/tags/terraform/ Recent content in Terraform on zoph.me https://zoph.me/posts/resources/images/code-social.png https://zoph.me/posts/resources/images/code-social.png Hugo -- 0.148.2 en-us Sun, 29 Mar 2020 13:37:00 +0200 /posts/2020-03-08-github-actions/ Sun, 29 Mar 2020 13:37:00 +0200 /posts/2020-03-08-github-actions/ <p><img alt="GitHub Actions" loading="lazy" src="/posts/resources/images/posts/github-actions/github.jpg"></p> <p>Hi Folks,</p> <p>Lately, I was experimenting with GitHub Actions (GHA), as it has been a buzzword since General Availability (GA), but I didn&rsquo;t take the time to try it before. I&rsquo;ve done it for you folks. 🙌</p> <h1 id="context">Context</h1> <p>GHA was released on GA in November 2019, the main features are:</p> <ol> <li>Automate development workflows (CI/CD): <code>build</code>, <code>test</code>, <code>deploy</code></li> <li>Hosted runners / self-hosted runners</li> <li>Automate the management of your GH Community: PR, Code Reviews, or Issue Tracking</li> <li>Built-in secrets store</li> </ol> <p><img alt="Build" loading="lazy" src="/posts/resources/images/posts/github-actions/build.png"></p> /posts/2019-09-22-serverless-jobs-scheduling-using-aws-fargate/ Sun, 22 Sep 2019 13:37:00 +0200 /posts/2019-09-22-serverless-jobs-scheduling-using-aws-fargate/ <p>I was wondering if I could schedule simple bash scripts using <a href="https://aws.amazon.com/fargate/">AWS Fargate</a> for some trivial batch operations.</p> <p>To be completely honest, it is also an excuse to learn more about AWS Fargate, and to convert a legacy bash script based on EC2 Spot instances to a container world.</p> <p>In this post, we will see how to schedule a bash script job once a day. To do so, we will deploy the corresponding AWS infrastructure (even if it&rsquo;s serverless, yes :wink:) using <a href="https://www.terraform.io/">Terraform</a>.</p> /posts/2018-10-05-secret-management/ Fri, 05 Oct 2018 22:31:32 +0200 /posts/2018-10-05-secret-management/ <p>In this quick article, I&rsquo;ll show you how I use <a href="https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-paramstore.html">AWS SSM Parameter Store</a> as glue between Terraform and Ansible.</p> <h3 id="use-case">Use Case</h3> <p>For a personal project, I needed to pass some parameters (key/value) and secrets (encrypted) from my IaC Terraform to Ansible.</p> <h3 id="aws-ssm-ps">AWS SSM PS?</h3> <p>AWS SSM Parameter Store is a secure key-value store, a native EC2 functionality.</p> <p>From AWS <a href="https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-paramstore.html">Documentation</a>:</p> <p>Parameter Store offers the following benefits and features:</p> <ul> <li>Use a secure, scalable, hosted secrets management service (No servers to manage).</li> <li>Improve your security posture by separating your data from your code.</li> <li>Store configuration data and secure strings in hierarchies and track versions.</li> <li>Control and audit access at granular levels.</li> <li>Configure change notifications and trigger automated actions.</li> <li>Tag parameters individually, and then secure access from different levels, including operational, parameter, EC2 tag, or path levels.</li> <li>Reference AWS Secrets Manager secrets by using Parameter Store parameters.</li> <li>Use Parameter Store parameters with other Systems Manager capabilities and AWS services to retrieve secrets and configuration data from a central store. The following AWS services support Parameter Store parameters: Amazon EC2, Amazon Elastic Container Service, AWS Lambda, AWS CloudFormation, AWS CodeBuild, and AWS CodeDeploy.</li> <li>Configure integration with AWS KMS, Amazon SNS, Amazon CloudWatch, and AWS CloudTrail for encryption, notification, monitoring, and audit capabilities.</li> </ul> <h3 id="terraform">Terraform</h3> <p>Set SSM secrets the right way:</p>