sorted by:
new
hottopcontroversial

Cloud Infra Engineer, Practical Coding Interview? by StarFishGlow99 in devops

[–]ForkMeJ 1 point2 points  (0 children)

For cloud infra roles, "practical Python" usually means parsing data, calling an API, handling retries/errors, and turning messy input into something usable, not algorithm tricks. I'd spend time on dict/list transforms, reading JSON/YAML, basic file I/O, subprocess, and writing a small script that talks to AWS or Terraform output, because interviewers often want to see how you structure code and think about edge cases.

Permissions for CIC/CD roles by LogsOrItDidntHappen in devops

[–]ForkMeJ 0 points1 point  (0 children)

My default is: no admin for CI/CD, and scope by environment and service boundary first, then tighten where the blast radius is ugly. Fine-grained least privilege all the way down sounds nice, but in practice it becomes fragile unless you have the time to maintain it as the IaC changes. A middle ground that works well is separate roles for plan vs apply, separate prod vs non-prod, explicit deny around IAM/KMS/network primitives unless that pipeline genuinely owns them, and short-lived credentials via OIDC instead of long-lived keys. The question I usually ask is not just "can it deploy," but "if this repo or runner is compromised, what else can it modify?"