Skip to content

Instantly share code, notes, and snippets.

View lcasartelli's full-sized avatar

Luca Casartelli lcasartelli

11 followers · 5 following
View GitHub Profile
@lcasartelli
lcasartelli / deny-all-ec2.json
Created May 3, 2021 07:30
Deny All EC2 actions
{
"Statement": [{
"Effect": "Deny",
"Action": "ec2:*",
"Resource": "*"
}]
}
@lcasartelli
lcasartelli / deny-guest-user-iam-actions.json
Created May 3, 2021 07:32
Deny guest IAM actions
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Deny",
"Action": ["iam:*"],
"Resource": "*",
"Condition": {
"ArnEquals": {
"aws:PrincipalARN": "arn:aws:iam::*:user/guest"
}
@lcasartelli
lcasartelli / deny-not-admin-iam-actions.json
Created May 3, 2021 07:35
Deny IAM for not admin
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Deny",
"Action": ["iam:*"],
"Resource": "*",
"Condition": {
"ArnNotEquals": {
"aws:PrincipalARN": "arn:aws:iam::*:role/Admin*"
}
@lcasartelli
lcasartelli / deny-not-us-regions.json
Created May 3, 2021 07:36
Deny regions outside US
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Resource": "*",
"Condition": {
"StringNotEquals": {
"aws:RequestedRegion": [
"us-east-1",
@lcasartelli
lcasartelli / aws-eks-kubeconfig-generator.py
Created August 26, 2021 15:15
Generate a valid kubeconfig file for EKS cluster
import json
import boto3
from datetime import datetime, timedelta
from botocore import session
from awscli.customizations.eks.get_token import STSClientFactory, TokenGenerator, TOKEN_EXPIRATION_MINS
def _get_expiration_time():
t_exp = datetime.utcnow() + timedelta(minutes=TOKEN_EXPIRATION_MINS)
return t_exp.strftime('%Y-%m-%dT%H:%M:%SZ')