| # Source: https://gist.github.com/vfarcic/8ebbf4943c5c012c8c98e1967fa7f33b | |
| ##################################################################### | |
| # Say Goodbye to Containers - Ephemeral Environments with Nix Shell # | |
| ##################################################################### | |
| # Additional Info: | |
| # - Nix: https://nixos.org | |
| # - Dagger: The Missing Ingredient for Your Disastrous CI/CD Pipeline: https://youtu.be/oosQ3z_9UEM |
| import datetime | |
| import boto3 | |
| MAX_BACKUPS = 3 | |
| dynamo = boto3.client('dynamodb') | |
| def lambda_handler(event, context): |
An IAM user policy document to give minimal rights for deploying an Elastic Beanstalk application.
Where:
REGION: AWS region.ACCOUNT_ID: AWS account ID.APPLICATION_NAME: Desired target Elastic Beanstalk application name(space).IAM_INSTANCE_PROFILE_ROLE: The instance profile (IAM role) Elastic Beanstalk EC2 instaces will run under.
I am deploying with this IAM using Codeship and Circle CI to Elastic Beanstalk. I had a lot of trouble with this config. I talked to the aws support for about 6 hours until this worked properly, so, I guess it is worth to share.
UPDATE: In the end, I have to use the AWSElasticBeanstalkFullAccess policy. My custom policy keep breaking every week with some new added permission or some EB internal change. Anyway, the IAM I was using is below.
This works for me with CircleCI and EB Cli.
{
"Version": "2012-10-17",
"Statement": [
{
| Description: > | |
| Provides Grafana hosted on ECS Fargate. | |
| Parameters: | |
| LogCollectionStackName: | |
| Description: Name of the CRM log collection stack which provides the Elasticsearch cluster for monitoring data | |
| Type: String | |
| Resources: | |
| GrafanaCluster: |
| # most credit to the original: https://gist.github.com/brandond/6b4d22eaefbd66895f230f68f27ee586 | |
| # Tag snapshots based on their associated AMI and volumes based on attached instance. | |
| # format: | |
| # (AMI:db5|db5) /dev/sda1 (1/4) | |
| # (AMI:db5|db5) /dev/sdb (2/4) | |
| # Best practice: create IAM user | |
| # Simplest privilege to get it to work with reasonable security: use predefined policy "ReadOnlyAccess" |
| import copy | |
| import logging | |
| import os | |
| import boto3 | |
| logging.basicConfig(level=os.environ.get('LOG_LEVEL', 'INFO')) | |
| ec2 = boto3.client('ec2') | |
| logger = logging.getLogger(__name__) |
| from __future__ import print_function | |
| import json | |
| import boto3 | |
| import logging | |
| #setup simple logging for INFO | |
| logger = logging.getLogger() | |
| logger.setLevel(logging.ERROR) |
| ########## | |
| # Win10 Initial Setup Script | |
| # Author: Disassembler <[email protected]> | |
| # Version: 1.7, 2016-08-15 | |
| # dasm's script: https://github.com/Disassembler0/Win10-Initial-Setup-Script/ | |
| # THIS IS A PERSONALIZED VERSION | |
| # This script leaves more MS defaults on, including MS security features. | |
| # Tweaked based on personal preferences for @alirobe 2016-11-16 - v1.7.1 |
| # source: https://blogs.technet.microsoft.com/heyscriptingguy/2012/10/28/powertip-use-powershell-to-enable-the-windows-firewall/ | |
| # older Wins: netsh advfirewall set allprofiles state off | |
| Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False |