Darren Clark dclark
dclark
/ aws-cloud-shell-get-aws-credentials.sh
Created
August 25, 2023 11:37
AWS CloudShell get credentials
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Retrieve AWS credentials from AWS CloudShell | |
| # shellcheck disable=SC2001 | |
| HOST=$(echo "$AWS_CONTAINER_CREDENTIALS_FULL_URI" | sed 's|/latest.*||') | |
| TOKEN=$(curl -s -X PUT "$HOST"/latest/api/token -H "X-aws-ec2-metadata-token-ttl-seconds: 60") | |
| OUTPUT=$(curl -s "$HOST/latest/meta-data/container/security-credentials" -H "X-aws-ec2-metadata-token: $TOKEN") | |
| echo "export AWS_ACCESS_KEY_ID=$(echo "$OUTPUT" | jq -r '.AccessKeyId')" | |
| echo "export AWS_SECRET_ACCESS_KEY=$(echo "$OUTPUT" | jq -r '.SecretAccessKey')" |
dclark
/ gist:d441e839d0b7026e42e3331008184518
Created
November 16, 2016 13:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Keybase proof | |
| I hereby claim: | |
| * I am dclark on github. | |
| * I am dclark (https://keybase.io/dclark) on keybase. | |
| * I have a public key whose fingerprint is A740 303C F295 6706 2D8E F474 A970 CEB2 DDA3 88ED | |
| To claim this, I am signing this object: |
dclark
/ nginx-ssl.conf
Created
February 29, 2016 20:26
Configuration to get an A+ on the Qualys SSL Labs test with fast performing and low overhead SSL ciphers. Works in combination with nginx 1.6.0 full and OpenSSL v1.0.1i.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # I've used the configuration below for all my nginx instances and gotten an A+ on the Qualys SSL Test | |
| # (https://www.ssllabs.com/ssltest/index.html). It satisfies requirements for PCI Compliance and | |
| # FIPS. Includes OCSP Stapling (http://en.wikipedia.org/wiki/OCSP_stapling) and HTTP Strict Transport | |
| # Security (http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security). | |
| # - Not vulnerable to the Heartbleed attack. | |
| # - Not vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224) with OpenSSL v1.0.1i 6 Aug 2014 & Nginx 1.6.0 | |
| # - SSL Handshake takes <80ms on most modern server hardware | |
| # Use within the "server" scope among other directives |