#office-hours (2021-03)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2021-03-01
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Would be great to chat about rolling out GuardDuty using Cloud Posse tooling — I see ya’ll have some administration covered by turf and some covered by the terraform-aws-guardduty module so I’d like hear about how those two work together and what the proper Cloud Posse suggested approach is there.
CLI Tool to help with various automation tasks (mostly all that stuff we cannot accomplish with native terraform) - cloudposse/turf
Terraform module to provision AWS Guard Duty. Contribute to cloudposse/terraform-aws-guardduty development by creating an account on GitHub.
2021-03-03
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here office hours is starting in 30 minutes! Remember to post your questions here.
![Bart Coddens avatar](https://secure.gravatar.com/avatar/2172a7ffce39295e04ea825a5bc9b0b6.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
@Erik Osterman (Cloud Posse) How do you manage the s3state backend configuration when you have a project that uses multiple modules. I know you can use: https://github.com/cloudposse/terraform-aws-tfstate-backend for the general s3state bucket but how do you manage the seperate s3backen.tf files per submodule ? You cannot use variables in these files
Terraform module that provision an S3 bucket to store the terraform.tfstate
file and a DynamoDB table to lock the state file to prevent concurrent modifications and state corruption. - cloudposse…
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
Hashicorp Kubernetes Provider - is it ready for prime-time yet? Targeting mainstream cloud platforms and managed k8s, is anyone inclined to share their best practices (e.g. multiple states “Infra” vs “Service deployments”, integration into CICD, etc)?
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
Would like to get community feedback on this opinionated statement:
“Features are not considered done until our customers are getting value out of them”
Do you agree? Disagree? Not really care? I’m having a hard time finding something even vaguely resembling definitive either way when looking through Agile, DevOps, best practices, Medium articles, etc. There seem to be quite a few opinions out there.
![Andy Miguel avatar](https://avatars.slack-edge.com/2021-01-31/1681606086343_27574601efa96f8283e4_72.png)
@roth.andy i’d say I disagree..
-
What do we mean by value? How is value defined and measured? We would need to agree on clear and fair parameters for “value” that’s applicable across every type of story/task. E.g. “it’s not done until it’s in production” isn’t always relevant to every task. If we’re saying something is not done until it’s been validated and handed off, that can be fair.. you can build objective criteria around that. if you ship something and the customer has gripes but agrees the core of the thing is there, then those gripes can become backlog items, If you ship something and it’s way off from what was asked, then I would look at item 3 on this list. If you ship something, they accept the work but then never use it, that’s not the responsibility of the engineering team so they shouldn’t get penalized by having a never ending task/story/epic affecting their metrics.
-
Done from whose perspective? The customer likely has no stake in the game whether something is ever considered done or not, but the engineering team needs this definable because they need to measure their output, they need to know the state of things, report on KPIs like time to resolve, and so on.
-
How is the feature conceptualized in the first place? Is the feature’s representation in the tool (e.g. Jira) specific enough where it’s reasonable to agree on a definition of done?
Our general process at cloud posse is tasks are moved to done, then on status calls with customers we move them to an accepted status as they provide thumbs up. This is also after they’ve reviewed (or have been given plenty of time to review) the associated PRs and such.
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
If we’re saying something is not done until it’s been validated and handed off
Handed off smells to me like a dev team throwing the feature over the wall to the ops team (which is my exact problem right now). In a DevOps mindset it doesn’t feel valid to me to call something done the minute I make it someone else’s problem.
Our general process at cloud posse is tasks are moved to done, then on status calls with customers we move them to an accepted status as they provide thumbs up
Are they giving a thumbs up based on looking at their production environment? Or the pre-prod/testing environment?
![Andy Miguel avatar](https://avatars.slack-edge.com/2021-01-31/1681606086343_27574601efa96f8283e4_72.png)
Handed off smells to me like a dev team throwing the feature over the wall to the ops team (which is my exact problem right now). In a DevOps mindset it doesn’t feel valid to me to call something done the minute I make it someone else’s problem.
that could happen for sure. the DevOps mindset is harder to achieve if the org structure isn’t aligned to fostering it. I don’t know your org obviously but the minute you start talking about different teams, that’s a hurdle to getting that sense of shared ownership and investment you want your devs to have. I would definitely be interested to ask more questions/dig into this deeper next week if you’re on office hours
![Andy Miguel avatar](https://avatars.slack-edge.com/2021-01-31/1681606086343_27574601efa96f8283e4_72.png)
Are they giving a thumbs up based on looking at their production environment? Or the pre-prod/testing environment?
the tasks can be environment specific so it depends
![Andy Miguel avatar](https://avatars.slack-edge.com/2021-01-31/1681606086343_27574601efa96f8283e4_72.png)
obviously the smaller the scope the easier your work moves through your board
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
wow, this might be a marathon session today! lots of great questions. we’ll try to get to as many of them as possible.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Evan Pitstick has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Patrick Jahns has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Eric Berg has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
David Lozano has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adam Crown has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andy Roth has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Raymond Mazurik has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andy Miguel (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jacob Evans has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Thompson has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vlad Ionescu has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
mb Branski has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
ASIS SETHI has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jim G has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
James Haughey has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jeff Dyke has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Matt Gowie has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Matt Calhoun has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Tim Gourley has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mohammed Yahya has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
15138278650 has joined Public “Office Hours”
![mvensky avatar](https://secure.gravatar.com/avatar/0f60fdaa6dd227c4b68fdc11ef020143.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
During the last 5 or so minutes of 3-Feb Eric mentioned that Cloudposse views things from 4 layers; infrastructure, shared services, application and…….. I missed the 4th; Anyone know what that might be?
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
![mikesew avatar](https://secure.gravatar.com/avatar/735f27b55681e06ef0dcbc0ab146cd49.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0006-72.png)
I’m just curious whether anybody else treats the database layer as separate. I know many folks keep databases under the ‘application’ layer, but I find that app-layers (load balancers, container clusters) move at a difference cadence than databases (rds, the SQL within).
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Bart Coddens has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Oskar Maria Grande has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Kareem Shahin has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Luis Masaya has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jonas Steinberg has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
test has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Londeen has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
PePe Amengual has joined Public “Office Hours”
![Andy Miguel avatar](https://avatars.slack-edge.com/2021-01-31/1681606086343_27574601efa96f8283e4_72.png)
links from today’s announcements: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/data-protection.html#encryption-transit https://www.uptycs.com/blog/harnessing-the-aws-nitro-architecture-to-encrypt-inter-node-traffic-in-kubernetes https://terraform-docs.io/ https://github.com/hashicorp/terraform/releases https://github.com/sponsors/cloudposse https://www.youtube.com/c/cloudposse
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
Install an Istio mesh across multiple Kubernetes clusters.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Patrick Joyce has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Brandon vh has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mazin Ahmed has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Oskar Maria Grande has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Zachary Loeber has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Brian Tai has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Imran Hussain has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Colton Wrisner has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jonas Steinberg has joined Public “Office Hours”
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
https://www.artima.com/weblogs/viewpost.jsp?thread=204677
Testivus on Test Coverage
![Jonas Steinberg avatar](https://avatars.slack-edge.com/2021-03-03/1824689926756_a1b82d7b3ccd202e0a10_72.png)
Regarding Geodesic: would you ever consider adding zsh+oh-my-zsh+powerlevel10k? I get having a container to spread around that has a bunch of tools in it but the shell itself lacks numerous convenient features of the shell combo above like sugary history lookup, command completion for kubectl, directional search through files directories, etc.. I’ve spent some time shaping this on Alpine using the geodesic image and it is somewhat a pain because alpine is not meant for such a terminal environment (natively). Nothing wrong with using alpine containers and in fact the powerlevel10k dev uses alpine to demo his stuff; but getting oh-my-zsh working on it including its plugins seems difficult via geodesic.
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
exceedingly underwhelming and nothing what a serious terminal environment would actually look like
I disagree with this statement. So does Google.
https://google.github.io/styleguide/shellguide.html#which-shell-to-use
Restricting all executable shell scripts to bash gives us a consistent shell language that’s installed on all our machines.
Style guides for Google-originated open-source projects
![Jonas Steinberg avatar](https://avatars.slack-edge.com/2021-03-03/1824689926756_a1b82d7b3ccd202e0a10_72.png)
@roth.andy see my edit. I specify several things which are missing from the shell that I think would make it much more convenient to use.
![Jonas Steinberg avatar](https://avatars.slack-edge.com/2021-03-03/1824689926756_a1b82d7b3ccd202e0a10_72.png)
@roth.andy Additionally: you don’t see the logic of what I was pointing out? (That’s a question). What I’m saying is what’s the point of having a shell you want everyone to use if the shell itself is not that sugary?
So that’s the main concern I have. And if you disagree with that then I’d like to understand why.
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
I’m not a maintainer of Geodesic, so I can’t speak definitively on it, but I’d imagine that compatibility is more important than convenience to them.
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
Bash is universal. zsh is one of many options that are all considered alternatives to bash
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
If they add zsh, should they add ksh when someone who likes ksh better comes along and wants it?
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
The beauty of Docker containers is you can use Geodesic as the base container in a dockerfile and do whatever you want with it
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Yea, the interactive shell, is just one piece of it. We use it as the base image for things like Atlantis, or steps in a pipeline that call helmfile
, or helm
, or kubectl
.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I’ll be honest, have serious FOMO/shell-envy of zsh/fish/etc and the power features of those. Just it’s not yet been a priority. I wouldn’t rule it out entirely, but @roth.andy is correct that bash is the most widely adopted shell. Tides are turning towards zsh
, but I want to make sure don’t make a rash decision. Also, the terminal UI/UX has become a thing these days. Very hard to make it appealing for a wide audience (the audience that cares what the prompt looks like). I know inside our company, there’s a lot of different opinions on colors, characters/utf8, etc. No one can agree.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Imran Hussain has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Thompson has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Robert Jackson has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Sew has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Sew has joined Public “Office Hours”
![Mohammed Yahya avatar](https://avatars.slack-edge.com/2020-12-17/1590276740676_9fdeb6c9ef89d13e6414_72.png)
@Erik Osterman (Cloud Posse) ^^
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Sadly… last commit to that alpha provider was at the beginning of December. I really hope that gets more steam — I could use that today (if it was reliable).
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
2021-03-04
2021-03-05
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
2021-03-10
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here office hours is starting in 30 minutes! Remember to post your questions here.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Luis Masaya has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Nicolás de la Torre has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Evan Pitstick has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vicken Simonian has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Patrick Joyce has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andy Miguel (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andy Roth has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vlad Ionescu has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Imran Hussain has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Naiman Daniels has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
venkatamutyala has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
James Thalacker has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Joaquin Menchaca has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Sam C has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Rahul has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Anton Babenko has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Thompson has joined Public “Office Hours”
![Andy Miguel avatar](https://avatars.slack-edge.com/2021-01-31/1681606086343_27574601efa96f8283e4_72.png)
links from today’s announcements: https://github.com/cloudposse/terraform-aws-rds-db-proxy https://github.com/cloudposse/terraform-aws-code-deploy/ https://github.com/cloudposse/terraform-aws-ec2-bastion-server https://github.com/cloudposse/terraform-aws-cloudtrail-cloudwatch-alarms https://docs.cloudposse.com/tutorials/geodesic-getting-started/ https://github.com/hashicorp/terraform/releases https://github.com/hashicorp/terraform/releases/tag/v0.14.8 https://cloudposse.com/jobs https://github.com/sponsors/cloudposse https://www.youtube.com/c/cloudposse
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Colton Wrisner has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
PePe Amengual has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Cliff Williams has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mohammed Yahya has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Pavel Z has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Matt Calhoun has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Tim Gourley has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mahmoud Dolah has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mohammed Yahya has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
15138278650 has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mahmoud Dolah has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Brandon vh has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mahmoud Dolah has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Neil Gealy has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mahmoud Dolah has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mahmoud Dolah has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mahmoud Dolah has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Kareem Shahin has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vicken Simonian has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I recently learned who “The Three Amigos” are, even though I always practiced the mindset. This post explains how to bring ‘em into BDD.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Ola Ade has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Cliff Williams has joined Public “Office Hours”
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
2021-03-11
2021-03-12
2021-03-16
![managedkaos avatar](https://secure.gravatar.com/avatar/f7d88a7a95990c984ab107b491b51b3f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
Can we please discuss this during office hours this week? I’ve been waiting on this functionality for a while and I’m kicking the tires on it today. I’m trying it on an existing cluster and having some configuration issues. Might try the walkthrough the article gives just to see this working.
Sad part is they implemented this on the v1 AWS CLI instead of the v2 CLI which i already have installed. Why AWS? WHY!? Anyway, I’m able to run the v1 CLI in a virtualenv so that works.
Looking forward to hearing about the experience folks are having with this! https://aws.amazon.com/blogs/containers/new-using-amazon-ecs-exec-access-your-containers-fargate-ec2/
![attachment image](https://d2908q01vomqb2.cloudfront.net/fe2ef495a1152561572949784c16bf23abb28057/2021/03/12/image-2021-03-12T040602.361-1260x432.png)
Today, we are announcing the ability for all Amazon ECS users including developers and operators to “exec” into a container running inside a task deployed on either Amazon EC2 or AWS Fargate. This new functionality, dubbed ECS Exec, allows users to either run an interactive shell or a single command against a container. This was one of […]
2021-03-17
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here office hours is starting in 30 minutes! Remember to post your questions here.
![Bart Coddens avatar](https://secure.gravatar.com/avatar/2172a7ffce39295e04ea825a5bc9b0b6.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
Another question for the office hour today: how do you manage iam user login profiles (console passwords) with a team. The keybase key cannot and should not be shared among members in the team. What do you do if the original creator of the login profile leaves the company and the keybase key is deleted ? Do you taint the resource and recreate it ?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Terraform module to configure AWS Single Sign-On (SSO) - cloudposse/terraform-aws-sso
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I’m light on prepared questions today
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Oliver Schoenborn has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Martin has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Eric Berg has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Cliff Williams has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Jenkins has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Brandon vh has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
PePe Amengual has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andy Miguel (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mohammed Yahya has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
sri has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Tim Gourley has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Holt has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Matt Gowie has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
mb Branski has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Hao Wang has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
15138278650 has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Matt Calhoun has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Nathaniel Selzer has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
uwaila adams has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mauricio Hernandez has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vlad Ionescu has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Neil Gealy has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vicken Simonian has joined Public “Office Hours”
![Andy Miguel avatar](https://avatars.slack-edge.com/2021-01-31/1681606086343_27574601efa96f8283e4_72.png)
links from today’s announcements: https://goteleport.com/blog/introducing-database-access/ https://aws.amazon.com/blogs/containers/new-using-amazon-ecs-exec-access-your-containers-fargate-ec2/ https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html https://github.com/hashicorp/terraform/releases/tag/v0.15.0-beta2 https://cloudposse.com/jobs https://github.com/sponsors/cloudposse https://www.youtube.com/c/cloudposse
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
David Lozano has joined Public “Office Hours”
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Easily run one-off tasks against a ECS Task Definition - masterpointio/ecsrun
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Obi Anyaoku has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Luis Masaya has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mazin Ahmed has joined Public “Office Hours”
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Makefile example for Michael:
decrypt-user-password:
@if [[ "$(USER)" == "" ]]; then \
echo "Please set USER to first_name.last_name prior to running 'make decrypt-user-password'" && exit 1; \
fi;
@PGP_KEY_JSON=$$(aws secretsmanager get-secret-value --secret-id terraform_iam_users_pgp_key | jq -r ".SecretString"); \
export GPG_TTY=$(tty); \
echo $$PGP_KEY_JSON | jq -r ".terraform_users_pgp_private_key" | gpg --import; \
export PGP_PASSPHRASE=$$(echo $$PGP_KEY_JSON | jq -r ".terraform_users_pgp_passphrase"); \
cd ./components/iam_infra; \
export ENCRYPTED_PASSWORD=$$(terraform output --json | jq -r '.user_encrypted_passwords.value | .["$(USER)"]'); \
export RAW_PASSWORD=$$(echo $$ENCRYPTED_PASSWORD | base64 --decode | gpg --decrypt --batch --passphrase $$PGP_PASSPHRASE); \
printf "\nPrivate message $(USER) in Slack with the following:\n\n"; \
echo "Hey, you got a fancy new AWS Login :cool-doge: Check out the info and guide below to get everything setup:"; \
echo ""; \
echo "AWS Account Setup Guide: REDACTED"; \
echo "Console Login URL: REDACTED"; \
echo "username: $(USER)"; \
echo "password: $$RAW_PASSWORD";
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
@Mike Martin
![Mike Martin avatar](https://avatars.slack-edge.com/2020-02-05/940755534935_2259c2aed6bcbc52e117_72.jpg)
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Antoine TAILLEFER has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Hao Wang has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
PePe Amengual has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Thompson has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mike Martin has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Patrick Joyce has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
ASIS SETHI has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Joaquin Menchaca has joined Public “Office Hours”
![David Lozano avatar](https://avatars.slack-edge.com/2020-10-28/1453157962374_67b9b13d23898f6d2fda_72.png)
would you pick teleport over strongdm now the teleport supports mysql and postgres?
![managedkaos avatar](https://secure.gravatar.com/avatar/f7d88a7a95990c984ab107b491b51b3f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
from AWS API Gateway:
When private DNS is enabled, you’re able to access your API via private or public DNS. (This setting doesn’t affect who can access your API, only which DNS addresses they can use.) However, you cannot access public APIs from a VPC by using an API Gateway VPC endpoint with private DNS enabled. Note that these DNS settings don’t affect the ability to call these public APIs from the VPC if you’re using an edge-optimized custom domain name to access the public API. Using an edge-optimized custom domain name to access your public API (while using private DNS to access your private API) is one way to access both public and private APIs from a VPC where the endpoint has been created with private DNS enabled.
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
this is key statement :
However, you cannot access public APIs from a VPC by using an API Gateway VPC endpoint with private DNS enabled
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
sorry that I interrupted you in the call
![managedkaos avatar](https://secure.gravatar.com/avatar/f7d88a7a95990c984ab107b491b51b3f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
no worries!
but what about this part?
Using an edge-optimized custom domain name to access your public API (while using private DNS to access your private API) is one way to access both public and private APIs from a VPC where the endpoint has been created with private DNS enabled.
![managedkaos avatar](https://secure.gravatar.com/avatar/f7d88a7a95990c984ab107b491b51b3f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
private DNS should work in this case?
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
is you api endpoint, public or private?
![managedkaos avatar](https://secure.gravatar.com/avatar/f7d88a7a95990c984ab107b491b51b3f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
when i hopefully get it working, the endpoint would be private
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
if the endpoint is private AFAIK you are forced to use the huge long name of the vpc endpoint
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
I think the problem is that they somehow check the host header so if it does not match then it fails
![managedkaos avatar](https://secure.gravatar.com/avatar/f7d88a7a95990c984ab107b491b51b3f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
got it
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
In my case I was using a private endpoint with and API policy to check which VPC the request was coming from
![managedkaos avatar](https://secure.gravatar.com/avatar/f7d88a7a95990c984ab107b491b51b3f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
yeah a vanity URL would be nice for this project so i keep pressing that way. if we have to use the machine named URL so be it
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
and that combination did not work even when I used a cname to point to the vpc endpoint
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
you could try to setup the private endpoint nd then cname a dns and see if it works
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
I think it might work if you do not have custom policies
![managedkaos avatar](https://secure.gravatar.com/avatar/f7d88a7a95990c984ab107b491b51b3f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
ok. i will just try to get it working and then will hack on any improvements. something is better than nothing at this point
![managedkaos avatar](https://secure.gravatar.com/avatar/f7d88a7a95990c984ab107b491b51b3f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
i’ll circle back with the final implementation
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
awesome
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Antoine TAILLEFER has joined Public “Office Hours”
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
2021-03-24
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Reposting my question from a few weeks back in #kubernetes as I’m striking out on this one. We don’t need to talk about this in depth at all, but if anybody is managing a larger TCP service in production then I’d like to chat with you!
https://sweetops.slack.com/archives/CBW699XE0/p1614790261014800
Not exactly a Kubernetes question, but figured folks in this channel would know what I’m talking about exists — Does anyone know if there is a Network / TCP proxy tool out there that will do a manage-and-forward pattern (my own made up term for describing this) for long lived TCP connections?
I have a client running on K8s and one of their primary microservices holds long lived TCP socket connections with many thousands of clients through an AWS NLB. The problem is that whenever we do a deployment and update those pods the TCP connections require a re-connection which results in problems on the client side. So to provide an better experience for the clients we’re looking at what we can do to have those TCP connections always stay alive. My first thought is for a proxy layer that manages the socket connections with the client and then forwards socket connections to the actual service pods. That way even if the pods are swapped out behind the scenes, the original socket connection is still up and has no adverse affects on the clients.
![Zachary Loeber avatar](https://avatars.slack-edge.com/2020-05-13/1115475485942_e68ae4d6556df390de70_72.jpg)
https://github.com/yannh/kubeconform <– cool little tool for validating kube manifests in pipelines worth a quick once over
A FAST Kubernetes manifests validator, with support for Custom Resources! - yannh/kubeconform
![David Lozano avatar](https://avatars.slack-edge.com/2020-10-28/1453157962374_67b9b13d23898f6d2fda_72.png)
Hi everyone, would like to hear what are the key points you consider when deciding to deploy your workloads on ECS EC2 or ECS Fargate. What would make you to pick Fargate even though it’s more expensive when running the tasks 24/7. Is the simplicity of scaling out/in the only factor influencing this decision?
![Darren Cunningham avatar](https://secure.gravatar.com/avatar/d0ea359c3ff6b8093ae53e57fbbe2570.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
not having to care about AMI/OS patching
(scanning the container image is still necessary, but that’s true either way)
![this](/assets/images/custom_emojis/this.png)
![Darren Cunningham avatar](https://secure.gravatar.com/avatar/d0ea359c3ff6b8093ae53e57fbbe2570.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
IMO that pays for itself in regards to the straight up difference when comparing EC2
also, now that Fargate has Spot Pricing the gap is being closed
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
![David Lozano avatar](https://avatars.slack-edge.com/2020-10-28/1453157962374_67b9b13d23898f6d2fda_72.png)
very valid points @Darren Cunningham
![Darren Cunningham avatar](https://secure.gravatar.com/avatar/d0ea359c3ff6b8093ae53e57fbbe2570.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
great job on the video @Vlad Ionescu (he/him) – really appreciate the callout about people costs and fully agree that a lot of teams overlook this and end up sinking hours in effort and opportunity loss in order to save on their monthly bill
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
Thank you!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here office hours is starting in 30 minutes! Remember to post your questions here.
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
Built-in Pod Security Policies vs OPA? OPA is more work, but way more flexible. How to choose between them?
![Or Azarzar avatar](https://avatars.slack-edge.com/2021-03-21/1882953126259_c878c6de33781c221069_72.jpg)
aren’t pod security policies deprecated?
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
Didn’t know that, thanks. That makes that decision easy
![Or Azarzar avatar](https://avatars.slack-edge.com/2021-03-21/1882953126259_c878c6de33781c221069_72.jpg)
yeah, we choose OPA with Gatekeeper.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![attachment image](https://blog.aquasec.com/hubfs/K8s%20Pod%20Security%20policy%20blog%20image.jpg#keepProtocol)
The Kubernetes Policy (PSP) will soon get deprecated, replaced with a Pod Security Standards (PSS). Learn how it affects your K8s security & why using an OPA-based admission controller is better.
![Bart Coddens avatar](https://secure.gravatar.com/avatar/2172a7ffce39295e04ea825a5bc9b0b6.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
thanks for the suggestion to go for amazon sso, how do you manage the users and passwords inside amazon sso ? Via terraform as well ?
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
tyler stilwagne has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
uwaila adams has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
David Lozano has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Zachary Loeber has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mahmoud Dolah has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Brian Stascavage has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Yuri Lima has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
mb Branski has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
James Thalacker has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Jenkins has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mike Martin has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Matt Gowie has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mohammed Yahya has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Matt Calhoun has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Kristopher Flint has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Sam C has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
O A has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andy Roth has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Hugo Oliveira has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Luis Masaya has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Tim Gourley has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
PePe Amengual has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Brian Tai has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
15138278650 has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jaime S has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vlad Ionescu has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Cliff Williams has joined Public “Office Hours”
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
If you want to learn more about Geodesic — we’ve got our first tutorial up on the docs site: https://docs.cloudposse.com/tutorials/geodesic-getting-started/
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Akshay Jain has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Brandon vh has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Sew has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andy Miguel (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vicken Simonian has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Naiman Daniels has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Holt has joined Public “Office Hours”
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
Automated Terraform code reviews for velocity: https://www.hashicorp.com/resources/terraform-code-reviews-supercharged-with-conftest
Learn how Doordash automated away some mundane code review tasks for infrastructure code.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
ASIS SETHI has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Colton Wrisner has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mike Martin has joined Public “Office Hours”
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
~I know https://pullreminders.com was a thing for PR reminders/analytics~
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Seems gone now
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
Oh god. I did not see the banner
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Patrick Joyce has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Antoine TAILLEFER has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Isa Aguilar has joined Public “Office Hours”
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
https://github.com/kubernetes/enhancements/issues/5#issuecomment-776043765:
For anyone following this ticket, PSPs will be deprecated in 1.21 with removal targeted for 1.25.
This is correct. We moved deprecation from 1.22 to 1.21 because we know that existing PSP API will not be losslessly backward compatible with a future replacement. PSP removal is staying at the previously planned 1.25.
Feature Description Define policy objects that limit what security-related features pods and containers can use Primary contact (assignee): @tallclair Responsible SIGs: @kubernetes/sig-auth-feature…
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
![attachment image](https://blog.aquasec.com/hubfs/K8s%20Pod%20Security%20policy%20blog%20image.jpg#keepProtocol)
The Kubernetes Policy (PSP) will soon get deprecated, replaced with a Pod Security Standards (PSS). Learn how it affects your K8s security & why using an OPA-based admission controller is better.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![attachment image](https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/03/18/Site-Merch_S3-Object-Lambda_Final_SocialMedia_1.png)
When you store data in Amazon Simple Storage Service (S3), you can easily share it for use by multiple applications. However, each application has its own requirements and may need a different view of the data. For example, a dataset created by an e-commerce application may include personally identifiable information (PII) that is not needed […]
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
Regarding the ECS AutoScaling + Capacity Providers question in chat: https://aws.amazon.com/blogs/containers/deep-dive-on-amazon-ecs-cluster-auto-scaling/ will answer the question! It goes super-in-depth on the topic, including how they talk to the ASG and why
![attachment image](https://d2908q01vomqb2.cloudfront.net/fe2ef495a1152561572949784c16bf23abb28057/2020/01/03/Figure11.png)
Introduction Up until recently, ensuring that the number of EC2 instances in your ECS cluster would scale as needed to accommodate your tasks and services could be challenging. ECS clusters could not always scale out when needed, and scaling in could impact availability unless handled carefully. Sometimes, customers would resort to custom tooling such as […]
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
2021-03-30
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
2021-03-31
![David Lozano avatar](https://avatars.slack-edge.com/2020-10-28/1453157962374_67b9b13d23898f6d2fda_72.png)
Hi everyone, would like to hear you opinion / experience using GitHub and GH actions vs AWS codeBuild, codePipeline and codeDeploy for CI/CD pipelines when source code is in Github and want to deploy to ECS.
![Marcin Brański avatar](https://secure.gravatar.com/avatar/7f3c56304d6e3adb7658889af56cd171.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0001-72.png)
Using AWS products for cicd is nightmare. You can do it though and they do work but if you can choose then look for other solutions first.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here office hours is starting in 30 minutes! Remember to post your questions here.
![Bart Coddens avatar](https://secure.gravatar.com/avatar/2172a7ffce39295e04ea825a5bc9b0b6.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
one question Erik, I will join the call as well. Howto migrate existing terraform configurations to a modular configuration, for example based on the cloudposse modules
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andy Miguel (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Bart Coddens has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
James Thalacker has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Martin has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Neil Gealy has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vlad Ionescu has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
David Lozano has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Yonatan Koren has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Sam C has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
mb Branski has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
ASIS SETHI has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Stan M has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andy Roth has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Matt Calhoun has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Luis Masaya has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrey Nazarov has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Jenkins has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
imran.hussain has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Kristopher Flint has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mohammed Yahya has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Soham Dutta has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
PePe Amengual has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Hugo Oliveira has joined Public “Office Hours”
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
Please share the link here)
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
all those “Public “Office Hours” are the links
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
It was about atmos docs, sorry for such a fuzzy request). Andy has already shared:)
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
ok
![Andy Miguel avatar](https://avatars.slack-edge.com/2021-01-31/1681606086343_27574601efa96f8283e4_72.png)
links from today’s announcements: https://docs.cloudposse.com/tutorials/atmos-getting-started/ https://github.com/cloudposse/terraform-cloudflare-zone https://github.com/cloudposse/terraform-cloudflare-waf-rulesets/ https://github.com/hashicorp/terraform/releases/tag/v0.15.0-rc1 https://github.com/sponsors/cloudposse
Contribute to cloudposse/terraform-cloudflare-zone development by creating an account on GitHub.
Contribute to cloudposse/terraform-cloudflare-waf-rulesets development by creating an account on GitHub.
0.15.0-rc1 (Unreleased) ENHANCEMENTS: backend/azurerm: Dependency Update and Fixes (#28181) BUG FIXES: core: Fix crash when referencing resources with sensitive fields that may be unknown (#2818…
Cloud Posse is a DevOps Accelerator that helps companies own their infrastructure in record time by building it with you and then showing you the ropes. Everything we do is 100% Open Source under A…
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Zachary Loeber has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
mb Branski has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Eric Berg has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Sony Francis has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Thompson has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Gilberto Junior has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Blaisep has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
rizky ramadhan has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Fernando Sanz has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
AWS for GitHub Actions has 13 repositories available. Follow their code on GitHub.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Run a AWS CodeBuild project as a step in a GitHub Actions workflow job. - aws-actions/aws-codebuild-run-build
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Phil Sautter has joined Public “Office Hours”
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
Example of logs in GitHub Checks, something that CirlceCI could do but doesn’t: https://github.com/brigadecore/brigade/pull/914/checks?check_run_id=130703731
closes #913 What this PR does / why we need it: This PR logs the error message when an error is thrown but not handled. One area I'd like to dig a bit deeper is around the different log levels,…
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mohammed Yahya has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Hao Wang has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Registers an Amazon ECS task definition and deploys it to an ECS service. - aws-actions/amazon-ecs-deploy-task-definition
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
uwaila adams has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jailson Silva has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Joaquin Menchaca has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Hao Wang avatar](https://secure.gravatar.com/avatar/aa01de6ab42f1576bbb56a203c660939.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
a quick question, is terraform import
similar to google’s terraformer
?
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
no. terraformer
actually generates terraform code, terraform import
just imports existing resources into terraform state
![Hao Wang avatar](https://secure.gravatar.com/avatar/aa01de6ab42f1576bbb56a203c660939.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
got it, hmm, interesting
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code - GoogleCloudPlatform/terraformer
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Londeen has joined Public “Office Hours”
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
In addition to terraformer if you are on GCP now you can do something like
gcloud alpha resource-config bulk-export --project my-project --resource-format=terraform
to export your resources in TF format
https://cloud.google.com/sdk/gcloud/reference/alpha/resource-config/bulk-export
![Hao Wang avatar](https://secure.gravatar.com/avatar/aa01de6ab42f1576bbb56a203c660939.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Hao Wang avatar](https://secure.gravatar.com/avatar/aa01de6ab42f1576bbb56a203c660939.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
clickops, it is an innovation lol
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Terraform module that provision an S3 bucket to store the terraform.tfstate
file and a DynamoDB table to lock the state file to prevent concurrent modifications and state corruption. - cloudposse…
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
What was the tool? Stitch?
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
Found. https://www.stitchdata.com/
All your data. Where you want it. In minutes. Stitch is a cloud-first, developer-focused platform for rapidly moving data. Hundreds of data teams rely on Stitch to securely and reliably move their data from SaaS tools and databases into their data warehouses and data lakes.
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)