Skip to content

Instantly share code, notes, and snippets.

View giuliocalzolari's full-sized avatar

Giulio Calzolari giuliocalzolari

19 followers · 3 following
View GitHub Profile
@giuliocalzolari
giuliocalzolari / insecure-sg-scanner.py
Last active September 14, 2018 09:02
AWS insecure Security Group Scanner
#!/usr/bin/env python
import boto3
import json
import sys
def find_public_addresses(ec2):
public_instances = {}
instance_public_ips = {}
instance_private_ips = {}
instance_ident = {}
@giuliocalzolari
giuliocalzolari / C:\Program Files\Amazon\EC2config\Settings\AWS.EC2.Windows.CloudWatch.json
Last active July 23, 2019 07:56
AWS CloudWatch with Custom metrics(Memory,FreeDisk) with EC2config
{
"EngineConfiguration":{
"PollInterval":"00:00:15",
"Components":[
{
"Id":"ApplicationEventLog",
"FullName":"AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
"Parameters":{
"LogName":"Application",
"Levels":"1"
@giuliocalzolari
giuliocalzolari / buildspec.yml
Last active February 7, 2019 11:08
rclone example
version: 0.2
env:
variables:
RCLONE_CONFIG_PUBLIC_TYPE: "http"
RCLONE_CONFIG_S3_TYPE: "s3"
RCLONE_CONFIG_S3_PROVIDER: "AWS"
RCLONE_CONFIG_S3_ENV_AUTH: "true"
RCLONE_CONFIG_S3_REGION: "eu-central-1"
@giuliocalzolari
giuliocalzolari / gist:c78ca1a8b154502c4009cb3a7d5f871e
Created May 8, 2018 20:31
backup.sh
#!/bin/bash
export AWS_DEFAULT_PROFILE=zzzzzz
BUCKET=xxxxx
# DIRS="$HOME/.bash_profile $HOME/.gitconfig $HOME/.aws $HOME/.ssh $HOME/.bashrc $HOME/.gnupg $HOME/.bash_history"
DIRS="$HOME/.bash_profile $HOME/.gitconfig $HOME/.aws $HOME/.ssh $HOME/.bashrc $HOME/.gnupg $HOME/.bash_history $HOME/git"
echo "Backup $DIRS.."
@giuliocalzolari
giuliocalzolari / seelog.xml
Created March 27, 2018 12:14
SSM Log to Cloudwatch
<seelog type="adaptive" mininterval="2000000" maxinterval="100000000" critmsgcount="500" minlevel="info">
<exceptions>
<exception filepattern="test*" minlevel="error"/>
</exceptions>
<outputs formatid="fmtinfo">
<console formatid="fmtinfo"/>
<rollingfile type="size" filename="/var/log/message" maxsize="30000000" maxrolls="5"/>
<custom name="cloudwatch_receiver" formatid="fmtjs" data-log-group="/aws/ssm/demolog"/>
</outputs>
<formats>
@giuliocalzolari
giuliocalzolari / .bash_profile
Created March 15, 2018 09:29
aws cli helper
# auto mfa
complete -W "$(ls -1 ~/.aws/*.mfa | awk -F "/" '{print $5}' | sed -e 's/\.mfa$//')" mfa
function mfa () {
oathtool --base32 --totp "$(cat ~/.aws/$1.mfa)" | pbcopy ;
}
# manual mfa
function mmfa () {
oathtool --base32 --totp "$1" ;
@giuliocalzolari
giuliocalzolari / nginx.conf
Created February 7, 2018 15:05
Using nginx to proxy to an AWS internal ELB
daemon off;
worker_processes auto;
events { worker_connections 1024; }
http {
sendfile on;
@giuliocalzolari
giuliocalzolari / sg-query.py
Created February 6, 2018 17:03
AWS SG Query
import boto3
def find_public_addresses(ec2):
public_instances = {}
instance_public_ips = {}
instance_private_ips = {}
instance_ident = {}
instances = ec2.instances.filter(Filters=[{'Name': 'instance-state-name', 'Values': ['running'] }])
# Ranges that you define as public subnets in AWS go here.
@giuliocalzolari
giuliocalzolari / AmazonVPCReadOnlyAccess.json
Created November 29, 2017 15:42
AWS managed policies
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeAddresses",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeCustomerGateways",
"ec2:DescribeDhcpOptions",
@giuliocalzolari
giuliocalzolari / s3-to-es-lambda.py
Last active January 27, 2021 18:25
S3 Logs to Elasticsearch
##################################################
### Elasticsearch host name
ES_HOST = "search-******************.ap-northeast-1.es.amazonaws.com"
### Elasticsearch prefix for index name
INDEX_PREFIX = "elb_log"
### ELB name for type name
ELB_NAME = "*****"