Skip to content

Instantly share code, notes, and snippets.

View apolloclark's full-sized avatar
💭
automating the world

Apollo Clark apolloclark

💭
automating the world
View GitHub Profile
@apolloclark
apolloclark / cloud environment questionnaire.md
Last active November 22, 2023 19:55
Questions to ask to understand a company's cloud environment

Cloud Environment Questionnaire

1. IT Security Regulations?

ex: SOC2, NIST 800-53, ISO 27001, PCI DSS (credit cards), HITRUST / HIPAA (healthcare), FIPS / FedRAMP (US Gov), GDPR (EU)

2. Cloud Provider(s)?

ex: AWS, Microsoft Azure, Google GCP, on-prem VMware

3. Compute Environment(s)?

ex: AWS EC2 VMs, AWS ECS (Docker), AWS EKS (Kubernetes K8S), Azure VM, Azure AKS (K8S), GCP VM, GCP GKE (K8S)

List all of the AWS Resources available to AWS CloudFormation

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html

curl -sSL https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/toc-contents.json \
  | jq '.contents[10].contents[0].contents[].include_contents' --raw-output \
  | grep -v "null" \
  | xargs -I % curl -sSL https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/% \
  | jq '.contents[].contents[] | [.title, (select(.contents != null) | .title + "::" + .contents[].title)]' --raw-output \
@apolloclark
apolloclark / upgrade_rhel.sh
Last active February 6, 2022 19:05
Upgrade RHEL / CentOS / Amazon Linux 2 / Oracle Linux systems
#!/bin/bash
# fix for CentOS 6.x
# https://stackoverflow.com/questions/21396508/yumrepo-error-all-mirror-urls-are-not-using-ftp-https-or-file
# There is an issue with CentOS 6.3 not supporting the modern TLS 1.2, so use the archive.kernel.org
"[Errno 14] problem making ssl connection"
sed -i 's,<find>,<replacement>,g' /etc/yum.repos.d/CentOS-Base.repo

Hello, I am Apollo Clark, a Cloud Architect, formerly with HashiCorp, with 13+ years of AWS experience, 4+ years of Azure Experience, and 3+ years of GCP experience. I've worked with the largest financial services companies in the world, and various US Dept of Defense (DoD) organizations, over the years on projects with security requirements of PCI-DSS, HIPAA, FedRAMP, and GDPR. AWS is an amazing service capable of a wide variety of uses, but with that flexibility comes a lot of complexity that is easy to misconfigure. Unfortunately, even in 2022, a lot of cloud provider services are not secure by default. This guide is a list of the most common mistakes I've seen. Many organizations adopted AWS organically, without any centralized planning, given the ease of using an oragnization credit card to spin up infrastucture in minutes, versus going through months of approval and waiting for physical hardware to be delivered, installed, configured, and made available into on-prem VMware based data centers. Whenver I

@apolloclark
apolloclark / upgrade_hashistack.sh
Created November 18, 2021 20:10
Upgrade HashiCorp tools in Ubuntu
#!/bin/bash -eu
PACKAGE_LIST="terraform packer sentinel vagrant";
for PACKAGE in $PACKAGE_LIST; do
# retrieve a link to the latest version
VERSION_LATEST=$(curl -sSLk https://releases.hashicorp.com/index.json \
| jq ".${PACKAGE}.versions | keys | .[]" | tr -d '"' \
| grep -v 'alpha\|beta\|rc\|oci\|ent' | sort --version-sort | tail -n1);
@apolloclark
apolloclark / upgrade_jq.sh
Created November 18, 2021 20:09
Upgrade JQ (JSON Query)
#!/bin/bash -eux
# retrieve a link to the latest version of Terraform
JQ_VERSION_LATEST=$(curl -sSL https://github.com/stedolan/jq/releases \
| grep -F '/releases/tag' | grep -v 'rc' | head -n1 | cut -d'"' -f2 | cut -d'/' -f6 | cut -d'-' -f2);
# get the currently installed version
JQ_VERSION_CURRENT=$(jq --version | cut -d'-' -f2);
# check if the latest version matches the currently installed version
@apolloclark
apolloclark / gcp_cheatsheet.md
Created January 26, 2021 20:03
Google Cloud cheatsheet
# list current config details
gcloud info

# list accounts
gcloud auth list

# list availalbe configs
gcloud config configurations list
@apolloclark
apolloclark / upgrade_hashistack.sh
Last active May 16, 2020 18:27
Bash scripts to upgrade locally installed HashiCorp programs
#!/bin/bash -eu
PACKAGE_LIST="terraform packer sentinel vagrant";
for PACKAGE in $PACKAGE_LIST; do
# retrieve a link to the latest version of Terraform
VERSION_LATEST=$(curl -sSLk https://releases.hashicorp.com/index.json \
| jq ".${PACKAGE}.versions | keys | .[]" | tr -d '"' \
| grep -v 'alpha\|beta\|rc\|oci' | sort --version-sort | tail -n1);
### Keybase proof
I hereby claim:
* I am apolloclark on github.
* I am apolloclark (https://keybase.io/apolloclark) on keybase.
* I have a public key ASC2AayT4Qb7Hxt6BAgO_ocgIbKf0IsyhmdaIalmO43ivAo
To claim this, I am signing this object:
@apolloclark
apolloclark / docker image base oses.md
Last active October 12, 2021 12:10
Docker Images, Base OS Support Matrix

"Official Docker Image" Base OS Support Matrix

Analysis was performced on Aug 11, 2019.

Support Matrix