Download
curl -fsSLO https://github.com/smallstep/cli/releases/download/v0.23.0/step_linux_0.23.0_armv7.tar.gz
Viacheslav Vasilyev avoidik
avoidik
/ cognito.yaml
Created
May 2, 2022 18:14
— forked from singledigit/cognito.yaml
Create a Cognito Authentication Backend via CloudFormation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: Cognito Stack | |
| Parameters: | |
| AuthName: | |
| Type: String | |
| Description: Unique Auth Name for Cognito Resources | |
| Resources: | |
| # Creates a role that allows Cognito to send SNS messages | |
| SNSRole: |
avoidik
/ aws_cognito_aes.md
Created
May 2, 2022 18:14
— forked from asaphe/aws_cognito_aes.md
Amazon Elasticsearch - Kibana Access using AWS Cognito and Google Apps
That is a mouthful and the process could be clearer. doesn't help that there's a lot of outdated information and conflicting articles with links upon links pointing you in every which way but the right way.
I'll use Google Apps as a SAML provider for the purpose of this gist.
The process is triggered from the AES Console and required multiple steps to configure the IAM Roles and chosen IDP
avoidik
/ vault-agent-pki.md
Created
April 14, 2022 14:34
— forked from kawsark/vault-agent-pki
Vault Agent with PKI certificate rendering
These variables will be used for this snippet. Please substitute accordingly.
export RootCAName="root_ca"
export InterCAName="inter_ca"
export CommonName="hashidemos.io"
export InterCommonName="inter.hashidemos.io"
export Root_CA_ttl="730h"
export Inter_CA_ttl="350h"
export Cert_ttl="8h"cat > /etc/default/step-ca <<'EOF'
STEPPATH="/etc/step-ca"
PASSWORD_FILE="/etc/step-ca/passwd"
CONFIG_FILE="/etc/step-ca/config/ca.json"
STEP_CA_TOKEN="..."
EOF
cat > /etc/systemd/system/step-ca.service <<'EOF'
[Unit]curl -fsSLO https://go.dev/dl/go1.17.8.linux-armv6l.tar.gz
sudo rm -rf /usr/local/go
sudo tar -C /usr/local -xzf go1.17.8.linux-armv6l.tar.gz
rm -f go1.17.8.linux-armv6l.tar.gz
cat <<'EOF' | tee -a ~/.profile > /dev/nullPrerequisites:
- Mikrotik API is enabled (IP > Services > API, enabled on port 8728 and/or 8729)
- Mikrotik API ports are allowed (IP > Firewall > Filter Rules, input chain has both TCP ports allowed)
- Mikrotik management interface IP address is reachable
- Linux (VM or real hardware)
Steps
- Download the script from here to your Linux machine - https://wiki.mikrotik.com/wiki/Manual:API_Python3
- Find all input rules, input and press enter twice:
avoidik
/ cloudtrail-template-elasticsearch.json
Created
December 27, 2021 07:33
— forked from kesor/cloudtrail-template-elasticsearch.json
An ElasticSearch Index template for CloudTrail events
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PUT _template/cloudtrail | |
| { | |
| "index_patterns": ["cloudtrail-*"], | |
| "settings": { | |
| "number_of_shards": 1, | |
| "mapping": { | |
| "total_fields": { | |
| "limit": 10000 | |
| } | |
| } |