Last Updated:

Tidy Cloud AWS issue #26 - HashiConf and AWS DevOps Blog 

Hello all!

Welcome to the next issue of the Tidy Cloud AWS bulletin!

I am back home from vacation in Canary Islands, although will travel again shortly to Prague. The vacation got “unvoluntary extended” due to a strike at Scandinavian Airlines, with a bit messy situation to get back home. I am on my way now for another trip with a few days at home. For now I have a few notes about HashiConf Europe and some interesting blog post from the AWS DevOps blog.

Enjoy!


HashiConf Europe 2022

On June 20-22 Hashicorp had its first on-site conference in two years, in Amsterdam. You could attend virtually as well, which seems to have been the choice fo the majority, Hashicorp says there were 700+ participants on-site and 4000+ virtually.

There is a recap and summary of the conference at the Hashicorp website, and on YouTube all the presentations are in the Hashiconf Europe 2022 playlist.

Most of the talks are relatively short, around 10-20 minutes. It is well adapted for virtual conference visitors in that regard, and there are some good and focused talks in this format, of those that I have looked at so far.

So far I have mainly looked at sessions around Terraform and Waypoint, the latter is an interesting approach to simplify application deployment, which looks like a either a nice complement or replacement for other infrastructure-as-code tools.

Interesting blog posts

AWS has an interesting blog post on its DevOps blog regarding extra linting or policy checks using cdk-nag. This is a AWS Cloud Development Kit (AWS CDK) package that is can be used to add additional policy rule checks. You can apply various policies to be checked and there are a couple of NagPacks available based on a few different standards. The package is available for most of the AWS CDK supported languages.

This approach includes the actual logic on what to check as part of the AWS CDK app code itself. This is a bit different approach than for example [Pulumi CrossGuard], which has the code for the policy checks separated from the infrastructure code itself.

Which approach is preferable would depend on how you organize the related workflows, the cdk-nag approach certainly makes sense in an organisation that works similar to AWS.

Another interesting post is about mitigating DockerHub pull rate limit, which is something I have been bitten by in the past. The blog post uses an example with a number of AWS services, but you do not need that to apply the practices to use ECR for these images instead. Focus on the information about transferring images from DockerHub to ECR (Elastic Container Registry) instead.

Another blog post that caught my interest is one regarding health-aware CI/CD pipelines. In this case, health relates to the health of AWS Services themselves and using the AWS Health API to detect and mitigate issue due to AWS Service incidents. The blog post is somewhat brief on the topic, but the idea is interesting.

There is also a Github repository with various Health API samples, which I think can be interesting starting points for dealing with AWS Service health issues.


You can find the contents of this bulletin and older ones, and more at Tidy Cloud AWS. You will also find other useful articles around AWS automation and infrastructure-as-software.

Until next time,

/Erik