The new AI frontier
It has been a while since I last posted in 2022. A lot has changed since then: the pandemic reshaped how we work, software and infrastructure practices continue to evolve, and AI has become one of the most significant technology shifts I have ever seen. I have always loved learning, and AI has accelerated that process in a meaningful way. It makes it easier to ask focused questions, understand unfamiliar systems, debug problems, and create documentation that reflects what was actually built…
$ read more →Using terrascan to detect compliance and security violations
Over the past several years I've read numerous horror stories about cloud deployments gone wrong. S3 buckets with PCI data left open to the raw Internet, EC2 instance profiles that weren't scoped properly, misconfigured NSGs, etc. It takes a LOT of time to truly understand all the ins and outs of running workloads in the cloud, and making sure you get it "right". This is one reason I'm always on the lookout for tools that can add additional guard rails to the infrastructure provisioning process…
$ read more →Understanding cloud spend in your Terraform workflows
Having worked in the "cloud" for several years, one thing that I'm super conscious about is our cloud bill. There are tons of subtleties associated with billing, such as AZ-to-AZ traffic costs or how VPC endpoints can reduce egress charges. If you utilize Terraform for infrastructure provisioning, you may want to look at infracost. Infracost can help you understand cloud spend for a green field deployment, or what it will cost to expand your existing infrastructure…
$ read more →Using tfswitch to manage Terraform versions
The growth of the Terraform community is absolutely astounding. New providers are constantly popping up, providers are being upgraded at a feverish pace, and amazing new features are constantly being added. With all of this change, deprecations and breaking changes periodically surface. One way to protect yourself from breaking changes is to pin providers and modules to specific versions…
$ read more →Using the Kubernetes can-i subcommand to debug authentication issues
When I was first getting started with Kubernetes, RBAC was one of the topics that took me the longest to grok. Not because the resources (Roles, ClusterRoles, etc) are hard to interpret, but learning how to scope your Roles to minimize access takes some practice. That and a lot of reading to understand the various API groups and what they contain. In a previous post I mentioned access-matrix, which is an incredible tool for visualizing the RBAC permissions an entity (User, SA, Group, etc.) has…
$ read more →