#random (2022-06)

Non-work banter and water cooler conversation

A place for non-work-related flimflam, faffing, hodge-podge or jibber-jabber you’d prefer to keep out of more focused work-related channels.

Archive: https://archive.sweetops.com/random/

2022-06-03

yegorski avatar
yegorski
Take Action With March For Our Livesattachment image

See actions you can take right now to help end gun violence.

1
1

2022-06-06

2022-06-08

azec avatar

Curious if anyone had chance to try GitLab’s JWT-based Web Identity Federation with AWS: https://docs.gitlab.com/ee/ci/cloud_services/aws/

Configure OpenID Connect in AWS to retrieve temporary credentials | GitLab

Documentation for GitLab Community Edition, GitLab Enterprise Edition, Omnibus GitLab, and GitLab Runner.

1
Tyrone Meijn avatar
Tyrone Meijn

Hey! I have, but just mainly for my personal projects.

Configure OpenID Connect in AWS to retrieve temporary credentials | GitLab

Documentation for GitLab Community Edition, GitLab Enterprise Edition, Omnibus GitLab, and GitLab Runner.

2022-06-09

Катерина Кучернюк avatar
Катерина Кучернюк

Hey folks) AWS User Group Ukraine is running a virtual AWS Tech Conference #StandWithUkraine! Join us to discuss Digital Transformation with AWS and meet peers from the global AWS community.

When? June 30 Where? Online

How to join?

  1. Register for free and get full access to the event.
  2. You can support freedom in Ukraine by buying a ticket of any type. All profit will go to Ukrainian charity funds.

Sign up here: https://bit.ly/3zsQkq5 It’s going to be AWSome!

2022-06-10

2022-06-15

Ryan avatar
Ryan Cartwright on LinkedIn: Terraform Cloud by Hashicorp was historically the first platform to | 14 commentsattachment image

Terraform Cloud by Hashicorp was historically the first platform to provide teams with tooling to manage their infrastructure at scale. Spacelift takes… 14 comments on LinkedIn

2022-06-16

Ralf Pieper avatar
Ralf Pieper

Altassian server end of support for JIRA&Confluence on February 15, 2024 is giving me a chance to switch to some other cloud offering, I am considering Atlassian Cloud and asana, however I would be interested in some testimonials from you.

RB avatar

Atlassian cloud is nice. I used to manage a self hosted jira and it was awful to maintain and keep updated.

Tomasz Krzyżanowski avatar
Tomasz Krzyżanowski

I’m using them both, and Asana makes the impression on being more efficient from user pov (ticket creation, subtickets creation, moving them around the board etc.) but lacks sometimes on very basic things like code snippet view - you don’t have simply support for code blocks/strings built in.

On the other hand Atlassian Cloud have everything you need + integrations, but I truly cry when I need to create bigger amount of tasks/subtasks at once for setting bazzilion of fields… And Conflu dont support Markdown…

TBH from my pov I would consider to stick with GitHub/GitLab projects with Docs, Issues, Pages, snippets and so on but this was for sure what you are asking about

So if you need to choose between Jira or Asana, I would take Asana if the Confluence-like tool is not necessary because UX in Asana efficency is what I truly loved from the day one, but if you need/want to use Confluence, then Atlassian Cloud will be more likely better choice

prgrmng avatar
prgrmng

For all of us here: I’m looking to gather salary information online to try to benchmark $newJob’s salaries as much as I can and build the argument for where to land them going forward. Does your company use any definitive salary benchmark sources that cost $$$? Which ones? Any that are open-source/free? Which ones? Any that you recommend for/against? Going to crowd source this in several places and happy to share my results.

Thanks!

2022-06-24

Ralf Pieper avatar
Ralf Pieper

I read about RFCs and am pondering the idea of writing one to get rid of the platform. I have used AWS, Azure and GCP, the user experience on all is better them with our home grown platform. However it is so entrenched that I feel I need help writing this document, in exchange you all can use it for your company as there might be similar issues.

Ralf Pieper avatar
Ralf Pieper

Right now the template is not filed in yet, I will be reading @Vlad Ionescu (he/him)’s post and others to find some good arguments to back my claim.

Are Platform Teams Dead?

Platform teams are everywhere it seems – so certainly not dead, but are they a good idea for most companies?

Josh B. avatar
Josh B.

I wonder if this could be replace AWS Client VPN, if any cost savings. https://nordlayer.com/cloud-vpn/

Cloud VPN Solutions for Business

Make sure your team can access business data quickly and safely on the cloud, no matter where they are. Our Cloud VPN works on Windows, MacOs, Android, iOS.

Michael Galey avatar
Michael Galey

hmm, would it have access to things like db subnets? You’d have to install a tunnel or something?

Cloud VPN Solutions for Business

Make sure your team can access business data quickly and safely on the cloud, no matter where they are. Our Cloud VPN works on Windows, MacOs, Android, iOS.

Josh B. avatar
Josh B.

Probably uses a site to site connection then can send traffic to other vpcs, subnets. Seems kind of neat the AWS VPN while it seems to work fine for us the mobile portion is lacking for our use case.

Michael Galey avatar
Michael Galey

yea i never got mobile to work, and user management was very weird when I set it up.

Josh B. avatar
Josh B.

Glad I am not the only one lol.

1
Allan Swanepoel avatar
Allan Swanepoel

most of the above uses openvpn, if you really need a management interface for openvpn - look at https://pritunl.com/

Enterprise VPN Server

Free open source enterprise distributed VPN server. Virtualize your private networks across datacenters and provide simple remote access in minutes.

Michael Galey avatar
Michael Galey

related, has anyone tried HCP Boundary? How does it compare to a vpn solution etc? https://www.hashicorp.com/blog/announcing-launch-and-free-public-beta-of-hcp-boundary

Allan Swanepoel avatar
Allan Swanepoel

Havent tried it, but https://goteleport.com/ seems to be a strong contender in the zero trust space

Teleport: Easiest, most secure way to access infrastructure | Teleportattachment image

The open-source Teleport Access Plane consolidates connectivity, authentication, authorization, and audit into a single platform to improve security & agility.

loren avatar

i’d also take a serious look at tailscale

2
Michael Galey avatar
Michael Galey

I use cloudflare tunnels a lot and I like that very much, I just haven’t tried to use it for things like a db connection.

2022-06-27

sheldonh avatar
sheldonh

Doing a little research as I familiarize myself with some new stuff at $work. I love this community and figured I’d start asking a few general questions to see if I’m seeing things similar to others.

Here it goes!

• What’s your number one annoyance about Hashicorp Vault?

• If you want to use something like Hashi Vault, but aren’t… why? What’s stopping you?

• Lastly, do you care more about CLI vaulting tools, or SDK/Provider driven usage? I’ll have more in the future but I want to hear some thoughts on this since I’ve never used Hashi Vault myself, being more versed in Terraform, and haven’t had to work around any limitations with it. Cheers! cc @Erik Osterman (Cloud Posse) would love your insight as well if you can spare 5 mins or so on it.

jsreed avatar

When I encountered it, it was overly complex and very “manual” to implement… it’s doable but burned a lot of cycles for my team. Now that AWS and Azure both have hosted services that provide the same value (assume gcp does as well) , I see very little value add to rolling your own vault deployment. Of course you will get the dreaded “but Vendor Lock In!!!”… very very very few companies are running multi cloud active/active deployments… high likelyhood you’re already on a specific cloud platform, use the hosted service, one less thing to manage, cheaper, and you can always export secrets if you need to change.

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yea, I agree with @jsreed’s points.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

TBH Vault almost never comes up in conversations and all our customers (on AWS) are using some combination of SSM Parameter Store+KMS, ASM, or SOPS

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We have one customer that chose to go with vault and they are planning to move off of it. They are not using it to it’s full potential and would be more than served by using ASM/SSM.

Eamon Keane avatar
Eamon Keane

yea vault is more trouble than it’s worth. Thinking of migrating to ASM + External Secrets Operator. Had a fun outage with vault where prometheus memory spiked and caused the EKS kubelet node to lose touch with the control plane. Basically as per this video hitler uses kubernetes.

The vault leader then maintained its dynamodb lock on the stranded node. Our vault injector webhook was configured for a failure policy of ignore. This led to pods not getting the vault init container injected and pods going into crashloopbackoff due to secret not being present.

The hosted vault is crazy expensive also (prob like $10k+/month for our 100 deployments)

2022-06-28

Rodrigo Rech avatar
Rodrigo Rech

Hey people! Does anyone still use chamber for managing App secrets? Currently, we are mounting AWS Secret Manager with ECS workloads, but honestly, I don’t like the current setup and I’m looking for something else. Chamber looks sweet, but it seems quite abandoned. Any thoughts?

Michael Galey avatar
Michael Galey

chamber is awesome, not abandoned, just feature complete afaik for what it set out to do.

RB avatar

We use chamber for secret insertion in SSM. We retrieve secrets from SSM using ECS’s native SSM retrieval via secrets[].name and secrets[].valueFrom

RB avatar

e.g.

{
  "containerDefinitions": [{
    "secrets": [{
      "name": "environment_variable_name",
      "valueFrom": "arn:aws:ssm:region:aws_account_id:parameter/parameter_name"
    }]
  }]
}
RB avatar
Specifying sensitive data using Systems Manager Parameter Store - Amazon Elastic Container Service

You can use Amazon ECS to inject sensitive data into your containers by storing your sensitive data in AWS Systems Manager Parameter Store parameters and then referencing them in your container definition.

Michael Galey avatar
Michael Galey

does the native one with a whole directory of vars at once? I use chamber inside of ecs atm as well to be able to do chamber exec dev1/app — rails s

RB avatar

Ah I don’t believe so. That’ s pretty cool.

Rodrigo Rech avatar
Rodrigo Rech


chamber is awesome, not abandoned, just feature complete afaik for what it set out to do.
Yes - A lack of activity could mean either lack of new ideas or abandonment. I asked to confirm if people are still using it. Thank you for the feedback!

RB avatar

Fwiw the last update was 5 days ago on the repo

https://github.com/segmentio/chamber

segmentio/chamber

CLI for managing secrets

Rodrigo Rech avatar
Rodrigo Rech

@RB we use containerDefinition secrets with AWS SecretManager, but currently, we add each secret manually using AWS Console.

Rodrigo Rech avatar
Rodrigo Rech


Fwiw the last update was 5 days ago on the repo
Yes, but nothing special being added or modified for some time.

RB avatar

What did you want added?

Rodrigo Rech avatar
Rodrigo Rech


does the native one with a whole directory of vars at once? I use chamber inside of ecs atm as well to be able to do chamber exec dev1/app — rails s
This is the approach I was looking for. Using as part of entrypoint and don’t manage at taskdefinition

RB avatar

The issue with reading all the secrets from a directory vs explicitly setting them in the task def is that you wouldn’t see a change when adding or subtracting a dependent env var which would make it more difficult to have repeatable builds

2
Rodrigo Rech avatar
Rodrigo Rech


What did you want added?
Nothing - I was just curious if people are still using it. I usually take a look at the last releases to check if people are still giving some love to the tool/repo. I saw some activity but wasn’t sure.

1
Rodrigo Rech avatar
Rodrigo Rech


The issue with reading all the secrets from a directory vs explicitly setting them in the task def is that you wouldn’t see a change when adding or subtracting a dependent env var which would make it more difficult to have repeatable builds.
I’m trying to balance the tradeoff between traceability and usability. By having it as an exec command you give a more consistent local vs AWS environment behavior. Making from local to prod path more consistent.

Rodrigo Rech avatar
Rodrigo Rech

using chamber to upload a secret it’s something that already adds value in my opinion. The second half (using the secrets) has multiple ways, and I like the options and flexibility that chamber deliver

2022-06-29

yegorski avatar
yegorski

Does anyone know if the unscripted conference is worth attending?

{unscripted} 2022 | Homeattachment image

{Unscripted} is a virtual conference for software engineers, DevOps practitioners, and technology leaders to learn and share stories of simplified software delivery at scale.

2022-06-30

Катерина Кучернюк avatar
Катерина Кучернюк

Hi everyone! There are 2 more speakers ahead.

You can still register in our amazing AWS Tech Conference and receive the recordings after event.

Register here and support freedom in Ukraine https://www.aws-user-group.com.ua/

AWS Tech Conferenceattachment image

Join AWS User Group Ukraine in a virtual AWS Tech Conference #StandWithUkraine on June, 30th! Let’s discuss with global AWS community Digital Transformation on AWS with speakers from AWS, AWS heroes and Ukrainian companies. It`s going to be AWSome!

    keyboard_arrow_up