With AWS SSO in place, I started using aws-vault locally for #terraform and AWS CLI. I learned about this tool at work. No IAM access keys with inline IAM policies! SSO + assume role for administrator access! #security #win
permalink hyperbola :: lifestream
As of last night, all hyperbo.la AWS infrastructure is torn down. github.com/hyperbola/hyperbola/pull/111 #aws #terraform #devops #hypstatic
permalinkhyperbola is deployed to GitHub Pages now! Executed via DNS cutover with terraform. Now to destroy the old infrastructure in AWS. #github #hypstatic #aws #terraform #hypstatic
permalinkThe terraform config for this project is on 0.12 and I have no desire to update it to 0.13. #fail #terraform #automation #hypstatic
permalinkAdd in some manual #terraform state edits and deleting things in the #aws console and we're recovered #fail #win
permalinkUndeployable manifested as healthz returning 502 when adding a new instance to the ALB, marking it as unhealthy and timing out #terraform
permalinkI added code block and syntax highlighting to my new #blog. Planning on using it for an upcoming post about #terraform.
permalinkThat was easy! hyperbola running on t3s now. #aws #terraform #win
permalinkfor frklft.tires, I stopped using #terraform for managing the static content of the site. It now lives outside of my terraform code in a public directory, published explicitly with a make target #win
permalinkwelp that didn't last long. CloudFlare only queries a subset of NS records to check for liveness and has determined that I no longer use CloudFlare. Working on purging them from #terraform and registrar now #fail
permalinkEven more cost savings: dynamically provisioned bastion cloudformation stack #terraform #aws
permalink#terraform is now a package manager. Great. #fail. For some reason plugin downloads hang if the download gets an IPV6 edge node in their CDN.
permalinkthinking of removing dependency on #cloudflare. currently only used for hyperbo.la DNS. Email records are the scary part. #terraform makes this mostly easy
permalink4. problem: https is hard. solution: ACM + #terraform + ALB + CloudFront
permalinkmy #terraform life became much easier by using name_prefix instead of name. name and name_prefix parameters were never interpolated. Instead, use interpolation in tags. In practice this means config can change without rebuilding the world #win
permalinkI initially went with the unclustered variants of elasticache and rds. Once I wrapped my head around the topology, #redis cluster mode and #aurora were much easier to work with in #terraform
permalinkbuliding the #aws infra took about 30 commits, two #terraform destroys, and two terraform code rewrites. some fun bits in the following posts
permalinkConverted wiki from ELB to ALB this morning ... took a couple of hours. modified #terraform config and updated #ansible ... also converted from Let's Encrypt to ACM. github.com/hyperbola/hyperbola-tools/commit/23fb9a7 #win
permalinkMigrated terraform state from a private github repo to a private, encrypted S3 bucket. State infra is bulkheaded from main app and protected with prevent_destroy lifecycle #win #terraform #aws
permalinkbastion is now in an ASG with an automatically bound (with user data) elastic IP. Yay fault-tolerant infra! #win #aws #terraform
permalink