farhad-taran’s gists

farhad-taran / README.md

Created February 13, 2024 18:02

How to bypass audit step when blocked on packages that do not have a patch

some times your deployment might be blocked by a audit scan that shows a security alarm for a package that does not have a patch yet. in these instances you probably would like to deploy and wait for patch to become available. the following command can let you bypass the audit step for a specific PR but still allow you to be warned of the issue for the next change. you simply have to make your last commit as skip audit.

 "audit": "yarn audit --level high --groups dependencies; if [ \"$?\" -ge 8 ] && [ -z $(git log --format=%B -n 1|grep \"skip audit\") ]; then exit 1; else exit 0; fi;",

farhad-taran / README.md

Created January 23, 2024 16:57

How to use ETags to not refetch already retrieved S3 items

Refetching items from S3 can be quite memory and cpu intensive, and it can be unnecessary if the item has not been changed since. S3 allows for detecting changes to an item through the use of ETags. In the below code I am using the Etag of an item to see if it has changed since the last time it was fetched, if it was not changed since then the cached version of the item is returned instead.

const cache = new Map();
const eTags = new Map();
async function getObjectWithEtags({bucket, key} = {}) {
  const params = {
 Bucket: bucket,

farhad-taran / README.md

Last active December 23, 2023 11:37

InMemory cache implementation for AWS Lambda

The following is a simple in memory cache implementation for the aws lambda environment. be aware that this class will use the memory available to your lambda instance and will be cleared off of any data when all instances of your lambda die off and the cold start cycle begins.

import { CacheItem, IDate } from "./types";

// global variables to hold data between different lambda invokations

global.memCachedItems = {};
global.memCachedItemAges = {};

farhad-taran / README.md

Last active December 23, 2023 11:21

Parsing a single tfvars file into lambda resource and nodejs app

I dislike having multiple copies of the same env file, for example when trying to run some integration tests I needed to access the same env variables that I had to load into a lambda resource in terraform.

to make this easier I place the app related env variables in a tfvars file and loop and load them into the lambda env variables like so:

locals {
  node-env     = "test"
  app_env_vars = { 
    for line in split("\n", file("app.tfvars")):
      trimspace(split("=", line)[0]) => trimspace(split("=", line)[1])

farhad-taran / README.md

Last active November 18, 2023 18:54

Creating and assigning secrets manager secrets using terraform

When creating a secret initially, most people tend to first create the secret and then add the value manually, below I demonstrate a way to do all of this in one step:

resource "aws_secretsmanager_secret" "order_status_lambda_debug_api_key" {
  name = "order_status_lambda_api_key"
  # makes sure the secret is immediately destroyed and replaced if new value provided
  recovery_window_in_days = 0
  description = "an api key for the purposes of invoking the lambda and api gateway when debugging is neeeded"
}

farhad-taran / README.md

Last active November 16, 2023 22:25

AWS api gateway - enqueue api gateway incoming requests onto SQS for decouple processing

The following terraform script allows us to have incoming api gateway requests be enqueued onto sqs for late processing.

locals {
  api_gateway_name = "order-status-webhooks-gateway"
}

data "aws_region" "current" {}
resource "aws_iam_role" "api" {
  name = local.api_gateway_name

farhad-taran / README.md

Last active July 4, 2023 12:41

Implementing a code freeze policy and disallowing merges on Fridays and weekends and bank holidays

It might be a good idea to enforce a no merge policy on our main branch so that the system does not experience downtime when staff are not working. this could be late fridays, weekends or on bank holidays.

I have written a small bash script that I can use in our CI jobs, the bash script either succeeds or fails based on wether today is a holiday or a bankholiday. I can then hook this job to github as a required status check. if this status check fails then a merge to main or master wont be possible as that would indidcate that today is a code freeze.

In the following script I am utalizing a public api to get a list of all bank holidays and am checking it against todays date. I am also checking wether today is a friday or a weekend.

The only way to merge a branch is to name it beginning with bug-fix so that critical bugs can be fixed in production.

farhad-taran / README.md

Last active March 30, 2023 19:56

Converting JSON to a text based flat file of key value pairs

Editing json files inline for non technical people could be challening and error prone, therefor we have opted to convert json files to flat file formats comprising of key value, the following script can convert a javascript object to such format:

var o = { 
    foo:"bar",
    arr:[1,2,3],
    subo: {
        foo2:"bar2"
    }
};

farhad-taran / README.md

Last active September 16, 2024 08:36

Useful Lambda cloudwatch log insights queries

1 - Find all logs for a given request ID or X-Ray trace ID

fields @timestamp, @message
| filter @message like /REQUEST_ID_GOES_HERE/

2 - Find 50 most recent errors

filter @message like /(?i)(Exception|error|fail)/
| fields @timestamp, @message

farhad-taran / README.md

Last active March 9, 2023 20:53

Enabling data event access cloudtrail audits on dynamoDB or S3

Data events were recently enabled for cloudtrail which can show granular detils about modifications on DynamoDB or S3. this can greatly help when trying to audit data access and for security insights. the following terraform script demonstrates how to achieve this:

data "aws_dynamodb_table" "credential-store" {
  name = "credential-store"
}

resource "aws_cloudwatch_log_group" "infra-audit-data-access" {
  name = "infra-audit-data-access"

Farhad Taran farhad-taran