Public “Office Hours” (2022-05-25)

Erik OstermanOffice Hours

Here's the recording from our DevOps “Office Hours” session on 2022-05-25.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.

Public “Office Hours” (2022-05-18)

Erik OstermanOffice Hours

Here's the recording from our DevOps “Office Hours” session on 2022-05-18.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00] Intro
[00:01:13] Red Hat open sources StackRox
https://techcrunch.com/2022/05/17/red-hat-open-sources-stackrox-the-kubernetes-security-platform-it-acquired-last-year/
[00:01:52] Easily Manage Access to Kubernetes
https://github.com/infrahq/infra
[00:03:40] Heroku CI and Review App Secrets Compromised (Dejavu?)
https://news.ycombinator.com/item?id=31417993
[00:04:56] AWS Control Tower can now use customer provided core accounts
https://aws.amazon.com/about-aws/whats-new/2022/05/aws-control-tower-now-use-customer-provided-core-accounts/
[00:07:41] AWS SSO delegated administration to a member account
https://aws.amazon.com/blogs/security/getting-started-with-aws-sso-delegated-administration/
[00:10:21] Yet Another Kubernetes Controller for Terraform (weaveworks, rancher, et al)
https://www.appvia.io/blog/self-service-of-cloud-resources
https://github.com/weaveworks/tf-controller
https://github.com/rancher/terraform-controller
[00:12:20] Terraform provider for Atlas Database Migrations
https://atlasgo.io/blog/2022/05/04/announcing-terraform-providerx
[00:15:56] What does cloudposse use for ingress controller?
[00:24:41] I’m curious what kinds of patterns cloudposse has seen work for “On demand” environments, for microservices?
[00:38:10] atmos.tools launched!
[00:39:33] Using Terraform to create a DB from scratch – how are we supposed to manage the DB passwords?
[00:44:02] How would you set up IAM policies if starting from scratch?
[00:46:42] Outro

Public “Office Hours” (2022-05-11)

Erik OstermanOffice Hours

Here's the recording from our DevOps “Office Hours” session on 2022-05-11.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00] Intro
[00:01:27] VSCode edit any GitHub Repository
https://github.dev/cloudposse/geodesic
[00:06:19] GitHub Actions: Enhance your actions with job summaries
https://github.blog/changelog/2022-05-09-github-actions-enhance-your-actions-with-job-summaries
[00:07:25] Validate Stack Configurations in Atmos
https://github.com/cloudposse/atmos/releases/tag/v1.4.13
[00:08:33] Another Terraform Tool for Refactoring
https://github.com/craftvscruft/tfrefactor
[00:11:45] AWS Secrets Manager Publishes Usage Metrics to Amazon CloudWatch
https://aws.amazon.com/about-aws/whats-new/2022/05/aws-secrets-manager-publishes-usage-metrics-to-amazon-cloudwatch/
[00:12:21] Announcing the HashiCorp Releases API
https://www.hashicorp.com/blog/announcing-the-hashicorp-releases-api
[00:14:17] PR Feedback: Overhaul for IPv6 and flexibility
https://github.com/cloudposse/terraform-aws-dynamic-subnets/pull/159
[00:17:50] Join discussions: VPC Endpoints and Transit Gateway
[00:25:55] DevOps Days – Ukraine Edition
[00:27:11] OtterTune scored big round of funding [00:28:55] CloudFlare SQL database announced
[00:34:00] Pulumi YAML – Would love to discuss this with anybody who has had the chance to kick the tires.
[00:48:21] What API Gateways are you guys using for your Kubernetes clusters?
[00:58:50] Outro

Public “Office Hours” (2022-05-04)

Erik OstermanOffice Hours

Here's the recording from our DevOps “Office Hours” session on 2022-05-04.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00] Intro
[00:01:17] Atmos Adds Vendoring – pull terraform root modules (or anything) from anywhere
https://github.com/cloudposse/atmos/pull/145
[00:07:30] Terraform 1.2 (RC1 just dropped) — adds pre/post conditions, bearer tokens
https://github.com/hashicorp/terraform/releases/tag/v1.2.0-rc1
[00:14:28] Amazon EKS web console adds Kubernetes Resource View
https://aws.amazon.com/blogs/containers/introducing-kubernetes-resource-view-in-amazon-eks-console/
[00:18:34] Werf: Consistent delivery tool
https://werf.io/
[00:26:32] Easy-to-follow set of instructions for a strategy that minimizes the cost of NAT gateways in ec2.
[00:36:00] How many of you don't commit .terraform.lock.hcl to source control?
[00:44:25] Explain to me how crossplane works?
[00:53:35] Outro

Public “Office Hours” (2022-04-27)

Erik OstermanOffice Hours

Here's the recording from our DevOps “Office Hours” session on 2022-04-27.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00] Intro
[00:01:29] Git.io shutting down 2022-04-29 (GitHub provides 4 days notice!!!)
https://github.blog/changelog/2022-04-25-git-io-deprecation/
[00:02:53] Cloud Posse build-harness: update links to cloudposse.tools/build-harness
https://github.com/cloudposse/build-harness/issues/314
[00:04:34] Google donates the Istio service mesh to the CNCF
https://techcrunch.com/2022/04/25/google-donates-the-istio-service-mesh-to-the-cloud-native-computing-foundation/
[00:05:05] AWS's Log4j patches blew holes in its own security
https://www.theregister.com/AMP/2022/04/20/aws_log4j_patches/
[00:05:42] Fairwinds Helmfile Alternative: declaratively manage multiple Helm chart releases
https://github.com/FairwindsOps/reckoner
[00:06:48] [2018] Kubernetes Edge Computing at Chick-fil-A
https://medium.com/@cfatechblog/edge-computing-at-chick-fil-a-7d67242675e2
[00:08:17] Finally, a terraform-registry-proxy for “airgapped” environments
https://github.com/jasonwbarnett/terraform-registry-proxy
[00:22:00] Aurora Serverless v1 is GA
[00:23:26] Use IAM to control access to a resource based on the account, OU or organization that contains the resource
https://aws.amazon.com/about-aws/whats-new/2022/04/iam-access-resource-organization/
[00:24:36] Karpenter workload consolidation/defragmentation
https://github.com/aws/karpenter/issues/1091
[00:29:37] How have folks automated AWS IAM Access Key + Secret Key rotation policies
[00:34:23] Opinions and thoughts on K8s ingress controllers for high volume deployments.
[00:42:25] What advice do you have for how to communicate expectations when people decide to use something brand new that is still super beta/rough, are having problems, and are annoyed that things aren't working?
[00:52:30] Are you doomed without a tool like Spacelift?
[01:00:23] Outro

Public “Office Hours” (2022-04-20)

Erik OstermanOffice Hours

Here's the recording from our DevOps “Office Hours” session on 2022-04-20.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00] Intro
[00:01:22] Terraform Experiment Update: Optional arguments in object variable type definition
https://github.com/hashicorp/terraform/issues/19898#issuecomment-1101853833
[00:02:22] GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens (from Heroku & TravisCI)
https://thehackernews.com/2022/04/github-says-hackers-breach-dozens-of.html
[00:05:53] Terraform Data Source for AWS Pricing Data
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/pricing_product
[00:06:26] How to Make 100K/year on GitHub Sponsors
https://calebporzio.com/i-just-hit-dollar-100000yr-on-github-sponsors-heres-how-i-did-it
[00:13:20] AWS Security Hub adds cross-Region security scores and compliance statuses
https://aws.amazon.com/about-aws/whats-new/2022/04/aws-security-hub-cross-region-security-scores-compliance-statuses/
[00:15:58] FYI, AWS Single Sign-On is now HIPAA eligible
https://aws.amazon.com/about-aws/whats-new/2022/04/aws-single-sign-on-hipaa-eligible/
[00:17:00] AWS Shield adds automatic application-layer DDoS mitigation for ALBs with WAF
https://aws.amazon.com/about-aws/whats-new/2022/04/aws-shield-application-balancer-automatic-ddos-mitigation/
[00:23:01] Terraform + GitHub Actions & OIDC (via weekly.tf)
https://blog.symops.com/2022/04/14/terraform-pipeline-with-github-actions-and-github-oidc-for-aws/
[00:24:03] Hierarchical YAML Configurations in Terraform
https://github.com/lyraproj/hiera
[00:28:08] Rare Leakage of an S3 Stack Trace
[00:30:21] Cloud Posse “Activation Days”? Who is interested….
[00:32:27] What kind of a git repo structure do you recommend if I want to separate my terraform modules in repository?
[00:39:48] Are there any examples on the use of helmfile that showcase how one might use it in a “bigger” situation?
[00:54:53] Outro