Skip to content

Instantly share code, notes, and snippets.

View gswallow's full-sized avatar

Greg Swallow gswallow

  • Indianapolis, IN, USA
View GitHub Profile
@gswallow
gswallow / get-em.sh
Created October 11, 2023 19:56
quick and dirty inventory of EC2 instances in response to CVE-2023-38545
#!/bin/bash
myaccount=$(eval echo $(aws sts get-caller-identity --query 'Account'))
aws ec2 describe-instances --region us-east-1 --query 'Reservations[].Instances[].{"KeyName": KeyName, "ImageId": ImageId, "PrivateIpAddress": PrivateIpAddress, "Name": Tags[?Key == `Name`]|[0].Value, "Region": `us-east-1` }' --output text | tr -s '\t' '|' >> .$myaccount.csv.$$
aws ec2 describe-instances --region us-east-2 --query 'Reservations[].Instances[].{"KeyName": KeyName, "ImageId": ImageId, "930604620050PrivateIpAddress": PrivateIpAddress, "Name": Tags[?Key == `Name`]|[0].Value, "Region": `us-east-2` }' --output text | tr -s '\t' '|' >> .$myaccount.csv.$$
aws ec2 describe-instances --region us-west-1 --query 'Reservations[].Instances[].{"KeyName": KeyName, "ImageId": ImageId, "PrivateIpAddress": PrivateIpAddress, "Name": Tags[?Key == `Name`]|[0].Value, "Region": `us-west-1` }' --output text | tr -s '\t' '|' >> .$myaccount.csv.$$
aws ec2 describe-instances --region us-west-2 --query 'Reservations[].Instances[].{"KeyNa
@gswallow
gswallow / get-events-by-pod-name-fragment.sh
Last active February 2, 2023 21:24
Get events by pod name (or a fragment thereof)
#!/bin/bash
pod_name=$1
while true; do
kubectl get events --sort-by='.lastTimestamp' \
-ojson \
| jq -r '.items[] | select((.involvedObject.name | contains("'$pod_name'")) and (.involvedObject.kind=="Pod")) | "\(.lastTimestamp) [\(.count)] \(.message)"'
echo
echo "---------"
echo
@gswallow
gswallow / git.tf
Last active April 6, 2023 14:49
Git info for terraform states
terraform {
required_providers {
external = {
source = "hashicorp/external"
version = "~> 2"
}
}
}
data "external" "git_remote_url" {
"metrics": {
...
"disk": {
"measurement": [
"used_percent",
"inodes_free"
],
"metrics_collection_interval": 60,
"resources": [
"*"
@gswallow
gswallow / Dockerfile
Created November 18, 2021 14:51
Janky Jenkins Docker Setup
FROM jenkins/jenkins:2.303.3-jdk11
USER root
RUN apt-get update && apt-get install -y lsb-release
RUN curl -fsSLo /usr/share/keyrings/docker-archive-keyring.asc \
https://download.docker.com/linux/debian/gpg
RUN echo "deb [arch=$(dpkg --print-architecture) \
signed-by=/usr/share/keyrings/docker-archive-keyring.asc] \
https://download.docker.com/linux/debian \
$(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list
RUN apt-get update && apt-get install -y docker-ce-cli
Error: Error when reading or editing Resource xxx for IAM Member (role "serviceAccount:service-508170527894@container-engine-robot.iam.gserviceaccount.com", "roles/cloudkms.cryptoKeyEncrypterDecrypter"): Request "Delete IAM Members roles/cloudkms.cryptoKeyEncrypterDecrypter serviceAccount:service-508170527894@container-engine-robot.iam.gserviceaccount.com for \"project \\\"xxx\\\"\"" returned error: Batch request and retried single request "Delete IAM Members roles/cloudkms.cryptoKeyEncrypterDecrypter serviceAccount:service-508170527894@container-engine-robot.iam.gserviceaccount.com for \"project \\\"xxx\\\"\"" both failed. Final error: Error retrieving IAM policy for project "xxx": googleapi: Error 401: Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
More details:
Reason: authError, Message: Invalid Credentials
@gswallow
gswallow / aws_billing_pdf.py
Created December 12, 2020 22:18
AWS: Generate a monthly-bill-by-account PDF
#!/usr/bin/env python
import boto3
import math
from io import BytesIO
from pdfdocument.document import PDFDocument
start_date='2020-11-01'
end_date='2020-12-01'
@gswallow
gswallow / patch-me.sh
Last active August 27, 2020 23:44
Save money on datadog.
#!/bin/bash
set -e
cat > patch.yaml <<-EOF
spec:
template:
metadata:
annotations:
ad.datadoghq.com/$1.logs: |-
@gswallow
gswallow / locals.tf
Created August 7, 2020 18:47
VPC locals for terraform
locals {
vpc_name = lower(format("%s-%s-%s", var.org, var.env, replace(replace(var.cidr_block, ".", "_"), "/", "-")))
az_names = length(data.aws_availability_zones.available.names) < var.subnet_count ? data.aws_availability_zones.available.names : slice(data.aws_availability_zones.available.names, 0, var.subnet_count)
public_subnet_cidrs = [
for i in range(length(local.az_names)):
cidrsubnet(var.cidr_block, var.subnet_cidr_mask - split("/", var.cidr_block)[1], i)
]
private_subnet_cidrs = [
for i in range(length(local.az_names), length(local.az_names) + length(local.az_names)):
cidrsubnet(var.cidr_block, var.subnet_cidr_mask - split("/", var.cidr_block)[1], i)
# Amazon EKS
aws eks update-kubeconfig --name whatever-its-called \
--dry-run --alias my-cluster > $HOME/.kube/config.d/my-cluster
rehash
# Azure Kubernetes Service
az aks get-credentials --name whatever-its-called \
--resource-group my-resource-group --context my-aks-cluster \
> $HOME/.kube/config.d/my-aks-cluster
rehash