Skip to content

Instantly share code, notes, and snippets.

View atheiman's full-sized avatar
😬

Austin Heiman atheiman

😬
38 followers · 10 following
View GitHub Profile
@atheiman
atheiman / identity-center-list-all-assignments.sh
Created October 27, 2023 17:06
AWS Identity Center (SSO) list all assignments
IDENTITY_CENTER_INSTANCE_ARN="$(aws sso-admin list-instances --output text --query 'Instances[0].InstanceArn')"
IDENTITY_STORE_ID="$(aws sso-admin list-instances --output text --query 'Instances[0].IdentityStoreId')"
for acctid in $(aws organizations list-accounts --query 'Accounts[][Id]' --output text); do
echo "acct:$(aws organizations describe-account --account-id "$acctid" --output text --query 'Account.[Id, Email, Name]')"
for psarn in $(aws sso-admin list-permission-sets-provisioned-to-account --account-id "$acctid" --instance-arn "$IDENTITY_CENTER_INSTANCE_ARN" --output text --query 'PermissionSets[]'); do
echo " permissionset:$(aws sso-admin describe-permission-set --instance-arn "$IDENTITY_CENTER_INSTANCE_ARN" --permission-set-arn "$psarn" --output text --query 'PermissionSet.[Name]')"
for groupid in $(aws sso-admin list-account-assignments --account-id "$acctid" --instance-arn "$IDENTITY_CENTER_INSTANCE_ARN" --permission-set-arn "$psarn" --output text --query 'AccountAssignments[?P
@atheiman
atheiman / README.md
Last active October 24, 2023 10:26
AWS organization terraform multi-account pipeline
  1. build accounts - this can be terraform executed in the mgmt acct
  2. multi-account terragrunt run-all 
    template/
  terragrunt.hcl
  main.tf
111111111111/
  customization.tf

mkdir generated

@atheiman
atheiman / README.md
Last active October 13, 2023 14:42
Notepad bookmarklet in browser editor
@atheiman
atheiman / restrict-subnet-usage.scp.json
Created October 2, 2023 17:37
Service Control Policy (SCP) to restrict using Transit Gateway Attachment or Gateway Load Balancer Endpoint (inspection) subnets
{
"Version":"2012-10-17",
"Statement": [
{
"Effect":"Deny",
"Action": [
"ec2:AssociateClientVpnTargetNetwork",
"ec2:AssociateRouteTable",
"ec2:AssociateSubnetCidrBlock",
"ec2:AssociateTransitGatewayMulticastDomain",
@atheiman
atheiman / GovCloud-Config-Conformance-Pack-Operational-Best-Practices-for-NIST-800-171.yaml
Last active October 4, 2023 19:36
AWS Config Conformance Pack Operational-Best-Practices-for-NIST-800-171 from github.com/awslabs/aws-config-rules with rules not supported in GovCloud regions disabled (`Condition: StandardPartition`). This could become out of date soon as more config rules are added to GovCloud regions.
##################################################################################
#
# Conformance Pack:
# Operational Best Practices for NIST 800-171
#
# This conformance pack helps verify compliance with NIST 800-171 requirements.
#
# See Parameters section for names and descriptions of required parameters.
#
##################################################################################
@atheiman
atheiman / config_conformance_pack_region_validator.py
Last active February 11, 2024 01:04
Evaluate an AWS Config Conformance Pack CloudFormation template for regional support. This script lists unsupported SourceIdentifiers in a conformance pack CloudFormation template for the current configured region using AWS Config api.
#!/usr/bin/env python
# Usage example:
# CONFIG_CONFORMANCE_PACK_TEMPLATE=Operational-Best-Practices-for-NIST-800-171.yaml ./config_conformance_pack_region_validator.py
import boto3
import botocore
import json
import os
import time
@atheiman
atheiman / output.txt
Last active April 6, 2023 16:23
Store up encountered python exceptions in a loop and then raise them all at the end
4 * 2 = 8
3 * 2 = 6
Error processing num b - ValueError("invalid literal for int() with base 10: 'b'") - Traceback (most recent call last):
File "/Users/aheiman/tmp/script.py", line 8, in <module>
print(f"{num} * 2 = {int(num) * 2}")
ValueError: invalid literal for int() with base 10: 'b'
5 * 2 = 10
Error processing num f - ValueError("invalid literal for int() with base 10: 'f'") - Traceback (most recent call last):
File "/Users/aheiman/tmp/script.py", line 8, in <module>
@atheiman
atheiman / README.md
Last active January 7, 2025 06:45
Linux Amazon CloudWatch Agent install and configure guide
@atheiman
atheiman / README.md
Last active January 30, 2023 18:45
Generate self-signed TLS cert using Terraform

Generate a private key and self-signed TLS certificate using the Terraform TLS provider.

# Download this terraform file into the current directory
curl -O https://gist.githubusercontent.com/atheiman/0944ece7399af7dd951b1bfe23fae847/raw/main.tf

# Modify "locals" in main.tf as needed

# Generate the key and cert
terraform init -upgrade
@atheiman
atheiman / echoserver.yml
Last active January 27, 2023 15:37
Kubernetes manifests for an HTTP echo-server namespace, deployment, service, and ALB ingress (compatible with AWS Load Balancer Controller)
---
apiVersion: v1
kind: Namespace
metadata:
name: echoserver
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: echoserver