November 2020 – Cloud Posse

Public “Office Hours” (2020-11-25)

Erik OstermanNovember 25, 2020Office Hours

Here's the recording from our DevOps “Office Hours” session on 2020-11-25.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.

– – –
00:00:00 Intro
– – –
00:01:32 Office Hours – Show Notes & Transcripts =)
https://www.youtube.com/watch?v=XR9pIWAMNlE&list=PLhRztDM6Uvne8MUuwXrv2truMl6gVZ0D8&index=1&t=160s
– – –
00:02:10 New Modules: AWS Inspector, AWS Config, Spacelift, GuardDuty
https://github.com/cloudposse/terraform-aws-inspector/
https://github.com/cloudposse/terraform-aws-config/pull/2
https://github.com/cloudposse/terraform-spacelift-cloud-infrastructure-automation/pull/2
https://github.com/cloudposse/terraform-aws-guardduty/pull/2
– – –
00:03:04 Office Hours with Cloudsmith (MOVED: December 9th, 2020)
– – –
00:03:33 Moving to Registry Notation for Cloud Posse Modules
https://github.com/cloudposse/terraform-aws-inspector/pull/2/files#diff-dc46acf24afd63ef8c556b77c126ccc6e578bc87e3aa09a931f33d9bf2532fbbR61-R62
– – –
00:05:39 Upvote please: terraform-config-inspect
https://github.com/hashicorp/terraform-config-inspect/issues/57
– – –
00:07:23 Terraform Provider Updated with support for AWS Network Firewalls
https://www.hashicorp.com/blog/announcing-support-for-aws-network-firewall-in-the-terraform-aws-provider
– – –
00:08:16 Finally – TLS ACME provider with no rate limits (E.g. Let’s Encrypt alternative)
https://zerossl.com/pricing
– – –
00:11:42 AWS SSO Now Supports ABAC with SAML
https://aws.amazon.com/blogs/aws/new-attributes-based-access-control-with-aws-single-sign-on/
– – –
00:18:28 Is there a best practice to follow w/ helmfiles in terms of inheritance to keep things DRY?
– – –
00:33:15 Geodesic Debian and CentOS support
– – –
00:40:29 context.tf explained
– – –
00:52:50 CODEOWNERS validations
– – –
00:55:56 AWS CLI v1 to v2
– – –
00:57:00 Accessing internal AWS resources
– – –
01:00:43 Cloud Posse modules examples/complete
– – –
01:01:38 Outro
– – –

Public “Office Hours” (2020-11-18)

Erik OstermanNovember 18, 2020Office Hours

Here's the recording from our DevOps “Office Hours” session on 2020-11-18.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

– – –
00:00 Intro
– – –
01:23 Show notes now available!
– – –
03:44 Geodesic debian release!
– – –
10:49 New Terraform module! terraform-yaml-config
https://github.com/cloudposse/terraform-yaml-config
– – –
20:46 New Modules WIP (AWS Config, Security Hub, AWS Guard Duty)
https://github.com/cloudposse/terraform-aws-config/pull/2

https://github.com/cloudposse/terraform-aws-security-hub
https://github.com/cloudposse/terraform-spacelift-cloud-infrastructure-automation/pull/2
https://github.com/cloudposse/terraform-aws-guardduty/pull/2
– – –
22:15 Lee Skillen from Cloudsmith speaking on Dec 2nd 2020
– – –
25:13 AWS announces GA of AWS Network Firewall
https://aws.amazon.com/network-firewall/
– – –
27:09 Headlamp: New Kubernetes Graphical CLI (alternative to Lens)
https://kinvolk.io/blog/2020/11/shining-a-light-on-the-kubernetes-user-experience-with-headlamp/
https://github.com/derailed/k9s
– – –
29:50 Kubernetes Horror Stories
– – –
30:22 Cool Mugs!
https://swag.cloudposse.com/collections/all?page=2
– – –
30:56 Terraform 0.14-rc1 is here!
– – –
34:29 Finding mentors
– – –
43:14 Do you turn on Dismiss PR approvals when new commits are pushed?
– – –
49:07 Timestamp management
– – –
55:25 end
– – –

Public “Office Hours” (2020-11-11)

Erik OstermanNovember 11, 2020Office Hours

Here's the recording from our DevOps “Office Hours” session on 2020-11-11.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

– – –
00:00 Intro
– – –
01:31 Amazon MQ will support RabbitMQ
https://www.infoq.com/news/2020/11/aws-amazon-mq-rabbitmq/
– – –
02:50 AWS announces intelligent-tiering based on object access
https://aws.amazon.com/blogs/aws/s3-intelligent-tiering-adds-archive-access-tiers/
– – –
05:02 ECS and ECS Fargate updates
https://aws.amazon.com/about-aws/whats-new/2020/11/amazon-ecs-supports-ipv6-in-awsvpc-networking-mode/
– – –
05:38 Dynamodb exports to S3
https://aws.amazon.com/blogs/aws/new-export-amazon-dynamodb-table-data-to-data-lake-amazon-s3/
– – –
08:48 How to do SLA monitoring for upstream dependencies (opsgenie, statuspage.io)
– – –
18:45 How to deal with state manipulated outside terraform?
– – –
24:37 How to harden AWS EKS nodes
– – –
29:00 Advice on implementing the CIS Benchmark requirements in AWS
– – –
35:34 EC2 autoscale group module troubleshooting
– – –
41:23 How to get started deploying Terraform from Codefresh using GitOps
– – –
42:25 Erik's philosophy on CI/CD for Terraform
– – –
51:48 Comparing CI/CD tools Codefresh, Github Actions, Jenkins
– – –
56:59 End

Public “Office Hours” (2020-11-04)

Erik OstermanNovember 4, 2020Office Hours

Here's the recording from our DevOps “Office Hours” session on 2020-11-04.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

– – –
00:00 Introduction
– – –
01:22 Terraform module released! Provision workspaces & configurations in Terraform Cloud via YAML configuration
https://github.com/cloudposse/terraform-tfe-cloud-infrastructure-automation
– – –
12:28 AWS public container registry as a response to Docker pull rate limit
https://aws.amazon.com/blogs/containers/advice-for-customers-dealing-with-docker-hub-rate-limits-and-a-coming-soon-announcement/
– – –
14:29 AWS to embrace multi-cloud (or poly-cloud?)
https://www.lastweekinaws.com/blog/multi-cloud-is-the-worst-practice/
https://docs.scalr.com/en/latest/
– – –
19:02 Docker pull through cache feature possible in Kubernetes?
https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/
– – –
23:42 ALBs now support gRPC workloads with end to end HTTP/2 support ALB ingress PR is open
– – –
25:05 Improve cost management in AWS with Budget Actions
– – –
27:14 Options for publicly exposing local dev environment from your laptop.
https://github.com/inlets/inlets-operator
– – –
33:30 Most important Kubernetes concepts
https://emprovisetech.blogspot.com/2018/12/kubernetes-container-orchestration-at.html
https://kubernetesbyexample.com/
https://learnk8s.io/blog/kubectl-productivity
https://www.katacoda.com/courses/kubernetes
https://github.com/kelseyhightower/kubernetes-the-hard-way
https://www.amazon.com/Kubernetes-Running-Dive-Future-Infrastructure/dp/1491935677
https://www.manning.com/books/kubernetes-in-action
– – –
37:22 Should a dev deploying to Kubernetes need to understand Kubernetes?
– – –
52:22 Best way to do automated backups to EFS?
– – –
56:32 What do you use to backup Kubernetes persistent volumes?