#office-hours (2019-05)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2019-05-08
@pecigonzalo has joined the channel
@cabrinha has joined the channel
yeah, looking at different SDLCs for Infrastructure as Code: https://docs.gitlab.com/ee/workflow/gitlab_flow.html
@AgustínGonzalezNicolini has joined the channel
data "aws_iam_policy_document" "collection_manager_trigger_service_policy_document" {
statement = {
actions = [
"${module.sns.publish_action}"
],
resources = [
"${data.aws_sns_topic.collection_topic.arn}",
"${data.aws_sns_topic.debin_topic.arn}"
]
}
`
output "publish_action" {
value = "sns:Publish"
}
@pete has joined the channel
Nothing atm.
suggestion pull various actions together and use submodules
But thanks for asking!
I’d love a blog / writeup on these layers … I think it’s a great way to organize the foundation for all these other architectural conversations
going to take off but this has been really insightful. hope these can be recorded in the future!
If the host edits the recording perms for the meeting, we could all record from the zoom client. 
thats a good point
@cabrinha I want to record them as well.
I have cloud recording available. We tried it one time, but for certain community members, they didn’t like that since they didn’t feel like they could talk candidly.
I’m not sure there’s an expectation of privacy in such an open venue though, or more appropriately that their should be such an expectation
I suggest for next wee we’ll have two parts: start with demo and recording, q&a. then we can always have a second part that is “off the record” where we disable recordings.
yes, all in all, my hope is this is more open/transparent than a cloak and dagger community
thanks everyone for joining today! that was awesome. that was our largest turnout to date
22019-05-09
What day is it normally
every wednesday at 11:30 am
2019-05-13
2019-05-15
Let me know whenever you can show us teleport in action!
@AgustínGonzalezNicolini @Josh Larsen if you want a demo of Teleport/Keycloak please find a time here:
Here’s the recording of today’s office hours:
2019-05-16
15 or 30 min?
Let’s block off 30
We can use less
@Erik Osterman (Cloud Posse) at office hours yesterday you mentioned the root-dns modules that reads state from another aws account using a role that has permissions to do so. i’m trying to set that role up and give it just enough permissions to read the terraform state from s3, but keep getting Access Denied. can you show me the correct permissions for this role? here is the policy i have for it so far that isn’t working:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::mynamespace-sandbox-terraform-state"
},
{
"Sid": "",
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::mynamespace-sandbox-terraform-state/tfstate-backend/terraform.tfstate"
},
{
"Sid": "",
"Effect": "Allow",
"Action": "dynamodb:*",
"Resource": "arn:aws:dynamodb:us-east-1:myaccountnum:table/bw-sandbox-terraform-state-lock"
}
]
}
i’m wondering if maybe it has something to do with KMS permissions… but that seems very complex to allow because it has to be allowed from both the role AND the kms side i believe.
i solved this issue btw Erik… i just added s3:* to the tstatebucket with /* wildcard. that’s good enough for now.
2019-05-22
@Tega McKinney has joined the channel
@Tega McKinney brought up a good point that we need to document how to get the outputs for the users created in the reference-architectures
maybe we should use nohup or tee to keep a log of everything that happens
in @Tega McKinney’s case he logged out of his terminal window and lost the history
@Erik Osterman (Cloud Posse) first time ever joining office hours for a project…thanks for the suggestions and discussions around what you all are building. Enjoyed the convo.
Thanks @Tega McKinney! Really love doing these office hours too. I always learn something from them. Will share the link in a little bit.
2019-05-29
i’m dropping off since no one joined today.
Sorry, was really busy today~