Public “Office Hours” (2022-05-04)

Erik OstermanOffice Hours

Here's the recording from our DevOps “Office Hours” session on 2022-05-04.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00] Intro
[00:01:17] Atmos Adds Vendoring – pull terraform root modules (or anything) from anywhere
https://github.com/cloudposse/atmos/pull/145
[00:07:30] Terraform 1.2 (RC1 just dropped) — adds pre/post conditions, bearer tokens
https://github.com/hashicorp/terraform/releases/tag/v1.2.0-rc1
[00:14:28] Amazon EKS web console adds Kubernetes Resource View
https://aws.amazon.com/blogs/containers/introducing-kubernetes-resource-view-in-amazon-eks-console/
[00:18:34] Werf: Consistent delivery tool
https://werf.io/
[00:26:32] Easy-to-follow set of instructions for a strategy that minimizes the cost of NAT gateways in ec2.
[00:36:00] How many of you don't commit .terraform.lock.hcl to source control?
[00:44:25] Explain to me how crossplane works?
[00:53:35] Outro

Public “Office Hours” (2022-04-27)

Erik OstermanOffice Hours

Here's the recording from our DevOps “Office Hours” session on 2022-04-27.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00] Intro
[00:01:29] Git.io shutting down 2022-04-29 (GitHub provides 4 days notice!!!)
https://github.blog/changelog/2022-04-25-git-io-deprecation/
[00:02:53] Cloud Posse build-harness: update links to cloudposse.tools/build-harness
https://github.com/cloudposse/build-harness/issues/314
[00:04:34] Google donates the Istio service mesh to the CNCF
https://techcrunch.com/2022/04/25/google-donates-the-istio-service-mesh-to-the-cloud-native-computing-foundation/
[00:05:05] AWS's Log4j patches blew holes in its own security
https://www.theregister.com/AMP/2022/04/20/aws_log4j_patches/
[00:05:42] Fairwinds Helmfile Alternative: declaratively manage multiple Helm chart releases
https://github.com/FairwindsOps/reckoner
[00:06:48] [2018] Kubernetes Edge Computing at Chick-fil-A
https://medium.com/@cfatechblog/edge-computing-at-chick-fil-a-7d67242675e2
[00:08:17] Finally, a terraform-registry-proxy for “airgapped” environments
https://github.com/jasonwbarnett/terraform-registry-proxy
[00:22:00] Aurora Serverless v1 is GA
[00:23:26] Use IAM to control access to a resource based on the account, OU or organization that contains the resource
https://aws.amazon.com/about-aws/whats-new/2022/04/iam-access-resource-organization/
[00:24:36] Karpenter workload consolidation/defragmentation
https://github.com/aws/karpenter/issues/1091
[00:29:37] How have folks automated AWS IAM Access Key + Secret Key rotation policies
[00:34:23] Opinions and thoughts on K8s ingress controllers for high volume deployments.
[00:42:25] What advice do you have for how to communicate expectations when people decide to use something brand new that is still super beta/rough, are having problems, and are annoyed that things aren't working?
[00:52:30] Are you doomed without a tool like Spacelift?
[01:00:23] Outro

Public “Office Hours” (2022-04-20)

Erik OstermanOffice Hours

Here's the recording from our DevOps “Office Hours” session on 2022-04-20.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00] Intro
[00:01:22] Terraform Experiment Update: Optional arguments in object variable type definition
https://github.com/hashicorp/terraform/issues/19898#issuecomment-1101853833
[00:02:22] GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens (from Heroku & TravisCI)
https://thehackernews.com/2022/04/github-says-hackers-breach-dozens-of.html
[00:05:53] Terraform Data Source for AWS Pricing Data
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/pricing_product
[00:06:26] How to Make 100K/year on GitHub Sponsors
https://calebporzio.com/i-just-hit-dollar-100000yr-on-github-sponsors-heres-how-i-did-it
[00:13:20] AWS Security Hub adds cross-Region security scores and compliance statuses
https://aws.amazon.com/about-aws/whats-new/2022/04/aws-security-hub-cross-region-security-scores-compliance-statuses/
[00:15:58] FYI, AWS Single Sign-On is now HIPAA eligible
https://aws.amazon.com/about-aws/whats-new/2022/04/aws-single-sign-on-hipaa-eligible/
[00:17:00] AWS Shield adds automatic application-layer DDoS mitigation for ALBs with WAF
https://aws.amazon.com/about-aws/whats-new/2022/04/aws-shield-application-balancer-automatic-ddos-mitigation/
[00:23:01] Terraform + GitHub Actions & OIDC (via weekly.tf)
https://blog.symops.com/2022/04/14/terraform-pipeline-with-github-actions-and-github-oidc-for-aws/
[00:24:03] Hierarchical YAML Configurations in Terraform
https://github.com/lyraproj/hiera
[00:28:08] Rare Leakage of an S3 Stack Trace
[00:30:21] Cloud Posse “Activation Days”? Who is interested….
[00:32:27] What kind of a git repo structure do you recommend if I want to separate my terraform modules in repository?
[00:39:48] Are there any examples on the use of helmfile that showcase how one might use it in a “bigger” situation?
[00:54:53] Outro

Public “Office Hours” (2022-04-13)

Erik OstermanOffice Hours

Here's the recording from our DevOps “Office Hours” session on 2022-04-13.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00] Intro
[00:01:31] AWS Lambda Functions now support HTTPS Endpoints (e.g. Single-Function Microservices)
https://aws.amazon.com/blogs/aws/announcing-aws-lambda-function-urls-built-in-https-endpoints-for-single-function-microservices/
[00:12:04] AWS Provider version 4.0 Chaos. AWS Terraform Provider v4.9.0 was just released.
https://github.com/hashicorp/terraform-provider-aws/issues/23106
https://github.com/hashicorp/terraform-provider-aws/blob/v4.9.0/CHANGELOG.md
[00:16:54] AWS Announces Data Transfer Price Reduction for AWS PrivateLink, AWS Transit Gateway, and AWS Client VPN services
https://aws.amazon.com/about-aws/whats-new/2022/04/aws-data-transfer-price-reduction-privatelink-transit-gateway-client-vpn-services/
[00:18:08] GitHub Now Supports Organizational Profile Pages
https://github.com/github
[00:21:32] “Case Study” on the Longest (Atlassian) Outage of All Time! 2+ weeks OMG, 400+ customers
https://newsletter.pragmaticengineer.com/p/scoop-atlassian
[00:35:10] Azure Terrafy and AzAPI are Microsoft’s alternative to “Terraformer” (by google)
https://techcommunity.microsoft.com/t5/azure-tools-blog/announcing-azure-terrafy-and-azapi-terraform-provider-previews/ba-p/3270937
https://github.com/GoogleCloudPlatform/terraformer
[00:36:13] Scaling containers on AWS in 2022
https://www.vladionescu.me/posts/scaling-containers-on-aws-in-2022/
[00:51:17] Pros and cons of using the latest EKS AMIs or managing roll-out of new AMI releases manually?
[00:57:10] How have folks automated AWS IAM Access Key + Secret Key rotation policies
[00:57:54] Outro

Public “Office Hours” (2022-04-06)

Erik OstermanOffice Hours

Here's the recording from our DevOps “Office Hours” session on 2022-04-06.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00] Intro
[00:01:26] Cloud Posse Preparing to Update all modules to 1.x (graduating from 0.x)
https://cloudposse.slack.com/archives/CB6GHNLG0/p1649231089390479
[00:06:17] Helmfile has officially forked! Update your stars and sponsorship.
https://github.com/roboll/helmfile/issues/1824?utm_source=hs_email&utm_medium=email&_hsenc=p2ANqtz-_Ya_HA-FCHjBeCSpFTnNuwrucqZCB9CT_s9Wd4rXoUPQELxMPnJJeiFVGwG5kC-9Rg2VeW#issuecomment-1086760859
https://github.com/sponsors/mumoshu
[00:09:26] Cloud cost estimates for Terraform in pull requests
https://github.com/infracost/infracost
[00:15:15] Monocle: How Chime creates a proactive security & engineering culture
https://medium.com/life-at-chime/monocle-how-chime-creates-a-proactive-security-engineering-culture-part-1-dedd3846127f
[00:21:49] GitHub can now auto-block commits containing API keys, auth tokens
https://www.bleepingcomputer.com/news/security/github-can-now-auto-block-commits-containing-api-keys-auth-tokens/amp/
[00:26:43] Google now requires two staff to sign off each Go change
https://www.theregister.com/2022/04/05/google_go_double_sign_off/
[00:28:39] GitHub Actions: Job management hooks for self-hosted runners
https://github.blog/changelog/2022-04-04-github-actions-job-management-hooks-for-self-hosted-runners/
[00:30:00] Amazon RDS Proxy finally supports PostgreSQL 13
https://aws.amazon.com/about-aws/whats-new/2022/04/amazon-rds-proxy-supports-postgresql-major-version-13/
[00:30:45] EKS add-ons support for EBS CSI driver is now generally available
https://aws.amazon.com/about-aws/whats-new/2022/03/eks-add-ons-ebs-csi-driver-available/
[00:37:09] How to use Open Source modules in locked down enterprise environments?
[00:42:44] Tips for dealing with Slack Spammers?
[00:53:00] Terraform Operator vs Terraform Controller
https://github.com/isaaguilar/terraform-operator
https://github.com/weaveworks/tf-controller
[01:01:49] Outro

Public “Office Hours” (2022-03-30)

Erik OstermanOffice Hours

Here's the recording from our DevOps “Office Hours” session on 2022-03-30.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00] Intro
[00:01:33] Docker founder launches Dagger, a new DevOps platform
https://techcrunch.com/2022/03/30/docker-founder-launches-dagger-a-new-devops-platform/
[00:07:14] Google Docs gets “Markdown” Support (autocorrect)
https://www.theverge.com/2022/3/29/23002138/google-docs-markdown-support-formatting-update
[00:07:50] Pretty “diffs” of structure data and code
https://github.com/Wilfred/difftastic
[00:09:17] Helmfile seeks a new home (dedicated org)
https://github.com/roboll/helmfile/issues/1824
[00:10:34] Terraform 1.2 Alpha Release – better custom error messages and conditions
https://github.com/hashicorp/terraform/releases/tag/v1.2.0-alpha-20220328
[00:11:12] GitHub explains outage string in incidents update
https://www.theregister.com/2022/03/24/github_outage_details/
[00:12:38] AWS Close Account API Endpoint (no terraform support yet)
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html
https://github.com/hashicorp/terraform-provider-aws/issues/23930
[00:15:09] Google Cloud Alters the “Deal”; prices go up
https://www.lastweekinaws.com/blog/google-cloud-alters-the-deal/
[00:18:03] Amazon RDS now supports Internet Protocol Version 6 (IPv6) on RDS Service APIs
https://aws.amazon.com/about-aws/whats-new/2022/03/amazon-rds-internet-protocol-version-6-ipv6-rds-service-apis/
[00:18:58] Amazon EC2 Auto Scaling instance lifecycle states are now available via the Instance Metadata Service
https://aws.amazon.com/about-aws/whats-new/2022/03/amazon-ec2-auto-scaling-lifecycle-instance-metadata/
[00:19:53] AWS Lambda now allows customers to configure up to 10 GB of ephemeral storage for Lambda functions
https://aws.amazon.com/about-aws/whats-new/2022/03/aws-lambda-configure-ephemeral-storage/
[00:22:04] AWS Proton support for Terraform Open Source is now Generally Available
https://aws.amazon.com/about-aws/whats-new/2022/03/aws-proton-terraform-open-source/
[00:24:33] Do you know of any services or people who provide career mentoring for DevOps people?
[00:34:14] What do you do when you need something that hasn't been implemented in provider terraform-provider-aws yet?
[00:40:29] Spring4Shell
[00:42:41] What do you give developers playground environments?
[00:52:14] Tracking main on Terraform when you have all environments in one repo
[01:02:43] Outro