Skip to content

Instantly share code, notes, and snippets.

View restump's full-sized avatar

Reuben Stump restump

7 followers · 6 following
  • Philadelphia, PA
View GitHub Profile
@restump
restump / restrict-data-read-permissions.json
Last active August 12, 2020 22:34
AWS IAM permissions to restrict sensitive data resources
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "RestrictSensitiveDataReadActions",
"Action": [
"cloudformation:GetTemplate",
"dynamodb:GetItem",
"dynamodb:BatchGetItem",
"dynamodb:Query",
@restump
restump / now-mid-aws-disco-permissions.json
Created August 12, 2020 22:16
Updated minimal IAM policy to support NOW AWS MID assume-role discovery
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"account:ListRegions",
"application-autoscaling:Describe*",
"autoscaling:Describe*",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResource",
@restump
restump / example-dd-http-call.py
Created July 28, 2020 20:51
def doHttpRequest(self, verb, url, headers=None, data=None):
options = {}
if headers:
options["headers"] = headers
if data:
options["data"] = data
try:
r = self.http._request(verb.lower(), url, options)
r.raise_for_status()
@restump
restump / DeleteRoleAllAccounts.py
Created April 22, 2019 12:03
Delete role on all accounts
#!/usr/bin/env python
import boto3
import pprint
import argparse
import csv
from multiprocessing import Process
from botocore.exceptions import ProfileNotFound, ClientError
@restump
restump / RemoveDefaultVPC.py
Created April 22, 2019 12:01
Remove default VPC
#!/usr/bin/env python
import boto3, argparse, sys, time
parser = argparse.ArgumentParser(description="Remove default VPC in specified account and region")
parser.add_argument('--account',
type=str )
parser.add_argument('--region',
type=str )
parser.add_argument('--role',
@restump
restump / storm-athena-query-examples.sql
Last active March 20, 2019 20:23
Storm Athena query examples
-- Default VPCs
SELECT *
FROM "stormreports"."ec2_vpcs"
WHERE isDefault = true
AND date = date_format(current_date, '%Y-%m-%d')
-- VPCs with no ENIs attached (possibly unused)
WITH e AS
(SELECT vpcid,
@restump
restump / cli.sh
Last active January 15, 2019 21:55
Register AMI with SRIOV and ENA
aws ec2 register-image --ena-support --sriov-net-support simple --virtualization-type hvm --name ami-base-centos --block-device-mappings '[{"DeviceName":"/dev/sda1","Ebs":{"SnapshotId":"snap-05168016823a3fc9f"}}]' --root-device-name /dev/sda1 --architecture x86_64 --profile rdc-com-production
aws ec2 create-tags --tags Key=OS,Value=CentOS Key=Application,Value=base --resources ami-423a593d --profile rdc-com-production
@restump
restump / terraform_s3_backend_init.tf
Created November 5, 2017 20:21
provider "aws" {
profile = "${var.profile}"
region = "${var.region}"
assume_role {
role_arn = "arn:aws:iam::${var.account_id}:role/${var.assume_role}"
}
}
resource "aws_s3_bucket" "tf_state_storage" {
@restump
restump / keybase.md
Created September 28, 2017 19:50
keybase.md

Keybase proof

I hereby claim:

  • I am stumpr on github.
  • I am rstump (https://keybase.io/rstump) on keybase.
  • I have a public key ASCiNmhMHXwRBxXLmd2xlg5YlXNx6WqqlSjfUkt_Zm-Uego

To claim this, I am signing this object:

@restump
restump / couchbase-load-ec2.sh
Created August 19, 2016 21:31
IFS=$'\n' read -rd '' -a array <<< "$(aws ec2 describe-instances | jq -c .Reservations[])"
n=0; for i in "${array[@]}"; do n=$((n+1)); cbc create $n -V "${i}"; done