hflamboauto1

#!/bin/bash

SESSION_FILE=~/.aws/mfa_session
PROFILE=${1:-$AWS_PROFILE}
ARGS=''
EVAL=0

if [ "$PROFILE" = "-e" ]; then
        EVAL=1
        shift

hflamboauto1

#!/usr/bin/env bash

ROLE=${1:-}

if [ -z "$ROLE" ]; then
    echo "usage: $0 <role arn> [session name]"
    exit 1
fi
ROLE_NAME=${ROLE##*/}
SESSION_NAME=${2:-aws-$ROLE_NAME}

hflamboauto1

[agent]
  interval = "10s"
  round_interval = true
  metric_batch_size = 1000
  metric_buffer_limit = 10000
  collection_jitter = "0s"
  flush_interval = "10s"
  flush_jitter = "3s"
  precision = ""
  debug = false

hflamboauto1

To send the ip addres of the client/webbrowser to the server/webserver behind it there are a few options:
 1- option forwardfor
 2- send-proxy
 3- source 0.0.0.0 usesrc clientip

1- option forwardfor
This is an easy option to configure in haproxy, it does require that http layer7 processing is used 'mode http' and the webserver/ webapplication that wants to log or use the ip of the client must use the http-header 'X-Forwarded-For' to read the clientip.

2- send-proxy / send-proxy-v2 / send-proxy-*
This is can be used both with mode tcp and http, it does however require that the server also understands the proxyprotocol. Some applications have added support for this protocol which adds a few bytes with ip information before the actual request. 

hflamboauto1

This is an example of using Linux Kernel's Transparent Proxy to route all TCP traffic to docker containers without having to resort to PROXY protocol which is not supported by some applications (e.g. sshd). To get the demo to work you only need vagrant installed:

git clone [this-gist] tproxy-demo
cd tproxy-demo
vagrant up

hflamboauto1

This is an example of using Linux Kernel's Transparent Proxy to route all TCP traffic to docker containers without having to resort to PROXY protocol which is not supported by some applications (e.g. sshd). To get the demo to work you only need vagrant installed:

git clone [this-gist] tproxy-demo
cd tproxy-demo
vagrant up

hflamboauto1

# This is an example of the Stack Exchange Tier 1 HAProxy config
# The only things that have been changed from what we are running are: 
# 1. User names have been removed
# 2. All Passwords have been remove
# 3. IPs have been changed to use the example/documentation ranges
# 4. Rate limit numbers have been changed to randome numbers, don't read into them

userlist stats-auth
        group admin users $admin_user
        user $admin_user insecure-password $some_password

hflamboauto1

#
# This config file is a combination of ideas from:
#   http://www.37signals.com/svn/posts/1073-nuts-bolts-haproxy
#   http://www.igvita.com/2008/05/13/load-balancing-qos-with-haproxy/
#   http://wiki.railsmachine.com/HAProxy
#   http://elwoodicious.com/2008/07/15/nginx-haproxy-thin-fastcgi-php5-load-balanced-rails-with-php-support/
#   http://upstream-berlin.com/2008/01/09/using-haproxy-with-multiple-backends-aka-content-switching/
#   http://wiki.railsmachine.com/HAProxy
#   http://gist.github.com/raw/25482/d39fb332edf977602c183194a1cf5e9a0b5264f9
#

hflamboauto1

# HOWTO: Installing Vault On AWS with S3 backend

This is a HOWTO on installing [Vault](https://www.vaultproject.io/https://github.com/hashicorp/vault) on AWS with S3.  

Components used:
* [Vault](https://www.vaultproject.io/https://github.com/hashicorp/vault)
* [AWS S3](https://aws.amazon.com/s3/)
* [AWS IAM](https://aws.amazon.com/iam/)
* [AWS EC2](https://aws.amazon.com/ec2/)
* [OpenSSL](https://www.openssl.org/)

hflamboauto1

# HOWTO: Installing Vault On AWS with S3 backend

This is a HOWTO on installing [Vault](https://www.vaultproject.io/https://github.com/hashicorp/vault) on AWS with S3.  

Components used:
* [Vault](https://www.vaultproject.io/https://github.com/hashicorp/vault)
* [AWS S3](https://aws.amazon.com/s3/)
* [AWS IAM](https://aws.amazon.com/iam/)
* [AWS EC2](https://aws.amazon.com/ec2/)
* [OpenSSL](https://www.openssl.org/)