with the lopopolo IAM user gone, the only ones left were the IAM users in the #artichoke and #hypstatic GitHub organizations used for terraform CI in the project-infrastructure repos. I used the new GitHub Actions OpenID Connect provider to wire up AWS identity federation following this guide – https://scalesec.com/blog/identity-federation-for-github-actions-on-aws/ #security #github #aws #win
I'm not sure how long ago this happened, but I got ownership of the @hyperbola handle on #github to match the npm namespace. Some js libs, old infrastructure for dynamic hyperbola, and #hypstatic live there now. I've added a 'project-infrastructure' repo like in Artichoke which does infra as code for the GitHub organization and #aws setup.
Since cutting hyperbo.la over to GitHub Pages and tearing down most of the AWS infra, monthly AWS costs have been about $1.25. The biggest two items have been ~$0.50 each for S3 and Route53. #aws #cost #hypstatic
As of last night, all hyperbo.la AWS infrastructure is torn down. https://github.com/hyperbola/hyperbola/pull/111 #aws #terraform #devops #hypstatic
hyperbola is deployed to GitHub Pages now! Executed via DNS cutover with terraform. Now to destroy the old infrastructure in AWS. #github #hypstatic #aws #terraform #hypstatic
The AWS infra that the current site runs on is $50 a month I do not need to spend. #aws #cost #hypstatic
looks like I didn't finalize the deploy in January so I had a few extra AMIs kicking around that I was needlessly paying for #aws #cost #fail #automation
I'm speaking at Monitorama on June 4-6. My talk is titled The AWS Billing Machine and Optimizing Cloud Costs. #conference #aws #cost
I'm speaking at DevOpsDays Seattle on April 23. My talk is titled The AWS Billing Machine and Optimizing Cloud Costs. #conference #aws #cost
Add in some manual #terraform state edits and deleting things in the #aws console and we're recovered #fail #win
Further #cost optimized my #AWS infra. Saved $3/month by turning off CloudWatch monitoring and making my ASG out of spot instances https://github.com/hyperbola/hyperbola/commit/ffa0e34 #win
That was easy! hyperbola running on t3s now. #aws #terraform #win
LOL that was only six years ago ... don't let your dreams stay dreams: https://hyperbo.la/lifestream/51/ #aws
Even more cost savings: dynamically provisioned bastion cloudformation stack #terraform #aws
buliding the #aws infra took about 30 commits, two #terraform destroys, and two terraform code rewrites. some fun bits in the following posts
Migrated terraform state from a private github repo to a private, encrypted S3 bucket. State infra is bulkheaded from main app and protected with prevent_destroy lifecycle #win #terraform #aws
Not sure if it is worth the effort to migrate hyperbola to #AWS. Maintenance burden is pretty low. Log in maybe once a month, run an apt upgrade, and do a fresh deploy. Takes less time than a packer/terraform cycle would. #maintenance
bastion is now in an ASG with an automatically bound (with user data) elastic IP. Yay fault-tolerant infra! #win #aws #terraform