Skip to content

Instantly share code, notes, and snippets.

View apolloclark's full-sized avatar
💭
automating the world

Apollo Clark apolloclark

💭
automating the world
184 followers · 75 following
View GitHub Profile
@apolloclark
apolloclark / Enterprise Software Features.md
Created March 25, 2025 20:19
Enterprise Software Features
  1. User Accounts
    1. ACLs
    2. User Groups
    3. User Orgs
    4. SSO Integration
  2. Anonymous sharing
  3. Cross Org sharing
  4. Secrets
    1. Storage
  5. Deletion
@apolloclark
apolloclark / Terraform Open-Source Deployment Platform.md
Last active January 24, 2025 18:26

Terraform Open-Source Deployment Platform

Overview

Terraform open-source (TFOSS) is a very powerful CI/CD tool for deploying cloud resources, however it is missing some key features in the open-source version that are only available in the paid vendor-managed versions called Terraform Cloud (TFC) and the Terraform Enterprise (TFE). Building a deployment platform with only Terraform open-source (TFOSS), versus buying Terraform Cloud (TFC) or Terraform Enterprise (TFE), is like building a kit-car versus buying a sports car from an established brand. It's not impossible, but there are a lot of considerations, listed below.

  1. Module Versioning

  2. Submodule Versioning

@apolloclark
apolloclark / cloud environment questionnaire.md
Last active November 22, 2023 19:55
Questions to ask to understand a company's cloud environment

Cloud Environment Questionnaire

1. IT Security Regulations?

ex: SOC2, NIST 800-53, ISO 27001, PCI DSS (credit cards), HITRUST / HIPAA (healthcare), FIPS / FedRAMP (US Gov), GDPR (EU)

2. Cloud Provider(s)?

ex: AWS, Microsoft Azure, Google GCP, on-prem VMware

3. Compute Environment(s)?

ex: AWS EC2 VMs, AWS ECS (Docker), AWS EKS (Kubernetes K8S), Azure VM, Azure AKS (K8S), GCP VM, GCP GKE (K8S)

@apolloclark
apolloclark / aws_resources_.md
Last active October 26, 2023 20:25

List all of the AWS Resources available to AWS CloudFormation

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html

curl -sSL https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/toc-contents.json \
  | jq '.contents[10].contents[0].contents[].include_contents' --raw-output \
  | grep -v "null" \
  | xargs -I % curl -sSL https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/% \
  | jq '.contents[].contents[] | [.title, (select(.contents != null) | .title + "::" + .contents[].title)]' --raw-output \
@apolloclark
apolloclark / upgrade_rhel.sh
Last active February 6, 2022 19:05
Upgrade RHEL / CentOS / Amazon Linux 2 / Oracle Linux systems
#!/bin/bash
# fix for CentOS 6.x
# https://stackoverflow.com/questions/21396508/yumrepo-error-all-mirror-urls-are-not-using-ftp-https-or-file
# There is an issue with CentOS 6.3 not supporting the modern TLS 1.2, so use the archive.kernel.org
"[Errno 14] problem making ssl connection"
sed -i 's,<find>,<replacement>,g' /etc/yum.repos.d/CentOS-Base.repo
@apolloclark
apolloclark / Top AWS Mistakes in PCI-DSS, HIPAA, and FedRAMP Environments.md
Last active May 11, 2022 21:09

Hello, I am Apollo Clark, a Cloud Architect, formerly with HashiCorp, with 13+ years of AWS experience, 4+ years of Azure Experience, and 3+ years of GCP experience. I've worked with the largest financial services companies in the world, and various US Dept of Defense (DoD) organizations, over the years on projects with security requirements of PCI-DSS, HIPAA, FedRAMP, and GDPR. AWS is an amazing service capable of a wide variety of uses, but with that flexibility comes a lot of complexity that is easy to misconfigure. Unfortunately, even in 2022, a lot of cloud provider services are not secure by default. This guide is a list of the most common mistakes I've seen. Many organizations adopted AWS organically, without any centralized planning, given the ease of using an oragnization credit card to spin up infrastucture in minutes, versus going through months of approval and waiting for physical hardware to be delivered, installed, configured, and made available into on-prem VMware based data centers. Whenver I

@apolloclark
apolloclark / upgrade_hashistack.sh
Created November 18, 2021 20:10
Upgrade HashiCorp tools in Ubuntu
#!/bin/bash -eu
PACKAGE_LIST="terraform packer sentinel vagrant";
for PACKAGE in $PACKAGE_LIST; do
# retrieve a link to the latest version
VERSION_LATEST=$(curl -sSLk https://releases.hashicorp.com/index.json \
| jq ".${PACKAGE}.versions | keys | .[]" | tr -d '"' \
| grep -v 'alpha\|beta\|rc\|oci\|ent' | sort --version-sort | tail -n1);
@apolloclark
apolloclark / upgrade_jq.sh
Created November 18, 2021 20:09
Upgrade JQ (JSON Query)
#!/bin/bash -eux
# retrieve a link to the latest version of Terraform
JQ_VERSION_LATEST=$(curl -sSL https://github.com/stedolan/jq/releases \
| grep -F '/releases/tag' | grep -v 'rc' | head -n1 | cut -d'"' -f2 | cut -d'/' -f6 | cut -d'-' -f2);
# get the currently installed version
JQ_VERSION_CURRENT=$(jq --version | cut -d'-' -f2);
# check if the latest version matches the currently installed version
@apolloclark
apolloclark / gcp_cheatsheet.md
Created January 26, 2021 20:03
Google Cloud cheatsheet 
# list current config details
gcloud info

# list accounts
gcloud auth list

# list availalbe configs
gcloud config configurations list
@apolloclark
apolloclark / upgrade_hashistack.sh
Last active May 16, 2020 18:27
Bash scripts to upgrade locally installed HashiCorp programs
#!/bin/bash -eu
PACKAGE_LIST="terraform packer sentinel vagrant";
for PACKAGE in $PACKAGE_LIST; do
# retrieve a link to the latest version of Terraform
VERSION_LATEST=$(curl -sSLk https://releases.hashicorp.com/index.json \
| jq ".${PACKAGE}.versions | keys | .[]" | tr -d '"' \
| grep -v 'alpha\|beta\|rc\|oci' | sort --version-sort | tail -n1);