Public “Office Hours” (2022-04-06)

Erik OstermanOffice Hours

2 min read

Here's the recording from our DevOps “Office Hours” session on 2022-04-06.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00] Intro
[00:01:26] Cloud Posse Preparing to Update all modules to 1.x (graduating from 0.x)
https://cloudposse.slack.com/archives/CB6GHNLG0/p1649231089390479
[00:06:17] Helmfile has officially forked! Update your stars and sponsorship.
https://github.com/roboll/helmfile/issues/1824?utm_source=hs_email&utm_medium=email&_hsenc=p2ANqtz-_Ya_HA-FCHjBeCSpFTnNuwrucqZCB9CT_s9Wd4rXoUPQELxMPnJJeiFVGwG5kC-9Rg2VeW#issuecomment-1086760859
https://github.com/sponsors/mumoshu
[00:09:26] Cloud cost estimates for Terraform in pull requests
https://github.com/infracost/infracost
[00:15:15] Monocle: How Chime creates a proactive security & engineering culture
https://medium.com/life-at-chime/monocle-how-chime-creates-a-proactive-security-engineering-culture-part-1-dedd3846127f
[00:21:49] GitHub can now auto-block commits containing API keys, auth tokens
https://www.bleepingcomputer.com/news/security/github-can-now-auto-block-commits-containing-api-keys-auth-tokens/amp/
[00:26:43] Google now requires two staff to sign off each Go change
https://www.theregister.com/2022/04/05/google_go_double_sign_off/
[00:28:39] GitHub Actions: Job management hooks for self-hosted runners
https://github.blog/changelog/2022-04-04-github-actions-job-management-hooks-for-self-hosted-runners/
[00:30:00] Amazon RDS Proxy finally supports PostgreSQL 13
https://aws.amazon.com/about-aws/whats-new/2022/04/amazon-rds-proxy-supports-postgresql-major-version-13/
[00:30:45] EKS add-ons support for EBS CSI driver is now generally available
https://aws.amazon.com/about-aws/whats-new/2022/03/eks-add-ons-ebs-csi-driver-available/
[00:37:09] How to use Open Source modules in locked down enterprise environments?
[00:42:44] Tips for dealing with Slack Spammers?
[00:53:00] Terraform Operator vs Terraform Controller
https://github.com/isaaguilar/terraform-operator
https://github.com/weaveworks/tf-controller
[01:01:49] Outro

Public “Office Hours” (2022-03-30)

Erik OstermanOffice Hours

2 min read

Here's the recording from our DevOps “Office Hours” session on 2022-03-30.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00] Intro
[00:01:33] Docker founder launches Dagger, a new DevOps platform
https://techcrunch.com/2022/03/30/docker-founder-launches-dagger-a-new-devops-platform/
[00:07:14] Google Docs gets “Markdown” Support (autocorrect)
https://www.theverge.com/2022/3/29/23002138/google-docs-markdown-support-formatting-update
[00:07:50] Pretty “diffs” of structure data and code
https://github.com/Wilfred/difftastic
[00:09:17] Helmfile seeks a new home (dedicated org)
https://github.com/roboll/helmfile/issues/1824
[00:10:34] Terraform 1.2 Alpha Release – better custom error messages and conditions
https://github.com/hashicorp/terraform/releases/tag/v1.2.0-alpha-20220328
[00:11:12] GitHub explains outage string in incidents update
https://www.theregister.com/2022/03/24/github_outage_details/
[00:12:38] AWS Close Account API Endpoint (no terraform support yet)
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html
https://github.com/hashicorp/terraform-provider-aws/issues/23930
[00:15:09] Google Cloud Alters the “Deal”; prices go up
https://www.lastweekinaws.com/blog/google-cloud-alters-the-deal/
[00:18:03] Amazon RDS now supports Internet Protocol Version 6 (IPv6) on RDS Service APIs
https://aws.amazon.com/about-aws/whats-new/2022/03/amazon-rds-internet-protocol-version-6-ipv6-rds-service-apis/
[00:18:58] Amazon EC2 Auto Scaling instance lifecycle states are now available via the Instance Metadata Service
https://aws.amazon.com/about-aws/whats-new/2022/03/amazon-ec2-auto-scaling-lifecycle-instance-metadata/
[00:19:53] AWS Lambda now allows customers to configure up to 10 GB of ephemeral storage for Lambda functions
https://aws.amazon.com/about-aws/whats-new/2022/03/aws-lambda-configure-ephemeral-storage/
[00:22:04] AWS Proton support for Terraform Open Source is now Generally Available
https://aws.amazon.com/about-aws/whats-new/2022/03/aws-proton-terraform-open-source/
[00:24:33] Do you know of any services or people who provide career mentoring for DevOps people?
[00:34:14] What do you do when you need something that hasn't been implemented in provider terraform-provider-aws yet?
[00:40:29] Spring4Shell
[00:42:41] What do you give developers playground environments?
[00:52:14] Tracking main on Terraform when you have all environments in one repo
[01:02:43] Outro

Public “Office Hours” (2022-03-23)

Erik OstermanOffice Hours

2 min read

Here's the recording from our DevOps “Office Hours” session on 2022-03-23.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00] Intro
[00:01:27] Okta Support Engineer Account Compromised
https://twitter.com/jschauma/status/1506459390160871432?s=21
[00:05:32] List of vendors that do not allow IMDSv2 enforcement
https://github.com/SummitRoute/imdsv2_wall_of_shame
https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/
[00:08:33] Interesting Terraform Providers for TFVars, dotenv, s3 downloads
https://github.com/innovationnorway/terraform-provider-tfvars
https://github.com/jrhouston/terraform-provider-dotenv
https://github.com/nicolai86/terraform-provider-aws-download
[00:15:19] New Cloud Posse Lambda Function module
https://github.com/cloudposse/terraform-aws-lambda-function
[00:20:07] GitHub Actions: Restrict self-hosted runner groups to specific workflows
https://github.blog/changelog/2022-03-21-github-actions-restrict-self-hosted-runner-groups-to-specific-workflows/
[00:24:07] What are the reasons to not deploy Lambdas via Terraform? (Currently doing so, is quite a bit of work)
[00:32:47] aws provider maintainers migrated the new aws s3 bucket changes to 3.x
https://github.com/hashicorp/terraform-provider-aws/releases/tag/v3.75.0
[00:40:55] How are folks approaching interviewing candidates for DevOps positions nowadays? What questions do you ask? What has worked and what hasn’t?
[00:59:22] Outro

Public “Office Hours” (2022-03-16)

Erik OstermanOffice Hours

1 min read

Here's the recording from our DevOps “Office Hours” session on 2022-03-16.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.

Public “Office Hours” (2022-03-09)

Erik OstermanOffice Hours

2 min read

Here's the recording from our DevOps “Office Hours” session on 2022-03-09.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00​] Intro
[00:01:20​] AWS & Google WAF bypassed via oversized POST requests
https://portswigger.net/daily-swig/google-waf-bypassed-via-oversized-post-requests
[00:02:18​] Amazon Web Services blocks new sign-ups from Russia and Belarus
https://www.nytimes.com/2022/03/08/technology/amazon-web-services-russia.html
[00:02:58​] GitLab Critical Security Release: 14.8.2, 14.7.4, and 14.6.5
https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/#unauthenticated-user-enumeration-on-graphql-api
[00:03:26​] Sharing GitHub Actions within your enterprise is now GA – GitHub Changelog
https://github.blog/changelog/2022-03-04-sharing-github-actions-within-your-enterprise-is-now-ga
[00:04:50​] Take the Cloud Posse Quiz
https://cloudposse.com/quiz
[00:05:40] It’s pretty common to render static pages for docs purposes directly from Github Action or Gitlab
[00:12:10​] Is there a good argument for or against adding remote_state entries in a Terraform module
[00:01:02​] Outro

Public “Office Hours” (2022-03-02)

Erik OstermanOffice Hours

2 min read

Here's the recording from our DevOps “Office Hours” session on 2022-03-02.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:40​] Intro
[00:02:04​] Amazon Drops “Elasticsearch” from Product Names
https://wptavern.com/amazon-drops-elasticsearch-from-product-names-to-settle-trademark-infringement-lawsuit-with-elastic
[00:03:11] Sustainable architectures in a world of Agile, DevOps, and cloud
https://stackoverflow.blog/2022/02/24/sustainable-architectures-in-a-world-of-agile-devops-and-cloud/
[00:04:12​] Announcing the first iteration of the new unified AWS Health Dashboard
https://aws.amazon.com/about-aws/whats-new/2022/02/aws-health-dashboard-first-iteration/
[00:04:36​] Brand new UX/UI of Leapp, the local Desktop App that helps you in managing Aws credentials
https://twitter.com/a_cava94/status/1496846237722632196
[00:07:56] Keptn – Cloud-native application life-cycle orchestration
https://keptn.sh/
[00:14:12​] AWS carbon footprint service – Well Architected Framework
https://aws.amazon.com/architecture/well-architected/?wa-lens-whitepapers.sort-by=item.additionalFields.sortDate&wa-lens-whitepapers.sort-order=desc
[00:15:12​] Take the Cloud Posse Quiz to find out if you’re a customer fit
https://cloudposse.com/quiz
[00:16:11] If I am making a job for a gitlab pipeline in .gitlab-ci.yml with a script section
[00:18:05​] I would like to restrict people in my team from being able to terraform apply|destroy and most probably plan from their local machines
[00:19:22​] Does anyone know about when aurora serverless v2 will go live?
[00:23:20​] Attempting to use eksctl within gitlab pipelines. Currently i'm using the alpine/k8s image but im running into the follow error
[00:24:50​] Trusted advisor supports an organizational view. Can you create such a report via the cli?
[00:29:15​] aws-extend-switch-roles
[00:45:00] goofys
[00:58:53] https://jmespath.org/
[00:59:45​] Outro