hyperbo.la :: lifestream
permalink

With AWS SSO in place, I started using aws-vault locally for #terraform and AWS CLI. I learned about this tool at work. No IAM access keys with inline IAM policies! SSO + assume role for administrator access! #security #win

permalink

As of last night, all hyperbo.la AWS infrastructure is torn down. https://github.com/hyperbola/hyperbola/pull/111 #aws #terraform #devops #hypstatic

permalink

hyperbola is deployed to GitHub Pages now! Executed via DNS cutover with terraform. Now to destroy the old infrastructure in AWS. #github #hypstatic #aws #terraform #hypstatic

permalink

The terraform config for this project is on 0.12 and I have no desire to update it to 0.13. #fail #terraform #automation #hypstatic

permalink

Add in some manual #terraform state edits and deleting things in the #aws console and we're recovered #fail #win

permalink

Undeployable manifested as healthz returning 502 when adding a new instance to the ALB, marking it as unhealthy and timing out #terraform

permalink

I added code block and syntax highlighting to my new #blog. Planning on using it for an upcoming post about #terraform.

permalink

That was easy! hyperbola running on t3s now. #aws #terraform #win

permalink

for www.frklft.tires, I stopped using #terraform for managing the static content of the site. It now lives outside of my terraform code in a public directory, published explicitly with a make target #win

permalink

welp that didn't last long. CloudFlare only queries a subset of NS records to check for liveness and has determined that I no longer use CloudFlare. Working on purging them from #terraform and registrar now #fail

permalink

Even more cost savings: dynamically provisioned bastion cloudformation stack #terraform #aws

permalink

#terraform is now a package manager. Great. #fail. For some reason plugin downloads hang if the download gets an IPV6 edge node in their CDN.

permalink

thinking of removing dependency on #cloudflare. currently only used for hyperbo.la DNS. Email records are the scary part. #terraform makes this mostly easy

permalink

4. problem: https is hard. solution: ACM + #terraform + ALB + CloudFront

permalink

my #terraform life became much easier by using name_prefix instead of name. name and name_prefix parameters were never interpolated. Instead, use interpolation in tags. In practice this means config can change without rebuilding the world #win

permalink

I initially went with the unclustered variants of elasticache and rds. Once I wrapped my head around the topology, #redis cluster mode and #aurora were much easier to work with in #terraform

permalink

buliding the #aws infra took about 30 commits, two #terraform destroys, and two terraform code rewrites. some fun bits in the following posts

permalink

Converted wiki from ELB to ALB this morning ... took a couple of hours. modified #terraform config and updated #ansible ... also converted from Let's Encrypt to ACM. https://github.com/hyperbola/hyperbola-tools/commit/23fb9a7 #win

permalink

Migrated terraform state from a private github repo to a private, encrypted S3 bucket. State infra is bulkheaded from main app and protected with prevent_destroy lifecycle #win #terraform #aws

permalink

bastion is now in an ASG with an automatically bound (with user data) elastic IP. Yay fault-tolerant infra! #win #aws #terraform