#office-hours (2024-11)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2024-11-01
2024-11-06
@here office hours is starting in 30 minutes! Remember to post your questions here.
Links from today’s office hours:
https://weiyen.net/articles/useful-macos-cmd-line-utilities https://github.com/cloudposse/terraform-aws-components/issues/1177 https://archive.ph/PNUEw#selection-1339.0-1339.63 https://www.gitpod.io/blog/we-are-leaving-kubernetes https://github.com/padok-team/burrito https://github.com/opentofu/opentofu/releases/tag/v1.9.0-alpha1 https://aws.amazon.com/about-aws/whats-new/2024/10/aws-udp-privatelink-dual-stack-network-load-balancers/ https://weiyen.net/articles/useful-macos-cmd-line-utilities https://www.gitpod.io/blog/introducing-gitpod-flex https://xcp-ng.org/ https://roadmap.sh/devops
2024-11-12
Trading card deck building game designed to teach how different AWS services work together to build well-architected workloads.
AWS CloudFormation makes it easy to model and provision your cloud application infrastructure as code. CloudFormation templates can be written directly in JSON or YAML, or they can be generated by tools like the AWS Cloud Development Kit (CDK). These templates are submitted to the CloudFormation service and the resources are deployed together as stacks, […]
2024-11-13
@here office hours is starting in 30 minutes! Remember to post your questions here.
Links from today’s office hours:
https://github.blog/changelog/2024-11-07-copilot-immersive-update-for-copilot-enterprise-customers/ https://docs.github.com/en/copilot/using-github-copilot/using-github-copilot-in-the-command-line https://aws.amazon.com/gametech/buildercards/ https://sst.dev/blog/container-support/ https://mergiraf.org/?utm_source=tldrwebdev https://github.com/JohannesKaufmann/html-to-markdown https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/4603-tune-crashloopbackoff/README.md https://rubyonrails.org/2024/11/7/rails-8-no-paas-required https://github.com/cloudposse/atmos/releases/tag/v1.101.0 https://aws.amazon.com/about-aws/whats-new/2024/11/financing-program-aws-marketplace-purchases-us-customers/ https://ollama.com/ https://github.com/ollama/ollama https://github.com/Rosesecurity https://github.com/RoseSecurity/Kuzco https://poe.com/login https://www.anthropic.com/news/claude-3-5-sonnet https://www.cursor.com/blog/supermaven https://www.youtube.com/watch?v=bf3erhnXNTE https://www.cisoplatform.com/profiles/blogs/dark-ai-top-7-ai-tools-assisting-hackers https://github.com/0xk1h0/ChatGPT_DAN https://thanks.dev/home
2024-11-20
@here office hours is starting in 30 minutes! Remember to post your questions here.
Links from today’s office hours:
https://www.linkedin.com/posts/houstonhopkins_aws-root-access-managment-is-here-kiss-ugcPost-7262981365627793408-PXVG/?utm_source=share&utm_medium=member_ios https://aws.amazon.com/blogs/aws/centrally-managing-root-access-for-customers-using-aws-organizations/ https://aws.amazon.com/about-aws/whats-new/2024/11/aws-application-load-balancer-cloudfront-integration-builtin-waf https://aws.amazon.com/blogs/opensource/introducing-open-source-kro-kube-resource-orchestrator/ https://www.si.com/fannation/boxing/netflix-apologizes-for-botched-mike-tyson-vs-jake-paul-livestream-01jd1jqmva8n#<i class="em em-~"</i>text=Netflix%20apologized%20after%20the%20backlash,by%20near%2Dconstant%20technical%20glitches>. https://github.com/NVIDIA/garak https://www.bloomberg.com/news/articles/2024-11-18/doj-will-push-google-to-sell-off-chrome-to-break-search-monopoly?embedded-checkout=true https://letsencrypt.org/2014/11/18/announcing-lets-encrypt/ https://github.com/dbohdan/recur https://engineering.fb.com/2024/06/24/data-infrastructure/leveraging-ai-for-efficient-incident-response/ https://www.reddit.com/r/Terraform/comments/1gugfxe/is_cdktf_becoming_abandonware/ https://justtinkering.nl/2024/11/06/creating-an-ami-with-image-builder/?utm_source=www.weekly.tf&utm_medium=referral&utm_campaign=issue-200-dangers-of-terraform-automation-platforms-terraform-best-practices-serverless-rest-api-aws-image-builder-terraform-dashboards-ai https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-efs-cross-account-replication/ https://aws.amazon.com/about-aws/whats-new/2024/11/block-public-access-amazon-virtual-private-cloud/ https://aws.amazon.com/solutions/implementations/instance-scheduler-on-aws/ https://www.streamingmediablog.com/2023/10/largestlivestreaminghistory.html
Reflecting on Netflix, the Tyson fight could also have been a test for when Beyonce breaks the internet on Christmas Day:
2024-11-21
Terraform automation platforms streamline infrastructure management but also introduce security vulnerabilities when speculative plans are executed. Read how attackers can exploit Terraform lifecycle automation to gain unauthorized cloud access, compromising environments far beyond a single team’s control. Learn about the attack vectors, including malicious provider plugins and external data sources, and discover essential mitigation strategies to safeguard your infrastructure.
2024-11-25
big announcements this week from AWS ( for me at least )
Discover more about what’s new at AWS with AWS Application Load Balancer introduces header modification for enhanced traffic control and security
Discover more about what’s new at AWS with Amazon Aurora Serverless v2 supports scaling to zero capacity
Securely deliver high-performance web apps with CloudFront VPC origins; serve content directly from private subnets, eliminating undifferentiated work.
Has anyone else noticed a trend of minimizing infra? https://blog.stackademic.com/i-stopped-using-kubernetes-our-devops-team-is-happier-than-ever-a5519f916ec0
Why Letting Go of Kubernetes Worked for Us
I’d understand consolidation of infra, just like any other part of the software dev cycle. Though, some specifics from the blog are… odd. Namely, 47 clusters is questionable to say the least.
Why Letting Go of Kubernetes Worked for Us
the answer should be easy, for startups and SMB k8s is overkill, they can start and keep running on small footprint infra,
For companies with big teams, multiple apps, and technologies, then you gonna need full control over infra and use something like k8s, with less abstraction
keep in mind abstraction came with a big cost consideration, like Vercel vs cloudfront and s3
2024-11-26
2024-11-27
Question for Office hours: @Erik Osterman (Cloud Posse), a while ago, you asked a question about Monorepo releases
, and I wonder if you found a solution for it? I remember it was in the context of the terraform-aws-components
repo and how to create releases for components individually instead of having to release the whole mono repo. I might not be able to attend so I will watch the recording.
One solution we’ve found was Google’s release-please for this. You use it on a monorepo, but it’s a bit buried in the docs. We don’t have experience with it, but we were going to go with that for a client and then ended up hitting pause on that project for them.
We threw in the towel and moved all components to https://github.com/orgs/cloudposse-terraform-components/repositories
For private/closed sources, it’s manageable.
I watched the recording
where is the mention about Alex’s project?
At the end of that conversation we talked about it briefly. I know Erik brought it up on the screen share. I forget the exact name of the project though.
Links from today’s office hours:
https://github.com/orgs/cloudposse-terraform-components/repositories https://github.com/aws/copilot-cli/discussions/5925 https://github.com/aws/copilot-cli/issues/5987 https://aws.amazon.com/about-aws/whats-new/2024/11/aws-application-load-balancer-header-modification-enhanced-traffic-control-security/ https://devclass.com/2024/11/27/redis-inc-seeks-control-over-future-of-rust-redis-rs-client-library-amid-talk-of-trademark-threat/ https://github.com/cloudposse/atmos/pull/797 https://gurubase.io/g/helmfile/ https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-aurora-serverless-v2-scaling-zero-capacity/ https://arthur-johnston.com/tuesday_to_tuesday/ https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-s3-enforcement-conditional-write-operations-general-purpose-buckets/ https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-s3-functionality-conditional-writes/ https://dev.to/danquack/terraform-ephemeral-resources-4212#<i class="em em-~"</i>text=Storing%20sensitive%20data%20like%20database,them%20in%20the%20state%20file>. https://github.com/idsulik/helm-cel https://aws.amazon.com/blogs/aws/amazon-cloudfront-now-accepts-your-applications-grpc-calls/ https://kics.io/index.html https://github.com/marketplace/actions/gitops-automatic-versioning https://www.youtube.com/watch?v=YDez1_G47H8
Awesome, thanks
@here office hours is starting in 30 minutes! Remember to post your questions here.
I’ll throw this question into the hat for office-hours
Hey folks – we’re doing one of our Terraform Audits for one of our clients. As part of that audit, we run tflint + a trivy scan against their Terraform codebase to get some artifacts about how they’re doing regarding conventions and security. We’re looking for other tools that we might want to add to that list. Does anyone here have any suggestions on similar static analysis tools in the TF space that you think provide value?
Links from today’s office hours:
https://github.com/orgs/cloudposse-terraform-components/repositories https://github.com/aws/copilot-cli/discussions/5925 https://github.com/aws/copilot-cli/issues/5987 https://aws.amazon.com/about-aws/whats-new/2024/11/aws-application-load-balancer-header-modification-enhanced-traffic-control-security/ https://devclass.com/2024/11/27/redis-inc-seeks-control-over-future-of-rust-redis-rs-client-library-amid-talk-of-trademark-threat/ https://github.com/cloudposse/atmos/pull/797 https://gurubase.io/g/helmfile/ https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-aurora-serverless-v2-scaling-zero-capacity/ https://arthur-johnston.com/tuesday_to_tuesday/ https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-s3-enforcement-conditional-write-operations-general-purpose-buckets/ https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-s3-functionality-conditional-writes/ https://dev.to/danquack/terraform-ephemeral-resources-4212#<i class="em em-~"</i>text=Storing%20sensitive%20data%20like%20database,them%20in%20the%20state%20file>. https://github.com/idsulik/helm-cel https://aws.amazon.com/blogs/aws/amazon-cloudfront-now-accepts-your-applications-grpc-calls/ https://kics.io/index.html https://github.com/marketplace/actions/gitops-automatic-versioning https://www.youtube.com/watch?v=YDez1_G47H8
I was listening to this podcast, to the one that was asking about the 502 error when using AWS application load balancer. I’ve encounter the same error message thrown by AWS load balancer.
We went thru the troubleshooting by AWS via this instructions to isolate whether it’s the load balancer throwing the 502s or the application itself https://repost.aws/knowledge-center/elb-alb-troubleshoot-502-errors
Which then lead us to this article https://www.tessian.com/blog/how-to-fix-http-502-errors/ which helps us resolve our 502 errors.
TLDR: Our application’s webserver have a KeepAlive setting that is shorter then AWS load balancer’s built-in timeout. After finetuning these helps resolve the 502 errors.
Hope this may help whoever that asked that question in this week’s officehours
I want to learn how to troubleshoot HTTP 502 bad gateway errors with my Application Load Balancer and identify the source of the errors using CloudWatch metrics and access logs.
Struggling with HTTP 502 “Bad Gateway” errors? A Tessian engineer explains why these errors happen and how to fix them with AWS ALB.