June 2021 – Cloud Posse

Public “Office Hours” (2021-06-30)

Erik OstermanJune 30, 2021Office Hours

Here's the recording from our DevOps “Office Hours” session on 2021-06-30.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.

—

[00:00:00] Intro
[00:01:10] July 21st: Waypoint Demo presented by Taylor Dolezal
[00:01:45] AWS Firewall Manager released.
https://github.com/cloudposse/terraform-aws-firewall-manager
[00:03:12] New Terraform “Utils” Provider for AWS – The Cloud Posse “Escape Hatch”
https://github.com/cloudposse/terraform-provider-awsutils
[00:13:45] AWS Key Management Service Introduces Multi-Region Keys
https://www.infoq.com/news/2021/06/aws-kms-global/
[00:15:11] Official AWS Modules by Amazon Released
(NOTE terraform-aws-modules GitHub organization is not official)
https://github.com/aws-ia
[00:22:19] Terraform 1.1-alpha implements “terraform add” generator
https://github.com/hashicorp/terraform/pull/28874
[00:25:20] https://www.theverge.com/platform/amp/2021/6/30/22556992/slack-huddles-audio-calls-feature-launch-discord-like
[00:29:05] GitHub AI Pair Programmer
https://copilot.github.com
[00:33:32] Leapp new version released to support AWS Named-profiles
https://github.com/Noovolari/leapp
[00:34:57] Can you use Terraform to bootstrap a deployment of AWS Control Tower?
[00:37:51] Any advice on using Cloud Posse modules with the CDK?
[00:45:45] How to manage customer managed KMS Keys
[00:49:09] Can you specify something other than 0.0.0.0\0 in the packer file?
[00:52:51] Nike’s gimme creds tool broke for everyone using Okta
https://github.com/Nike-Inc/gimme-aws-creds
[00:55:30] AWS cloud credentials is overly complex
[00:58:35] Outro

Public “Office Hours” (2021-06-23)

Erik OstermanJune 23, 2021Office Hours

Here's the recording from our DevOps “Office Hours” session on 2021-06-23.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

[00:00:00] Intro
[00:01:47] Vendir: Feature Ignore Paths Merged. Now waiting on release.
https://github.com/vmware-tanzu/carvel-vendir/pull/64
[00:49:13] (Continued) Vendir: Feature Ignore Paths Merged. Now waiting on release.
[00:02:49] New Terraform Module: AWS Global Accelerator
https://github.com/cloudposse/terraform-aws-global-accelerator
[00:04:01] AWS Macie and AWS Firewall Manager forthcoming.
https://github.com/cloudposse/terraform-aws-macie/pull/1
https://github.com/cloudposse/terraform-aws-firewall-manager
[00:04:54] HashiCorp Google Workspace Provider announced
https://www.hashicorp.com/blog/announcing-the-google-workspace-provider-for-hashicorp-terraform-tech-preview
[00:05:39] AWS CloudFormation Public Registry
https://aws.amazon.com/about-aws/whats-new/2021/06/announcing-a-new-public-registry-for-aws-cloudformation/
[00:07:13] Drift Detection Support Added to Spacelift
https://github.com/cloudposse/terraform-spacelift-cloud-infrastructure-automation/pull/44
[00:11:35] Cloudflare Waiting Rooms
https://blog.cloudflare.com/building-waiting-room-on-workers-and-durable-objects/
[00:12:38] Steampipe – SQL-esque queries for your cloud infrastructure
https://steampipe.io/
[00:14:50] Running Terraform with no internet access (terraform-bundle)
https://github.com/hashicorp/terraform/tree/main/tools/terraform-bundle
[00:20:32] Policy enforcement based on git-diff?
[00:27:27] How do you write a trust policy for an IAM role to allow/disallow AWS SSO roles from another account to assume the role, given that AWS SSO generates non-deterministic IAM role names that change over time?
[00:43:48] (Continued) How do you write a trust policy for an IAM role to allow/disallow AWS SSO roles from another account to assume the role, given that AWS SSO generates non-deterministic IAM role names that change over time?
[00:31:48] Amazon EC2 now allows you to create crash-consistent AMIs and EBS Backups
https://aws.amazon.com/about-aws/whats-new/2021/06/aws-backup-supports-crash-consistent-backup-amazon-ebs-volumes-attached-to-amazon-ec2-instance/
[00:33:06] Any nice Azure reference architectures out there?
[00:36:10] How to share Terraform Generated SSH Keypair?
[00:38:20] How to serve static HTML page from S3 through an ALB
[00:52:00] Cloud9 environments for limited budget teams
[00:56:35] Outro

Public “Office Hours” (2021-06-16)

Erik OstermanJune 16, 2021Office Hours

Here's the recording from our DevOps “Office Hours” session on 2021-06-16.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

[00:00:00] Intro
[00:01:00] Taylor intro
[00:03:00] Taylor’s Terraform story
[00:05:50] What does a Senior Developer Advocate do?
[00:08:00] How does HashiCorp manage so many community requests?
[00:09:42] What are the benefits of using CDK for Terraform over vanilla Terraform?
[00:16:33] Terraform and multi-cloud limitations
[00:18:27] Where is terraform 1-2 years from now?
[00:22:53] Does HashiCorp want to be an open source “Amazon” of DevOps services?
[00:27:05] Where is HashiCorp growing the most?
[00:28:28] Ideal image build workflow using Terraform?
[00:30:25] HCP offering for Packer
[00:33:34] Removal of provisioners (e.g., Chef)
[00:35:35] How 1.0 changed things
[00:38:03] Terraform debugging and testing
[00:42:54] Long term maintenance of demos
[00:46:42] Do you ever see HashiCorp creating a layer above Terraform to orchestrate many root modules / deal with that DAG?
[00:51:07] Could a custom Terraform Provider behave like a Kubernetes Operator?
[00:55:57] Has Terraform solved the problem Terragrunt was built for?
[00:58:29] Outro

Public “Office Hours” (2021-06-09)

Erik OstermanJune 9, 2021Office Hours

Here's the recording from our DevOps “Office Hours” session on 2021-06-09.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

—

[00:00:00] Intro
[00:01:11] Terraform 1.0 Released!!!!!!!!!!!!!!!!!!!!!!!!!!!
https://www.hashicorp.com/blog/announcing-hashicorp-terraform-1-0-general-availability
[00:03:51] Intro to Yoni Leitersdorf and Cloudrail
[00:06:01] Yoni and Indeni’s background
[00:08:45] CSPM tools (Cloud Security Posture Management tools)
[00:10:39] Issues with current tools
[00:13:40] Trending to earlier detection
[00:15:15] Static analysis vs dynamic analysis + example
[00:21:21] How Cloudrail works under the hood
[00:31:38] Getting started and pricing options
[00:32:48] Configurations of destroyed resources
[00:34:54] Infrastructure as Code agnostic rules
[00:39:05] How Indeni decides what goes into their policy engine
[00:43:17] Drift detection
[00:48:03] Built on a Graph database (dragoneye)
[00:50:38] API throttling while pulling the state of live resources
[00:51:44] The case for “Continuous Compliance”
[00:53:25] Hiring
[00:54:23] How to get started and special promo for SweetOps members
[00:55:10] Outro