- Save latest
terraform-docspre-built binary into$PATHfrom terraform-docs GitHub Releases.terraform-docs --version # terraform-docs version v0.21.0 ... - Configure
.terraform-docs.ymlto updateREADME.mdappropriately. Usually this file would be saved in the root of the repo. If you have amodulesdirectory containing many modules with READMEs to update, you can add therecursiveargument. See.terraform-docs.ymloptions docs.
atheiman
/ terraform-docs-pre-commit.md
Last active
February 23, 2026 21:41
Configure a terraform repo to update README.md with `terraform-docs` in a `pre-commit` Git hook
atheiman
/ install-aws-cli-windows.md
Last active
February 19, 2026 20:55
aws cli install windows without administrator rights. run from powershell.
Install into user's home directory using PowerShell without Windows adminstrator requirement:
# Install from PowerShell without needing administrator permissions:
# https://github.com/aws/aws-cli/issues/4633#issuecomment-1049955325
msiexec /a https://awscli.amazonaws.com/AWSCLIV2.msi /qb TARGETDIR=$env:USERPROFILE\awscli
# show version after install:
atheiman
/ windows_or_linux_external.tf
Last active
February 11, 2026 15:38
Terraform to detect OS and run local commands appropriately based on OS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| terraform { | |
| required_providers { | |
| external = { | |
| source = "hashicorp/external" | |
| version = "~> 2.3.3" | |
| } | |
| } | |
| } | |
| locals { |
atheiman
/ IAM policy - KMS access by key tag - "Dual Resource Requirement"
Last active
February 5, 2026 16:04
IAM policy example with "dual resource requirement". `kms:CreateAlias` action creates an alias (untaggable) referencing a key (taggable). Breaking alias resource permission into two statements `AllowAllOnTaggedKeys` and `AllowAllOnAliasResource` restricts access to keys w/ the required tag but any alias (b/c untaggable).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "AllowCreateKeyWithTagInRequest", | |
| "Effect": "Allow", | |
| "Action": [ | |
| "kms:CreateKey" | |
| ], | |
| "Resource": "*", |
atheiman
/ aws_config_generator.py
Last active
November 4, 2025 22:48
AWS SSO Identity Center accounts and roles config generator - ~/.aws/config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Write content for an AWS config file (~/.aws/config) to stdout based on available SSO accounts and roles | |
| # from the previously executed `aws sso login`. | |
| # | |
| # Example usage: | |
| # | |
| # aws sso login --profile my-existing-sso-profile | |
| # python ./aws_config_generator.py | |
| # |
atheiman
/ .gitconfig
Last active
February 20, 2026 14:21
gitconfig showing some common options I use
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [user] | |
| name = John Doe | |
| email = john.doe@example.com | |
| username = jdoe01 | |
| [alias] | |
| co = checkout | |
| br = branch | |
| st = status | |
| # Show cloned repo local path. `cd $(git root)` is useful from inside large projects. |
atheiman
/ config_aggreg_adv_query.py
Created
July 8, 2025 14:57
AWS Config aggregator advanced SQL-like query using Python and boto3. These advanced queries are much more efficient than previous Config query methods.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Example usage from shell: | |
| # | |
| # AWS_PROFILE=organization-management-account AGGREGATOR_NAME=my-config-aggregator python ~/tmp/config_aggreg_adv_query.py | |
| # | |
| import os | |
| import json | |
| import boto3 |
atheiman
/ config_aggregator_sql_advanced_query.sh
Last active
June 24, 2025 15:28
AWS Config aggregator advanced query (SQL-like syntax) SELECT statement for resources where a tag key equals a tag value
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://docs.aws.amazon.com/config/latest/developerguide/querying-AWS-resources.html | |
| # Select EC2 instances from all accounts and regions with tag key "updateAutomationEnabled" is set to value "true" | |
| aws configservice select-aggregate-resource-config \ | |
| --configuration-aggregator-name org-config-aggregator \ | |
| --expression "SELECT resourceId, resourceType, tags | |
| WHERE resourceType = 'AWS::EC2::Instance' | |
| AND tags.tag = 'updateAutomationEnabled=true'" |
These Dockerfile examples demonstrate two options for running a script at container startup, then running the main container process. The example script downloads index.html from https://example.com/ and writes it into Tomcat webapps directory. The index.html is then served by the container at http://localhost:8080/default-app/.
docker build . -t tomcat-with-startup
docker run --rm -it -p 8080:8080 tomcat-with-startupexec is the preferred option because the startup.sh shell script will be replaced by catalina.sh as the main container process. As the main process of the container, it can respond to signals sent to the container.
atheiman
/ ecs-fargate-sleep-task.sh
Last active
November 10, 2025 15:51
Run an ECS Fargate task running `sleep` and exec into the task. This can be used to get a Linux shell in a subnet without launching an EC2 instance. Note that since I created this originally, CloudShell can be launched within a VPC, but there may be cases where this is still useful.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Prerequisites: | |
| # - ECS Fargate cluster | |
| # - ECS task IAM role: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html | |
| # Be sure to include ECS exec permissions: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html#ecs-exec-required-iam-permissions | |
| # - (optional) ECS task execution IAM role: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html | |
| aws ecs list-task-definitions | |
| # Register a task definition for alpine image running "sleep 600" so you can exec into the container for 10 min |
NewerOlder