8 min read
Welcome to the November 2018 edition of the SweetOps newsletter.
We've got a lot to share with you this month as we've been exceptionally busy! Overall, our emphasis this month has been on growing the community around our open source adoption and investing heavily in Atlantis for terraform GitOps-style automation.
New Terraform Modules
- terraform-aws-iam-account-settings – Terraform module to provision general IAM account settings. It will create the IAM account alias for pretty login URLs and set the account password policy.
- terraform-aws-iam-user – Terraform Module to provision a basic IAM user suitable for humans. Supports automatic password encryption using Keybasepublic keys.
- terraform-null-smtp-mail – Terraform module to send transactional emails via an SMTP relay directly from within terraform. This is perfect for sending teams email notifications when infrastructure changes.
You can find all of the cloudposse terraform modules in the official terraform module registry.
Important Terraform Module Updates
- terraform-aws-rds-cluster – we've added support for Aurora Serverless as well as fixed some idempotency issues raised by the community.
- terraform-aws-cloudfront-s3-cdn – we've fixed support for regional S3 endpoints with the CloudFront CDN
- terraform-aws-elastic-beanstalk-environment – we've received a handful of PRs to extend the module capabilities with better support for autoscaling, nodejs, ELB security groups, and cloudwatch logs.
- terraform-aws-dynamodb – we've added support for local secondary indexes
Many thanks to @johncblandii, @br0nhy, @bober2000, @pabardina, @rverma-nikiai, @aknysh, @jamisonhyatt and the many others who took the time to open issues, submit pull requests and review code.
GitOps with Atlantis and Terraform
We recently held a meetup during #connectweek in Pasadena (CA) where we gave a live demo using Atlantis with Terraform to provision AWS user accounts using only Pull Requests. Atlantis is the secret for enabling teams to collaborate on Terraform. We have our own fork of atlantis that we're maintaining until the essential security features we introduced get upstreamed.
Slides from the presentation are available on our blog.
Interesting Links & Projects
Here are some interesting links that circulated this month in our slack team.
- Very cool Open Source SIEM security and compliance dashboard for surfacing events.
- Interesting workaround to achieve Tillerless Helm today by running tiller on localhost.
- HashiCorp, the company behind Terraform, has raised an additional $100M
- 10 Habits DevOps practitioners must break
- Monitoring dashboard for Kubernetes Jobs that makes it easy to see which are running and if their latest status was “succeeded” or “failed”.
- Two Objects not Namespaced by the Linux Kernel and therefore shared by linux containers.
- Malicious Life Podcast – The True stories behind the world of cybercrime
For more links, subscribe to our @cloudposse twitter feed.
New Alpine Package Repository
As part of Geodesic, our framework for provisioning and automating infrastructure, we needed a better way to distribute our toolchain (aws-vault, chamber, kops, gomplate, etc) that was fast and reliable that made it easy to version pin tools for individual customers. Previously, we shipped all tools with the geodesic docker base image pinned to a specific release, but this was bad because it forced a customer to upgrade their entire toolchain when they just wanted one upgraded package.
The fix was to distribute all of our tools as versioned alpine packages. Our alpine repository is available at apk.cloudposse.com. More instructions for configuring this repository can be found in the github repository where we define all packages.
https://github.com/cloudposse/packages
What does this mean if you use the make based package installer? Not much. We'll continue to support Makefile based package installations because we need a way to install these packages natively on OSX/Linux/Windows/etc that is not alpine specific. In the future, we might distribute the packages for Debian and RPM-based distros as well.
Terragrunt with Geodesic
Terragrunt is a popular tool for automating terraform deployments. It makes it easy to reuse modules, initialize terraform state, and orchestrate complex multi-stage terraform build-outs.
For a demo we recently did on using Atlantis with Terraform, we put together an example of using Terragrunt on Geodesic. Long and short of it is that it's easy, and there's not much to it. For an example, refer to our reference architectures. Here's an example of adding a user using terraform and terragrunt in combination with our terraform-root-modules.
Slack Community
Over the past month, we've seen a sharp uptick in the number of daily conversations especially in the #terraform, #release-engineering, and #kubernetes channels. We're grateful for everyone helping out to answer questions and sharing interesting articles. If you haven't already, sign up for the SweetOps slack team today.
Reviews & Testimonials
We've set up a place for our community members to leave us testimonials. If our modules or slack community have helped you, we would love to know. A few words from you would totally make our day and help us reach others.
Please leave us a testimonial, if you've found some of our open source repos helpful.
All the best,
Erik Osterman
CEO / Founder, Cloud Posse, LLC
🚀 Infrastructure as code, pipelines as code, and now we even have code as code! =P In this talk, we show you how we build and deploy applications with Terraform using GitOps with Codefresh. Cloud Posse is a power user of Terraform and have written over 140 Terraform modules. We’ll share how we handle automation with security while making the process easy for engineers.
First speaker up was