with the lopopolo IAM user gone, the only ones left were the IAM users in the #artichoke and #hypstatic GitHub organizations used for terraform CI in the project-infrastructure repos. I used the new GitHub Actions OpenID Connect provider to wire up AWS identity federation following this guide – https://scalesec.com/blog/identity-federation-for-github-actions-on-aws/ #security #github #aws #win

In #aws things, I migrated both hyperbola and #artichoke infra to separate AWS organizations and set them up with AWS Control Tower's account vending machine. Audit logs! AWS Config! SCPs! AWS Cost and Usage Reports! AWS SSO! #win #security #cost

I'm not sure how long ago this happened, but I got ownership of the @hyperbola handle on #github to match the npm namespace. Some js libs, old infrastructure for dynamic hyperbola, and #hypstatic live there now. I've added a 'project-infrastructure' repo like in Artichoke which does infra as code for the GitHub organization and #aws setup.

Since cutting hyperbo.la over to GitHub Pages and tearing down most of the AWS infra, monthly AWS costs have been about $1.25. The biggest two items have been ~$0.50 each for S3 and Route53. #aws #cost #hypstatic

As of last night, all hyperbo.la AWS infrastructure is torn down. https://github.com/hyperbola/hyperbola/pull/111 #aws #terraform #devops #hypstatic

hyperbola is deployed to GitHub Pages now! Executed via DNS cutover with terraform. Now to destroy the old infrastructure in AWS. #github #hypstatic #aws #terraform #hypstatic

The AWS infra that the current site runs on is $50 a month I do not need to spend. #aws #cost #hypstatic

for the past 2ish months I've been slowly working on porting hyperbola to a static site with the ultimate goal of winding down an #aws account

hyperbola was down for 26 hours because the CA cert bundle on its backing RDS instance was not rotated before the 2015 bundle expired #fail #outage #aws

Despite all I talk about #aws #ec2, I cannot for the life of me type isntances correctly #fail

looks like I didn't finalize the deploy in January so I had a few extra AMIs kicking around that I was needlessly paying for #aws #cost #fail #automation

The true motivation for getting me to mess with hyperbola today was an instance retirement notification from AWS. I had to muck with poetry to cycle my ASG #fail #aws

I'm speaking at Monitorama on June 4-6. My talk is titled The AWS Billing Machine and Optimizing Cloud Costs. #conference #aws #cost

I'm speaking at DevOpsDays Seattle on April 23. My talk is titled The AWS Billing Machine and Optimizing Cloud Costs. #conference #aws #cost

The most expensive part of hyperbola's #aws infrastructure is the SSM PrivateLink endpoint in 3 AZs #fail #cost

Add in some manual #terraform state edits and deleting things in the #aws console and we're recovered #fail #win

Further #cost optimized my #AWS infra. Saved $3/month by turning off CloudWatch monitoring and making my ASG out of spot instances https://github.com/hyperbola/hyperbola/commit/ffa0e34 #win

#AWS suggested for us to use a snowball to ship our data to a new region. This is an amazing product, but yea no

That was easy! hyperbola running on t3s now. #aws #terraform #win

Saved me $17 a month. My primary #AWS #cost is now my ALB. I'd replace it with an nginx if not for ACM making certs so easy

Sometimes using the #AWS cost and usage reports is just not fun, mostly due to the myriad of columns being undocumented. #fail

That was easy. Enabled #AWS Time Sync by adding one ansible role, reading some docs, and redeploying. #win

Shaved another $35 (40%) off my #AWS bill by disabling the NAT on my app subnets. Yay immutable infrastructure and VPC endpoints #win

The v0.116.0 deploy was done using a spot instance with packer. A bigger instance for half the price #aws

LOL that was only six years ago ... don't let your dreams stay dreams: https://hyperbo.la/lifestream/51/ #aws

Even more cost savings: dynamically provisioned bastion cloudformation stack #terraform #aws

More cost savings. RAM footprint of a hyperbola backend is 143MB. Switch from t2.micro to t2.nano #aws #win

Switch from 3 to 2 backend machines. 1 is enough to handle the load I get, so use the bare minimum for redundancy #aws

Removed dependency on redis by switching to a django-provided database-as-cache adapter. My redis cluster was used only for admin sessions and caching a sidebar on the lifestream page. Unnecessary overhead #aws

Switched DB instance type from db.t2.small to db.t2.micro. From running my linode I know that MySQL never used more than ~400MB of RAM so I knew this was safe. My database is tiny #aws

Switched from Aurora to a multi-az RDS instance. I don't need the complex topologies that aurora allows and it forced me to use an overprovisioned instance type #aws

Now that I've shown I can go all out with the most expensive #AWS components, today I exercised my cost efficiency and right sizing muscles. I cut my AWS bill in half with the following steps:

3 AZs I feel so alive #aws

DNS is flipped and propagated! Live in #aws! #win

buliding the #aws infra took about 30 commits, two #terraform destroys, and two terraform code rewrites. some fun bits in the following posts

And with post 506, I can now say that hyperbola is hosted on #aws #win

this is why #AWS

Migrated terraform state from a private github repo to a private, encrypted S3 bucket. State infra is bulkheaded from main app and protected with prevent_destroy lifecycle #win #terraform #aws

Moving the wiki to #AWS was a different beast. Everything is self-contained in the AMI.

Not sure if it is worth the effort to migrate hyperbola to #AWS. Maintenance burden is pretty low. Log in maybe once a month, run an apt upgrade, and do a fresh deploy. Takes less time than a packer/terraform cycle would. #maintenance

I would not be surprised if #AWS VPC networks were all running some franken overlay protocol

bastion is now in an ASG with an automatically bound (with user data) elastic IP. Yay fault-tolerant infra! #win #aws #terraform

Switched to building an ami with packer. Now an ASG roll takes 2 minutes #win #aws

Provisioned a VPC, subnets in 3 AZs, and a bastion host #aws

Created an #aws account tonight

Did my first #aws prod deploy today #win

reifying #aws infrastructure with terraform is pretty cool. power is scary though. yay for sandboxes!