#random (2022-06)
Non-work banter and water cooler conversation
A place for non-work-related flimflam, faffing, hodge-podge or jibber-jabber you’d prefer to keep out of more focused work-related channels.
Archive: https://archive.sweetops.com/random/
2022-06-03
2022-06-06
2022-06-08
Curious if anyone had chance to try GitLab’s JWT-based Web Identity Federation with AWS: https://docs.gitlab.com/ee/ci/cloud_services/aws/
Hey! I have, but just mainly for my personal projects.
2022-06-09
Hey folks) AWS User Group Ukraine is running a virtual AWS Tech Conference #StandWithUkraine! Join us to discuss Digital Transformation with AWS and meet peers from the global AWS community.
When? June 30 Where? Online
How to join?
- Register for free and get full access to the event.
- You can support freedom in Ukraine by buying a ticket of any type. All profit will go to Ukrainian charity funds.
Sign up here: https://bit.ly/3zsQkq5 It’s going to be AWSome!
2022-06-10
2022-06-15
Anyone in need of boosting your IaC maturity?
2022-06-16
Altassian server end of support for JIRA&Confluence on February 15, 2024 is giving me a chance to switch to some other cloud offering, I am considering Atlassian Cloud and asana, however I would be interested in some testimonials from you.
Atlassian cloud is nice. I used to manage a self hosted jira and it was awful to maintain and keep updated.
I’m using them both, and Asana makes the impression on being more efficient from user pov (ticket creation, subtickets creation, moving them around the board etc.) but lacks sometimes on very basic things like code snippet view - you don’t have simply support for code blocks/strings built in.
On the other hand Atlassian Cloud have everything you need + integrations, but I truly cry when I need to create bigger amount of tasks/subtasks at once for setting bazzilion of fields… And Conflu dont support Markdown…
TBH from my pov I would consider to stick with GitHub/GitLab projects with Docs, Issues, Pages, snippets and so on but this was for sure what you are asking about
So if you need to choose between Jira or Asana, I would take Asana if the Confluence-like tool is not necessary because UX in Asana efficency is what I truly loved from the day one, but if you need/want to use Confluence, then Atlassian Cloud will be more likely better choice
For all of us here: I’m looking to gather salary information online to try to benchmark $newJob’s salaries as much as I can and build the argument for where to land them going forward. Does your company use any definitive salary benchmark sources that cost $$$? Which ones? Any that are open-source/free? Which ones? Any that you recommend for/against? Going to crowd source this in several places and happy to share my results.
Thanks!
2022-06-24
I read about RFCs and am pondering the idea of writing one to get rid of the platform. I have used AWS, Azure and GCP, the user experience on all is better them with our home grown platform. However it is so entrenched that I feel I need help writing this document, in exchange you all can use it for your company as there might be similar issues.
Right now the template is not filed in yet, I will be reading @Vlad Ionescu (he/him)’s post and others to find some good arguments to back my claim.
I wonder if this could be replace AWS Client VPN, if any cost savings. https://nordlayer.com/cloud-vpn/
hmm, would it have access to things like db subnets? You’d have to install a tunnel or something?
Probably uses a site to site connection then can send traffic to other vpcs, subnets. Seems kind of neat the AWS VPN while it seems to work fine for us the mobile portion is lacking for our use case.
yea i never got mobile to work, and user management was very weird when I set it up.
most of the above uses openvpn, if you really need a management interface for openvpn - look at https://pritunl.com/
related, has anyone tried HCP Boundary? How does it compare to a vpn solution etc? https://www.hashicorp.com/blog/announcing-launch-and-free-public-beta-of-hcp-boundary
Havent tried it, but https://goteleport.com/ seems to be a strong contender in the zero trust space
I use cloudflare tunnels a lot and I like that very much, I just haven’t tried to use it for things like a db connection.
2022-06-27
Doing a little research as I familiarize myself with some new stuff at $work. I love this community and figured I’d start asking a few general questions to see if I’m seeing things similar to others.
Here it goes!
• What’s your number one annoyance about Hashicorp Vault?
• If you want to use something like Hashi Vault, but aren’t… why? What’s stopping you?
• Lastly, do you care more about CLI vaulting tools, or SDK/Provider driven usage? I’ll have more in the future but I want to hear some thoughts on this since I’ve never used Hashi Vault myself, being more versed in Terraform, and haven’t had to work around any limitations with it. Cheers! cc @Erik Osterman (Cloud Posse) would love your insight as well if you can spare 5 mins or so on it.
When I encountered it, it was overly complex and very “manual” to implement… it’s doable but burned a lot of cycles for my team. Now that AWS and Azure both have hosted services that provide the same value (assume gcp does as well) , I see very little value add to rolling your own vault deployment. Of course you will get the dreaded “but Vendor Lock In!!!”… very very very few companies are running multi cloud active/active deployments… high likelyhood you’re already on a specific cloud platform, use the hosted service, one less thing to manage, cheaper, and you can always export secrets if you need to change.
Yea, I agree with @jsreed’s points.
TBH Vault almost never comes up in conversations and all our customers (on AWS) are using some combination of SSM Parameter Store+KMS, ASM, or SOPS
We have one customer that chose to go with vault and they are planning to move off of it. They are not using it to it’s full potential and would be more than served by using ASM/SSM.
yea vault is more trouble than it’s worth. Thinking of migrating to ASM + External Secrets Operator. Had a fun outage with vault where prometheus memory spiked and caused the EKS kubelet node to lose touch with the control plane. Basically as per this video hitler uses kubernetes.
The vault leader then maintained its dynamodb lock on the stranded node. Our vault injector webhook was configured for a failure policy of ignore. This led to pods not getting the vault init container injected and pods going into crashloopbackoff due to secret not being present.
The hosted vault is crazy expensive also (prob like $10k+/month for our 100 deployments)
2022-06-28
Hey people! Does anyone still use chamber for managing App secrets? Currently, we are mounting AWS Secret Manager with ECS workloads, but honestly, I don’t like the current setup and I’m looking for something else. Chamber looks sweet, but it seems quite abandoned. Any thoughts?
chamber is awesome, not abandoned, just feature complete afaik for what it set out to do.
We use chamber for secret insertion in SSM. We retrieve secrets from SSM using ECS’s native SSM retrieval via secrets[].name and secrets[].valueFrom
e.g.
{
"containerDefinitions": [{
"secrets": [{
"name": "environment_variable_name",
"valueFrom": "arn:aws:ssm:region:aws_account_id:parameter/parameter_name"
}]
}]
}
does the native one with a whole directory of vars at once? I use chamber inside of ecs atm as well to be able to do chamber exec dev1/app — rails s
Ah I don’t believe so. That’ s pretty cool.
chamber is awesome, not abandoned, just feature complete afaik for what it set out to do.
Yes - A lack of activity could mean either lack of new ideas or abandonment. I asked to confirm if people are still using it. Thank you for the feedback!
Fwiw the last update was 5 days ago on the repo
@RB we use containerDefinition secrets with AWS SecretManager, but currently, we add each secret manually using AWS Console.
Fwiw the last update was 5 days ago on the repo
Yes, but nothing special being added or modified for some time.
What did you want added?
does the native one with a whole directory of vars at once? I use chamber inside of ecs atm as well to be able to do chamber exec dev1/app — rails s
This is the approach I was looking for. Using as part of entrypoint and don’t manage at taskdefinition
The issue with reading all the secrets from a directory vs explicitly setting them in the task def is that you wouldn’t see a change when adding or subtracting a dependent env var which would make it more difficult to have repeatable builds
What did you want added?
Nothing - I was just curious if people are still using it. I usually take a look at the last releases to check if people are still giving some love to the tool/repo. I saw some activity but wasn’t sure.
The issue with reading all the secrets from a directory vs explicitly setting them in the task def is that you wouldn’t see a change when adding or subtracting a dependent env var which would make it more difficult to have repeatable builds.
I’m trying to balance the tradeoff between traceability and usability. By having it as an exec command you give a more consistent local vs AWS environment behavior. Making from local to prod path more consistent.
using chamber to upload a secret it’s something that already adds value in my opinion. The second half (using the secrets) has multiple ways, and I like the options and flexibility that chamber deliver
2022-06-29
Does anyone know if the unscripted conference is worth attending?
2022-06-30
Hi everyone! There are 2 more speakers ahead.
You can still register in our amazing AWS Tech Conference and receive the recordings after event.
Register here and support freedom in Ukraine https://www.aws-user-group.com.ua/
