ex: SOC2, NIST 800-53, ISO 27001, PCI DSS (credit cards), HITRUST / HIPAA (healthcare), FIPS / FedRAMP (US Gov), GDPR (EU)
ex: AWS, Microsoft Azure, Google GCP, on-prem VMware
ex: AWS EC2 VMs, AWS ECS (Docker), AWS EKS (Kubernetes K8S), Azure VM, Azure AKS (K8S), GCP VM, GCP GKE (K8S)
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
curl -sSL https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/toc-contents.json \
| jq '.contents[10].contents[0].contents[].include_contents' --raw-output \
| grep -v "null" \
| xargs -I % curl -sSL https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/% \
| jq '.contents[].contents[] | [.title, (select(.contents != null) | .title + "::" + .contents[].title)]' --raw-output \
| #!/bin/bash | |
| # fix for CentOS 6.x | |
| # https://stackoverflow.com/questions/21396508/yumrepo-error-all-mirror-urls-are-not-using-ftp-https-or-file | |
| # There is an issue with CentOS 6.3 not supporting the modern TLS 1.2, so use the archive.kernel.org | |
| "[Errno 14] problem making ssl connection" | |
| sed -i 's,<find>,<replacement>,g' /etc/yum.repos.d/CentOS-Base.repo |
Hello, I am Apollo Clark, a Cloud Architect, formerly with HashiCorp, with 13+ years of AWS experience, 4+ years of Azure Experience, and 3+ years of GCP experience. I've worked with the largest financial services companies in the world, and various US Dept of Defense (DoD) organizations, over the years on projects with security requirements of PCI-DSS, HIPAA, FedRAMP, and GDPR. AWS is an amazing service capable of a wide variety of uses, but with that flexibility comes a lot of complexity that is easy to misconfigure. Unfortunately, even in 2022, a lot of cloud provider services are not secure by default. This guide is a list of the most common mistakes I've seen. Many organizations adopted AWS organically, without any centralized planning, given the ease of using an oragnization credit card to spin up infrastucture in minutes, versus going through months of approval and waiting for physical hardware to be delivered, installed, configured, and made available into on-prem VMware based data centers. Whenver I
| #!/bin/bash -eu | |
| PACKAGE_LIST="terraform packer sentinel vagrant"; | |
| for PACKAGE in $PACKAGE_LIST; do | |
| # retrieve a link to the latest version | |
| VERSION_LATEST=$(curl -sSLk https://releases.hashicorp.com/index.json \ | |
| | jq ".${PACKAGE}.versions | keys | .[]" | tr -d '"' \ | |
| | grep -v 'alpha\|beta\|rc\|oci\|ent' | sort --version-sort | tail -n1); |
| #!/bin/bash -eux | |
| # retrieve a link to the latest version of Terraform | |
| JQ_VERSION_LATEST=$(curl -sSL https://github.com/stedolan/jq/releases \ | |
| | grep -F '/releases/tag' | grep -v 'rc' | head -n1 | cut -d'"' -f2 | cut -d'/' -f6 | cut -d'-' -f2); | |
| # get the currently installed version | |
| JQ_VERSION_CURRENT=$(jq --version | cut -d'-' -f2); | |
| # check if the latest version matches the currently installed version |
# list current config details
gcloud info
# list accounts
gcloud auth list
# list availalbe configs
gcloud config configurations list
| #!/bin/bash -eu | |
| PACKAGE_LIST="terraform packer sentinel vagrant"; | |
| for PACKAGE in $PACKAGE_LIST; do | |
| # retrieve a link to the latest version of Terraform | |
| VERSION_LATEST=$(curl -sSLk https://releases.hashicorp.com/index.json \ | |
| | jq ".${PACKAGE}.versions | keys | .[]" | tr -d '"' \ | |
| | grep -v 'alpha\|beta\|rc\|oci' | sort --version-sort | tail -n1); |
| ### Keybase proof | |
| I hereby claim: | |
| * I am apolloclark on github. | |
| * I am apolloclark (https://keybase.io/apolloclark) on keybase. | |
| * I have a public key ASC2AayT4Qb7Hxt6BAgO_ocgIbKf0IsyhmdaIalmO43ivAo | |
| To claim this, I am signing this object: |