Public “Office Hours” (2022-01-05)

Erik OstermanOffice Hours

2 min read

Here's the recording from our DevOps “Office Hours” session on 2022-01-05.

We hold public “Office Hours” every Wednesday at 11:30am PST to answer questions on all things DevOps/Terraform/Kubernetes/CICD related.

These “lunch & learn” style sessions are totally free and really just an opportunity to talk shop, ask questions and get answers.

Register here: cloudposse.com/office-hours

Basically, these sessions are an opportunity to get a free weekly consultation with Cloud Posse where you can literally “ask me anything” (AMA). Since we're all engineers, this also helps us better understand the challenges our users have so we can better focus on solving the real problems you have and address the problems/gaps in our tools.


[00:00:00​] Intro
[00:01:17​] Cert-manager now supports Private CA ACM (no public ACM yet)
https://aws.amazon.com/about-aws/whats-new/2022/01/acm-kubernetes-cert-manager-plugin-production/
https://github.com/aws/containers-roadmap/issues/904
[00:04:32​] Huge PR for Maintenance on Beanstalk Module
https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment/pull/203
[00:05:25​] SQL Migrations with Terraform (via Oliver)
https://registry.terraform.io/providers/paultyng/sql/latest/docs/resources/migrate
[00:09:21] Checkout our #jobs Channel for new postings
[00:10:02​] Ready to do things the Cloud Posse way? Take our quiz.
https://cloudposse.com/quiz
[00:11:41​] Is updating a securitygroup with lambda really the only way to protect endpoints behind Cloudfront from other traffic?
[00:16:35​] Any insights on provisioning cdns that are optimized to minimize http 2 response delays?
[00:30:30​] CloudTrail lake announced https://aws.amazon.com/blogs/mt/announcing-aws-cloudtrail-lake-a-managed-audit-and-security-lake/
[00:31:55​] Anyone working with VPC IPAM?
[00:36:30​] Do you have any suggestions to prevent creation of resources without cost allocation tags?
[00:39:00​] High CVE in containerd
https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c
https://nvd.nist.gov/vuln/detail/CVE-2021-43816
[00:42:18​] Why would we move from ECS on EC2 to Kubernetes?
[00:53:19​] Outro
About the Author
CEO & Founder / Cloud Posse, LLC

Erik Osterman is a technical evangelist and insanely passionate DevOps guru with over 12 years of hands-on experience architecting systems for AWS. After leading major cloud initiatives at CBS Interactive as the Director of Cloud Architecture, he founded Cloud Posse, a DevOps Accelerator that helps high-growth Startups and Fortune 500 Companies succeed in the cloud by leveraging Terraform and Kubernetes.