Public “Office Hours” (2021-06-23)

Erik OstermanOffice Hours

2 min read

Here's the recording from our DevOps “Office Hours” session on 2021-06-23.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.

[00:00:00​] Intro
[00:01:47] Vendir: Feature Ignore Paths Merged. Now waiting on release.
https://github.com/vmware-tanzu/carvel-vendir/pull/64
[00:49:13​] (Continued) Vendir: Feature Ignore Paths Merged. Now waiting on release.
[00:02:49​] New Terraform Module: AWS Global Accelerator
https://github.com/cloudposse/terraform-aws-global-accelerator
[00:04:01​] AWS Macie and AWS Firewall Manager forthcoming.
https://github.com/cloudposse/terraform-aws-macie/pull/1
https://github.com/cloudposse/terraform-aws-firewall-manager
[00:04:54] HashiCorp Google Workspace Provider announced
https://www.hashicorp.com/blog/announcing-the-google-workspace-provider-for-hashicorp-terraform-tech-preview
[00:05:39] AWS CloudFormation Public Registry
https://aws.amazon.com/about-aws/whats-new/2021/06/announcing-a-new-public-registry-for-aws-cloudformation/
[00:07:13​] Drift Detection Support Added to Spacelift
https://github.com/cloudposse/terraform-spacelift-cloud-infrastructure-automation/pull/44
[00:11:35​] Cloudflare Waiting Rooms
https://blog.cloudflare.com/building-waiting-room-on-workers-and-durable-objects/
[00:12:38​] Steampipe – SQL-esque queries for your cloud infrastructure
https://steampipe.io/
[00:14:50] Running Terraform with no internet access (terraform-bundle)
https://github.com/hashicorp/terraform/tree/main/tools/terraform-bundle
[00:20:32] Policy enforcement based on git-diff?
[00:27:27​] How do you write a trust policy for an IAM role to allow/disallow AWS SSO roles from another account to assume the role, given that AWS SSO generates non-deterministic IAM role names that change over time?
[00:43:48] (Continued) How do you write a trust policy for an IAM role to allow/disallow AWS SSO roles from another account to assume the role, given that AWS SSO generates non-deterministic IAM role names that change over time?
[00:31:48] Amazon EC2 now allows you to create crash-consistent AMIs and EBS Backups
https://aws.amazon.com/about-aws/whats-new/2021/06/aws-backup-supports-crash-consistent-backup-amazon-ebs-volumes-attached-to-amazon-ec2-instance/
[00:33:06​] Any nice Azure reference architectures out there?
[00:36:10] How to share Terraform Generated SSH Keypair?
[00:38:20​] How to serve static HTML page from S3 through an ALB
[00:52:00​] Cloud9 environments for limited budget teams
[00:56:35​] Outro
About the Author
CEO & Founder / Cloud Posse, LLC

Erik Osterman is a technical evangelist and insanely passionate DevOps guru with over 12 years of hands-on experience architecting systems for AWS. After leading major cloud initiatives at CBS Interactive as the Director of Cloud Architecture, he founded Cloud Posse, a DevOps Accelerator that helps high-growth Startups and Fortune 500 Companies succeed in the cloud by leveraging Terraform and Kubernetes.