recentpopularlog in

rdark : aws   209

« earlier  
How to prompt users to reset their AWS Managed Microsoft AD passwords proactively | AWS Security Blog
Solution Overview
When users’ passwords expire, they typically contact their directory service administrator to help them reset their password. For security reasons, they then need to reset their password again on their computer so that the administrator has no knowledge of the new password. This process is time-consuming and impacts productivity. In this post, I present a solution to remind users automatically to reset AWS Managed Microsoft AD passwords. The following diagram and description explains how the solution works.
aws  active_directory  password  security 
5 days ago by rdark
powdahound/ec2instances.info: Amazon EC2 instance comparison site
I was sick of comparing EC2 instance metrics and pricing on Amazon's site so I made ec2instances.info. Improvements welcome!
aws  ec2  pricing  finance  github  python 
6 days ago by rdark
Use the AWS CLI to Call and Store SAML Credentials
aws sts assume-role-with-saml --role-arn arn:aws:iam::ACCOUNTNUMBER:role/IAM_ROLE --principal-arn arn:aws:iam::ACCOUNTNUMBER:saml-provider/SAML_PROVIDER --saml-assertion BASE64_ENCODED_RESPONSE
SAML  aws  cli  authentication  testing 
april 2019 by rdark
gruntwork-io/cloud-nuke: A tool for cleaning up your cloud accounts by nuking (deleting) all resources within it
This repo contains a CLI tool to delete all cloud (AWS, Azure, GCP) resources in an account. cloud-nuke was created for situations when you might have an account you use for testing and need to clean up leftover resources so you're not charged for them. Also great for cleaning out accounts with redundant resources.

The currently supported functionality includes:

AWS
Deleting all Auto scaling groups in an AWS account
Deleting all Elastic Load Balancers (Classic and V2) in an AWS account
Deleting all EBS Volumes in an AWS account
Deleting all unprotected EC2 instances in an AWS account
Deleting all AMIs in an AWS account
Deleting all Snapshots in an AWS account
Deleting all Elastic IPs in an AWS account
Deleting all Launch Configurations in an AWS account
Deleting all ECS services in an AWS account
Deleting all EKS clusters in an AWS account
aws  github  devops  terraform  golang  cleaning 
march 2019 by rdark
rebuy-de/aws-nuke: Nuke a whole AWS account and delete all its resources.
Remove all resources from an AWS account.

Development Status aws-nuke is stable, but it is likely that not all AWS resources are covered by it. Be encouraged to add missing resources and create a Pull Request or to create an Issue.

Caution!
Be aware that aws-nuke is a very destructive tool, hence you have to be very careful while using it. Otherwise you might delete production data.

We strongly advice you to not run this application on any AWS account, where you cannot afford to lose all resources.
aws  github  devops  terraform  golang  cleaning 
march 2019 by rdark
aws-bash/sign-aws.sh at master · emmanuel/aws-bash · GitHub
Sign requests using AWS v4 signing protocol, using bash/GNU toolchain only
bash  aws  sign  security  HMAC  shell 
march 2019 by rdark
uber/assume-role-cli: CLI for AssumeRole is a tool for running programs with temporary credentials from AWS's AssumeRole API.
CLI for AssumeRole is a CLI tool for running programs with temporary AWS credentials. It is intended to be used by operators for running scripts and other tools that don't have native AssumeRole support.
aws  cli  golang  github  iam 
january 2019 by rdark
remind101/assume-role: Easily assume AWS roles in your terminal.
This tool will request and set temporary credentials in your shell environment variables for a given role.

OSX, Linux + Windows Support
aws  iam  cli  golang  github  shell 
january 2019 by rdark
AWS Cloud Map Documentation
AWS Cloud Map is a fully managed service that you can use to create and maintain a map of the backend services and resources that your applications depend on.
aws  aws_services  aws_cloud_map  service_discovery  service_mesh 
january 2019 by rdark
Deploying EFF's Certbot in AWS Lambda
This post describes the steps needed to deploy Certbot (a well-maintained LetsEncrypt/ACME client) inside AWS Lambda. The setup used below is now powering 100% automated TLS certificate renewals for this website - the lambda runs once a day and if there’s less than 30 days remaining on my existing cert it will provision a new one and import it to be served by my CDN.
eff  lambda  certbot  letsencrypt  ssl  tls  certificates  aws 
november 2018 by rdark
runatlantis/atlantis: Terraform For Teams
A self-hosted golang application that listens for Terraform pull request events via webhooks.
terraform  aws  github  devops  atlantis  CI 
october 2018 by rdark
Simplify Login with Application Load Balancer Built-in Authentication | AWS News Blog
Today I’m excited to announce built-in authentication support in Application Load Balancers (ALB). ALB can now securely authenticate users as they access applications, letting developers eliminate the code they have to write to support authentication and offload the responsibility of authentication from the backend. The team built a great live example where you can try out the authentication functionality.
aws  authentication  SAML  oidc  load_balancing 
may 2018 by rdark
Walkthrough: Use the AWS CLI with Run Command - AWS Systems Manager
aws ssm describe-instance-information --output text --query "InstanceInformationList[*]"
aws  ssm  cli  reference 
may 2018 by rdark
gruntwork-io/terragrunt: Terragrunt is a thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules.
Terragrunt is a thin wrapper for Terraform that provides extra tools for keeping your Terraform configurations DRY, working with multiple Terraform modules, and managing remote state.
golang  devops  github  terraform  aws  terragrunt  locking 
may 2018 by rdark
Automating Terraform Projects with Jenkins | Object Partners
This post, will show you how to set up a Jenkins Pipeline for planning and applying your Terraform projects. This post was written against the following versions:
ci  jenkins  terraform  aws 
may 2018 by rdark
cesar-rodriguez/concourse-pipelines: Collection of Concourse pipelines for AWS infrastructure provisioning
This repository contains a collection of Concourse CI pipelines used for AWS infrastructure provisioning. Each pipeline directory contains a pipeline.yml defining the pipeline, and a settings.yml file containing the expected parameters. The scripts/ci directory contain the scrips used by the templates.
terraform  concourse_ci  ci  github  aws 
may 2018 by rdark
AWS Quick Start
Automated gold-standard deployments on AWS
aws  automation  reference  github 
march 2018 by rdark
kislyuk/domovoi: AWS Lambda event handler manager
Domovoi is an extension to AWS Chalice to handle AWS Lambda event sources other than HTTP requests through API Gateway. Domovoi lets you easily configure and deploy a Lambda function to run on a schedule or in response to a variety of events like an SNS push notification, S3 event, or custom state machine transition:
domovoi  chalice  aws  lambda  serverless  aws_lambda 
march 2018 by rdark
aws/chalice: Python Serverless Microframework for AWS
Chalice is a python serverless microframework for AWS. It allows you to quickly create and deploy applications that use Amazon API Gateway and AWS Lambda. It provides:

A command line tool for creating, deploying, and managing your app
A familiar and easy to use API for declaring views in python code
Automatic IAM policy generation
python  aws  framework  lambda  aws_lambda  serverless 
march 2018 by rdark
awslabs/kinesis-aggregation: AWS libraries/modules for working with Kinesis aggregated record data
The Amazon Kinesis Producer Library (KPL) gives you the ability to write data to Amazon Kinesis with a highly efficient, asyncronous delivery model that can improve performance. The KPL is extremely powerful, but is currently only available as a Java API wrapper around a C++ executable which may not be suitable for all deployment environments. Similarly, the powerful Kinesis Client Library (KCL) provides automatic deaggregation of KPL aggregated records, but not all Kinesis consumer applications, such as those running on AWS Lambda, are currently capable of leveraging this deaggregation capability.
kinesis  python  nodejs  java  aws 
march 2018 by rdark
aws-samples/aws-kube-codesuite: The CodeSuite Continuous Deployment reference architecture demonstrates how to achieve continuous deployment of an application to a Kubernetes cluster using AWS CodePipeline, AWS CodeCommit, AWS CodeBuild and AWS Lambda.
The CodeSuite Continuous Deployment reference architecture demonstrates how to achieve continuous deployment of an application to a Kubernetes cluster using AWS CodePipeline, AWS CodeCommit, AWS CodeBuild and AWS Lambda.
aws  deployment  ci  aws_codepipeline  aws_codecommit  kubernetes  aws_codebuild  aws_lambda  github 
february 2018 by rdark
AdRoll/hologram: Easy, painless AWS credentials on developer laptops.
Hologram exposes an imitation of the EC2 instance metadata service on developer workstations that supports the temporary credentials workflow. It is accessible via the same HTTP endpoint to calling SDKs, so your code can use the same process in both development and production. The keys that Hologram provisions are temporary, so EC2 access can be centrally controlled without direct administrative access to developer workstations.
authentication  iam  iam_roles  aws  ec2  golang  github 
february 2018 by rdark
localstack/localstack: 💻 A fully functional local AWS cloud stack. Develop and test your cloud apps offline!
LocalStack provides an easy-to-use test/mocking framework for developing Cloud applications.

Currently, the focus is primarily on supporting the AWS cloud stack.
atlassian  testing  devops  aws  lambda  python  github 
february 2018 by rdark
airbnb/streamalert: StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
aws  monitoring  events  airbnb  analytics  kinesis  python 
december 2017 by rdark
fugue/credstash: A little utility for managing credentials in the cloud
CredStash is a very simple, easy to use credential management and distribution system that uses AWS Key Management Service (KMS) for key wrapping and master-key storage, and DynamoDB for credential storage and sharing.
aws  password  security  dynamoDB  KMS  python  github 
november 2017 by rdark
99designs/aws-vault: A vault for securely storing and accessing AWS credentials in development environments
Securely store and access credentials for AWS. AWS Vault stores IAM credentials in your operating systems secure keystore and then generates temporary credentials from those to expose to your shell and applications. It's designed to be complementary to the aws cli tools, and is aware of your profiles and configuration in ~/.aws/config.

Currently the supported backends are:

macOS Keychain
KWallet
freedesktop.org Secret Service
Encrypted file
aws  development  security  amazon  cli  mac  linux 
november 2017 by rdark
Using Policy Conditions with AWS KMS - AWS Key Management Service
You can use a kms:ViaService condition key to control access to a CMK when the CMK is used in the context of an AWS service integrated with AWS KMS. For example, you can allow a user to use a CMK only through one particular integrated service. To do this, use the kms:ViaService condition key with the KMS ViaService Name for the service. You can specify one or more services in each kms:ViaService condition key.
aws  documentation  KMS  encryption  services 
november 2017 by rdark
Pause/Resume AWS Lambda Reading Kinesis Stream - Alestic.com
At Campus Explorer we are using AWS Lambda extensively, with sources including Kinesis, DyanmoDB, S3, SNS, CloudFormation, API Gateway, custom events, and schedules.

This week, Steve Caldwell (CTO and prolific developer) encountered a situation which required pausing an AWS Lambda function with a Kinesis stream source, and later resuming it, preferably from the same point at which it had been reading in each Kinesis shard.

We brainstormed a half dozen different ways to accomplish this with varying levels of difficulty, varying levels of cost, and varying levels of not-quite-what-we-wanted-ness.

A few hours later, Steve shared that he had discovered the answer (and suggested I pass on the answer to you).
aws  lambda  kinesis  cli  pause  streams 
november 2017 by rdark
aws/aws-sdk-java-v2: The official AWS SDK for Java - Version 2 (Developer Preview)
The AWS SDK for Java 2.0 Developer Preview is a rewrite of 1.0 with some great new features. As with version 1.0, it enables you to easily work with Amazon Web Services but also includes features like non-blocking IO and pluggable HTTP implementation to further customize your applications. You can get started in minutes using Maven or any build system that supports MavenCentral as an artifact source.
java  scala  aws  SDK  github 
october 2017 by rdark
murati-hu/CloudRemoting: CloudRemoting PowerShell module - an easier way to PSRemoting, RDP and SSM Run Commands.
CloudRemoting module provides an easy and scriptable way to connect to EC2, Azure or to other machines via RDP, PSRemoting and SSM sessions on top of the standard cmdlets by:

Seamless EC2 Administrator Credential decryption for RDP and PSRemoting
Credential pass-through for RDP Sessions
Pipeline integrated SSM Run Command execution
windows  powershell  remote  sysadmin  aws  azure  cloud 
september 2017 by rdark
aweber/rabbitmq-autocluster: Automatically manage node membership in RabbitMQ clusters
A RabbitMQ plugin that clusters nodes automatically using Consul, etcd2, DNS, AWS EC2 tags or AWS Autoscaling Groups for service discovery.
rabbitMQ  consul  etcd  aws  automation  github 
august 2017 by rdark
Complete AWS IAM Reference
Creating IAM policies is hard. We collect information from the AWS Documentation to make writing IAM policies easier.
aws  iam  security  amazon  reference 
june 2017 by rdark
garnaat/placebo: Make boto3 calls that look real but have no effect.
Placebo allows you to mock boto3 calls that look just like normal calls but actually have no effect at all. It does this by allowing you to record a set of calls and save them to a data file and then replay those calls later (e.g. in a unit test) without ever hitting the AWS endpoints.
python  testing  boto  aws  lambda  TDD 
may 2017 by rdark
Welcome to Gordon — Gordon 0.6.0 documentation
Gordon is a tool to create, wire and deploy AWS Lambdas using CloudFormation
gordon  lambda  aws  cloudformation 
may 2017 by rdark
awslabs/cloudwatch-logs-subscription-consumer: A specialized Amazon Kinesis stream reader (based on the Amazon Kinesis Connector Library) that can help you deliver data from Amazon CloudWatch Logs to any other system in near real-time using a CloudWatch L
The CloudWatch Logs Subscription Consumer is a specialized Amazon Kinesis stream reader (based on the Amazon Kinesis Connector Library) that can help you deliver data from Amazon CloudWatch Logs to any other system in near real-time using a CloudWatch Logs Subscription Filter.

This project includes a sample CloudFormation template that can quickly bring up an Elasticsearch cluster on Amazon EC2 fed with real-time data from any CloudWatch Logs log group. The CloudFormation template will also install Kibana 3 and Kibana 4.1, and it comes bundled with a few sample Kibana 3 dashboards for the following sources of AWS log data:
logging  aws  elasticsearch  kibana  s3  cloudwatch  lambda  github 
march 2017 by rdark
How to Access the AWS Management Console Using AWS Microsoft AD and Your On-Premises Credentials | AWS Security Blog
With AWS Microsoft AD, you can grant your on-premises users permissions to resources such as the AWS Management Console instead of adding AWS Identity and Access Management (IAM) user accounts or configuring AD Federation Services (AD FS) with Security Assertion Markup Language (SAML).
authentication  active_directory  aws  iam 
march 2017 by rdark
hashicorp/best-practices
This repository contains best-practice infrastructures across different cloud providers, regions, environments, and operating systems.
aws  github  packer  terraform  best_practices  hashicorp 
february 2017 by rdark
Sam-Martin/terraform-aws-config-module: A Terraform Module for Controlling AWS Config (via CloudFormation)
This Terraform module allows you to automatically setup custom AWS Config rules.
This module uses CloudFormation and Lambda in the back end to control the AWS Config components, due to a lack of support for AWS Config in Terraform at the time of writing.

Native AWS config support is due v. soon.
terraform  cloudformation  aws_config  aws 
february 2017 by rdark
SparkleFormation:
SparkleFormation is a Ruby DSL library for programmatically composing template files commonly used by IaaS orchestration APIs. It has builtin helper methods targeting the AWS CloudFormation API and includes translations for other providers (e.g. Rackspace, OpenStack, etc).
ruby  aws  devops  cloudformation  open_source  g 
february 2017 by rdark
« earlier      
per page:    204080120160

Copy this bookmark:





to read