- User Accounts
- ACLs
- User Groups
- User Orgs
- SSO Integration
- Anonymous sharing
- Cross Org sharing
- Secrets
- Storage
- Deletion
apolloclark
/ Enterprise Software Features.md
Created
March 25, 2025 20:19
Enterprise Software Features
apolloclark
/ Terraform Open-Source Deployment Platform.md
Last active
January 24, 2025 18:26
Terraform open-source (TFOSS) is a very powerful CI/CD tool for deploying cloud resources, however it is missing some key features in the open-source version that are only available in the paid vendor-managed versions called Terraform Cloud (TFC) and the Terraform Enterprise (TFE). Building a deployment platform with only Terraform open-source (TFOSS), versus buying Terraform Cloud (TFC) or Terraform Enterprise (TFE), is like building a kit-car versus buying a sports car from an established brand. It's not impossible, but there are a lot of considerations, listed below.
-
Module Versioning
-
Submodule Versioning
apolloclark
/ cloud environment questionnaire.md
Last active
November 22, 2023 19:55
Questions to ask to understand a company's cloud environment
ex: SOC2, NIST 800-53, ISO 27001, PCI DSS (credit cards), HITRUST / HIPAA (healthcare), FIPS / FedRAMP (US Gov), GDPR (EU)
ex: AWS, Microsoft Azure, Google GCP, on-prem VMware
ex: AWS EC2 VMs, AWS ECS (Docker), AWS EKS (Kubernetes K8S), Azure VM, Azure AKS (K8S), GCP VM, GCP GKE (K8S)
apolloclark
/ aws_resources_.md
Last active
October 26, 2023 20:25
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
curl -sSL https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/toc-contents.json \
| jq '.contents[10].contents[0].contents[].include_contents' --raw-output \
| grep -v "null" \
| xargs -I % curl -sSL https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/% \
| jq '.contents[].contents[] | [.title, (select(.contents != null) | .title + "::" + .contents[].title)]' --raw-output \
apolloclark
/ upgrade_rhel.sh
Last active
February 6, 2022 19:05
Upgrade RHEL / CentOS / Amazon Linux 2 / Oracle Linux systems
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # fix for CentOS 6.x | |
| # https://stackoverflow.com/questions/21396508/yumrepo-error-all-mirror-urls-are-not-using-ftp-https-or-file | |
| # There is an issue with CentOS 6.3 not supporting the modern TLS 1.2, so use the archive.kernel.org | |
| "[Errno 14] problem making ssl connection" | |
| sed -i 's,<find>,<replacement>,g' /etc/yum.repos.d/CentOS-Base.repo |
apolloclark
/ Top AWS Mistakes in PCI-DSS, HIPAA, and FedRAMP Environments.md
Last active
May 11, 2022 21:09
Hello, I am Apollo Clark, a Cloud Architect, formerly with HashiCorp, with 13+ years of AWS experience, 4+ years of Azure Experience, and 3+ years of GCP experience. I've worked with the largest financial services companies in the world, and various US Dept of Defense (DoD) organizations, over the years on projects with security requirements of PCI-DSS, HIPAA, FedRAMP, and GDPR. AWS is an amazing service capable of a wide variety of uses, but with that flexibility comes a lot of complexity that is easy to misconfigure. Unfortunately, even in 2022, a lot of cloud provider services are not secure by default. This guide is a list of the most common mistakes I've seen. Many organizations adopted AWS organically, without any centralized planning, given the ease of using an oragnization credit card to spin up infrastucture in minutes, versus going through months of approval and waiting for physical hardware to be delivered, installed, configured, and made available into on-prem VMware based data centers. Whenver I
apolloclark
/ upgrade_hashistack.sh
Created
November 18, 2021 20:10
Upgrade HashiCorp tools in Ubuntu
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -eu | |
| PACKAGE_LIST="terraform packer sentinel vagrant"; | |
| for PACKAGE in $PACKAGE_LIST; do | |
| # retrieve a link to the latest version | |
| VERSION_LATEST=$(curl -sSLk https://releases.hashicorp.com/index.json \ | |
| | jq ".${PACKAGE}.versions | keys | .[]" | tr -d '"' \ | |
| | grep -v 'alpha\|beta\|rc\|oci\|ent' | sort --version-sort | tail -n1); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -eux | |
| # retrieve a link to the latest version of Terraform | |
| JQ_VERSION_LATEST=$(curl -sSL https://github.com/stedolan/jq/releases \ | |
| | grep -F '/releases/tag' | grep -v 'rc' | head -n1 | cut -d'"' -f2 | cut -d'/' -f6 | cut -d'-' -f2); | |
| # get the currently installed version | |
| JQ_VERSION_CURRENT=$(jq --version | cut -d'-' -f2); | |
| # check if the latest version matches the currently installed version |
# list current config details
gcloud info
# list accounts
gcloud auth list
# list availalbe configs
gcloud config configurations list
apolloclark
/ upgrade_hashistack.sh
Last active
May 16, 2020 18:27
Bash scripts to upgrade locally installed HashiCorp programs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -eu | |
| PACKAGE_LIST="terraform packer sentinel vagrant"; | |
| for PACKAGE in $PACKAGE_LIST; do | |
| # retrieve a link to the latest version of Terraform | |
| VERSION_LATEST=$(curl -sSLk https://releases.hashicorp.com/index.json \ | |
| | jq ".${PACKAGE}.versions | keys | .[]" | tr -d '"' \ | |
| | grep -v 'alpha\|beta\|rc\|oci' | sort --version-sort | tail -n1); |
NewerOlder