Public “Office Hours” (2022-02-23)

Erik OstermanOffice Hours

2 min read

Here's the recording from our DevOps “Office Hours” session on 2022-02-23.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00​] Intro
[00:01:24​] Announcing the general availability of AWS Backup for Amazon S3
https://aws.amazon.com/about-aws/whats-new/2022/02/general-availability-aws-backup-amazon-s3/
[00:03:21​] AWS Firewall Manager now supports versioning for AWS WAF managed rule group
https://aws.amazon.com/about-aws/whats-new/2022/02/aws-firewall-manager-waf-rule-group/
[00:04:02​] AWS Launches Discourse Forum/Community for QuickSight
https://community.amazonquicksight.com/t/troubleshoot-analysis-titles-and-subtitles-failed-to-load-narrative-editor/1776
[00:05:20​] Introducing auto-adjusting budgets
https://aws.amazon.com/about-aws/whats-new/2022/02/auto-adjusting-budgets/
[00:06:31​] cloudposse/terraform-aws-s3-bucket adds AWS Provider v4 support
https://github.com/cloudposse/terraform-aws-s3-bucket/releases/tag/0.48.0
[00:07:30​] GitHub Opens Advisory Database to contributions
https://github.blog/2022-02-22-github-advisory-database-now-open-to-community-contributions/
[00:09:20​] Other
[00:10:19] Amazon EKS Release calendar
https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#kubernetes-release-calendar
[00:11:54] Waxing philosophical: DevOps sometimes feels like building sandcastles
[00:17:49​] Why is it a best-practice from a compliance/ops standpoint to put all s3 buckets into their own AWS project?
[00:24:57​] Is anyone using AWS SSM Session manager to enable devs to connect to a staging RDS instance, and NOT using ssh keys/connections managed through SSM?
[00:34:23​] How do you build the observability model at the app level?
[00:43:47​] I’m looking for examples to build a VPC without internet connection without losing connection to ECR, S3 and DynamoDB. Do you have any suggestions?
[00:52:16] Terraform wirenodes https://github.com/jbraswell/terraform-wireguard
[00:55:52​] Outro

Public “Office Hours” (2022-02-16)

Erik OstermanOffice Hours

2 min read

Here's the recording from our DevOps “Office Hours” session on 2022-02-16.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00​] Intro
[00:01:30​] Terraform AWS Provider v4.0.0 released (with breaking changes)
https://github.com/hashicorp/terraform-provider-aws/releases/tag/v4.0.0
[00:05:47​] Set up Tracing on GitHub Actions Workflows using Datadog
https://docs.datadoghq.com/continuous_integration/setup_pipelines/github/#compatibility
[00:07:32​] HTTP/3: Everything you need to know about the next-generation web protocol
https://portswigger.net/daily-swig/http-3-everything-you-need-to-know-about-the-next-generation-web-protocol
[00:09:23​] Include diagrams in your Markdown files with Mermaid (With example)
https://github.blog/2022-02-14-include-diagrams-markdown-files-mermaid/
https://github.com/mermaid-js/mermaid#flowchart-docs—live-editor
[00:17:10​] Embed SVGs in GitHub Markdown
https://github.blog/changelog/2022-01-21-allow-to-upload-svg-files-to-markdown/
[00:18:38​] Amazon Elastic File System Update – Sub-Millisecond Read Latency
https://aws.amazon.com/blogs/aws/amazon-elastic-file-system-update-sub-millisecond-read-latency/
[00:20:09​] 1Password for SSH & Git (Beta)
https://developer.1password.com/docs/ssh/
[00:22:08​] Observation: The rise of the specialized cloud
[00:26:30] AWS WAF ruleset for credential stuffing
[00:28:19​] Has anyone found a tool that can facilitate mass migration of data from one tier of Glacier to the other?
[00:31:14​] What are people doing in the wild with respect to pinning for ACM generated certificates?
[00:35:33​] What is the recommended way for EKS pods to CRUD on S3 buckets?
[00:37:27​] Is there a way to basically do AWS IPAM, but just in TF?
[00:43:07​] Has anyone had to deal with uploading and offloading child accounts. I had like over 50 accounts to create on New Relic and i had to manually add this accounts on the UI
[00:46:37​] In your centralized logging system (ELK/Loki), How do you deal with a spike of logs that overwhelms your pipeline?
[00:52:26​] Giving the infra deploy pipeline full admin in AWS vs fine-grained permissions that seem more secure but troublesome to manage
[00:57:08​] Outro

Public “Office Hours” (2022-02-09)

Erik OstermanOffice Hours

2 min read

Here's the recording from our DevOps “Office Hours” session on 2022-02-09.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00​] Intro
[00:01:16​] Datadog adds Cloud Cost Management for AWS (private beta)
https://docs.datadoghq.com/infrastructure/cloud_cost_management/
[00:02:08​] Argo CD releases patch for zero-day vulnerability
https://www.zdnet.com/article/argo-cd-releases-patch-for-0-day-vulnerability/
[00:03:11​] Amazon S3 Batch Replication synchronizes existing data between buckets
https://aws.amazon.com/about-aws/whats-new/2022/02/amazon-s3-batch-replication-synchronizes-existing-data-between-buckets/
[00:07:29] SweetOps Slack Upgraded to Paid Team (Big Thanks to our Spacelift sponsors)
[00:08:17​] Replicating existing objects between S3 buckets
https://aws.amazon.com/blogs/storage/replicating-existing-objects-between-s3-buckets/
[00:09:35​] App runner gets VPC support
https://aws.amazon.com/blogs/aws/new-for-app-runner-vpc-support/
[00:14:00​] What pitfalls might I encounter I develop a feature by deploying live resources namespaced by my current git branch?
[00:28:38​] Revisit: insights CDNs optimized to minimize http 2 response delays?
[00:29:33​] is it possible to set cloudfront to cache an image only after it has responded to the client request?
[00:34:36​] Is it possible to set 2 origins (both s3 buckets) as part of a cloudfront behavior?
[00:41:09​] Tools to refactor Terraform
[00:50:15​] Terraform Mixins
[00:55:00​] Outro

Public “Office Hours” (2022-02-02)

Erik OstermanOffice Hours

2 min read

Here's the recording from our DevOps “Office Hours” session on 2022-02-03.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00​] Intro
[00:01:19​] GitHub is down!
[00:01:38] SweetOps Upgraded to Paid Team (Big Thanks to our Spacelift sponsors)
https://slack.cloudposse.com
[00:05:07​] German Court Rules Websites Embedding Google Fonts Violates GDPR
https://thehackernews.com/2022/01/german-court-rules-websites-embedding.html
[00:05:48​] Earthly Builds for CI
https://github.com/earthly/earthly
[00:09:46​] Amazon GuardDuty now protects Amazon Elastic Kubernetes Service clusters
https://aws.amazon.com/about-aws/whats-new/2022/01/amazon-guardduty-elastic-kubernetes-service-clusters/
[00:13:37​] Finally! A pretty dashboard to keep track of the status of your GitHub Actions
https://github.com/chriskinsman/github-action-dashboard
[00:20:37​] GOV.UK PaaS (on github!)
https://www.cloud.service.gov.uk
https://github.com/alphagov/govuk-terraform-provisioning
[00:30:08​] Create an Impressive GitHub Profile README
https://www.sitepoint.com/github-profile-readme/
[00:32:39​] What tools are people already using to help refactor Terraform and what types of operations do they wish were more automated?
[00:39:58] Integrations with Github Actions, Vault and Terraform Cloud
[00:45:30​] Given the experience Cloud Posse has with being an open source-first company, what advice do you have for new startups with open source products?
[00:54:54​] Outro

Public “Office Hours” (2022-01-26)

Erik OstermanOffice Hours

2 min read

Here's the recording from our DevOps “Office Hours” session on 2022-01-26.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00​] Intro
[00:01:31​] PSA: Docker pricing goes into effect 1/31
https://www.docker.com/pricing/faq
[00:03:15​] Infracost adds policy support
https://www.infracost.io/docs/features/cost_policies/
[00:04:25​] GitHub Actions by Example
https://www.actionsbyexample.com
[00:05:19​] Private GitHub Actions Now Supported (Enterprise Only)
https://github.blog/changelog/2022-01-21-share-github-actions-within-your-enterprise/
[00:06:27​] GitHub Actions flaw enabled bypassing approvals
https://portswigger.net/daily-swig/github-actions-flaw-that-allowed-code-to-be-approved-without-review-is-addressed-with-new-feature-rollout
[00:07:20​] Atlas: New tool for database migrations in HCL (not terraform)
https://atlasgo.io
[00:09:11​] How GitHub Does DevOps for its iOS and Android Apps
https://www.infoq.com/news/2022/01/GitHub-devops-mobile-apps/
[00:09:50​] AWS Security Hub Now Integrates with AWS Health
https://aws.amazon.com/about-aws/whats-new/2022/01/aws-security-hub-health/
[00:10:27​] AWS Trusted Advisor adds SecurityHub Foundational Security Best Practices
https://aws.amazon.com/about-aws/whats-new/2022/01/aws-trusted-advisor-security-hub/
[00:11:33​] Is helmfile a project you guys manage or is it its own thing?
[00:53:36​] Outro

Public “Office Hours” (2022-01-19)

Erik OstermanOffice Hours

2 min read

Here's the recording from our DevOps “Office Hours” session on 2022-01-19.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00​] Intro
[00:01:28​] GitHub to Support Mermaid diagrams that can be displayed within Markdown
https://github.com/github/roadmap/issues/372
[00:02:16​] On-call Engineer’s Dinner for FAMILY during incidents should be expensed
https://twitter.com/mipsytipsy/status/1482895726581485572?s=21
[00:03:34​] AWS Proton Adds Terraform Support and Git Template Storage
https://www.infoq.com/news/2022/01/proton-terraform-git/
[00:06:17​] New Cloud Posse Terraform module to manage AWS Service Quotas
https://github.com/cloudposse/terraform-aws-service-quotas
[00:08:59​] Get Infra costs from your Spacelift runs
https://docs.spacelift.io/vendors/terraform/infracost
[00:12:27​] AWS SSM Now Supports Outgoing Webhooks
https://aws.amazon.com/about-aws/whats-new/2022/01/aws-systems-manager-automation-third-party-applications-webhooks/
[00:12:51​] AWS Systems Manager Automation runbooks from Slack (using AWS Chatbot)
https://aws.amazon.com/about-aws/whats-new/2022/01/aws-systems-manager-automation-runbooks-slack/
https://aws.amazon.com/chatbot/
[00:13:10​] Terraform v1.1.4 released (nothing really noteworthy)
https://github.com/hashicorp/terraform/releases/tag/v1.1.4
[00:18:23​] PSA terraform-provider-awsutils gotchas
https://sweetops.slack.com/archives/CB6GHNLG0/p1642600261130900?thread_ts=1642600040.130400&cid=CB6GHNLG0
[00:22:08​] Slick GitHub Action for Terraform (via weekly.tf)
https://github.com/suzuki-shunsuke/tfcmt
[00:27:41​] What is a good way to ensure that a terraform plan on one branch does not block other branches from doing terraform plan?
https://sweetops.slack.com/archives/CHDR1EWNA/p1642620072006600
[00:34:19​] Most organizations have at least 1 of these infrastructure problems? How are you solving them?
[00:45:30​] Does anyone use, or has anyone used Ansible enough to shed some light on when (what types of tasks) Ansible would definitely be better than Terraform?
[00:53:02​] Is it really a common practice to run terraform plan continuously to detect drifts?
[00:57:17​] Outro