Author: Christopher Davis

Create Your Own Certificate Authority with Terraform

Christopher Davis

I did this for an EC2 Client VPN Endpoint and certificate based authentication in a continuous integration environment. It might also be suitable for localhost certificates and is pretty much what Minica or Easy RSA does. But I do a lot of infrastructure work with Terraform, so here we are. Another important note: AWS has… Continue reading Create Your Own Certificate Authority with Terraform

Waiting for MySQL to be Ready in Docker Compose

Christopher Davis

Had a ... fun thing happen in GitHub Actions today where my tests were starting before the MySQL server they needed was up and running. MySQL in this case was running in Docker compose. So I started my process with a little shell script using mysqladmin: #!/usr/bin/env bash count=0 alive="no" while [ "$count" -lt 5… Continue reading Waiting for MySQL to be Ready in Docker Compose

Github API Calls via Github Actions Do Not Trigger Workflows

Christopher Davis

Github actions provides a token to actions with a set of permissions, however the docs have this little tidbit: When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs. Which makes some sense, you… Continue reading Github API Calls via Github Actions Do Not Trigger Workflows

AWS Transfer: SFTP rename Fails with Permission Denied

Christopher Davis

Just hit this little fun thing. Using the rename command for SFTP seems to use the s3:CopyObject action, which attempts to copy any object tags as well as the actual object itself. The IAM Permission associated with the SFTP user must allow s3:GetObjectTagging and s3:PutObjectTagging or a rename command will get an Access Denied message… Continue reading AWS Transfer: SFTP rename Fails with Permission Denied

Using Org-Wide Secrets in Shared Github Actions Workflows

Christopher Davis

This was suprisingly hard to find the answer too. TL;DR: you cannot use org-wide secrets in a shared workflow without secrets: inherit Take a shared workflow like this: name: shared test workflow on: workflow_call: jobs: test: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 with: node-version: 16 - name: NPM Auth run: echo '//registry.npmjs.org/:_authToken=${{… Continue reading Using Org-Wide Secrets in Shared Github Actions Workflows

Using AWS Transfer with a Custom Lambda Identity Provider

Christopher Davis

This week I got a chance to work on implementing AWS Transfer as an SFTP server backed by a set of S3 buckets. Authentication in this new system is handled by another, self-serve SFTP application. Users can create an manage SFTP users there and AWS Transfer uses their usernames, passswords, and public keys to authenticate… Continue reading Using AWS Transfer with a Custom Lambda Identity Provider

Posted in AWS