#office-hours (2024-11)

“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!

https://cpco.io/slack-office-hours

Meeting password: sweetops

2024-11-12

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
AWS BuilderCards - Cloud Computing for Video Games - AWS

Trading card deck building game designed to teach how different AWS services work together to build well-architected workloads.

1
managedkaos avatar
managedkaos
Peek inside your AWS CloudFormation Deployments with timeline view | Amazon Web Servicesattachment image

AWS CloudFormation makes it easy to model and provision your cloud application infrastructure as code. CloudFormation templates can be written directly in JSON or YAML, or they can be generated by tools like the AWS Cloud Development Kit (CDK). These templates are submitted to the CloudFormation service and the resources are deployed together as stacks, […]

2024-11-20

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
07:05:21 PM

@here office hours is starting in 30 minutes! Remember to post your questions here.

Nenna avatar

Links from today’s office hours:

https://www.linkedin.com/posts/houstonhopkins_aws-root-access-managment-is-here-kiss-ugcPost-7262981365627793408-PXVG/?utm_source=share&utm_medium=member_ios https://aws.amazon.com/blogs/aws/centrally-managing-root-access-for-customers-using-aws-organizations/ https://aws.amazon.com/about-aws/whats-new/2024/11/aws-application-load-balancer-cloudfront-integration-builtin-waf https://aws.amazon.com/blogs/opensource/introducing-open-source-kro-kube-resource-orchestrator/ https://www.si.com/fannation/boxing/netflix-apologizes-for-botched-mike-tyson-vs-jake-paul-livestream-01jd1jqmva8n#<i class="em em-~"</i>text=Netflix%20apologized%20after%20the%20backlash,by%20near%2Dconstant%20technical%20glitches>. https://github.com/NVIDIA/garak https://www.bloomberg.com/news/articles/2024-11-18/doj-will-push-google-to-sell-off-chrome-to-break-search-monopoly?embedded-checkout=true https://letsencrypt.org/2014/11/18/announcing-lets-encrypt/ https://github.com/dbohdan/recur https://engineering.fb.com/2024/06/24/data-infrastructure/leveraging-ai-for-efficient-incident-response/ https://www.reddit.com/r/Terraform/comments/1gugfxe/is_cdktf_becoming_abandonware/ https://justtinkering.nl/2024/11/06/creating-an-ami-with-image-builder/?utm_source=www.weekly.tf&utm_medium=referral&utm_campaign=issue-200-dangers-of-terraform-automation-platforms-terraform-best-practices-serverless-rest-api-aws-image-builder-terraform-dashboards-ai https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-efs-cross-account-replication/ https://aws.amazon.com/about-aws/whats-new/2024/11/block-public-access-amazon-virtual-private-cloud/ https://aws.amazon.com/solutions/implementations/instance-scheduler-on-aws/ https://www.streamingmediablog.com/2023/10/largestlivestreaminghistory.html

managedkaos avatar
managedkaos

Reflecting on Netflix, the Tyson fight could also have been a test for when Beyonce breaks the internet on Christmas Day:

2024-11-21

Mohammed Yahya avatar
Mohammed Yahya
GitFlops: The Dangers of Terraform Automation Platforms | Snykattachment image

Terraform automation platforms streamline infrastructure management but also introduce security vulnerabilities when speculative plans are executed. Read how attackers can exploit Terraform lifecycle automation to gain unauthorized cloud access, compromising environments far beyond a single team’s control. Learn about the attack vectors, including malicious provider plugins and external data sources, and discover essential mitigation strategies to safeguard your infrastructure.

1

2024-11-25

Mohammed Yahya avatar
Mohammed Yahya
AWS Application Load Balancer introduces header modification for enhanced traffic control and security - AWS

Discover more about what’s new at AWS with AWS Application Load Balancer introduces header modification for enhanced traffic control and security

Amazon Aurora Serverless v2 supports scaling to zero capacity - AWS

Discover more about what’s new at AWS with Amazon Aurora Serverless v2 supports scaling to zero capacity

Introducing Amazon CloudFront VPC origins: Enhanced security and streamlined operations for your applications | Amazon Web Servicesattachment image

Securely deliver high-performance web apps with CloudFront VPC origins; serve content directly from private subnets, eliminating undifferentiated work.

managedkaos avatar
managedkaos
2
Rishav avatar

I’d understand consolidation of infra, just like any other part of the software dev cycle. Though, some specifics from the blog are… odd. Namely, 47 clusters is questionable to say the least.

1
Mohammed Yahya avatar
Mohammed Yahya

the answer should be easy, for startups and SMB k8s is overkill, they can start and keep running on small footprint infra,

For companies with big teams, multiple apps, and technologies, then you gonna need full control over infra and use something like k8s, with less abstraction

keep in mind abstraction came with a big cost consideration, like Vercel vs cloudfront and s3

2024-11-26

2024-11-27

jose.amengual avatar
jose.amengual

Question for Office hours: @Erik Osterman (Cloud Posse), a while ago, you asked a question about Monorepo releases, and I wonder if you found a solution for it? I remember it was in the context of the terraform-aws-components repo and how to create releases for components individually instead of having to release the whole mono repo. I might not be able to attend so I will watch the recording.

Matt Gowie avatar
Matt Gowie

One solution we’ve found was Google’s release-please for this. You use it on a monorepo, but it’s a bit buried in the docs. We don’t have experience with it, but we were going to go with that for a client and then ended up hitting pause on that project for them.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We threw in the towel and moved all components to https://github.com/orgs/cloudposse-terraform-components/repositories

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I think for open source, monorepos suck.

10001
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

For private/closed sources, it’s manageable.

jose.amengual avatar
jose.amengual

I watched the recording

jose.amengual avatar
jose.amengual

where is the mention about Alex’s project?

Matt Gowie avatar
Matt Gowie

At the end of that conversation we talked about it briefly. I know Erik brought it up on the screen share. I forget the exact name of the project though.

jose.amengual avatar
jose.amengual

Awesome, thanks

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
07:05:33 PM

@here office hours is starting in 30 minutes! Remember to post your questions here.

Matt Gowie avatar
Matt Gowie
07:11:39 PM

I’ll throw this question into the hat for office-hours

Hey folks – we’re doing one of our Terraform Audits for one of our clients. As part of that audit, we run tflint + a trivy scan against their Terraform codebase to get some artifacts about how they’re doing regarding conventions and security. We’re looking for other tools that we might want to add to that list. Does anyone here have any suggestions on similar static analysis tools in the TF space that you think provide value?

SweetOps avatar
SweetOps
10:10:54 PM
Samuel Than avatar
Samuel Than

I was listening to this podcast, to the one that was asking about the 502 error when using AWS application load balancer. I’ve encounter the same error message thrown by AWS load balancer.

We went thru the troubleshooting by AWS via this instructions to isolate whether it’s the load balancer throwing the 502s or the application itself https://repost.aws/knowledge-center/elb-alb-troubleshoot-502-errors

Which then lead us to this article https://www.tessian.com/blog/how-to-fix-http-502-errors/ which helps us resolve our 502 errors.

TLDR: Our application’s webserver have a KeepAlive setting that is shorter then AWS load balancer’s built-in timeout. After finetuning these helps resolve the 502 errors.

Hope this may help whoever that asked that question in this week’s officehours

Troubleshoot Application Load Balancer HTTP 502 Errors | AWS re:Post

I want to learn how to troubleshoot HTTP 502 bad gateway errors with my Application Load Balancer and identify the source of the errors using CloudWatch metrics and access logs.

How to Fix 502 Errors - Tessianattachment image

Struggling with HTTP 502 “Bad Gateway” errors? A Tessian engineer explains why these errors happen and how to fix them with AWS ALB.

1

2024-11-28

2024-11-30

    keyboard_arrow_up