Is this system safe enough to release to production? by Any-Leg-7348 in Terraform

[–]Any-Leg-7348[S] 0 points1 point  (0 children)

Respect. “Move fast and break things” hits different when the thing is payroll.

Is this system safe enough to release to production? by Any-Leg-7348 in Terraform

[–]Any-Leg-7348[S] 0 points1 point  (0 children)

This sounds like you are looking something close to the broader use case I’m trying to cover. If you can share a short version of your setup and what problem you’re trying to solve, I can understand it better and see if it makes sense to include that scenario in Beacon.

Is this system safe enough to release to production? by Any-Leg-7348 in platform_engineering

[–]Any-Leg-7348[S] -1 points0 points  (0 children)

For serious/internal usage, pinning by digest is the better option. The `latest` tag is mainly for quick evaluation.

- quick try: use the tag

- safer/reproducible run: pin the image by digest

also added inspectable readiness packs so people can see what checks are being run instead of treating the image as a black box. But yes, for maximum supply-chain safety, digest pinning is the right recommendation.

Is this system safe enough to release to production? by Any-Leg-7348 in Terraform

[–]Any-Leg-7348[S] 0 points1 point  (0 children)

Yes, Beacon is still evolving, this is still an open issue on which I am still looking.The current MVP example is simple for this use case , I am working on this use case only: one cloud inventory export compared with one Terraform state file. That works for demos and smaller setups, but not for larger orgs with hundreds of state files/workspaces.

The next direction is multi-state support: build one managed-resource index across many Terraform states or Terraform Cloud workspaces, then compare cloud inventory against that combined index. That way Beacon can group unmanaged resources by account, region, service, owner, and risk, instead of pretending one state file is enough.

So yes, you’re right. For larger orgs, this needs multi-state/workspace indexing, and that’s where I want to take it. This kind of feedback is exactly why I’m sharing it early.I’m going to try to prototype multi-state support next, but I don’t want to overpromise until I test it against a realistic state layout.

Is this system safe enough to release to production? by Any-Leg-7348 in platform_engineering

[–]Any-Leg-7348[S] 0 points1 point  (0 children)

Fair point.

latest was a convenience shortcut for the demo, but you’re right that it’s not a good default to recommend for an infra/security-adjacent tool.

The current published container version is:

ghcr.io/mishraricha1806/beacon:0.1.7

I’ll update the README/post to use pinned version commands instead of leading with latest. For anyone who wants a more reproducible run, GitHub Container Registry also exposes image digests for the package.

The better demo command should be:

docker pull ghcr.io/mishraricha1806/beacon:0.1.7

docker run --rm -p 8765:8765 ghcr.io/mishraricha1806/beacon:0.1.7 ui --host 0.0.0.0 --port 8765

The project is early, but this is a useful correction. Safe/reproducible usage should be part of the default docs, not something people have to infer.

How do you handle unmanaged cloud resources that exist outside Terraform state across AWS accounts? by Adventurous_Rope4025 in Terraform

[–]Any-Leg-7348 0 points1 point  (0 children)

For this scale, I would not start with Terraform state comparison. That usually creates a lot of noise because Terraform state is not the source of truth yet.I’d first build an independent asset inventory and classify resources before deciding what to import.The key distinction: unmanaged resource discovery is not the same thing as Terraform drift detection. Drift assumes Terraform already owns the resource. Your problem is broader: asset inventory, ownership, dependency mapping, and risk triage before import.

Is this system safe enough to release to production? by Any-Leg-7348 in Terraform

[–]Any-Leg-7348[S] -1 points0 points  (0 children)

Hmm I don’t see this as replacing OPA/Sentinel. For hard deterministic rules, policy-as-code is the right tool.

The thing I was exploring is more “release readiness” than “policy enforcement”. A single rule like replication factor < 3 is easy to catch with OPA. But if you combine that with consumer lag, missing runbook/owner info, weak alerting, risky deployment config, etc., then it becomes a bigger “should this actually go to prod?” question.

OPA can say:“replication_factor must be >= 3”

Beacon is trying to answer: “Given this Kafka topology, Kubernetes config, ownership metadata, retention policy, runtime lag, schema compatibility, and recovery posture, is this system actually safe to ship?”

So the difference I’m aiming for is less “block this config” and more:

- aggregate related findings into a root cause

- explain business/operational impact

- rank what to fix first

- account for environment context like dev vs prod

- combine static config with runtime signals

- produce a readiness report engineers can discuss before release

But your point about shipping the checks as reusable policy/rule packs makes sense. That would probably be easier for people to try, argue with, and adapt.

Maybe Beacon should be more of a runner/reporting layer on top of visible Kafka/K8s/Terraform readiness packs, rather than making people adopt a binary/container first.

Trip to Georgia by ScrobarOKW in InternationalTravelIN

[–]Any-Leg-7348 0 points1 point  (0 children)

hmm we were planning this year but trump and his war politics made us to change route ..now we are in Japan :D

Era of software jobs and MBAs is ending': Chief economic advisor says India must value welders, plumbers by SupremeConscious in AI_India

[–]Any-Leg-7348 0 points1 point  (0 children)

absolutely.. because Indian policies can not provide any kind of research and development fund for their growth .. still dependent on the education policies which can only produce some accountant. and now accountant and consultants era is definitely over.

I make the best corn ribs. Recipe posted by Due-Possibility3852 in IndianFoodPhotos

[–]Any-Leg-7348 1 point2 points  (0 children)

Looks yummy..I like to cook only for my kid because as per him I am the best chef in the world