Jonathan Le jonathanhle

Keybase proof

I hereby claim:

I am jonathanhle on github.
I am jonathanhle (https://keybase.io/jonathanhle) on keybase.
I have a public key ASBc9Jif9zaS6tJIibA947uteCd8_WfgcY560sBj5XzsBgo

To claim this, I am signing this object:

vault_aws_auth

These are python 2 and 3 snippets showing how to generate headers to authenticate with HashiCorp's Vault using the AWS authentication method. There's also a Ruby implementation which uses version 3 of the AWS SDK for Ruby.

The python scripts look for credentials in the default boto3 locations; if you need to supply custom credentials (such as from an AssumeRole call), you would use the botocore.session.set_credentials method before calling create_client.

	import boto3

	def get_instance_name(fid):
	"""
	When given an instance ID as str e.g. 'i-1234567', return the instance 'Name' from the name tag.
	:param fid:
	:return:
	"""
	ec2 = boto3.resource('ec2')
	ec2instance = ec2.Instance(fid)

	• Releases Managed
	• You have to have some type of deployable software object before you can do anything.
	• The object here is the AMI, container, deb, zip, something
	• Deployments are Automated
	• Now that you have a deployable software object, you have to automate the deployment.
	• APIs for Observability
	• Both before and after the object is deployed, you're going to have spend some time instrumenting/researching what characteristics need to be exposed for monitoring at runtime.
	• What should be measured so we can do whatever is needed to ensure the systems keep working optimally
	• Monitoring & Alerting
	• Using the APIs, logs, whatever from above, implement monitoring and alerting on KPIs

	#!/usr/bin/env bash
	#
	# gh-dl-release! It works!
	#
	# This script downloads an asset from latest or specific Github release of a
	# private repo. Feel free to extract more of the variables into command line
	# parameters.
	#
	# PREREQUISITES
	#

	import boto3
	import csv

	# define header row and start a row_list with the header present
	header_row = ["account_id", "aws_region", "environment", "instance_id", "instance_name", "security_groups"]
	row_list = [header_row]

	regions = ["us-east-1", "us-west-2"]

	# ---------------------------------------------------------------------------------------------------------------------

	{
	"Comment": "Invoke Lambda every 10 seconds",
	"StartAt": "ConfigureCount",
	"States": {
	"ConfigureCount": {
	"Type": "Pass",
	"Result": {
	"index": 0,
	"count": 6
	},

	# Cancel Pending Runs
	export project_env="nonprod"
	export project_prefix="project-prefix-yada-foo-bar"
	export working_workspaces=$(tfh workspace list \| grep ${project_prefix} \| grep ${project_env})

	for wrkspace in ${working_workspaces}:
	do
	echo $wrkspace
	pending_run=`tfh run list -name ${wrkspace} \| grep "pending" \| awk '{print $1}' \| head -n 1`

	resource "aws_lambda_function" "service" {
	# Your usual aws_lambda_function configuration settings here

	tracing_config {
	mode = "Active"
	}
	}

	import boto3
	import hvac
	import ssl
	#ssl._create_default_https_context = ssl._create_unverified_context

	session = boto3.Session()
	credentials = session.get_credentials()

	client = hvac.Client(verify=False)
	client.auth_aws_iam(credentials.access_key, credentials.secret_key, credentials.token, role='example-role', header_value='vault.service.consul')