Skip to content

Instantly share code, notes, and snippets.

View atheiman's full-sized avatar
😬

Austin Heiman atheiman

😬
39 followers · 10 following
View GitHub Profile
@atheiman
atheiman / aws_config_generator.py
Last active November 4, 2025 22:48
AWS SSO Identity Center accounts and roles config generator - ~/.aws/config
#!/usr/bin/env python3
# Write content for an AWS config file (~/.aws/config) to stdout based on available SSO accounts and roles
# from the previously executed `aws sso login`.
#
# Example usage:
#
# aws sso login --profile my-existing-sso-profile
# python ./aws_config_generator.py
#
@atheiman
atheiman / .gitconfig
Last active September 16, 2025 16:07
gitconfig showing some common options I use
[user]
name = John Doe
email = [email protected]
username = jdoe01
[alias]
co = checkout
br = branch
st = status
# show cloned repo local path
@atheiman
atheiman / config_aggreg_adv_query.py
Created July 8, 2025 14:57
AWS Config aggregator advanced SQL-like query using Python and boto3. These advanced queries are much more efficient than previous Config query methods.
#!/usr/bin/env python3
# Example usage from shell:
#
# AWS_PROFILE=organization-management-account AGGREGATOR_NAME=my-config-aggregator python ~/tmp/config_aggreg_adv_query.py
#
import os
import json
import boto3
@atheiman
atheiman / config_aggregator_sql_advanced_query.sh
Last active June 24, 2025 15:28
AWS Config aggregator advanced query (SQL-like syntax) SELECT statement for resources where a tag key equals a tag value
# https://docs.aws.amazon.com/config/latest/developerguide/querying-AWS-resources.html
# Select EC2 instances from all accounts and regions with tag key "updateAutomationEnabled" is set to value "true"
aws configservice select-aggregate-resource-config \
--configuration-aggregator-name org-config-aggregator \
--expression "SELECT resourceId, resourceType, tags
WHERE resourceType = 'AWS::EC2::Instance'
AND tags.tag = 'updateAutomationEnabled=true'"
@atheiman
atheiman / README.md
Last active November 10, 2025 15:46
Dockerfile container startup script options

These Dockerfile examples demonstrate two options for running a script at container startup, then running the main container process. The example script downloads index.html from https://example.com/ and writes it into Tomcat webapps directory. The index.html is then served by the container at http://localhost:8080/default-app/.

docker build . -t tomcat-with-startup
docker run --rm -it -p 8080:8080 tomcat-with-startup

exec is the preferred option because the startup.sh shell script will be replaced by catalina.sh as the main container process. As the main process of the container, it can respond to signals sent to the container.

@atheiman
atheiman / ecs-fargate-sleep-task.sh
Last active November 10, 2025 15:51
Run an ECS Fargate task running `sleep` and exec into the task. This can be used to get a Linux shell in a subnet without launching an EC2 instance. Note that since I created this originally, CloudShell can be launched within a VPC, but there may be cases where this is still useful.
# Prerequisites:
# - ECS Fargate cluster
# - ECS task IAM role: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html
# Be sure to include ECS exec permissions: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html#ecs-exec-required-iam-permissions
# - (optional) ECS task execution IAM role: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html
aws ecs list-task-definitions
# Register a task definition for alpine image running "sleep 600" so you can exec into the container for 10 min
@atheiman
atheiman / ssm-automation-doc.yml
Created November 5, 2024 22:37
SSM automation document to set all EBS volumes attached to a given EC2 instance to delete on instance terminate
description: Set all EBS volumes of an EC2 instance to delete on instance termination
schemaVersion: '0.3'
parameters:
InstanceId:
type: String
AutomationAssumeRole:
type: String
default: 'arn:{{global:AWS_PARTITION}}:iam::{{global:ACCOUNT_ID}}:role/AWS-SystemsManager-AutomationExecutionRole'
description: >-
(Optional) The ARN of the role that allows Automation to perform the actions on your behalf. If no role is
@atheiman
atheiman / cross-acct-config-evaluation-role.yml
Last active November 1, 2024 14:22
CloudFormation template creating a cross account role assumable by a source arn with permission to submit Config evaluations. Can be deployed as a stackset.
Parameters:
RoleName:
Description: Name of role to be created - this will be suffixed with the region name
Type: String
SourceRoleArn:
Description: Source IAM role ARN to assume the role
Type: String
Resources:
ConfigCrossAcctEvaluationRole:
@atheiman
atheiman / 1-config.tf
Last active December 4, 2024 01:18
AWS Config custom policy rule using Guard to evaluate tag compliance. Deployed as an OrganizationConfigRule w/ Terraform
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 5.0"
}
}
}
resource "aws_config_organization_custom_policy_rule" "required_tags" {
@atheiman
atheiman / config_tag_compliance.tf
Last active December 4, 2024 01:18
Terraform to deploy a Config custom rule w/ Lambda function to evaluate resource tag compliance
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 5.0"
}
}
}
data "aws_partition" "current" {}