Skip to content

Instantly share code, notes, and snippets.

View dcloud9's full-sized avatar

Don Capito dcloud9

5 followers · 1 following
  • DCLOUD9
  • United Kingdom
View GitHub Profile
@dcloud9
dcloud9 / gist:80ff5d3bd3c70408a6f65a6020d8e1a4
Created January 6, 2021 10:59
AWS S3 bucket policy - allow SSO with ReadOnly - AWS accounts with Control Tower as well
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListBucket",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<aws-account-id>:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AWSReadOnlyAccess_abcde12345..."
},
"Action": "s3:ListBucket",
@dcloud9
dcloud9 / gist:b41e1c2d69ced9377b9afd21dbe8e1c5
Created January 22, 2020 16:01
gcp-gcloud-get-serviceaccounts-roles
#! /usr/bin/env bash
# Get all roles attached to all service accounts, users, groups per project per environment in GCP
# Dependencies: Create and auth GCP named config using $gcloud config configurations create <env>|<named config>
# Requires: gcloud, jq
set -e
ENVLIS="dev tst stg prd"
PROJECTLIST="/tmp/projects"
SALIST="/tmp/sa"
TIMESTAMP=$(date "+%Y%m%d%H%M")
@dcloud9
dcloud9 / EC2-StackPolicy-for-Updates
Last active June 6, 2018 19:08
Secure your stack from accidental deletion of resources like EC2 instance. Enable and Disable stack policy during updates.
#! /bin/bash -e
#-----
# Pre-reqs: AWSCLI tool (python, pip) installed and configured. -DC 28.1.15
# v1.1: Added parameter/value checks. -DC 23.2.15
#-----
StackName=$1
Profile=$3
Creds=$HOME/.aws/credentials
[ $# -lt 3 ] && (echo "Usage: $0 <stack-name> {on|off} <profile>"; exit 1)
@dcloud9
dcloud9 / stripdown-debian.sh
Created February 10, 2014 16:07
How-to Strip Down Debian Distro
#! /bin/bash
# Should be run on a vanilla Debian install.
# This script will strip it down to bare minimum and yet bootable distro.
# Simulated run onlyi (--simulate). Uncomment this and Comment out the "Real Deal".
#apt-get --simulate purge $(dpkg-query -Wf '${Package;-40}${Essential}${Priority}\n'|awk '$2 ~ /nooptional|noextra/ {print $1}'|grep -v -E 'anacron|busybox|initramfs-tools|insserv|klibc-utils|libklibc|libsemanage-common|libsemanage1|libustr-1.0-1|libuuid-perl|linux-base|linux-image')
# Real deal.
apt-get purge $(dpkg-query -Wf '${Package;-40}${Essential}${Priority}\n'|awk '$2 ~ /nooptional|noextra/ {print $1}'|grep -v -E 'anacron|busybox|initramfs-tools|insserv|klibc-utils|libklibc|libsemanage-common|libsemanage1|libustr-1.0-1|libuuid-perl|linux-base|linux-image')