Skip to content

Instantly share code, notes, and snippets.

View avoidik's full-sized avatar

Viacheslav Vasilyev avoidik

25 followers · 6 following
View GitHub Profile
@avoidik
avoidik / vault-credential-provider.py
Last active January 24, 2019 12:31 — forked from joelthompson/vault-credential-provider.py
#!/usr/bin/env python
import os
from botocore.credentials import CredentialProvider, RefreshableCredentials
import requests
from datetime import datetime, timedelta
class VaultCredentialProvider(CredentialProvider):
METHOD = 'vault'
CANONICAL_NAME = 'VaultRole'
@avoidik
avoidik / ssm_parameter_store.py
Created September 12, 2018 18:59 — forked from nqbao/ssm_parameter_store.py
Python class to provide a dictionary-like interface to access AWS SSM Parameter Store easily
# Copyright (c) 2018 Bao Nguyen <b@nqbao.com>
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
@avoidik
avoidik / copy-ssm-parameters
Created September 12, 2018 19:00 — forked from mvanholsteijn/copy-ssm-parameters
script to copy all SSM parameter store parameters to disk
#!/usr/bin/env python
#
# copy all SSM parameter store parameters to disk
#
import os, sys, argparse, boto3
parser = argparse.ArgumentParser(description='copy all parameter values to local')
parser.add_argument("--path", dest="path", required=True,
help="to copy the keys from", metavar="STRING")
parser.add_argument("--directory", dest="directory", required=True,
@avoidik
avoidik / awslambda.bootstrap.py
Created September 14, 2018 06:37 — forked from lucasrcosta/awslambda.bootstrap.py
AWS Lambda Python Runtime
# -*- coding: utf-8 -*-
# /var/runtime/awslambda/bootstrap.py
"""
aws_lambda.bootstrap.py
Amazon Lambda
Copyright (c) 2013 Amazon. All rights reserved.
Lambda runtime implemention
"""
@avoidik
avoidik / README.markdown
Created September 25, 2018 08:05 — forked from pat/LICENSE.txt
Running Setup SQL scripts on an RDS instance within a VPC, via Terraform

This Terraform configuration allows running a set of SQL commands on a new AWS RDS database instance that's operating within an AWS VPC.

The commands are executed via AWS Lambda functions - the first (rds_creation) operates outside the VPC and connects to the AWS API to determine credential information for the new database (endpoint, port, username, database). It then sends these details via SNS to another function operating within the VPC (rds_setup), which connects to the PostgreSQL database and executes the SQL commands.

The initial notification comes via SNS from the RDS events (and there is the configuration within the Terraform file here to set up that subscription).

Please note:

  • There are variables defined at the top of the Terraform file - everything else should be pretty self-contained (though you should definitely read through all of the code to ensure you understand it before using it).
  • The internal Lambda function is expecting a PostgreSQL database. This will need changing if you're
@avoidik
avoidik / dec.py
Created October 18, 2018 08:48 — forked from nmarley/dec.py
AWS KMS encryption/decryption using Python/Boto3
import boto3
import base64
if __name__ == '__main__':
session = boto3.session.Session()
kms = session.client('kms')
encrypted_password = 'AQECAHjgTiiE7TYRGp5Irf8jQ3HzlaQaHGYgsUJDaavnHcFm0gAAAGswaQYJKoZIhvcNAQcGoFwwWgIBADBVBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDDwxVQuG0oVwpkU7nQIBEIAoVGk1/wpserb+GVUOzE7PiL/Nr9fTDFKZfpKpF0ip2ct4B2q0Wn6ZZw=='
binary_data = base64.b64decode(encrypted_password)
@avoidik
avoidik / Makefile
Created October 18, 2018 08:48 — forked from ryu1kn/Makefile
Encrypt/decrypt with AWS KMS using AWS cli
# How to encrypt/decrypt your text/blob secret with AWS KMS with AWS cli
KEY_ID=alias/my-key
SECRET_BLOB_PATH=fileb://my-secret-blob
SECRET_TEXT="my secret text"
ENCRYPTED_SECRET_AS_BLOB=encrypted_secret_blob
DECRYPTED_SECRET_AS_BLOB=decrypted_secret_blob # Result of decrypt-blob target
encrypt-text:
@avoidik
avoidik / list.py
Created October 24, 2018 09:20
List certificates in ACM
#!/usr/bin/env python
# https://medium.com/@jbirdvegas/survey-all-your-aws-acm-certificates-f4c7ab83b02e
import sys
import boto3
import texttable
accounts = {
@avoidik
avoidik / README.md
Created October 29, 2018 07:37
AWS query examples

Top 10 Examples of AWS CLI Query

List Volumes showing attachment using Dictionary Notation

$ aws ec2 describe-volumes \
  --query 'Volumes[*].{ID:VolumeId,InstanceId:Attachments[0].InstanceId,AZ:AvailabilityZone,Size:Size}'
[
    {
        "InstanceId": "i-a071c394",
@avoidik
avoidik / sslscan.py
Created November 29, 2018 08:46 — forked from brandond/sslscan.py
Stupid simple Python SSL certificate chain scanner
#!/usr/bin/env python
from __future__ import print_function
import sys
import socket
import requests
import datetime
from OpenSSL import SSL, crypto