.kube/config && eksctl utils write-kubeconfig --cluster dev | |
| kubectl create serviceaccount admin | |
| kubectl create clusterrolebinding admin --serviceaccount default:admin --clusterrole cluster-admin | |
| secret_name=$(kubectl get serviceaccount admin -o jsonpath={.secrets[].name}) | |
| secret_token=$(kubectl get secret ${secret_name} -o jsonpath={.data.token} | base64 --decode) | |
| current_cluster_name=$(kubectl config view --minify -o jsonpath={.clusters[].name}) | |
| current_cluster_endpoint=$(kubectl config view --minify -o jsonpath={.clusters[].cluster.server}) | |
| kubectl config set-credentials admin --token=${secret_token} |
amcginlay
/ netcat-tcp-device.sh
Last active
January 13, 2022 17:49
Demo shows how to send text across a network over TCP (/dev/tcp)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # inspired by https://www.youtube.com/watch?v=ZYr8Uc3PJJQ | |
| sudo yum install -y nc | |
| # 172-31-36-245: | |
| sudo nc -l -p 8080 | |
| # 172-31-36-246: | |
| echo "hello" > /dev/tcp/172.31.36.245/8080 |
amcginlay
/ beanstalk.sh
Last active
February 1, 2022 09:50
Deploying a simple PHP app in Elastic Beanstalk
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| pip install awsebcli --upgrade --user | |
| mkdir ebdemo && cd $_ | |
| git config --global init.defaultBranch main | |
| git init | |
| cat > ./index.php << EOF | |
| <?php | |
| echo gethostname() . "\n"; | |
| ?> | |
| EOF |
amcginlay
/ secrets-manager.sh
Last active
February 21, 2022 14:57
AWS Secrets Manager demo from the CLI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| unique_id=${RANDOM} | |
| echo ${unique_id} | |
| aws secretsmanager create-secret --name "/qa/dummy-key-${unique_id}" --secret-string "mY-5uP3R-53cr3t-v@lu3" | |
| aws secretsmanager list-secrets | |
| aws secretsmanager get-secret-value --secret-id "/qa/dummy-key-${unique_id}" | |
| ------------------------------------------------------------------------------ | |
| aws secretsmanager delete-secret --secret-id "/qa/dummy-key-${unique_id}" --recovery-window-in-days 7 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # -------------------------------- | |
| # from standard Cloud9 environment | |
| # -------------------------------- | |
| which aws cdk | |
| pip install botocore boto3 # required to run python script for emptying versioned buckets (see later) | |
| npm install --force -g aws-cdk # upgrade | |
| cdk doctor # status check | |
| # install maven |