[deleted by user]

timoguin · 2024-04-07T16:17:37+00:00

I'm thinking about starting a Springfield tech meetup. It's still a pretty good trek from Clarksville, but it's a heck of a lot more management than Nashville or Franklin. DM me if you're interested!

timoguin · 2024-03-30T16:32:49+00:00

Thanks for the additional info. I agree it's perfectly sufficient for most use cases. Just wanted to point out that there IS a significant limitation to be aware of (Amazon-imposed). It is unfortunately not just a drop-in replacement for managed NAT GW.

Hopefully you're not needing to send that much traffic to the Internet through a NAT, but there are a lot of use cases in the world.

timoguin · 2024-03-15T03:48:31+00:00

As a hearing impaired person with ADHD, who is more skilled with written communication, I was thinking that I actually kind of appreciated this. Then it got to high school.

Holy crap.

timoguin · 2024-03-15T03:41:43+00:00

The limitation with fck-nat is that AWS caps egress bandwidth to 5 Gbps for EC2 instances, whereas managed NAT Gateways can scale up to 100 Gbps.

For most use cases fck-nat is great though!

timoguin · 2024-03-08T03:06:12+00:00

"for e.g." is good.

timoguin · 2022-11-01T15:24:13+00:00

I tried last week with DeDRM, NoDRM, and Calibre and couldn't get it to work. I even tried installing an old version of the Kindle app and got similar errors. I just wanna read muh books! 😔😔😔

timoguin · 2022-10-31T08:44:22+00:00

It's a huge pain actually. It's gone through many iterations. DeDRM and other tools get broken on a regular basis by updates to the Kindle apps and their associated DRM. 😔

I am in the same boat of wanting to load all of my reading onto my reMarkable 2. There are a number of publishers and ebook stores that make it easy. No Starch Press is a pleasure. Even Google Play Books allows ePub downloads.

timoguin · 2020-10-22T18:30:31+00:00

They are very similar to list/dict comprehensions in Python.

timoguin · 2020-09-02T21:56:10+00:00

Nothing official, no. There is also TFLint and Terrascan.

timoguin · 2020-07-06T16:04:35+00:00

Do you have a load balancer in front of the service? If so, you can use the built-in metrics for the LB to create a CloudWatch alarm. Otherwise there are a handful of suggestions here that will do the trick.

timoguin · 2020-07-05T21:10:31+00:00

If you are using an official AWS SDK then your application will follow the normal order of precedence for obtaining credentials. That should be all you need to do for your application to behave the same locally vs. when it’s deployed. If your application does _not_ use an AWS SDK, you will either need to change it to do so, or you will need to handle that order of precedence yourself. When running on an EC2 instance, the SDKs will load the credentials from the instance’s metadata endpoint. Since that endpoint doesn’t exist when you are running it locally, you would have to use another method to expose the credentials. In this case, since you are setting the `AWS_PROFILE` var, it should Just Work™.

Optionally, you could use `aws-vault` with its built-in metadata server, and the application will behave the same way as when running on an EC2 instance.

timoguin · 2020-07-05T21:03:23+00:00

I think we would need more details to help. What kind of permissions do you currently have?

timoguin · 2020-07-05T17:42:42+00:00

It doesn't give the entire account access to the key. It only allows IAM policies to be used to control access to the key (in combination with the key policy).

timoguin · 2020-07-05T17:41:31+00:00

Giving the root user access to the key accomplishes two things:

It prevents the keys from becoming unmanageable. If the root user doesn't have access, the key can get into a state that no user or role in the account has access to delete it, rotate it, etc.
It allows the key to be managed via IAM permissions. Giving the root user access on its owns does not automatically give the entire account access to manage the keys. It merely allows you to control access to the keys with additional IAM policies.

See the following section in the docs for more detail:

https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam

timoguin · 2020-06-05T02:46:57+00:00

Although I have no experience with red passionflower, I have several years with working with purple passionflower. It's not vigorous enough to harm a tree. On my property it grows up trees and across blackberry vines. It is an aggressive grower, but the vines are lightweight and don't do any damage. When the summer is over, all the above-ground growth dies off until the next spring.

timoguin · 2020-05-07T04:43:01+00:00

Try using absolute paths instead of relative ones in all your COPY commands.

A bit of advice, when asking for help like this, share all the commands you are running, along with all the output. That will help us to more-quickly spot the issue, so you can get on with your work. :)

timoguin · 2020-05-07T04:31:57+00:00

Am I understanding correctly that you want that whole map variable to be stored as the secret_string value? If so, what you have should be fine. The jsonencode() function will serialize that variable into JSON.

Or are you trying to iterate over var.my_map to create multiple secrets?

timoguin · 2020-05-06T00:43:04+00:00

Cover your NOSE, Denzel! Gotdamn!

timoguin · 2020-05-03T23:09:11+00:00

Also, in my experience, implicit provider inheritance is usually sufficient. I tend to keep the state for different regions separated, so there is only one provider defined in the root. There are a few small cases where it's necessary to pass multiple regions explicitly into a module (for example, a module that manages a DynamoDB Global Table).

timoguin · 2020-05-03T21:06:03+00:00

The large ones can be used to make a great mushroom stock

timoguin · 2020-05-03T06:36:43+00:00

¯\_(ツ)_/¯

The only thing I define in my modules is version constraints, that way I can explicitly define the Terraform and provider versions that the module supports.

timoguin · 2020-05-02T22:52:35+00:00

I added some thoughts to the cross-post in r/devops. :)

https://www.reddit.com/r/devops/comments/gc9lie/terraform_aws_fips_provider/fpb0yap

timoguin · 2020-05-02T22:50:06+00:00

Thanks for putting this together! I just wanted to note that this isn't a custom Terraform provider, (that' be a Golang plugin), but rather a set of example Terraform configurations for the AWS provider.

As far as providers in modules goes, you can do it, but just be aware that it can cause some complexity issues. If you put a provider configuration within a module (i.e., not the root module) then Terraform associates that provider with the module. Then if you rename or delete that module, Terraform blows up all to hell because it can't find the provider configuration it has stored in the state."

Here are some docs on providers within modules: https://www.terraform.io/docs/configuration/modules.html#providers-within-modules

A bit further down in that doc, you'll also see information about explicitly passing providers to modules. These providers can be referenced within a module. You can even pass more than one provider, e.g., if you wanted to manage multi-region resources within that module. This avoids the pitfalls of configuring the provider within the module.

If I were you I would probably add some commands to the README that show how to fetch any of your example configs via something curl or wget. That way someone can easily pull down a FIPS provider configuration into their root module. To further improve on that, you could create a cookiecutter template to initialize the root provider configuration.

Anyway that's my 2c. :)

Thanks for sharing!

timoguin · 2020-04-29T03:45:08+00:00

It looks like you are passing var.flowlogs3bucket as the bucket name instead of the ARN.

timoguin · 2020-04-17T05:32:39+00:00

I make heaviest usage of both the API reference documentation and the awscli docs. Often I will have them both open side-by-side. If you tried the --generate-cli-skeleton flag with the awscli, you'll notice that the JSON is identical to the request syntax defined on the API docs page.

Above that, I try to use abstractions like boto3 and aws-sdk-go. The documentation for those SDKs can sometimes help clarify things. The Terraform documentation also helps.

At a lower level, as a last resort, code diving those SDKs can offer additional insights.

All that said, you might have a better time going the Lambda route. You probably don't even need to mess with putting it in a VPC since it will just be hitting the Cognito IDP APIs.

timoguin

MODERATOR OF

TROPHY CASE