#office-hours (2019-05)

Meeting password: sweetops

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cpco.io/slack-office-hours

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cpco.io/slack-office-hours

Meeting password: sweetops

2019-05-29

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

i’m dropping off since no one joined today.

Alex Siegman avatar
Alex Siegman

Sorry, was really busy today~

2019-05-22

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Tega McKinney avatar
Tega McKinney
06:35:13 PM

@Tega McKinney has joined the channel

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Tega McKinney brought up a good point that we need to document how to get the outputs for the users created in the reference-architectures

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

maybe we should use nohup or tee to keep a log of everything that happens

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

in @Tega McKinney’s case he logged out of his terminal window and lost the history

Tega McKinney avatar
Tega McKinney

@Erik Osterman (Cloud Posse) first time ever joining office hours for a project…thanks for the suggestions and discussions around what you all are building. Enjoyed the convo.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Thanks @Tega McKinney! Really love doing these office hours too. I always learn something from them. Will share the link in a little bit.

2019-05-16

AgustínGonzalezNicolini avatar
AgustínGonzalezNicolini

15 or 30 min?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Let’s block off 30

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We can use less

Josh Larsen avatar
Josh Larsen

@Erik Osterman (Cloud Posse) at office hours yesterday you mentioned the root-dns modules that reads state from another aws account using a role that has permissions to do so. i’m trying to set that role up and give it just enough permissions to read the terraform state from s3, but keep getting Access Denied. can you show me the correct permissions for this role? here is the policy i have for it so far that isn’t working:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::mynamespace-sandbox-terraform-state"
        },
        {
            "Sid": "",
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::mynamespace-sandbox-terraform-state/tfstate-backend/terraform.tfstate"
        },
        {
            "Sid": "",
            "Effect": "Allow",
            "Action": "dynamodb:*",
            "Resource": "arn:aws:dynamodb:us-east-1:myaccountnum:table/bw-sandbox-terraform-state-lock"
        }
    ]
}
Josh Larsen avatar
Josh Larsen

i’m wondering if maybe it has something to do with KMS permissions… but that seems very complex to allow because it has to be allowed from both the role AND the kms side i believe.

Josh Larsen avatar
Josh Larsen

i solved this issue btw Erik… i just added s3:* to the tstatebucket with /* wildcard. that’s good enough for now.

2019-05-15

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/terraform-root-modules

Example Terraform service catalog of “root module” blueprints for provisioning reference architectures - cloudposse/terraform-root-modules

AgustínGonzalezNicolini avatar
AgustínGonzalezNicolini

Let me know whenever you can show us teleport in action!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@AgustínGonzalezNicolini @Josh Larsen if you want a demo of Teleport/Keycloak please find a time here:

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Keycloak

Keycloak is an open source identity and access management solution

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Modern Privileged Access Management | Teleport | Gravitational

Make it easy for users to securely access infrastructure and meet the toughest compliance requirements.

2019-05-13

2019-05-09

Jan avatar

What day is it normally

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

every wednesday at 11:30 am

2019-05-08

pecigonzalo avatar
pecigonzalo
01:17:33 PM

@pecigonzalo has joined the channel

cabrinha avatar
cabrinha
06:38:12 PM

@cabrinha has joined the channel

cabrinha avatar
cabrinha

yeah, looking at different SDLCs for Infrastructure as Code: https://docs.gitlab.com/ee/workflow/gitlab_flow.html

Introduction to GitLab Flow | GitLab

Documentation for GitLab Community Edition, GitLab Enterprise Edition, Omnibus GitLab, and GitLab Runner.

AgustínGonzalezNicolini avatar
AgustínGonzalezNicolini
06:38:23 PM

@AgustínGonzalezNicolini has joined the channel

AgustínGonzalezNicolini avatar
AgustínGonzalezNicolini
data "aws_iam_policy_document" "collection_manager_trigger_service_policy_document" {
  statement = {
    actions = [
      "${module.sns.publish_action}"
    ],
    resources = [
      "${data.aws_sns_topic.collection_topic.arn}",
      "${data.aws_sns_topic.debin_topic.arn}"
    ]
  }

`

1
AgustínGonzalezNicolini avatar
AgustínGonzalezNicolini
output "publish_action" {
  value = "sns:Publish"
}
pete avatar
pete
06:50:39 PM

@pete has joined the channel

pete avatar

Nothing atm.

AgustínGonzalezNicolini avatar
AgustínGonzalezNicolini

suggestion pull various actions together and use submodules

pete avatar

But thanks for asking!

cabrinha avatar
cabrinha

I’d love a blog / writeup on these layers … I think it’s a great way to organize the foundation for all these other architectural conversations

cabrinha avatar
cabrinha

going to take off but this has been really insightful. hope these can be recorded in the future!

pete avatar

If the host edits the recording perms for the meeting, we could all record from the zoom client. thumbsup_all

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

thats a good point

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@cabrinha I want to record them as well.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I have cloud recording available. We tried it one time, but for certain community members, they didn’t like that since they didn’t feel like they could talk candidly.

Alex Siegman avatar
Alex Siegman

I’m not sure there’s an expectation of privacy in such an open venue though, or more appropriately that their should be such an expectation

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I suggest for next wee we’ll have two parts: start with demo and recording, q&a. then we can always have a second part that is “off the record” where we disable recordings.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yes, all in all, my hope is this is more open/transparent than a cloak and dagger community

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

thanks everyone for joining today! that was awesome. that was our largest turnout to date

1
thumbsup_all2
    keyboard_arrow_up