Public “Office Hours” (2021-07-14)

Erik OstermanOffice Hours

Here's the recording from our DevOps “Office Hours” session on 2021-07-14.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.

[00:00:00​] Intro
[00:01:17​] July 21st: Waypoint Demo presented by Taylor Dolezal
[00:01:45​] AWS Controllers for Kubernetes – manage AWS resources from K8s
https://aws.amazon.com/blogs/containers/aws-controllers-for-kubernetes-ack/
[00:05:54] Free AWS Certified Solutions Architect Associate Training by AWS
https://www.techrepublic.com/article/aspiring-aws-cloud-architects-have-a-new-free-learning-option-on-twitch/
[00:06:45​] Behind the scenes of AWS Lambda
https://www.bschaatsbergen.com/behind-the-scenes-lambda
[00:07:45​] Amazon EKS managed node groups now supports parallel node upgrades
https://aws.amazon.com/about-aws/whats-new/2021/07/amazon-eks-managed-node-groups-now-supports-parallel-node-upgrades/
[00:09:00​] Why are CRDs with Helm such a pain? Helm explains.
https://github.com/helm/community/blob/main/hips/hip-0011.md
[00:13:42​] How to manage Terraform dev/stage/prod releases when you’re utilizing terraform workspaces instead of the directory structure approach?
[00:33:01​] Best reverse proxy options to replace Apache httpd with docker-compose
[00:39:07​] @AquaSecTeam has acquired @tfsec_dev
https://www.aquasec.com/news/aqua-security-acquires-tfsec/
[00:39:49] What does the test workflow looks like in the Cloud Posse Terraform repositories
[00:50:50​] Distinguishing between (Datadog) metrics from our internal services (EKS) and the infrastructure services, like DD agent, k8-cni, etc.
[00:53:03​] When will Kubernetes fix the issue with Jobs and InitContainers?
[00:55:56] Terraform Enterprise vs S3 bucket for state management
[01:02:06​] Outro

Public “Office Hours” (2021-07-07)

Erik OstermanOffice Hours

Here's the recording from our DevOps “Office Hours” session on 2021-07-07.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.

Public “Office Hours” (2021-06-30)

Erik OstermanOffice Hours

Here's the recording from our DevOps “Office Hours” session on 2021-06-30.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.

[00:00:00​] Intro
[00:01:10] July 21st: Waypoint Demo presented by Taylor Dolezal
[00:01:45] AWS Firewall Manager released.
https://github.com/cloudposse/terraform-aws-firewall-manager
[00:03:12] New Terraform “Utils” Provider for AWS – The Cloud Posse “Escape Hatch”
https://github.com/cloudposse/terraform-provider-awsutils
[00:13:45] AWS Key Management Service Introduces Multi-Region Keys
https://www.infoq.com/news/2021/06/aws-kms-global/
[00:15:11] Official AWS Modules by Amazon Released
(NOTE terraform-aws-modules GitHub organization is not official)
https://github.com/aws-ia
[00:22:19] Terraform 1.1-alpha implements “terraform add” generator
https://github.com/hashicorp/terraform/pull/28874
[00:25:20] https://www.theverge.com/platform/amp/2021/6/30/22556992/slack-huddles-audio-calls-feature-launch-discord-like
[00:29:05] GitHub AI Pair Programmer
https://copilot.github.com
[00:33:32] Leapp new version released to support AWS Named-profiles
https://github.com/Noovolari/leapp
[00:34:57] Can you use Terraform to bootstrap a deployment of AWS Control Tower?
[00:37:51] Any advice on using Cloud Posse modules with the CDK?
[00:45:45] How to manage customer managed KMS Keys
[00:49:09] Can you specify something other than 0.0.0.0\0 in the packer file?
[00:52:51] Nike’s gimme creds tool broke for everyone using Okta
https://github.com/Nike-Inc/gimme-aws-creds
[00:55:30] AWS cloud credentials is overly complex
[00:58:35] Outro

Public “Office Hours” (2021-06-23)

Erik OstermanOffice Hours

Here's the recording from our DevOps “Office Hours” session on 2021-06-23.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.

[00:00:00​] Intro
[00:01:47] Vendir: Feature Ignore Paths Merged. Now waiting on release.
https://github.com/vmware-tanzu/carvel-vendir/pull/64
[00:49:13​] (Continued) Vendir: Feature Ignore Paths Merged. Now waiting on release.
[00:02:49​] New Terraform Module: AWS Global Accelerator
https://github.com/cloudposse/terraform-aws-global-accelerator
[00:04:01​] AWS Macie and AWS Firewall Manager forthcoming.
https://github.com/cloudposse/terraform-aws-macie/pull/1
https://github.com/cloudposse/terraform-aws-firewall-manager
[00:04:54] HashiCorp Google Workspace Provider announced
https://www.hashicorp.com/blog/announcing-the-google-workspace-provider-for-hashicorp-terraform-tech-preview
[00:05:39] AWS CloudFormation Public Registry
https://aws.amazon.com/about-aws/whats-new/2021/06/announcing-a-new-public-registry-for-aws-cloudformation/
[00:07:13​] Drift Detection Support Added to Spacelift
https://github.com/cloudposse/terraform-spacelift-cloud-infrastructure-automation/pull/44
[00:11:35​] Cloudflare Waiting Rooms
https://blog.cloudflare.com/building-waiting-room-on-workers-and-durable-objects/
[00:12:38​] Steampipe – SQL-esque queries for your cloud infrastructure
https://steampipe.io/
[00:14:50] Running Terraform with no internet access (terraform-bundle)
https://github.com/hashicorp/terraform/tree/main/tools/terraform-bundle
[00:20:32] Policy enforcement based on git-diff?
[00:27:27​] How do you write a trust policy for an IAM role to allow/disallow AWS SSO roles from another account to assume the role, given that AWS SSO generates non-deterministic IAM role names that change over time?
[00:43:48] (Continued) How do you write a trust policy for an IAM role to allow/disallow AWS SSO roles from another account to assume the role, given that AWS SSO generates non-deterministic IAM role names that change over time?
[00:31:48] Amazon EC2 now allows you to create crash-consistent AMIs and EBS Backups
https://aws.amazon.com/about-aws/whats-new/2021/06/aws-backup-supports-crash-consistent-backup-amazon-ebs-volumes-attached-to-amazon-ec2-instance/
[00:33:06​] Any nice Azure reference architectures out there?
[00:36:10] How to share Terraform Generated SSH Keypair?
[00:38:20​] How to serve static HTML page from S3 through an ALB
[00:52:00​] Cloud9 environments for limited budget teams
[00:56:35​] Outro

Public “Office Hours” (2021-06-16)

Erik OstermanOffice Hours

Here's the recording from our DevOps “Office Hours” session on 2021-06-16.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00​] Intro
[00:01:00​] Taylor intro
[00:03:00​] Taylor’s Terraform story
[00:05:50] What does a Senior Developer Advocate do?
[00:08:00​] How does HashiCorp manage so many community requests?
[00:09:42​] What are the benefits of using CDK for Terraform over vanilla Terraform?
[00:16:33] Terraform and multi-cloud limitations
[00:18:27] Where is terraform 1-2 years from now?
[00:22:53​] Does HashiCorp want to be an open source “Amazon” of DevOps services?
[00:27:05] Where is HashiCorp growing the most?
[00:28:28] Ideal image build workflow using Terraform?
[00:30:25​] HCP offering for Packer
[00:33:34] Removal of provisioners (e.g., Chef)
[00:35:35​] How 1.0 changed things
[00:38:03] Terraform debugging and testing
[00:42:54] Long term maintenance of demos
[00:46:42] Do you ever see HashiCorp creating a layer above Terraform to orchestrate many root modules / deal with that DAG?
[00:51:07] Could a custom Terraform Provider behave like a Kubernetes Operator?
[00:55:57] Has Terraform solved the problem Terragrunt was built for?
[00:58:29​] Outro