#office-hours (2023-03)

“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!

https://cpco.io/slack-office-hours

Meeting password: sweetops

2023-03-01

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
07:00:48 PM

@here office hours is starting in 30 minutes! Remember to post your questions here.

Zoom avatar
Zoom
07:29:16 PM

Linda Pham (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
07:29:30 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
07:29:31 PM

Guilherme Borges has joined Public “Office Hours”

Zoom avatar
Zoom
07:29:32 PM

Andy Roth has joined Public “Office Hours”

Zoom avatar
Zoom
07:29:36 PM

Andrew Vitko has joined Public “Office Hours”

Zoom avatar
Zoom
07:29:43 PM

Nenna Salinas has joined Public “Office Hours”

Zoom avatar
Zoom
07:29:47 PM

tyler has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:14 PM

Michael Jenkins has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:15 PM

Allan Mohr has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:44 PM

Joe Caulfield has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:59 PM

Joe Perez has joined Public “Office Hours”

Zoom avatar
Zoom
07:31:13 PM
Zoom avatar
Zoom
07:31:19 PM

Charles Smith has joined Public “Office Hours”

Zoom avatar
Zoom
07:31:22 PM

Matt Calhoun has joined Public “Office Hours”

Zoom avatar
Zoom
07:31:38 PM

Andy Wortman has joined Public “Office Hours”

Zoom avatar
Zoom
07:31:38 PM

Constantin Popa has joined Public “Office Hours”

Zoom avatar
Zoom
07:31:55 PM

Vlad Ionescu has joined Public “Office Hours”

Zoom avatar
Zoom
07:31:59 PM

Michael Martin has joined Public “Office Hours”

Zoom avatar
Zoom
07:32:10 PM

Isaac M has joined Public “Office Hours”

Zoom avatar
Zoom
07:32:40 PM

Adedapo Ajuwon has joined Public “Office Hours”

Zoom avatar
Zoom
07:32:47 PM

Antarr Byrd has joined Public “Office Hours”

Zoom avatar
Zoom
07:32:56 PM

13155203466 has joined Public “Office Hours”

Zoom avatar
Zoom
07:33:32 PM

Radha Ramadoss has joined Public “Office Hours”

Zoom avatar
Zoom
07:33:41 PM

emem u has joined Public “Office Hours”

Zoom avatar
Zoom
07:33:56 PM

Michael Pursifull has joined Public “Office Hours”

Zoom avatar
Zoom
07:34:24 PM

Eric Berg has joined Public “Office Hours”

Zoom avatar
Zoom
07:34:25 PM

Paul Marcelin has joined Public “Office Hours”

Zoom avatar
Zoom
07:35:33 PM

Jared Richards has joined Public “Office Hours”

Zoom avatar
Zoom
07:35:46 PM

Aaron Cutchin has joined Public “Office Hours”

Zoom avatar
Zoom
07:38:39 PM

Michael Vasilenko has joined Public “Office Hours”

Zoom avatar
Zoom
07:39:34 PM

Guilherme Borges has joined Public “Office Hours”

Zoom avatar
Zoom
07:42:44 PM

Roy Sprague has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Amazon Web Services (AWS) - Cloud Computing Services

Amazon Web Services offers reliable, scalable, and inexpensive cloud computing services. Free to join, pay only for what you use.

Zoom avatar
Zoom
07:43:59 PM

Jeremy White has joined Public “Office Hours”

Zoom avatar
Zoom
07:44:48 PM

Brad Curfman has joined Public “Office Hours”

Zoom avatar
Zoom
07:46:30 PM

Yusuf has joined Public “Office Hours”

Zoom avatar
Zoom
07:49:53 PM

Oliver Schoenborn has joined Public “Office Hours”

Zoom avatar
Zoom
07:50:49 PM

Marc Tamsky has joined Public “Office Hours”

Zoom avatar
Zoom
07:54:24 PM

Darren Pham has joined Public “Office Hours”

Zoom avatar
Zoom
07:56:02 PM

Michael Vasilenko has joined Public “Office Hours”

Vlad Ionescu (he/him) avatar
Vlad Ionescu (he/him)
attachment image

The future of email with ChatGPT.

Zoom avatar
Zoom
08:00:37 PM

Matt Ouellette has joined Public “Office Hours”

Zoom avatar
Zoom
08:11:14 PM

Isaac M has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
zurawiki/gptcommit

A git prepare-commit-msg hook for authoring commit messages with GPT-3.

1
managedkaos avatar
managedkaos

Also, this: Prompt Engineering is real https://learnprompting.org/

Learn Prompting | Learn Prompting

Learn Prompt Engineering

1

2023-03-05

managedkaos avatar
managedkaos

I might not use this to deploy/create resources…. but i might just use it as a way to back up the state of an AWS account vs using something like terraformer

https://iasql.com/
Automatically import existing infrastructure
Connect an AWS account to IaSQL to provision a PostgreSQL db and automatically backfill the database with your existing cloud resources. No need to redefine or reconcile existing infrastructure.

Home | IaSQL

Cloud infrastructure as data in PostgreSQL

1

2023-03-08

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
07:00:38 PM

@here office hours is starting in 30 minutes! Remember to post your questions here.

Zoom avatar
Zoom
07:27:52 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
07:28:05 PM

Jeremy Bouse has joined Public “Office Hours”

Zoom avatar
Zoom
07:28:05 PM

Brian Pauley has joined Public “Office Hours”

Zoom avatar
Zoom
07:28:21 PM

Nenna Salinas has joined Public “Office Hours”

Zoom avatar
Zoom
07:28:48 PM

Vlad Ionescu has joined Public “Office Hours”

Zoom avatar
Zoom
07:29:26 PM

PePe Amengual has joined Public “Office Hours”

Zoom avatar
Zoom
07:29:29 PM

Nate Garcia has joined Public “Office Hours”

Zoom avatar
Zoom
07:29:39 PM

dave lundgren has joined Public “Office Hours”

Zoom avatar
Zoom
07:29:58 PM
Zoom avatar
Zoom
07:30:25 PM

Matt Calhoun has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:41 PM

Paul Marcelin has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:43 PM

Evan Pitstick has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:56 PM

Michael Pursifull has joined Public “Office Hours”

Zoom avatar
Zoom
07:31:22 PM

Cannon Palms has joined Public “Office Hours”

Zoom avatar
Zoom
07:31:35 PM

John Mitchell has joined Public “Office Hours”

Zoom avatar
Zoom
07:32:04 PM

Devendra Yadav has joined Public “Office Hours”

Zoom avatar
Zoom
07:32:59 PM

Yonatan Koren has joined Public “Office Hours”

Zoom avatar
Zoom
07:35:17 PM

AJ Junior has joined Public “Office Hours”

Zoom avatar
Zoom
07:35:22 PM

Marc Tamsky has joined Public “Office Hours”

Zoom avatar
Zoom
07:36:26 PM

Fabian Berisha has joined Public “Office Hours”

Zoom avatar
Zoom
07:36:30 PM

Jim C has joined Public “Office Hours”

Zoom avatar
Zoom
07:37:50 PM

Tim Gourley has joined Public “Office Hours”

Zoom avatar
Zoom
07:38:17 PM

Isaac M has joined Public “Office Hours”

Zoom avatar
Zoom
07:39:09 PM

Matt Gowie has joined Public “Office Hours”

Zoom avatar
Zoom
07:39:46 PM

Andrew Vitko has joined Public “Office Hours”

Zoom avatar
Zoom
07:40:27 PM

Ralf Pieper has joined Public “Office Hours”

Zoom avatar
Zoom
07:40:49 PM

Zachary Loeber has joined Public “Office Hours”

Zoom avatar
Zoom
07:40:50 PM

Arjun Dandagi has joined Public “Office Hours”

Zoom avatar
Zoom
07:40:58 PM

Oliver Schoenborn has joined Public “Office Hours”

Zoom avatar
Zoom
07:42:24 PM

Michael Jenkins has joined Public “Office Hours”

Zoom avatar
Zoom
07:43:48 PM

Madhusudan Satapathy has joined Public “Office Hours”

Zoom avatar
Zoom
07:45:05 PM

Roy Sprague has joined Public “Office Hours”

Zoom avatar
Zoom
07:45:34 PM

Michael Vasilenko has joined Public “Office Hours”

Zoom avatar
Zoom
07:51:06 PM

Kris Musard has joined Public “Office Hours”

Zoom avatar
Zoom
08:22:10 PM

Harry Moreno has joined Public “Office Hours”

2023-03-15

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:00:11 PM

@here office hours is starting in 30 minutes! Remember to post your questions here.

Vlad Ionescu (he/him) avatar
Vlad Ionescu (he/him)

I’m not going to make it today, sorry!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Jeremy White (Cloud Posse) avatar
Jeremy White (Cloud Posse)
Docker is deleting Open Source organisations - what you need to knowattachment image

This controversial decision coupled with poor messaging has created anxiety the Open Source community. Learn what’s happening and how we can move forward.

1
managedkaos avatar
managedkaos

I expected this months ago and moved my workflows over to GitHub Packages and AWS Public ECR. I’m not surprised.

Docker is deleting Open Source organisations - what you need to knowattachment image

This controversial decision coupled with poor messaging has created anxiety the Open Source community. Learn what’s happening and how we can move forward.

Zoom avatar
Zoom
06:29:09 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:21 PM

Michael Pursifull has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:28 PM

Darren Pham has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:52 PM

Nenna Salinas has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:54 PM

Alex Atkinson has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:07 PM
Zoom avatar
Zoom
06:31:08 PM

Mitchell Gaddy has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:14 PM

Jeremy White has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:18 PM

Ralf Pieper has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:21 PM

Yonatan Koren has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:25 PM

Jeremy Bouse has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:41 PM

Isaac M has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:42 PM

Maura Rowell has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:44 PM

Gabriel has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:46 PM

Matt Calhoun has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:51 PM

Ivan Polchenko has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:01 PM

Ashwin Jacob has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:11 PM

Michael Jenkins has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:21 PM

Andrew Vitko has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:59 PM

Andy Roth has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:05 PM

Igor B has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:34 PM
Zoom avatar
Zoom
06:33:55 PM

Kris Musard has joined Public “Office Hours”

Zoom avatar
Zoom
06:37:00 PM

Jim Park has joined Public “Office Hours”

Jim Park avatar
Jim Park

Sigh. Turning on ICMP is the first thing I do.

Zoom avatar
Zoom
06:38:36 PM

Eric Berg has joined Public “Office Hours”

Zoom avatar
Zoom
06:38:41 PM
Zoom avatar
Zoom
06:40:11 PM

Oliver Schoenborn has joined Public “Office Hours”

Zoom avatar
Zoom
06:40:14 PM

Vicken Simonian has joined Public “Office Hours”

Zoom avatar
Zoom
06:44:00 PM

Johnmary Odenigbo has joined Public “Office Hours”

Jim Park avatar
Jim Park

TIL you can configure EC2 to use the resource name as the hostname for an EC2 instance, so that when you log into an instance, or query kubectl nodes , you can skip the IP address to resource id translation step. API | Wizard

When you launch an EC2 instance with a Hostname type of Resource name, the guest OS hostname is configured to use the EC2 instance ID. • Format for an instance in us-east-1: _ec2-instance-id_.ec2.internal • Example: _i-0123456789abcdef_.ec2.internal • Format for an instance in any other AWS Region: _ec2-instance-id.region_.compute.internal • Example: _i-0123456789abcdef.us-west-2_.compute.internal

Zoom avatar
Zoom
06:56:40 PM

Antarr Byrd has joined Public “Office Hours”

Zoom avatar
Zoom
06:59:26 PM

Peter Dada has joined Public “Office Hours”

Zoom avatar
Zoom
07:01:20 PM

Johnmary Odenigbo has joined Public “Office Hours”

Zoom avatar
Zoom
07:03:22 PM

Paul Marcelin has joined Public “Office Hours”

Zoom avatar
Zoom
07:07:00 PM

Mike Martin has joined Public “Office Hours”

Mike Martin avatar
Mike Martin

I have a DNS management question; we currently use terraform to manage route53, but now we manage 400+ records in one hosted zone and it takes minutes to plan and on top of that we are beginning to hit rate limits from AWS. Does anyone manage their route53 with anything else?

Jim Park avatar
Jim Park

Terraform isn’t so great at managing many resources at a time. I co-locate route53 resources with the apps they support to spread out the burden. The downside to this is that there is no single pane of DNS glass from a terraform perspective. Other tools, like the Web-UI, have to be used for the whole view.

Mike Martin avatar
Mike Martin

Yeah - that is the pain we are facing now. We have all of our records from one hosted zone in one terraform directory. We prefer the single view, but as you mentioned Terraform is struggling to keep up. I’m looking for a better way to have speed and a good view of things.

Jim Park avatar
Jim Park

You might benefit from two things:

You can try tweaking parallelism to a value greater than 10. You might also try to collocate the terraform binary executing the apply inside AWS to minimize latency and rate-limiting effects. (normally I don’t advocate for this unless there’s a need, but there might be here!)

Yonatan Koren avatar
Yonatan Koren

Re: Darren’s buildx + ECR problem in office hours today (watch near the end of the recording for context)

It looks like the problem has to do with -o type=registry, which translates to -o type=image,push=true

Basically the random snippet in my gist which was pushing proper OCI compliant (multiarch) images to ECR, probably can be done with -o type=oci,push=true, but I haven’t checked

Yonatan Koren avatar
Yonatan Koren

EDIT:

Nvm, there is no such thing as type=oci,push=true. According to the docs, type=image should be OCI compliant.

docker buildx buildattachment image

docker buildx build: The buildx build command starts a build using BuildKit. This command is similar to the UI of docker build command and takes the same flags and arguments….

Yonatan Koren avatar
Yonatan Koren

But @Darren Pham I am back at the the authorization error in ECR when I do --push=true (even though my IAM policies are correct).

So I have reverted to the export to tar.gz, then importing (and overriding CMD and ENTRYPOINT because it is stripped on import), and then pushing to ECR…

Yonatan Koren avatar
Yonatan Koren

So anyways… hope this somehow helps you.

Even though this is ugly https://gist.github.com/korenyoni/a5bd32da16a428477fce960060f192e9/63fca3862185cae7d33b885164e6c8949e0631ff

It’s the only thing that seems to work for me (and maybe for you)

managedkaos avatar
managedkaos

Would have been timely for today but sharing FYI anyway. Might be fun to see what comes out of it next week.

3
managedkaos avatar
managedkaos
k8s.gcr.io Redirect to registry.k8s.io - What You Need to Know

Authors: Bob Killen (Google), Davanum Srinivas (AWS), Chris Short (AWS), Frederico Muñoz (SAS Institute), Tim Bannister (The Scale Factory), Ricky Sadowski (AWS), Grace Nguyen (Expo), Mahamed Ali (Rackspace Technology), Mars Toktonaliev (independent), Laura Santamaria (Dell), Kat Cosgrove (Dell) On Monday, March 20th, the k8s.gcr.io registry will be redirected to the community owned registry, registry.k8s.io . TL;DR: What you need to know about this change On Monday, March 20th, traffic from the older k8s.

2023-03-16

2023-03-22

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:00:28 PM

@here office hours is starting in 30 minutes! Remember to post your questions here.

Jonathan avatar
Jonathan

Q: @Erik Osterman (Cloud Posse) could https://github.com/cloudposse/bastion get some love? If you guys have moved on and no longer maintaining it, could I volunteer as a maintainer?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Definitely open to volunteers. We’re not actively using it as we predominantly help customers use Teleport.

Jonathan avatar
Jonathan

awesome, i’d love to volunteer to help with that and keep the project up to date on the latest versions of the libraries and such

joshmyers avatar
joshmyers

wave Got a use case for this also

joshmyers avatar
joshmyers
#70 Updating all dependencies to latest versions as of 2023

This PR will be the next release of bastion updating it to the latest version of all dependencies.

what

• Update to Alpine 3.17 • Update to OpenSSH 9.3p1 • Update to Duo 2.0.0 • Update to google-authenticator-libpam 1.09 • Update to sudosh 0.3.0

why

• Libraries are way out of date • RootCA certificates have expired in the last released version breaking curl/wget from being able to connect to many https without ignoring SSL server validation.

references

• Closes #67 • Closes #65

joshmyers avatar
joshmyers

I’ve pulled latest master, built locally and trying running with

joshmyers avatar
joshmyers
docker run -p 1234:22 -e MFA_PROVIDER=google-authenticator -v ~/.ssh/authorized_keys:/root/.ssh/authorized_keys docker.io/cloudposse/bastion:dev
joshmyers avatar
joshmyers
PAM: Module is unknown for root from 192.168.200.0
Connection closed by authenticating user root 192.168.200.0 port 50332 [preauth]
joshmyers avatar
joshmyers
❯ docker run -p 1234:22 -e MFA_PROVIDER=google-authenticator -v ~/.ssh/authorized_keys:/root/.ssh/authorized_keys cloudposse/bastion
joshmyers avatar
joshmyers

Running the upstream works.

Jonathan avatar
Jonathan

@joshmyers I’ve been still working on it. Can you please test the latest master? I think everything is finally all updated and we fixed all the bugs from upgrading.

joshmyers avatar
joshmyers

wave Hey @Jonathan - thanks so much for this. Yup tested latest master and seems to be working as I’d expect now.

joshmyers avatar
joshmyers
#37 Add support for Github Enterprise

what

This is a bit of a grab bag of a PR, mostly because this code base hasn’t been touched in a while.

• Adds support for Github Enterprise. • Update deps. • Removes Glide and add uses Go Modules - but Make targets from the build-harness are still expecting to use Glide.

Bumping go-github to latest caused a few breakages due to deprecated methods. I have tried to change as little core logic as possible, while noting that newer go-github probably means some logic could be removed/made more efficient.

why

Because current gig uses GHE. Teleport is unfortunately not a great fit for us down to requirements.

testing

I’ve updated the tests but not added new GHE tests as getting your hands on a GHE installation is non trivial. I have however successfully built and run this branch to test working. Can pull teams/users/keys etc from GHE.

Jonathan avatar
Jonathan

Awesome, thanks for validating @joshmyers!

Jonathan avatar
Jonathan

@joshmyers make sure to chase @Erik Osterman (Cloud Posse) down, he has lots of projects to keep track and manage, things easily fall through the cracks.

Zoom avatar
Zoom
06:27:44 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

venkata.mutyala avatar
venkata.mutyala

Q for Office Hours:

How do you folks track package versions as well as software licenses across repos/languages? We are looking at creating a repo and doing this manually right now but I have a feeling there is a better way of doing this. We are trying to ensure we keep our packages updated (CVEs/new features) and we also want to ensure we remain compliant with all the software licenses we are using.

jose.amengual avatar
jose.amengual

I watched the office hours recording

jose.amengual avatar
jose.amengual

I used to work at Sonatype , creators of Nexus IQ, not free

jose.amengual avatar
jose.amengual

but one of the things is does really well is inventory of software dependencies, licenses and CSVs

jose.amengual avatar
jose.amengual

one of the powerful features of Nexus

venkata.mutyala avatar
venkata.mutyala

Thanks!

Zoom avatar
Zoom
06:27:58 PM

Dima Nelen has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:09 PM

Jeremy Bouse has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:18 PM

Nenna Salinas has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:26 PM

dave lundgren has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:42 PM

venkata mutyala has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:21 PM
Zoom avatar
Zoom
06:30:04 PM

Andy Wortman has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:21 PM

Andy Roth has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:28 PM

Darren Pham has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:30 PM

ashkan jafari has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:42 PM

Ralf Pieper has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:50 PM

Andrew Vitko has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:07 PM

Matt Calhoun has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:34 PM

Kris Musard has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:42 PM

Isaac M has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:24 PM

Vlad Ionescu has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:55 PM

Maura Rowell has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:29 PM

Hugo Samayoa III has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:30 PM

Taylor Turner has joined Public “Office Hours”

Zoom avatar
Zoom
06:35:39 PM

Johnmary Odenigbo has joined Public “Office Hours”

Zoom avatar
Zoom
06:36:05 PM

Joe Caulfield has joined Public “Office Hours”

Zoom avatar
Zoom
06:38:04 PM

Jeremy White has joined Public “Office Hours”

Zoom avatar
Zoom
06:38:19 PM

Jonathan Chan has joined Public “Office Hours”

Zoom avatar
Zoom
06:41:28 PM

Michael Jenkins has joined Public “Office Hours”

Zoom avatar
Zoom
06:45:49 PM

Andrew Elkins has joined Public “Office Hours”

Zoom avatar
Zoom
06:51:13 PM

emem u has joined Public “Office Hours”

Zoom avatar
Zoom
06:51:45 PM

Roy Sprague has joined Public “Office Hours”

Zoom avatar
Zoom
07:21:47 PM

Gajanand Singh has joined Public “Office Hours”

Zoom avatar
Zoom
07:26:06 PM

Igor Bronovskyi has joined Public “Office Hours”

2023-03-23

2023-03-24

venkata.mutyala avatar
venkata.mutyala

https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/

If you run argocd you may have to do a couple of things.

We updated our RSA SSH host key | The GitHub Blogattachment image

At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Hah, yes we ran into this

We updated our RSA SSH host key | The GitHub Blogattachment image

At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Igor Rodionov

2023-03-26

venkata.mutyala avatar
venkata.mutyala
Weka Violates MinIO's Open Source Licensesattachment image

Weka is using MinIO software to implement their object storage functionality in violation of the Apache V2 and GNU AGPL v3 licenses. MinIO is revoking all licenses as a result.

2
Vlad Ionescu (he/him) avatar
Vlad Ionescu (he/him)

It seems to be bullshit and MinIO seems to be the bad actor actually: https://blocksandfiles.com/2023/03/26/we-object-minio-says-no-more-open-license-for-you-weka/

We object! MinIO says no more open license for Weka – Blocks and Filesattachment image

It went after Nutanix and now it’s going after Weka – MinIO has revoked Weka’s Apache License v2 and GNU AGPL v3 licenses to use its open source object storage software. Weka, for its part, says it doesn’t use the AGPL license and MinIO cannot revoke the Apache license which it does use. MinIO produces […]

1

2023-03-27

Alex Atkinson avatar
Alex Atkinson

Data regionality and sovereignty is a developing area of regulation, and fairly adjacent to GDPR or compliance framework like SOC2/ISO27001. I think CCPA has a line item on it? So what should startups that want to be able to have global user registrations do? Generally for compliance, it’s simply operating in shadow mode until they achieve good compliance reports, but data sovereignty as a new point of concern is a bigger challenge. Anyone have any experience with this discussion? I saw somewhere a recommendation to “simply” leave a copy of data in each region where it’s generated, and export to your data store/processing location.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Data residency-as-a-service platform - InCountryattachment image

Stay compliant with global data regulations by storing profille, employee, healthcare, transaction and payment data in the country of residency.

kunalsingthakur avatar
kunalsingthakur

Can we have something related to terraform restrictions while running it based on users

Alex Atkinson avatar
Alex Atkinson

Depending on where you’re running it from… Like anything, if a user runs a module from their local and they have God tier access…

If you’re setting up tf apply out of some CI, like GH actions, you could do some cheap access control like this. Or that enterprise tier approvals feature…

Or you can use a platform like env0, which gets you all the RBAC you could want. https://www.env0.com/blog/custom-rbac-roles https://docs.env0.com/docs/sub-projects

kunalsingthakur avatar
kunalsingthakur

Thanks for input but I’m completely relying on on prem tools and trying to find open source solution for it. And also I’m using bitbucket as repository and jenkins as CI. Env0 seems like paid product is there any open source solution for onprem fit

Alex Atkinson avatar
Alex Atkinson

Often you can pay a little $ for SAAS, or spend \(\) developing an in-house solutions. Sometimes compliance kills that idea though.

Alex Atkinson avatar
Alex Atkinson

Anyone with the code can do tf commands. Their access to affect those changes is something else. If they shouldn’t be able to do something with TF, they shouldn’t have the access necessary to affect those changes to begin with. Look to your access management strategy for internal users.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Component Validation | atmos

Use JSON Schema and OPA policies to validate Components.

kunalsingthakur avatar
kunalsingthakur

Not sure but as we knew if lot of team members are involving to contribute IAC. we need user based access and logging and particular user should some restriction on user resources

2023-03-28

2023-03-29

venkata.mutyala avatar
venkata.mutyala

@Erik Osterman (Cloud Posse) you are probably across this but https://youtu.be/G9_DnebevJg

The feature I am excited about and I think you may also like is: https://docs.github.com/en/actions/using-workflows/required-workflows

Given how many repos you folks manage I imagine this could be useful.

venkata.mutyala avatar
venkata.mutyala

They mention the workflows feature towards the end

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yes, was very excited about it, except for they don’t work on pull requests from forks

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

So for open source it’s still useless.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:00:28 PM

@here office hours is starting in 30 minutes! Remember to post your questions here.

Mike Martin avatar
Mike Martin

Question for today: we are looking to implement healthchecks.io for our ecs scheduled tasks. 1. Anyone have experiences to share? From what I’ve seen so far, the internet seems to think this is a good product. 2. We are trying to implement it and looking for ideas on how to create healthchecks that share the same lifecycle as the scheulded task itself. My first though is to use this resource provider https://github.com/kristofferahl/terraform-provider-healthchecksio/tree/master as I can’t think of a better way to tie the creation of a healthcheck to AWS events that seemingly do not exist; ie. ecs only has deployment, container instance and another event that don’t really have anything to do with scheduled events.

Sorry for my long ramble and I will explain this better with my voice

Zoom avatar
Zoom
06:29:39 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:47 PM

Marc Tamsky has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:51 PM

Vlad Ionescu has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:52 PM

Dima Nelen has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:58 PM

Michael Jenkins has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:08 PM

Andrew Thompson has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:09 PM

Nenna Salinas has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:12 PM

Mike Martin has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:17 PM

Eduardo Wohlers has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:08 PM

Alex Atkinson has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:08 PM

Isaac M has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:09 PM

Andrew Vitko has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:10 PM

Ketan Patel has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:15 PM
Zoom avatar
Zoom
06:31:49 PM

Michael Pursifull has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:53 PM

tyler has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:24 PM

Luis Masaya has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:29 PM

Amer Zec has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:37 PM

Paul Bullock has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:41 PM

Maura Rowell has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:15 PM

Matt Calhoun has joined Public “Office Hours”

Zoom avatar
Zoom
06:37:42 PM

Brian Choate has joined Public “Office Hours”

Zoom avatar
Zoom
06:38:57 PM

Alejandro Calbazana has joined Public “Office Hours”

Zoom avatar
Zoom
06:39:43 PM

Isa Aguilar has joined Public “Office Hours”

Zoom avatar
Zoom
06:40:44 PM

Oliver Schoenborn has joined Public “Office Hours”

Zoom avatar
Zoom
06:44:41 PM

Jeremy White has joined Public “Office Hours”

Zoom avatar
Zoom
06:46:55 PM

Roy Sprague has joined Public “Office Hours”

Zoom avatar
Zoom
06:48:53 PM

emem u has joined Public “Office Hours”

Zoom avatar
Zoom
06:57:38 PM

Devante Williams has joined Public “Office Hours”

Zoom avatar
Zoom
07:04:54 PM

Isa Aguilar has joined Public “Office Hours”

Zoom avatar
Zoom
07:14:05 PM

Dariusz Panasiuk has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Announcing the GitHub Actions extension for VS Code | The GitHub Blogattachment image

Today, we’re excited to announce the release of the public beta of the official GitHub Actions VS Code extension, which provides support for authoring and editing workflows and helps you manage workflow runs without leaving your IDE.

2023-03-30

Nenna avatar

Links from office hours:

https://www.theregister.com/2023/03/24/github_changes_its_ssh_host/ https://news.ycombinator.com/item?id=35295216 https://github.com/dlvhdr/gh-dash https://registry.terraform.io/providers/pseudo-dynamic/value/latest/docs https://github.com/apps/settings https://github.com/hashicorp/terraform-provider-aws/issues/29842 https://github.com/rogerwelin/cfnctl https://ergomake.dev/blog/docker-compose-as-a-universal-interface/ https://www.docker.com/blog/no-longer-sunsetting-the-free-team-plan/ https://aws.amazon.com/about-aws/whats-new/2023/03/amazon-guardduty-enforcement-threat-detection-organization/ https://registry.terraform.io/providers/hashicorp/awscc/latest https://www.ergomaker.com/ https://aws.amazon.com/about-aws/whats-new/2023/03/application-load-balancer-tls-1-3/ https://aws.amazon.com/about-aws/whats-new/2023/03/aws-copilot-customization-cdk-yaml-overrides/ https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html https://github.com/qunash/chatgpt-advanced https://stackoverflow.com/questions/68767674/does-aws-application-load-balancer-support-tls-1-3 https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_cwe_events.html https://docs.aws.amazon.com/step-functions/latest/dg/connect-ecs.html https://aws.amazon.com/blogs/compute/orchestrating-aws-glue-crawlers-using-aws-step-functions/ https://docs.aws.amazon.com/AmazonECS/latest/userguide/lifecycle-metrics.html

    keyboard_arrow_up