Skip to content

Instantly share code, notes, and snippets.

View avoidik's full-sized avatar

Viacheslav Vasilyev avoidik

25 followers · 6 following
View GitHub Profile
@avoidik
avoidik / get_token.md
Created June 21, 2019 10:46 — forked from brianredbeard/get_token.md
aws, sts, and bash

About

AWS provides a mechanism for temporarily assuming another role within their API system. While it is not a technically hard process it can be convoluted and hard to understand. This document aims to both make it easier to follow along with as well as give an in depth explanation of some of the underpinnings of the Bourne Again Shell (aka BASH) which can make this easier to utilize on a day to day basis.

Explanation

Below is an overexplained version of the following process:

  1. Using credentials stored in ~/.aws/credentials as a "profile" which are then understood by the AWS command line tools
  2. Using those AWS credentials, temporarily assume a role using the AWS Security Token Service (STS) to get temporary
@avoidik
avoidik / AWS-AutoUnseal-HashiCorp-Vault.md
Created June 19, 2019 08:53 — forked from allthingsclowd/AWS-AutoUnseal-HashiCorp-Vault.md
HashiCorp Vault AWS KMS AutoUnseal Key Rotation Example (all keys are obsolete - just a demo)

A Walk through of Key Rotation of a HashiCorp VAULT cluster using AWS KMS to AutoUnseal

PGP (Keybase) is used to encrypt the recovery keys

Built base environment using HashiCorp's Learn Website

ubuntu@ip-192-168-100-194:~$ export VAULT_ADDR=http://127.0.0.1:8200

ubuntu@ip-192-168-100-194:~$ vault status
@avoidik
avoidik / vault-tree
Created June 18, 2019 10:36 — forked from mazenovi/vault-tree
explore recursively your vault by HashiCorp
#!/usr/bin/env bash
function walk() {
for secret in $(vault list $1 | tail -n +3)
do
if [[ ${secret} == *"/" ]] ; then
walk "${1}${secret}"
else
echo "${1}${secret}"
fi
@avoidik
avoidik / FiddlerClientCertPicker.cs
Created May 27, 2019 05:41 — forked from ericlaw1979/FiddlerClientCertPicker.cs
Fiddler client certificate picker extension
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using Fiddler;
[assembly: Fiddler.RequiredVersion("2.5.0.0")]
namespace ClientCertPicker
{
public class ClientCertPicker: IFiddlerExtension
{
@avoidik
avoidik / README.md
Created May 16, 2019 20:13 — forked from iMilnb/README.md
AWS Terraform configuration: Stream CloudWatch Logs to ElasticSearch

Rationale

This snippet is a sample showing how to implement CloudWatch Logs streaming to ElasticSearch using terraform. I wrote this gist because I didn't found a clear, end-to-end example on how to achieve this task. In particular, I understood the resource "aws_lambda_permission" "cloudwatch_allow" part by reading a couple of bug reports plus this stackoverflow post.

The js file is actually the Lambda function automatically created by AWS when creating this pipeline through the web console. I only added a endpoint variable handling so it is configurable from terraform.

@avoidik
avoidik / AddCloudWatchEC2.md
Created March 27, 2019 08:24 — forked from akiatoji/AddCloudWatchEC2.md
Add CloudWatch Memory/Disk monitoring to EC2

AWS EC2 Memory and Disk monitoring/alert

AWS kind of sucks when it comes to monitoring Memory and Disk usage on EC2, as in they don't provide it out of the box. AWS instead gives you a set of perl scripts to do this via CloudWatch custom metrics.

Details are here:

Monitoring Memory and Disk Metrics for Amazon EC2 Linux Instances

The following is the actual steps used to get Disk/Memory stats into CloudWatch

@avoidik
avoidik / ec2-create-role.sh
Created February 19, 2019 07:22 — forked from li0nel/ec2-create-role.sh
EC2 Create Role for Docker Compose
# Create an IAM role
aws iam create-role --role-name Laravel-EC2-Role \
--assume-role-policy-document '{"Version":"2012-10-17","Statement":[{"Sid":"","Effect":"Allow","Principal":{"Service":"ec2.amazonaws.com"},"Action":"sts:AssumeRole"}]}'
# Add an IAM policy granting access to CloudWatch
aws iam put-role-policy --role-name Laravel-EC2-Role --policy-name Laravel-CloudWatch-EC2-Permissions \
--policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["logs:CreateLogStream","cloudwatch:PutMetricData","ec2:DescribeTags","logs:DescribeLogStreams","logs:CreateLogGroup","logs:PutLogEvents","ssm:GetParameter"],"Resource":"*"}]}'
# Add an IAM policy granting access to your S3 bucket
aws iam put-role-policy --role-name Laravel-EC2-Role --policy-name Laravel-S3-EC2-Permissions \
@avoidik
avoidik / AWS Swarm cluster.md
Created February 19, 2019 07:22 — forked from ghoranyi/AWS Swarm cluster.md
Create a Docker 1.12 Swarm cluster on AWS

This gist will drive you through creating a Docker 1.12 Swarm cluster (with Swarm mode) on AWS infrastructure.

Prerequisites

You need a few things already prepared in order to get started. You need at least Docker 1.12 set up. I was using the stable version of Docker for mac for preparing this guide.

$ docker --version
Docker version 1.12.0, build 8eab29e

You also need Docker machine installed.

@avoidik
avoidik / encrypeted_cert_session.py
Created February 12, 2019 09:15 — forked from aiguofer/encrypeted_cert_session.py
Creating a Python requests session using a passphrase protected Client side Cert
import ssl
from requests.adapters import HTTPAdapter
CFG_FILE = '<path_to_cfg>'
secure_hosts = [
'https://<host>'
]
class SSLAdapter(HTTPAdapter):
def __init__(self, certfile, keyfile, password=None, *args, **kwargs):
@avoidik
avoidik / use_pfx_with_requests.py
Created February 12, 2019 09:15 — forked from erikbern/use_pfx_with_requests.py
How to use a .pfx file with Python requests – also works with .p12 files
import contextlib
import OpenSSL.crypto
import os
import requests
import ssl
import tempfile
@contextlib.contextmanager
def pfx_to_pem(pfx_path, pfx_password):
''' Decrypts the .pfx file to be used with requests. '''