Filipe Ferreira filipeandre
filipeandre
/ import_resources.py
Last active
October 14, 2025 15:51
Import resources into existing stack
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Create an IMPORT change set while preserving all existing parameters, | |
| with inline resource specs and optional parameter overrides. | |
| Usage examples: | |
| # Single DynamoDB import, keep all parameters as-is | |
| python import_changeset.py \ | |
| --stack-name TargetStack \ |
filipeandre
/ rds_rekey_instance.py
Last active
October 14, 2025 15:53
Re-encrypt an Amazon RDS *instance* by snapshot→copy(with KMS)→restore.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Re-encrypt an Amazon RDS *instance* by snapshot → copy(with KMS) → restore. | |
| Usage: | |
| python rds_rekey_instance.py \ | |
| --db-identifier my-db \ | |
| --target-kms-key-id arn:aws:kms:us-east-1:123456789012:key/abcd-... \ | |
| --region us-east-1 \ | |
| [--source-snapshot-id my-existing-snapshot] \ |
filipeandre
/ s3_reencrypt.py
Last active
October 16, 2025 14:19
S3 encryption migration tool (SSE-S3 -> SSE-KMS or ensure SSE-KMS)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # -*- coding: utf-8 -*- | |
| """ | |
| S3 encryption migration tool (SSE-S3 -> SSE-KMS or ensure SSE-KMS). | |
| - Generates manifest of current objects with SSE/KMS info + drift status | |
| - Ensures bucket default encryption (optional) | |
| - Re-encrypts objects in place to a target KMS key (idempotent, resumable) | |
| Usage: |
filipeandre
/ aws-waf-add-block-all-rule.py
Last active
October 14, 2025 15:40
This script acts as lock down switch for all regional aws waf for current region
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Add a top-priority "block-all" rule to every AWS WAFv2 Web ACL in the current Region (REGIONAL scope), | |
| without removing existing rules. The change is fully reversible via a local backup file. | |
| Features | |
| - Enumerates all REGIONAL Web ACLs in the configured AWS region | |
| - Creates (or reuses) IP sets that match all IPv4 and IPv6 addresses (0.0.0.0/0 and ::/0) | |
| - Inserts a new rule at priority 0 that blocks all traffic, shifting existing rule priorities down | |
| - Stores a per-WebACL backup (original rules + metadata) under ./waf_backups/<region>/<web_acl_id>.json |
filipeandre
/ extract.js
Last active
September 17, 2025 11:01
Extract env variables from ecs task definition
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (() => { | |
| // Find the env vars table body via CSS attribute selectors | |
| const tbody = document.querySelector( | |
| '[id^="awsui-tabs-"][id$="-envVariables-panel"] table tbody' | |
| ); | |
| if (!tbody) return ""; | |
| const rows = Array.from(tbody.querySelectorAll("tr")); |
filipeandre
/ rollback_s3.sh
Created
August 22, 2025 19:36
Restore s3 bucket to previous version before today
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| # Restore S3 objects updated today to their most recent version before today (Europe/Lisbon). | |
| # Usage: | |
| # ./restore.sh [--bucket BUCKET] [--yes] [--dry-run] | |
| BUCKET="" | |
| ASSUME_YES="false" | |
| DRY_RUN="false" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| lb_traffic_report.py (human-friendly) | |
| Enumerate all ALBs, NLBs, and CLBs in the current AWS account & region and fetch key | |
| CloudWatch metrics for a given time window. Outputs a summary table (stdout) and | |
| optionally writes a CSV. | |
| Human-friendly improvements: | |
| - Byte values shown using dynamic units (B/KB/MB/GB/TB) with 2 decimal places. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Count AWS CloudWatch alarms: | |
| - If three alarms exist with the same base name and end with p1, p2, p3 (e.g., foo-p1, foo-p2, foo-p3), | |
| they count as 1 (a "triad"). | |
| - All other alarms are counted separately. | |
| Usage: | |
| python count_alarms.py [--region eu-west-1] [--role-arn arn:aws:iam::123456789012:role/RoleName] | |
| """ |
filipeandre
/ A-create-external-kms.yaml
Last active
August 13, 2025 16:45
AWS CloudFormation demonstration with **three stacks** showing end-to-end external KMS key creation, import, and usage,
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: > | |
| Creates an EXTERNAL‑origin KMS key and retrieves import parameters (public key + import token) | |
| via a Lambda-backed custom resource. Stores them in SSM Parameter Store (SecureString) and | |
| outputs base64 values for use by Stack B. | |
| Parameters: | |
| AliasName: | |
| Type: String | |
| Default: 'ext/demo' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| if [ $# -eq 0 ] | |
| then | |
| echo "Usage: ./`basename "$0"` region secretN..." | |
| exit 2 | |
| fi | |
| for secret in "${@:2}" | |
| do |
NewerOlder