witch/labs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add resume pdf & html

Browse Source
This commit is contained in:
witch
2025-06-12 15:09:24 -07:00
parent 989107517a
commit 44fa26ba30
5 changed files with 30 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.env.example
View File

@ -1,5 +1,6 @@
MFA_IDENTIFIER="ARN", MFA_IDENTIFIER="ARN",
S3_ROLE="ARN", S3_ROLE="ARN",
SESSION_TYPE="" SESSION_TYPE=""
AWS_DEFAULT_REGION="us-east-2"
BW_AWS_ACCOUNT_SECRET_ID="" BW_AWS_ACCOUNT_SECRET_ID=""
BW_SESSION="" BW_SESSION=""

14
lab-3/LAB-REPORT.md
View File

@ -43,7 +43,11 @@
- [x] Create a bucket policy that blocks all public access but allows your IAM role - [x] Create a bucket policy that blocks all public access but allows your IAM role
- [ ] Implmented: [guide](https://aws.amazon.com/blogs/security/how-to-restrict-amazon-s3-bucket-access-to-a-specific-iam-role/) - [ ] Implmented: [guide](https://aws.amazon.com/blogs/security/how-to-restrict-amazon-s3-bucket-access-to-a-specific-iam-role/)
<<<<<<< HEAD
![restrict to role](./assets/restrict-to-role.jpg) ![restrict to role](./assets/restrict-to-role.jpg)
=======
![restrict to role](./assets/restrict-to-role.png)
>>>>>>> 1437cee (Add resume pdf & html)
- [x] **Experiment** with requiring MFA or VPC conditions. - [x] **Experiment** with requiring MFA or VPC conditions.
- [x] MFA conditions - [x] MFA conditions
@ -98,9 +102,19 @@ aws s3 ls s3://witch-lab-3
- [x] Configure route 53 alias or CNAME for `resume.<yourdomain>` to the bucket endpoint. - [x] Configure route 53 alias or CNAME for `resume.<yourdomain>` to the bucket endpoint.
- [x] Deploy CloudFront with ACM certificate for HTTPS - [x] Deploy CloudFront with ACM certificate for HTTPS
* see: [resume](https://resume.wizards.cafe) * see: [resume](https://resume.wizards.cafe)
<<<<<<< HEAD
- [ ] **Private "Invite-Only" Resume Hosting** - [ ] **Private "Invite-Only" Resume Hosting**
1. [ ] **Pre-signed URLs** 1. [ ] **Pre-signed URLs**
`aws s3 presign s3://<YOUR_BUCKET_NAME>/resume.pdf --expires-in 3600` `aws s3 presign s3://<YOUR_BUCKET_NAME>/resume.pdf --expires-in 3600`
=======
* Cloudflare Edge Certificate -> Cloudfront -> S3 Bucket
* In this step, I disabled "static website hosting" on the s3 bucket
**Private "Invite-Only" Resume Hosting**
1. [x] **Pre-signed URLs**
`aws s3 presign s3://<YOUR_BUCKET_NAME>/resume.pdf --expires-in 3600`
![presigned url](./assets/create-presigned-url.jpg)
>>>>>>> 1437cee (Add resume pdf & html)
### Further Exploration ### Further Exploration
1. [ ] Snapshots & AMIs 1. [ ] Snapshots & AMIs

BIN
lab-3/assets/create-presigned-url.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 123 KiB

BIN
lab-3/assets/restrict-to-role.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 146 KiB

16
utilities/setup_aws/use-s3.sh
View File

@ -1,6 +1,12 @@
#!/bin/bash #!/bin/bash
MFA_TOKEN=$1 MFA_TOKEN=$1
<<<<<<< HEAD
=======
# Capture everything from second argument onward as a command
shift
COMMAND=("$@")
>>>>>>> 1437cee (Add resume pdf & html)
if [ -z "$1" ]; then if [ -z "$1" ]; then
echo "Error: Run with MFA token!" echo "Error: Run with MFA token!"
@ -25,5 +31,13 @@ export AWS_SECRET_ACCESS_KEY=$(echo "$SESSION_OUTPUT" | jq '.Credentials.SecretA
#echo $AWS_SESSION_TOKEN #echo $AWS_SESSION_TOKEN
#echo $AWS_ACCESS_KEY_ID #echo $AWS_ACCESS_KEY_ID
#echo $AWS_SECRET_ACCESS_KEY #echo $AWS_SECRET_ACCESS_KEY
<<<<<<< HEAD
aws s3 ls s3://witch-lab-3 aws s3 ls s3://witch-lab-3
echo "finished!" echo "finished!"
=======
# aws s3 ls s3://witch-lab-3
if command -v "$COMMAND" >/dev/null 2>&1; then
"${COMMAND[@]}"
fi
>>>>>>> 1437cee (Add resume pdf & html)