Andy Motta andymotta
andymotta
/ getEventValues.groovy
Created
March 11, 2019 18:22
Event-driven Cloudbees Operations Center Pipeline to run Terraform code with Marker file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def call () { | |
| def map = [:] | |
| def causeClass = currentBuild?.getBuildCauses()[0]?._class | |
| if(causeClass == "com.cloudbees.jenkins.plugins.pipeline.events.EventTriggerCause") { | |
| // This run was triggered by an event and not by a person | |
| map = [ | |
| event: currentBuild?.getBuildCauses()[0]?.event?.event?.toString(), | |
| action: currentBuild?.getBuildCauses()[0]?.event?.action?.toString(), | |
| awsprofile: currentBuild?.getBuildCauses()[0]?.event?.awsprofile?.toString(), | |
| tfver: currentBuild?.getBuildCauses()[0]?.event?.tfver?.toString(), |
andymotta
/ Jenkinsfile.groovy
Created
December 28, 2018 21:26
Use Terraform latest docker image in Declarative Jenkins Pipeline
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pipeline { | |
| agent { | |
| docker { | |
| image 'hashicorp/terraform:latest' | |
| label 'LINUX-SLAVE' | |
| args '--entrypoint="" -u root -v /opt/jenkins/.aws:/root/.aws' | |
| } | |
| } | |
| options { | |
| ansiColor('xterm') |
andymotta
/ remote_state.tf
Created
December 28, 2018 18:05
Parameterize Terraform remote state (AWS)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| data "aws_caller_identity" "current" {} | |
| resource "aws_s3_bucket" "terraform_state" { | |
| bucket = "${data.aws_caller_identity.current.account_id}-tfstate" | |
| versioning { | |
| enabled = true | |
| } | |
| policy = <<POLICY | |
| { | |
| "Version": "2012-10-17", |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| function hurryup () { | |
| until ssh -o ConnectTimeout=2 "$1"@"$2" | |
| do sleep 1 | |
| done | |
| } | |
| hurryup root "10.10.0.3" | |
| # -o ConnectTimeout=2 is a slightly hacky way of getting around not responding to network packets, | |
| # reporting ssh: connect to host 10.10.0.3 port 22: Operation timed out until it's responsive. |
andymotta
/ clone_or_pull.sh
Last active
August 17, 2018 18:29
Clone or pull git repo in Shell script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| function clone_pull { | |
| DIRECTORY=$(basename "$1" .git) | |
| if [ -d "$DIRECTORY" ]; then | |
| cd "$DIRECTORY" | |
| git pull | |
| cd ../ | |
| else | |
| git clone "$1" |
andymotta
/ scan_add_pub_key.yml
Created
July 31, 2018 00:12
Scan host for public keys then add keys to knows_hosts (ssh)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # path default of known_hosts module is home of the user running the playbook, i.e. $HOME/.ssh/known_hosts | |
| - name: find public key for stash | |
| command: ssh-keyscan "{{ domain }}" | |
| register: pub_key | |
| - name: add public key for stash to known_hosts | |
| known_hosts: | |
| name: "{{ domain }}" | |
| key: "{{ pub_key.stdout }}" |
andymotta
/ upcoming_rotations.py
Created
October 30, 2017 23:41
Report AWS IAM access keys that require rotation within 45 days to SNS topic (Compliance)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| from botocore.exceptions import ClientError | |
| import datetime | |
| from datetime import date | |
| import os | |
| from ConfigParser import SafeConfigParser | |
| access_file = os.path.join(os.environ['HOME'], '.aws', 'credentials') | |
| access_list = SafeConfigParser() | |
| access_list.read(access_file) |
andymotta
/ active_keys_never_used.py
Last active
October 30, 2017 23:41
Find all active IAM access keys that have never been used
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| from botocore.exceptions import ClientError | |
| import datetime | |
| from datetime import date | |
| import os, re | |
| global DEFAULT_AGE_THRESHOLD_IN_DAYS | |
| DEFAULT_AGE_THRESHOLD_IN_DAYS = 7 | |
| def main(): |
andymotta
/ delete_all_inactive_keys.py
Created
October 30, 2017 23:36
Delete ALL inactive IAM keys for each profile on server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| from botocore.exceptions import ClientError | |
| import datetime | |
| from datetime import date | |
| import os | |
| from ConfigParser import SafeConfigParser | |
| access_file = os.path.join(os.environ['HOME'], '.aws', 'credentials') | |
| access_list = SafeConfigParser() |
andymotta
/ boto3_iam_access_key_rotation.py
Last active
November 24, 2021 10:04
Rotate AWS IAM access keys for every Boto profile on host (Compliance)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Meant to be scheudled on a cron/timer of 90 days (CIS Benchmark) | |
| ## The target keys need permissions to rotate themselves | |
| import boto3 | |
| from botocore.exceptions import ClientError | |
| import os | |
| from datetime import datetime | |
| import shutil | |
| from ConfigParser import SafeConfigParser |