witch/labs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add mise toml initial env var setup

Browse Source
This commit is contained in:
Michelle
2025-06-12 09:56:16 -07:00
parent 1ff8c54ac1
commit 37c242380a
4 changed files with 28 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.env.example Normal file
View File

@ -0,0 +1,5 @@
{
"MFA_IDENTIFIER": "ARN",
"S3_ROLE": "ARN",
"SESSION_TYPE": ""
}

3
.gitignore vendored
View File

@ -7,8 +7,11 @@ __pycache__/
*.py[cod] *.py[cod]
# Local config / secrets # Local config / secrets
.env .env
.env.json
config.yaml config.yaml
secrets.json secrets.json
# Editor & OS files # Editor & OS files
*.swp *.swp
.DS_Store .DS_Store
assume-role-output.txt

10
lab-3/LAB-REPORT.md
View File

@ -42,6 +42,7 @@
* MFA did not work out of the box after setting it in the s3 bucket policy. * MFA did not work out of the box after setting it in the s3 bucket policy.
The ways I found you can configure MFA: The ways I found you can configure MFA:
* [stackoverflow](https://stackoverflow.com/questions/34795780/how-to-use-mfa-with-aws-cli) * [stackoverflow](https://stackoverflow.com/questions/34795780/how-to-use-mfa-with-aws-cli)
* [official guide](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
* via cli roles * via cli roles
* configuration via ~/.aws/credentials * configuration via ~/.aws/credentials
* 1Password CLI with AWS Plugin * 1Password CLI with AWS Plugin
@ -53,8 +54,6 @@
* I've seen a lot more recommendations (TBH it's more like 2 vs 0) * I've seen a lot more recommendations (TBH it's more like 2 vs 0)
for 1password for password credential setup. Wonder why? for 1password for password credential setup. Wonder why?
* other apps that handle this * other apps that handle this
* I did not look into this because I didn't want to install
yet another specialized CLI that I didn't understand
- [ ] VPC - [ ] VPC
- [ ] **Host a static site** - [ ] **Host a static site**
@ -100,14 +99,9 @@ graph LR
IAMPolicy -- attaches to --> IAMIdentity IAMPolicy -- attaches to --> IAMIdentity
ExplainIAMIdentity[users, groups of users, roles, AWS resources]:::aside ExplainIAMIdentity[users, groups of users, roles, AWS resources]:::aside
ExplainIAMIdentity -.-> IAMIdentity ExplainIAMIdentity -.-> IAMIdentity
classDef aside stroke-dasharray: 5 5, stroke-width:2px;
classDef aside fill:#fffbe6,stroke:#bbb,stroke-dasharray: 5 5,stroke-width:2px;
``` ```
## Problems encountered
more carefully. Note to self: always double check.
## End lab ## End lab
- [ ] On June 20, 2025, do the following: - [ ] On June 20, 2025, do the following:
- [ ] Clean up - [ ] Clean up

19
mise.toml
View File

@ -1,5 +1,22 @@
[tools]
aws-cli = 'latest'
bitwarden = 'latest'
jq = 'latest'
bw = 'latest'
[env]
_.file = '.env.json'
BLAH = "{{ exec(command=\"bw get item $BW_AWS_ACCOUNT_SECRET_ID\") }}"
[tasks.ssh] [tasks.ssh]
run = "ssh -p 5679 vboxuser@127.0.0.1" run = "ssh -p 5679 vboxuser@127.0.0.1"
[tasks.generate] [tasks.generate]
run = "./utilities/pdf_make/labs.sh" run = "./utilities/pdf_make/labs.sh"
[tasks.setup-aws]
run = """
export SECRETS_OBJECT=$(bw get item $BW_AWS_ACCOUNT_SECRET_ID)
export AWS_ACCESS_KEY_ID=$(echo "$SECRETS_OBJECT" | jq -r '.fields[0].value')
export AWS_SECRET_ACCESS_KEY=$(echo "$SECRETS_OBJECT" | jq '.fields[1].value')
"""