RBAC or Role-based Access Control, is a key feature of Kubernetes (a.k.a. k8s) that provides access control by roles and role bindings. A role will be defined with a set of api_groups (“” for default, “apps”, “autoscaling”, “batch”, “extensions”, “networking.k8s.io”, “authentication.k8s.io”,”storage.k8s.io”,”certificates.k8s.io), resources (pods, deployments, namespaces, secrets, persistentvolumes, configmaps, nodes), and vebs (create, get, delete, list, […]
Configmap and the AWS EKS Terraform Module
I’m currently on a cool project where we are automating the deployment of EKS clusters with Terraform. The TFE server is configured with an IAM user, that TF user will automatically be added to the aws-auth section of the configmap. We have EKS module code to add our SSO group’s rolearn to the configmap. The […]
I forgot my password!
If you are like me you have a ton of accounts with username/password required to access the service/site. A couple of years ago I started using a password manager (LastPass) and have reset all my accounts with a crazy random/complex password/passphrase. I now only have a single password to remember, the one for my vault. […]
My takeways from Terraform code and Gateway Load Balancer
My first bit of code for my new employer was help to setup a “security VPC” that hosts a pair of Palo-Alto firewalls to inspect traffic from other AWS accounts (AKA “hub and spoke”). This work was based (loosely) on repos found here and here…these repos build a similar environment but within a single AWS […]
Handy PowerShell client-side code for print server migration
The Challenge A client will be decomissioning a Windows print server but will keep the printers and have Windows clients print directly to print devices. How can we automate the setup of the new printer ports and printers?…and as a bonus we’ll get a simple way to mitigate your environment from Printnightmare. The key there […]
How I removed credentials from my terraform code.
I had been using credential files in my terraform projects. Recently I switch to use AWS SSO and providing the profile name in the code. At runtime (plan, apply, etc.) terraform will use the token from the given profile. If AWS returns expired, the command will stop with authentication errors. Simply authenticate by cli via […]
Don’t add account id to your Terraform code
I discovered a handy trick to get the account id of the given profile/account. The key is to use a new data source object and pass it the provider. See the code below. So no need to ever put account ids in terraform code again? I’m good with that. Happy building, D
Joining an EC2 instance to a self-managed AD to launch with user-data
My latest project is a bit of a return to my old life with Microsoft. The majority of my AWS work has been with Linux workloads, so it’s been nice to brush off my old skills and return to PowerShell 😃. After manually joining a couple of instances to a self-managed AD (not an AWS […]
The AWS DataSync performance trick that I didn’t know
My current project is a datacenter migration where we’re moving Windows workloads up to AWS. One item we had been struggling with was with two large file share servers. The shares are multiple terabytes in size with lots of small files/docs and subfolders. The challenge we had been dealing with the performance of DataSync with […]
My journey to AWS certification
For most of my IT career I’ve been in the Microsoft space. And much of my first “cloud” work was with Azure…but I was also doing some AWS. Then my mentor told me I had to make a choice. I like to say that I was given the choice between the orange pill or the […]