mikegrima

This is code that makes it very easy to obtain a GitHub token for a GitHub application in Python.

This code works by performing the full song and dance required to obtain a token to operate in a GitHub organization. This manages the secret in AWS Secrets manager, caches the tokens and credentails, and refreshes them when neeeded.

The best part is the @github_auth decorator, which injects the credentials into your function when you supply the org name automagically.

mikegrima

KMS policies are funky as hell:

1. KMS key access is almost like cross-account policies but with some differences. KMS keys must have a policy that either:

   • Explicitly grants an IAM Principal access
   • Permits the AWS account in question the ability to delegate access to the key
   • Cross-account access works like any other: you need permissions on the resource and the IAM principal.
   • Same account access needs the first and/or second bullet -- this is unlike other resources, which by default, delegates IAM access to it.

2. The root principal ARN means that IAM in the account has permissions to delegate permissions to Roles/Managed Policies/etc. in the account. It does not grant access to all principals in the account.

mikegrima

"""
This gist covers how to:
- Make pytest fixtures for querying S3 buckets in AWS Config
- This tests the querying AWS Config's aggregated advanced query with full pagination (this works for non-aggregated queries as well)
- This also tests batch fetching resource configuration data out of the aggregator (this works for non-aggregated as well)
"""
import json
import os
from typing import Any, Dict, Generator, List
from unittest.mock import MagicMock