This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #-------------------------------------------------------------- | |
| # Install Chamber | |
| #-------------------------------------------------------------- | |
| # Chamber is used to access secrets which are stored encrypted | |
| # in aws ssm paramater store | |
| # Get the latest version of Chamber | |
| curl -s https://api.github.com/repos/segmentio/chamber/releases/latest \ | |
| | grep "browser_download_url.*linux-amd64" \ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| for user in $(aws iam list-users --output text | awk '{print $NF}'); do | |
| aws iam list-access-keys --user $user --output text | |
| done |
tom-butler
/ remote-state-provisioner.tf
Created
August 21, 2017 00:27
Terraform remote-state-provisioner
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #============================================================== | |
| # remote-state.tf | |
| #============================================================== | |
| # This file is used to set variables that are passed to sub | |
| # modules to build our stack | |
| #-------------------------------------------------------------- | |
| # Global Config | |
| #-------------------------------------------------------------- |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| */5 * * * * cd /opt/healthz && /bin/echo "`date +'\%Y-\%m-\%dT\%H:\%M:\%SZ'` `/usr/local/bin/goss validate -f nagios_verbose`" >> healthz.log |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get the time in UTC 15 minutes from now | |
| data "external" "date" { | |
| # use date to get the time 15 mins from now | |
| program = ["bash", "${path.module}/date.sh"] | |
| } | |
| # Wait 15 minutes before scaling instances. | |
| resource "aws_autoscaling_schedule" "delaystart" { | |
| scheduled_action_name = "delaystart" | |
| min_size = 2 |
tom-butler
/ AddAllOrgAccountsToPolicy.py
Created
June 20, 2017 04:49
Boto3: Add All Org Accounts To IAM Policy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import boto3 | |
| import json | |
| central_logging = '<insert your central logging account id here>' | |
| # Variables for the grafana monitoring server | |
| role_name = 'monitoring_prodcloudwatch_access_role' | |
| policy_arn = 'arn:aws:iam::<insert your central logging account id here>:policy/monitor-assumerole' |
tom-butler
/ centralMonitoringRole.tf
Created
June 20, 2017 04:30
Terraform: Central Monitoring Role
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #============================================================== | |
| # tom-butler / centralMonitoringRole.tf | |
| #============================================================== | |
| variable "central_logging_account_id" {} | |
| # The Role itself | |
| resource "aws_iam_role" "monitor_access_role" { | |
| name = "central-logging-monitor" | |
| path = "/" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "InstanceProfile", | |
| "Effect": "Allow", | |
| "Action": [ | |
| "sts:AssumeRole" | |
| ], | |
| "Resource": [ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "", | |
| "Effect": "Allow", | |
| "Principal": { | |
| "AWS": "arn:aws:iam::<CentralMonitoringAccountId>:role/<CentralMonitoringRole>" | |
| }, | |
| "Action": "sts:AssumeRole" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #AWS keys should be set before this | |
| echo "Installing Scout security auditor" | |
| git clone https://github.com/nccgroup/Scout2 | |
| cd Scout2 | |
| pip3 install -r requirements.txt | |
| python Scout2.py |