Cloud Posse DevOps "Office Hours" (2022-07-20)
07/20/22 • 56 min
Cloud Posse holds public "Office Hours" every Wednesday at 11:30am PST to answer questions on all things related to DevOps, Terraform, Kubernetes, CICD. Basically, it's like an interactive "Lunch & Learn" session where we get together for about an hour and talk shop. These are totally free and just an opportunity to ask us (or our community of experts) any questions you may have.
You can register here: https://cloudposse.com/office-hours
Join the conversation:
https://slack.cloudposse.com/
Find out how we can help your company:
https://cloudposse.com/quiz
https://cloudposse.com/accelerate/
Learn more about Cloud Posse:
https://cloudposse.com
https://github.com/cloudposse
https://sweetops.com/
https://newsletter.cloudposse.com
https://podcast.cloudposse.com/
[00:00:00] Intro
[00:01:34] AWS VPC Flow Logs adds Transit Gateway Support
https://aws.amazon.com/about-aws/whats-new/2022/07/amazon-vpc-flow-logs-transit-gateway-improved-visibility-monitoring/
[00:03:17] Log Anomaly Detection and Recommendations for Amazon DevOps Guru
https://aws.amazon.com/about-aws/whats-new/2022/07/amazon-devops-guru-log-anomaly-detection-recommendations/
[00:04:08] AWS SSO adds IAM support for customer managed policies (CMPs)
https://aws.amazon.com/about-aws/whats-new/2022/07/aws-single-sign-on-aws-sso-aws-identity-access-management-iam-customer-managed-policies-cmps/
[00:06:33] Speaking of AWS SSO — how folks are finding their implementations of AWS SSO w/ SAML vs IAM SAML. I’ve worked with AWS SSO but it was before it had Terraform support and even now that it does have Terraform support, it seems limited. I’d like to hear about any pitfalls, what can and can’t be automated today, and what to watch out for. @Matt Gowie
[00:27:58] Anyone uses Crossplane? @Sherif
[00:55:20] Outro
#officehours,#cloudposse,#sweetops,#devops,#sre,#terraform,#kubernetes,#aws
Cloud Posse holds public "Office Hours" every Wednesday at 11:30am PST to answer questions on all things related to DevOps, Terraform, Kubernetes, CICD. Basically, it's like an interactive "Lunch & Learn" session where we get together for about an hour and talk shop. These are totally free and just an opportunity to ask us (or our community of experts) any questions you may have.
You can register here: https://cloudposse.com/office-hours
Join the conversation:
https://slack.cloudposse.com/
Find out how we can help your company:
https://cloudposse.com/quiz
https://cloudposse.com/accelerate/
Learn more about Cloud Posse:
https://cloudposse.com
https://github.com/cloudposse
https://sweetops.com/
https://newsletter.cloudposse.com
https://podcast.cloudposse.com/
[00:00:00] Intro
[00:01:34] AWS VPC Flow Logs adds Transit Gateway Support
https://aws.amazon.com/about-aws/whats-new/2022/07/amazon-vpc-flow-logs-transit-gateway-improved-visibility-monitoring/
[00:03:17] Log Anomaly Detection and Recommendations for Amazon DevOps Guru
https://aws.amazon.com/about-aws/whats-new/2022/07/amazon-devops-guru-log-anomaly-detection-recommendations/
[00:04:08] AWS SSO adds IAM support for customer managed policies (CMPs)
https://aws.amazon.com/about-aws/whats-new/2022/07/aws-single-sign-on-aws-sso-aws-identity-access-management-iam-customer-managed-policies-cmps/
[00:06:33] Speaking of AWS SSO — how folks are finding their implementations of AWS SSO w/ SAML vs IAM SAML. I’ve worked with AWS SSO but it was before it had Terraform support and even now that it does have Terraform support, it seems limited. I’d like to hear about any pitfalls, what can and can’t be automated today, and what to watch out for. @Matt Gowie
[00:27:58] Anyone uses Crossplane? @Sherif
[00:55:20] Outro
#officehours,#cloudposse,#sweetops,#devops,#sre,#terraform,#kubernetes,#aws
Previous Episode
Cloud Posse DevOps "Office Hours" (2022-07-13)
Find out how we can help your company:
https://cloudposse.com/quiz
Cloud Posse holds public "Office Hours" every Wednesday at 11:30am PST to answer questions on all things related to DevOps, Terraform, Kubernetes, CICD. Basically, it's like an interactive "Lunch & Learn" session where we get together for about an hour and talk shop. These are totally free and just an opportunity to ask us (or our community of experts) any questions you may have.
You can register here: https://cloudposse.com/office-hours
Join the conversation:
https://slack.cloudposse.com/
Learn more about Cloud Posse:
https://cloudposse.com
https://cloudposse.com/accelerate/
https://github.com/cloudposse
https://sweetops.com/
https://newsletter.cloudposse.com
https://podcast.cloudposse.com/
[00:00:00] Intro
[00:01:09] Amazon GuardDuty introduces M/L capabilities to detect malicious S3 access
https://aws.amazon.com/about-aws/whats-new/2022/07/amazon-guardduty-machine-learning-detect-malicious-access-data-s3/
[00:01:29] Pluralith Automate Terraform Documentation with Visualizations
https://github.com/Pluralith/pluralith-cli
[00:04:37] Free Public Beta of HCP Boundary
https://www.hashicorp.com/blog/announcing-launch-and-free-public-beta-of-hcp-boundary
[00:06:08] AWS CloudFormation StackSets announces support for account level targeting in an Organizational Unit
https://aws.amazon.com/about-aws/whats-new/2022/07/aws-cloudformation-stacksets-support-account-level-targeting-organizational-unit/
[00:07:31] Announcing the general availability of AWS Cloud WAN
https://aws.amazon.com/about-aws/whats-new/2022/07/general-availability-aws-cloud-wan/
[00:08:50] v2 release of Cloud Posse’s Terraform AWS security group module
https://github.com/cloudposse/terraform-aws-security-group/releases/tag/2.0.0-rc1
[00:14:02] What are some options for exposing an internal Aurora Serverless PostgreSQL DB to an external application that requires the data to be up-to-date?
[00:20:31] What if any alternatives to Docker Desktop are people using on Mac computers with Apple M1 chips ( darwin/arm64 )
[00:26:30] Any suggestions for convincing the team to avoid monolith TF folders with all the resource blocks in a single folder of TF files?
[00:35:13] I hate Helm charts now :’D
[00:47:33] Anyone worked with Terraspace? It’s so nice to work with and it solves the monolith problem
[00:50:48] Has anyone used Pulumi?
[00:58:58] Outro
#officehours,#cloudposse,#sweetops,#devops,#sre,#terraform,#kubernetes,#aws
Next Episode
Cloud Posse DevOps "Office Hours" (2022-07-27)
Cloud Posse holds public "Office Hours" every Wednesday at 11:30am PST to answer questions on all things related to DevOps, Terraform, Kubernetes, CICD. Basically, it's like an interactive "Lunch & Learn" session where we get together for about an hour and talk shop. These are totally free and just an opportunity to ask us (or our community of experts) any questions you may have.
You can register here: https://cloudposse.com/office-hours
Join the conversation:
https://slack.cloudposse.com/
Find out how we can help your company:
https://cloudposse.com/quiz
https://cloudposse.com/accelerate/
Learn more about Cloud Posse:
https://cloudposse.com
https://github.com/cloudposse
https://sweetops.com/
https://newsletter.cloudposse.com
https://podcast.cloudposse.com/
[00:00:00] Intro
[00:01:51] AWS SSO name changed to AWS IAM Identity Center
https://aws.amazon.com/about-aws/whats-new/2022/07/aws-single-sign-on-aws-sso-now-aws-iam-identity-center/
[00:06:27] You can now update the account contact information via SDK/CLI
https://aws.amazon.com/about-aws/whats-new/2022/07/programmatically-manage-primary-contact-information-aws-accounts/
[00:09:30] Yet Another Terraform Registry (terralist)
https://github.com/valentindeaconu/terralist
[00:15:21] Four Great Alternatives to HashiCorp’s Terraform Cloud
https://medium.com/@elliotgraebert/four-great-alternatives-to-hashicorps-terraform-cloud-6e0a3a0a5482
[00:20:16] Anyone here have a preferred helm chart they would recommend for deploying prometheus + grafana?
[00:26:31] Has anyone used Cloudflare’s Tunnel + Access products?
[00:34:04] I'm working on pulling out my K8s workload deploys to a non-TF-based solution. What solutions are you using?
[00:44:40] Control Tower and whether it could be fully Terraformed. IIRC CloudPosse don't use Control Tower because it can't. What do you do instead?
[00:52:38] Question: https://github.com/awslabs/ssosync. Has anybody used that?
[00:55:18] Outro
#officehours,#cloudposse,#sweetops,#devops,#sre,#terraform,#kubernetes,#aws
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/cloud-posse-devops-office-hours-podcast-157103/cloud-posse-devops-office-hours-2022-07-20-22332617"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to cloud posse devops "office hours" (2022-07-20) on goodpods" style="width: 225px" /> </a>
Copy