In general, AWS services can be accessed using
- AWS web interface,
- API libraries in a programming language, such as
boto3for Python 3, - AWS command-line interface, i.e.
awscli.
I opted for the API library since it is
Kinnaird McQuade kmcquade
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| a4b | |
| account | |
| acm | |
| acm-pca | |
| amplify | |
| apigateway | |
| application-autoscaling | |
| appstream | |
| appsync | |
| artifact |
0xdabbad00
/ resources_referenced_by_managed_policies.txt
Created
February 10, 2019 19:26
AWS managed policies resource reference, found using https://github.com/SummitRoute/aws_managed_policies and: cat policies/* | jq '.PolicyVersion.Document.Statement[].Resource' | sed 's/ //' | sort | uniq
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "*" | |
| "arn:*:iam::*:role/aws-service-role/s3.data-source.lustre.fsx.amazonaws.com/AWSServiceRoleForFSxS3Access_*" | |
| "arn:aws:a4b:*:*:gateway/*" | |
| "arn:aws:acm-pca:*:*:certificate-authority/*" | |
| "arn:aws:acuity:*:*:stream/deeplens*/*" | |
| "arn:aws:apigateway:*::/*" | |
| "arn:aws:apigateway:*::/account", | |
| "arn:aws:apigateway:*::/clientcertificates", | |
| "arn:aws:apigateway:*::/clientcertificates/*", | |
| "arn:aws:apigateway:*::/domainnames" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| function walk() { | |
| for secret in $(vault list $1 | tail -n +3) | |
| do | |
| if [[ ${secret} == *"/" ]] ; then | |
| walk "${1}${secret}" | |
| else | |
| echo "${1}${secret}" | |
| fi |
steinwaywhw
/ AWS Lambda: Hello World.md
Last active
March 8, 2022 10:40
An extremely simple AWS Lambda example in Python 3.
soloradish
/ vault_logrotate
Created
September 12, 2018 02:25
logrotate setting file for HashiCorp's Vault audit file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Change the path below to your own audit log path. | |
| /var/log/vault/audit.log { | |
| rotate 30 | |
| daily | |
| # Do not execute rotate if the log file is empty. | |
| notifempty | |
| missingok | |
| compress | |
| # Set compress on next rotate cycl to prevent entry loss when performing compression. | |
| delaycompress |
0xdabbad00
/ gist:e25cf5599881c13d3b644bc4109cf619
Created
August 9, 2018 14:40
trailblazer output (https://github.com/willbengtson/trailblazer-aws). Did have to comment out the call for s3 `upload_file` and `upload_fileobj`. Output sorted and the header line moved back to the top.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| EventSource, EventName, Recorded Name, Match | |
| a4b, AssociateDeviceWithRoom, associatedevicewithroom, True | |
| a4b, AssociateSkillGroupWithRoom, associateskillgroupwithroom, True | |
| a4b, CreateProfile, createprofile, True | |
| a4b, CreateRoom, createroom, True | |
| a4b, CreateSkillGroup, createskillgroup, True | |
| a4b, CreateUser, createuser, True | |
| a4b, DeleteProfile, deleteprofile, True | |
| a4b, DeleteRoom, deleteroom, True | |
| a4b, DeleteRoomSkillParameter, deleteroomskillparameter, True |
0xdabbad00
/ aws actions
Created
August 3, 2018 17:10
AWS API calls as extracted from boto using the technique on https://github.com/duo-labs/cloudtracker#aws_actionstxt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| a4b:AssociateContactWithAddressBook | |
| a4b:AssociateDeviceWithRoom | |
| a4b:AssociateSkillGroupWithRoom | |
| a4b:CreateAddressBook | |
| a4b:CreateContact | |
| a4b:CreateProfile | |
| a4b:CreateRoom | |
| a4b:CreateSkillGroup | |
| a4b:CreateUser | |
| a4b:DeleteAddressBook |
0xdabbad00
/ privilege_verbs.txt
Last active
October 6, 2019 22:13
AWS IAM privilege verbs, use https://gist.github.com/0xdabbad00/fa918ad85c0c3f0e0fa9a3f6b53696de and `cat privileges.txt | sed 's/.*://' | sed 's/\([A-Z][a-z]*\).*/\1/' | sort | uniq -c` and then removed the one letter apigateway results.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 5 Abort | |
| 9 Accept | |
| 3 Acknowledge | |
| 4 Activate | |
| 48 Add | |
| 23 Admin | |
| 6 Allocate | |
| 4 Apply | |
| 2 Approve | |
| 1 Archive |
Getting rke and Rancher setup to run kubernetes on arm is interesting. There is no official support yet via rancher, although there is interest and some work done towards those efforts. This is my attempt at getting a cluster of 3 Pis (2 3Bs and 1 3B+) provisioned and registered to a rancher 2 server.
I've successfully completed this both with Hypriot OS 1.9.0 and the arm64 builds https://github.com/DieterReuter/image-builder-rpi64 Both times I used the same basic cloud-init setup
TyMac
/ gist:2c7a907af17cb4c8d2479ad5b16cad5c
Created
June 7, 2018 19:23
Assure an ENA instance boots after a yum update
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| tldr - remove microcode_ctl package - configure dracut to insure needed drivers are included for kernel/initrd updates | |
| And exmaple - The Chef way: | |
| ################ | |
| 1.) create a recipe with the following code: | |
| ################ | |
| if node['ec2']['instance_type'].include? ( "c5" || "f1" || "g3" || "h1" || "i3" || "m4.16xlarge" || "m5" || "p2" || "p3" || "r4" || "x1" ) | |
| template '/etc/dracut.conf' do |