Varun Chandak varunchandak

RDS Authentication via IAM User/Role

Enable IAM Authentication in existing RDS using the link here: Enabling and Disabling IAM Database Authentication

Login to RDS with master username password.

mysql -h <RDS_ENDPOINT> --user <MASTER_USERNAME> --password

Design is the process of changing your mind until you get it right.
Everyone makes mistakes. The trick is to make them when nobody is looking.
Confidence is the feeling you have before you really understand the problem.
A train station is where the train stops. A bus station is where the bus stops. A work station...
A picture is worth a thousand words, 1000 words takes about 5K, therefore no picture should be larger than 5K.
I wish I were what I was when I wished I were what I am.
Artificial intelligence usually beats real stupidity.
CAPS LOCK – Preventing Login Since 1980.
The truth is out there. Anybody got the URL?
The Internet: where men are men, women are men, and children are FBI agents.

	======
	Videos
	======

	DevOps

	What is DevOps? by Rackspace - Really great introduction to DevOps
	https://www.youtube.com/watch?v=_I94-tJlovg

	Sanjeev Sharma series on DevOps (great repetition to really get the DevOps concept)

	#!/bin/bash

	export AWS_ACCOUNT_ID="<ENTER_ACCOUNT_ID>"
	export AWS_DEFAULT_REGION="ap-south-1"

	SNS_ARN="arn:aws:sns:ap-south-1:$AWS_ACCOUNT_ID:GetPublicIP"
	PUBIPADDRESS="$(curl -s icanhazip.com)"
	INST_NAME="$(aws ec2 describe-instances --filters Name=ip-address,Values="$PUBIPADDRESS" --query 'Reservations[].Instances[].Tags[?Key==`Name`].Value')"

	aws sns publish \

	#!/bin/bash

	# The below is run as root user (or sudo user) and tested on Ubuntu Machine
	export USER_NAME="<ENTER USER NAME HERE>"
	# Create a User with restricted bash shell
	useradd -s /bin/rbash -m "$USER_NAME"
	mkdir /home/"$USER_NAME"/.ssh/
	cd /home/"$USER_NAME"/
	# Copy the pubkeys here and change permissions
	cat "<AUTH_KEYS>" >> .ssh/authorized_keys

	#!/bin/bash

	aws ec2 describe-regions \| jq -r '.Regions[].RegionName' \| while read REGION; do
	export AWS_DEFAULT_REGION="$REGION"
	export AWS_REGION="$REGION"
	export AWS_DEFAULT_OUTPUT="json"
	export AWS_ACCOUNT_ID="$(aws sts get-caller-identity --output json \| jq -r .Account)"
	export CENTRAL_AWS_BUCKET="config-bucket-123456789012"
	echo "$REGION"
	echo "{\"name\": \"default\",\"s3BucketName\": \"$CENTRAL_AWS_BUCKET\",\"configSnapshotDeliveryProperties\": {\"deliveryFrequency\": \"Three_Hours\"}}" > deliveryChannel.json

	---
	name: "Validate Terraform files"
	on:
	push:
	branches:
	- main
	pull_request:
	jobs:
	terraform:
	name: Validate Terraform files

	#!/bin/bash

	curl https://github.com/varunchandak.keys >> $HOME/.ssh/authorized_keys

-#!/bin/bash
-aws iam list-roles --max-items 1000 | jq -r '.Roles[]|[.RoleName, .Arn, .CreateDate]|@csv' | grep -v -e '/aws-service-role/' -e '"AWSServiceRoleFor' -e '/aws-reserved/' | tr -d '"' | cut -d, -f1 | while read ROLE_NAME; do
-    echo "$ROLE_NAME"
-    aws iam get-role --role-name "$ROLE_NAME" | jq -r '.Role|.CreateDate, .RoleLastUsed.LastUsedDate // "UNUSED"'
-done | paste -d, - - - | grep ",UNUSED$" | cut -d, -f1 | while read UNUSED_ROLE_NAME; do
-    echo "$UNUSED_ROLE_NAME is unused"
-    aws iam list-attached-role-policies --role-name "$UNUSED_ROLE_NAME" | jq -r '.AttachedPolicies[].PolicyArn' | while read ATTACHED_POLICY; do
-        aws iam detach-role-policy --role-name "$UNUSED_ROLE_NAME" --policy-arn "$ATTACHED_POLICY"
-    done