- https://github.com/anthropics/claude-code/tree/main/plugins/ralph-wiggum:
loops through tasks, commits to Git and resets context between tasks, - https://claude.com/plugins/context7:
pulls live, version specific library documentations into your session (stops Claude hallucinating from outdated training data), - https://github.com/anthropics/claude-code/tree/main/plugins/feature-dev:
launches a workflow using explorer, architect and reviewer agents to analyze code base, design and review the work, - https://github.com/anthropics/claude-code/tree/main/plugins/code-review:
reviews changed files for quality, security and test coverage before you commit, - https://claude.com/plugins/playwright:
navigates URLs, fills forms, takes screenshots and run end to end test, - https://claude.com/plugins/superpowers:
planning, debugging and code review all in one, - https://claude.com/plugins/marketing:
builds performance reports, runs SEO audits and designs mail sequences.
niedziela, 31 maja 2026
Claude Code plugins
niedziela, 24 maja 2026
Claude Code slash commands
Claude Code modes (toggle with Shift + Tab):
- >>> normal (reads, writes and runs commands),
- >> auto accept (like normal but skips permission prompts),
- || plan (read only, explores but never edits).
Slash commands:
- /model choose model you want to work with,
- /status - version, model, account, usage and so on,
- /help - all available commands and skills,
- /diff - review all file changes Claude just made,
- /skills - all installed skills,
- /usage - check your token usage and spending,
- /compact - summarize conversation to free up context,
- /init - create a "CLAUDE.md" project guide,
- /context - show Claude context window utilization.
poniedziałek, 10 listopada 2025
Remove a versioned S3 bucket
Let's imagine you have a S3 bucket that is versioned. It contains thousands of files. If you try to delete it you're warned because of the versions. You cannot select all files in AWS Console so a way to do this is from your command line:
aws s3 rm s3://YOUR_BUCKET --recursive
But what about the versions and maybe delete markers. We can use the following Python script:
Let's imagine you have a S3 bucket that is versioned. It contains thousands of files. If you try to delete it you're warned because of the versions. You cannot select all files in AWS Console so a way to do this is from your command line:
aws s3 rm s3://YOUR_BUCKET --recursive
But what about the versions and maybe delete markers. We can use the following Python script:
#!/usr/bin/env python3
import boto3
from itertools import islice
from typing import Iterable, Dict
bucket = 'YOUR_BUCKET'
s3_client = boto3.client('s3')
def batched(iterable: Iterable, n: int) -> Iterable[list]:
"""Yield lists of size n from iterable."""
it = iter(iterable)
while True:
batch = list(islice(it, n))
if not batch:
break
yield batch
def iter_all_object_versions(bucket: str, prefix: str | None = None) -> Iterable[Dict[str, str]]:
"""Iterate all versions and delete markers in a S3 bucket (optionally under a prefix)."""
paginator = s3_client.get_paginator('list_object_versions')
params = {'Bucket': bucket}
if prefix:
params['Prefix'] = prefix
for page in paginator.paginate(**params):
for v in page.get('Versions', []):
yield {'Key': v['Key'], 'VersionId': v['VersionId'], 'IsDeleteMarker': False}
for dm in page.get('DeleteMarkers', []):
yield {'Key': dm['Key'], 'VersionId': dm['VersionId'], 'IsDeleteMarker': True}
def remove_s3_object_versions(bucket: str, prefix: str | None = None, dry_run: bool = False, batch_size: int = 1000):
total_versions = 0
total_delete_markers = 0
to_delete = []
for entry in iter_all_object_versions(bucket, prefix):
if entry['IsDeleteMarker']:
total_delete_markers += 1
else:
total_versions += 1
to_delete.append({'Key': entry['Key'], 'VersionId': entry['VersionId']})
print(f"[*] Discovered {total_versions} versions and {total_delete_markers} delete markers (total {total_versions + total_delete_markers}) in bucket "{bucket}"{f" with prefix '{prefix}'" if prefix else ''}.")
if dry_run:
print("[!] Dry run enabled. No deletions performed.")
return
deleted_count = 0
for batch in batched(to_delete, batch_size):
s3_client.delete_objects(Bucket=bucket, Delete={'Objects': batch, 'Quiet': True})
deleted_count += len(batch)
if deleted_count % 5000 == 0:
print(f"[*]Progress: deleted {deleted_count} items.")
print(f"[*] Deletion complete. Removed {deleted_count} versioned entries from bucket "{bucket}".")
if __name__ == '__main__':
remove_s3_object_versions(bucket=bucket, dry_run=False)
poniedziałek, 6 października 2025
S3 cross account replication
I was moving AWS resources from one account to separate staging and production accounts. One of the steps was to migrate S3 buckets. A solution was cross account replication. Because S3 cross region replication moves only new files we have to create a S3 Batch Operation to move existing objects.
S3 cross account replication and Batch Operation
As following:
- enable S3 bucket versioning on your buckets,
- in source account prepare an IAM policy as a part of an IAM role to be used by the S3 replication:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:GetReplicationConfiguration",
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging",
"s3:GetObjectRetention",
"s3:GetObjectLegalHold"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::SOURCE_BUCKET",
"arn:aws:s3:::SOURCE_BUCKET/*",
"arn:aws:s3:::TARGET_BUCKET",
"arn:aws:s3:::TARGET_BUCKET/*"
]
},
{
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags",
"s3:ObjectOwnerOverrideToBucketOwner"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::SOURCE_BUCKET/*",
"arn:aws:s3:::TARGET_BUCKET/*"
]
}
]
}
- in source account create an IAM role that includes above policy (trusted entity type = AWS service, Use case = S3),
- in source account prepare an IAM role for a S3 Batch Operation (trusted entity type = AWS service, Use case = S3 Batch Operations):
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "GetSourceBucketConfiguration",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetBucketAcl",
"s3:GetReplicationConfiguration",
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging",
"s3:PutInventoryConfiguration",
"s3:GetInventoryConfiguration",
"s3:PutObject",
"s3:GetObject",
"s3:InitiateReplication",
"s3:AbortMultipartUpload"
],
"Resource": [
"arn:aws:s3:::SOURCE_BUCKET",
"arn:aws:s3:::SOURCE_BUCKET/*"
]
},
{
"Sid": "ReplicateToDestinationBuckets",
"Effect": "Allow",
"Action": [
"s3:List*",
"s3:*Object",
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags"
],
"Resource": [
"arn:aws:s3:::TARGET_BUCKET",
"arn:aws:s3:::TARGET_BUCKET/*"
]
},
{
"Sid": "PermissionToOverrideBucketOwner",
"Effect": "Allow",
"Action": [
"s3:ObjectOwnerOverrideToBucketOwner"
],
"Resource": [
"arn:aws:s3:::TARGET_BUCKET",
"arn:aws:s3:::TARGET_BUCKET/*"
]
}
]
}
- in target account update S3 bucket policy:
{
"Version": "2012-10-17" ,
"Id": "",
"Statement": [
{
"Sid": "Set-permissions-for-objects",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::SOURCE_ACCOUNT_NUMBER:role/service-role/REPLICATION_IAM_ROLE_NAME"
},
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete"
],
"Resource": "arn:aws:s3:::TARGET_BUCKET/*"
},
{
"Sid": "Set permissions on bucket",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::SOURCE_ACCOUNT_NUMBER:role/service-role/REPLICATION_IAM_ROLE_NAME"
},
"Action": [
"s3:GetBucketVersioning",
"s3:PutBucketVersioning"
],
"Resource": "arn:aws:s3:::TARGET_BUCKET"
},
{
"Sid": "Permissions on objects and buckets",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::SOURCE_ACCOUNT_NUMBER:role/BATCH_OPERATIONS_IAM_ROLE_NAME"
},
"Action": [
"s3:List*",
"s3:GetBucketVersioning",
"s3:PutBucketVersioning",
"s3:ReplicateDelete",
"s3:ReplicateObject"
],
"Resource": [
"arn:aws:s3:::TARGET_BUCKET",
"arn:aws:s3:::TARGET_BUCKET/*"
]
},
{
"Sid":"1",
"Effect":"Allow",
"Principal":{"AWS":"arn:aws:iam::SOURCE_ACCOUNT_NUMBER:role/service-role/REPLICATION_IAM_ROLE_NAME"},
"Action":["s3:ObjectOwnerOverrideToBucketOwner"],
"Resource":"arn:aws:s3:::TARGET_BUCKET/*"
},
{
"Sid": "Permission to override bucket owner",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::SOURCE_ACCOUNT_NUMBER:role/BATCH_OPERATIONS_IAM_ROLE_NAME"
},
"Action": "s3:ObjectOwnerOverrideToBucketOwner",
"Resource": "arn:aws:s3:::TARGET_BUCKET/*"
}
]
}
- go to your source S3 bucket, then "Management" bookmark and click on "Create replication rule":
- give a name,
- status = "Enabled",
- role scope = "Apply to all objects in the bucket",
- choose your destination bucket (mark "Change object ownership to destination bucket owner"),
- choose your S3 replication IAM role,
- mark "Change the storage class for the replicated objects with Standard storage class",
- mark "Delete marker replication" as a additional replication option,
- in your account go to "S3", open "Batch Operations" and push "Create job":
- object list = "Generate an object list based on a replication configuration" (it will check S3 replication rule we created previously),
- choose your source S3 bucket,
- click "Next",
- operation = "Replicate",
- click "Next",
- put a name,
- unmark "Generate completion report",
- choose your S3 Batch Operations IAM role,
- click "Next",
- check settings and click "Submit".
poniedziałek, 14 lipca 2025
Include Terraform dependency lock file
Why? Because in the beginning of an initialization it save modules and providers checksums. Thanks to this you can track if anything changed in the version you used.
Source: https://www.hashicorp.com/en/blog/terraform-security-5-foundational-practices
czwartek, 27 lutego 2025
A cost optimized AWS environment
Costs saving:
- Saving Plans,
- Reserved Instances,
- change your default payment method to avoid currency conversion,
- Spot Instances (a development environment),
- Data Lifecycle Management for EBSes (remove unneeded EBSes),
- S3:
- a lifecycle policy for a bucket (move your data into a cheaper storage class),
- compress objects to save space,
- S3 Requester Pays,
- use VPC endpoints (AWS charges for outbound data transfer),
- use Graviton instance type,
- use Lambda to switch off your instances (for example EC2, RDS) out of working hours on your development environments.
- choose a right region because a resource can be cheaper in a different region,
- Parameter Store instead of Secrets Manager if you don't need a versioning or rotation,
- ElastiCache for Redis:
- consider using ElastiCache for Valkey,
- CloudWatch:
- logs retention,
- NAT Gateway:
- consider using fck-nat,
- Route 53:
- check your records TTLs - the lower TTL the less you pay.
Monitoring:
- Cost Explorer,
- Cost and Usage Reports,
- Cost Anomaly Detection,
- Budgets,
- Trusted Advisor,
- cost allocation tags,
- AWS Compute Optimizer,
- S3 Storage Lens.
niedziela, 24 listopada 2024
WireGuard instead of AWS Client VPN
Let's pretend your client wants to have an access to your private EKS cluster but don't want to pay much for AWS Client VPN. A solution is to establish an EC2 instance (for example t3.micro with 10 GB storage) based on Amazon Linux in a public Subnet with Elastic IP. Also Instance's Security Group must have open 51820 UDP port.
The server is created so let's install WireGuard (as root):
yum update -y
amazon-linux-extras enable epel
yum install epel-release -y
yum install wireguard-tools -y
Then we have to generate a key pair of WireGuard server:
cd /etc/wireguard
umask 077
wg genkey > privatekey
wg pubkey < privatekey > publickey
Now open “/etc/wireguard/wg0.conf” file and put:
[Interface]
Address = 10.100.0.1/24 # Choose a different range than your VPC CIDR.
SaveConfig = true
ListenPort = 51820
PrivateKey = GENERATED_PRIVATE_KEY
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = GENERATED_PUBLIC_KEY_OF_YOUR_CLIENT # Described below.
AllowedIPs = 10.100.0.2/32 # Put an IP you want to assign to your client.
Start WireGuard:
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0
Check if IP forwarding is enabled (if it’s not then enable):
sysctl net.ipv4.ip_forward
echo "net.ipv4.ip_forward=1" | tee -a /etc/sysctl.conf
sysctl -p
To change a configuration and apply new changes:
systemctl reload wg-quick@wg0
Now install a client on your favourite system. Then you have to add a new configuration (an empty tunnel). It will generate a private key and a public key for you. Put this public key in an additional [Peer] section on the server in “/etc/wireguard/wg0.conf” file. Now we have edit the client configuration to look like this:
[Interface]
PrivateKey = GENERATED_PRIVATE_KEY # Don't touch.
Address = 10.100.0.2/32 # IP you want to assign.
[Peer]
PublicKey = SERVER_PUBLIC_KEY
AllowedIPs = 10.100.0.0/24, 10.21.0.0/16 # VPN CIDR, VPC CIDR
Endpoint = 13.50.30.59:51820 # VPN address.
PersistentKeepalive = 25
Subskrybuj:
Posty (Atom)