curl -Ls https://gist.githubusercontent.com/atheiman/45e45ada59e558b21f951d8e81faf345/raw/cloudshell-setup.sh?$RANDOM | bash
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Usage examples: | |
# | |
# Create a new CodeCommit repository with CodeBuild CI/CD | |
# | |
# aws cloudformation deploy \ | |
# --stack-name my-new-project \ | |
# --template-file ./template.yml \ | |
# --capabilities CAPABILITY_IAM \ | |
# --parameter-overrides 'RepositoryDescription=My new project description' | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Install GNU parallel in a CentOS-based docker container (e.g. for CI/CD) | |
# install needed dependencies | |
yum install -q -y bzip2 tar make perl | |
# download source | |
curl -s -L -o /tmp/parallel.tar.bz2 https://ftpmirror.gnu.org/parallel/parallel-latest.tar.bz2 | |
# extract source | |
tar -C /tmp -xjf /tmp/parallel.tar.bz2 | |
# navigate into extracted source | |
cd /tmp/parallel-* | |
# build and install |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
set -eux | |
CA_FILE_PREFIX="${CA_FILE_PREFIX:-"example-corp-ca"}" | |
CA_CN="${CA_CN:-"Example Corp CA"}" | |
CA_SUBJ="${CA_SUBJ:-"/C=US/O=Example Corp/CN=${CA_CN}"}" | |
SERVER_CN="${SERVER_CN:-"server.example.com"}" | |
SERVER_FILE_PREFIX="${SERVER_FILE_PREFIX:-"${SERVER_CN}"}" | |
SERVER_SUBJ="${SERVER_SUBJ:-"/C=US/O=Example Corp/CN=${SERVER_CN}"}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Description: > | |
Builds a basic /24 2x2 VPC (Public/Private, 2 AZs). The VPC CIDR block is determined by a combination | |
of the account ID and Region, giving a _very strong_ probability of a unique range within an | |
Organization. | |
Parameters: | |
VpcNameTag: | |
Type: String | |
Default: 2x2 | |
VpcCidrSuffix: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Conditions: | |
Never: | |
Fn::Equals: [a, b] | |
Resources: | |
NullResource: | |
Type: Custom::Null | |
Condition: Never |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: '2010-09-09' | |
Description: > | |
SSM Automation Document run a custom SSM Command Document | |
against a fleet of target instances. | |
Parameters: | |
AutomationDocumentName: | |
Type: String | |
Description: Name of created SSM Automation Document | |
Default: MyAutomation |
Add a local rdp user via user data at launch of a Windows EC2 instance. Note that this includes a password passed in thru both the user data and powershell command line and is a bad security practice because they can be viewed later. At a minimum, you should connect to the instance immediately after launch and change the password interactively. Also, delete the userdata from the instance after launch. More secure would be to connect the instance to a domain for authentication or use AWS native tooling to connect to the instance (e.g., AWS Session Manager).
<powershell>
# Be sure to set the username and password on these two lines. Of course this is not a good
# security practice to include a password at command line.
These Kubernetes resource manifest yaml files demonstrate
vault.yaml
- setting up a test vault service
- configuring the vault service with kubernetes auth and a role for a test app
app.yaml
- running an app with a
vault-init
initContainer to login to vault and obtain a token - a
vault-secret-manager
container to continuously interact with vault throughout the lifecycle of the app - an
app
container to use the secret saved by thevault-secret-manager
container
NewerOlder