NOTE - An updated and more complete example can be found here.
Here's acl.json:
{
Brian Green greenbrian
slackpad
/ bootstrap.md
Last active
September 27, 2020 17:57
Bootstrapping Consul Servers with Version 8 ACLs Enabled (v0.8.1)
These are python 2 and 3 snippets showing how to generate headers to authenticate with HashiCorp's Vault using the AWS authentication method. There's also a Ruby implementation which uses version 3 of the AWS SDK for Ruby.
The python scripts look for credentials in the
default boto3 locations;
if you need to supply custom credentials (such as from an AssumeRole call), you would use the
botocore.session.set_credentials
method before calling create_client.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #### first class expresssion | |
| variable "ami" {} | |
| resource "aws_instance" "example" { | |
| ami = var.ami | |
| } | |
| #### list & map | |
| resource "aws_instance" "example" { | |
| vpc_security_group_ids = var.security_group_id != "" ? [var.security_group_id] : [] | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "aws_security_group" "sg" { | |
| vpc_id = "${var.vpc}" | |
| name = "${var.name}" | |
| description = "${var.description}" | |
| tags = "${merge(var.tags, map("Name", format("%s", var.name)))}" | |
| } | |
| resource "aws_security_group_rule" "sg_rule_sg_ids" { | |
| count = "${length(var.inbound_sources) * (var.add_rules ? 1 : 0)}" | |
| type = "${var.type}" |
apolloclark
/ devsecops_maturity_model.md
Last active
October 8, 2024 01:35
DevSecOps Maturity Model
DevSecOps has finally become popular within the wider IT industry in 2019. I started as a web developer in 2001, learned about testing automation, system deployment automation, and "infrastructure as code" in 2012, when DevOps was becoming a popular term. DevOps became common after the release of The Phoenix Project in Jan 2013. It has taken 7+ years for security to become integrated within the DevOps methodology. The following is a list of concepts I go through with project owners, project managers, operations, developers, and security teams, to help establish how mature their DevOps and security automation is, and to help them increase that maturity over time. This model is based on experience consulting with a variety of US Financial, Healthcare, and Department of Defense, organizations, and combines:
- PCI DSS
- NYDFS
- [HITRUST CSF](https://hitrustalliance.net/product-tool/hitrus
OlderNewer