January 2022 – Cloud Posse

Public “Office Hours” (2022-01-26)

Erik OstermanJanuary 26, 2022Office Hours

Here's the recording from our DevOps “Office Hours” session on 2022-01-26.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.

[00:00:00] Intro
[00:01:31] PSA: Docker pricing goes into effect 1/31
https://www.docker.com/pricing/faq
[00:03:15] Infracost adds policy support
https://www.infracost.io/docs/features/cost_policies/
[00:04:25] GitHub Actions by Example
https://www.actionsbyexample.com
[00:05:19] Private GitHub Actions Now Supported (Enterprise Only)
https://github.blog/changelog/2022-01-21-share-github-actions-within-your-enterprise/
[00:06:27] GitHub Actions flaw enabled bypassing approvals
https://portswigger.net/daily-swig/github-actions-flaw-that-allowed-code-to-be-approved-without-review-is-addressed-with-new-feature-rollout
[00:07:20] Atlas: New tool for database migrations in HCL (not terraform)
https://atlasgo.io
[00:09:11] How GitHub Does DevOps for its iOS and Android Apps
https://www.infoq.com/news/2022/01/GitHub-devops-mobile-apps/
[00:09:50] AWS Security Hub Now Integrates with AWS Health
https://aws.amazon.com/about-aws/whats-new/2022/01/aws-security-hub-health/
[00:10:27] AWS Trusted Advisor adds SecurityHub Foundational Security Best Practices
https://aws.amazon.com/about-aws/whats-new/2022/01/aws-trusted-advisor-security-hub/
[00:11:33] Is helmfile a project you guys manage or is it its own thing?
[00:53:36] Outro

Public “Office Hours” (2022-01-19)

Erik OstermanJanuary 19, 2022Office Hours

Here's the recording from our DevOps “Office Hours” session on 2022-01-19.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

[00:00:00] Intro
[00:01:28] GitHub to Support Mermaid diagrams that can be displayed within Markdown
https://github.com/github/roadmap/issues/372
[00:02:16] On-call Engineer’s Dinner for FAMILY during incidents should be expensed
https://twitter.com/mipsytipsy/status/1482895726581485572?s=21
[00:03:34] AWS Proton Adds Terraform Support and Git Template Storage
https://www.infoq.com/news/2022/01/proton-terraform-git/
[00:06:17] New Cloud Posse Terraform module to manage AWS Service Quotas
https://github.com/cloudposse/terraform-aws-service-quotas
[00:08:59] Get Infra costs from your Spacelift runs
https://docs.spacelift.io/vendors/terraform/infracost
[00:12:27] AWS SSM Now Supports Outgoing Webhooks
https://aws.amazon.com/about-aws/whats-new/2022/01/aws-systems-manager-automation-third-party-applications-webhooks/
[00:12:51] AWS Systems Manager Automation runbooks from Slack (using AWS Chatbot)
https://aws.amazon.com/about-aws/whats-new/2022/01/aws-systems-manager-automation-runbooks-slack/
https://aws.amazon.com/chatbot/
[00:13:10] Terraform v1.1.4 released (nothing really noteworthy)
https://github.com/hashicorp/terraform/releases/tag/v1.1.4
[00:18:23] PSA terraform-provider-awsutils gotchas
https://sweetops.slack.com/archives/CB6GHNLG0/p1642600261130900?thread_ts=1642600040.130400&cid=CB6GHNLG0
[00:22:08] Slick GitHub Action for Terraform (via weekly.tf)
https://github.com/suzuki-shunsuke/tfcmt
[00:27:41] What is a good way to ensure that a terraform plan on one branch does not block other branches from doing terraform plan?
https://sweetops.slack.com/archives/CHDR1EWNA/p1642620072006600
[00:34:19] Most organizations have at least 1 of these infrastructure problems? How are you solving them?
[00:45:30] Does anyone use, or has anyone used Ansible enough to shed some light on when (what types of tasks) Ansible would definitely be better than Terraform?
[00:53:02] Is it really a common practice to run terraform plan continuously to detect drifts?
[00:57:17] Outro

Public “Office Hours” (2022-01-12)

Erik OstermanJanuary 12, 2022Office Hours

Here's the recording from our DevOps “Office Hours” session on 2022-01-12.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

[00:00:00] Intro
[00:01:32] Mozilla sops call out for new maintainers
https://github.com/mozilla/sops/discussions/927
[00:05:29] Spacelift is launching a podcast! missionCTRL
[00:06:04] New Atmos Logo!
https://github.com/cloudposse/atmos
[00:07:47] Atmos Now Supports Multiple Inheritance
https://github.com/cloudposse/atmos/pull/101
[00:28:16] Geodesic Toolbox UX Improvement: Auto Set Workdir
https://github.com/cloudposse/geodesic/pull/753
[00:30:10] How to Automate granting IAM Permissions to different Teams in growing company ?
[00:46:14] Anyone know of a working json2hcl2 tool?
[00:48:22] Should our teams should avoid using terraform to configure Datadog Monitors and Dashboards?
[00:52:54] Outro

Public “Office Hours” (2022-01-05)

Erik OstermanJanuary 5, 2022Office Hours

Here's the recording from our DevOps “Office Hours” session on 2022-01-05.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

[00:00:00] Intro
[00:01:17] Cert-manager now supports Private CA ACM (no public ACM yet)
https://aws.amazon.com/about-aws/whats-new/2022/01/acm-kubernetes-cert-manager-plugin-production/
https://github.com/aws/containers-roadmap/issues/904
[00:04:32] Huge PR for Maintenance on Beanstalk Module
https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment/pull/203
[00:05:25] SQL Migrations with Terraform (via Oliver)
https://registry.terraform.io/providers/paultyng/sql/latest/docs/resources/migrate
[00:09:21] Checkout our #jobs Channel for new postings
[00:10:02] Ready to do things the Cloud Posse way? Take our quiz.
https://cloudposse.com/quiz
[00:11:41] Is updating a securitygroup with lambda really the only way to protect endpoints behind Cloudfront from other traffic?
[00:16:35] Any insights on provisioning cdns that are optimized to minimize http 2 response delays?
[00:30:30] CloudTrail lake announced https://aws.amazon.com/blogs/mt/announcing-aws-cloudtrail-lake-a-managed-audit-and-security-lake/
[00:31:55] Anyone working with VPC IPAM?
[00:36:30] Do you have any suggestions to prevent creation of resources without cost allocation tags?
[00:39:00] High CVE in containerd
https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c
https://nvd.nist.gov/vuln/detail/CVE-2021-43816
[00:42:18] Why would we move from ECS on EC2 to Kubernetes?
[00:53:19] Outro