Mailing List Cleanup - Terraform Weekly (Part 1)

(This is part of an open ended series of posts where I write down random things I feel are sharable from the years of mailing lists I’ve not caught up on…)

I do think that Terraform is the way to build infrastructure. Yes, even though I think going all-in on a single cloud vendor is the way to go, its platform neutrality is its strength. Especially as you get into larger organizations which have things farmed out to multiple providers, even if technically they are single cloud.

Anyhow, today we’re doing Terraform Weekly which I have 134 messages in that folder since April 2023. Hopefully somewhere in there will a be a link which truely unlocks my understanding of how to separate things into modules. That pattern wasn’t really a thing when I learned it and I just can’t seem to have the ‘ah-h!’ moment around them.

This mailing list is taking a long time and has a tonne of useful things, so am going to break this up for cadence purposes. So this is part and deals with the first 67 messages.

• Manage multiple Terraform projects in monorepo - an example layout, which is part of my knowledge gap
• How to create a cron job docker container using AWS ECS, Fargate, fully automated with Terraform - more like ‘a container that does a thing responding to a cloudwatch event’, but that too is super handy to know how to do
• gruntwork-io/terratest - Terratest seems like a reasonable thing to do for a decently complex infrastructure. Of course, you need to know Go…
• Automated deployment of terraform modules in different AWS regions - There is some dark magic here. I feel like most people will need only the first solution, but if you need the second one…
• A misadventure with Terraform Sets & PagerDuty Schedules - a whoopsie illustrated which is always good, but this line at the end is great – ‘While it’s great to be DRY and avoid the repetition of values - that shouldn’t get in the way of functionality.’ This. ALways this.
• Terraform best practices for reliability at any scale
• AWS Budget notifications with AWS Chatbot, Slack and Terraform - This is going to be high on my to-do when I reverse engineer tf into my current infrastructure. Well, if since its managed by something else technically…
• Understanding the Terraform Check Block Feature - Infrastructure Validation vs Testing. Love me a hair split.
• Patterns for Terraform Multi-Account Deployments - Kinda surprised this doesn’t come up more often. Multiple accounts has been a Best Practice for over a decade. But remember, there are more accounts than just ‘dev’, ‘stage’ and ‘prod’. I want to say I had 11 accounts for our single ‘simple’ application. Now, a bunch woulda been recycled had we added a second, but…
• Terraform AWS Provider — Everything you need to know about Multi-Account Authentication and Configuration - see above
• How to use Terraform test - gotta love how over the course of 25 emails you can see progression and / or preference changes in tooling.
• Terraform project structure with reusable modules - Apparently has some questionable ads running on the site, but…
• A Comprehensive Guide to Testing in Terraform: Keep your tests, validations, checks, and policies in order - More on the built-in testing framework
• Elevating CloudWatch Logs: Smart Alerts with Chatbot, SNS, and Lambda - Another chatbot-to-slack thing
• Terraform Security Best Practices
• terraform-null-label: the why and how it should be used - From the intro; ‘One of the most significant hurdles we encounter in our infrastructure work is the issue of technical debt and resource sprawl, often stemming from inconsistent naming and tagging standards.’
• Mastering Terraform: Best Practices for Scalable, Secure, and Reliable Infrastructure as Code – some of these things might be obvious, some might not be
• Set up a Pypi mirror in an AWS private environment with Terraform – setting up private repos will be a Best Practice[tm] soon (if indeed it is not already)
• How To Implement AWS SSB Controls in Terraform – Good little series which talks about the AWS Startup Security Baseline (the link in the article is dead) which is something I just learned about and looks like a more targeted piece of their Well Architected Framework.
• A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons – probably out of date, but it is at least a starting point
• AWS Event Driven Architecture For Security – Using events to trigger notifications around things. Taken to the next level, you deal with certain events automagically. We did that with CloudTrail – if it was turned off then we did a notification and turned it back on immediately. Just don’t try to think about ‘well what if they disabled the notification’, well, its in CloudTrail and so you should have an alert on that, but what if they disabled the alert…
• How To Manage Amazon GuardDuty in AWS Organizations Using Terraform – From the person who did the SSB series above. GuardDuty was a pain to setup cross-account. All these articles … 5 years after I needed them.
• Create a serverless URL shortener in AWS with Terraform – I don’t have a Medium account, but just putting this here for myself to find later because of secret reasons.
• Automate Your GitHub Setup: Managing Your Account with Infrastructure as Code – IaC all the things
• How To Manage Amazon Inspector in AWS Organizations Using Terraform – and a 3rd one from him. Inspector + GuardDuty + CloudTrail formed the backbone of our security infrastructure.
• Mastering ECS Task Scheduling: Effective Strategies to Reduce Costs – Remember, the whole point of ‘Elastic’ is we can scale up and down