iac

André Ramoni

ECS or EKS: Native cloud containers or kubernetes ?

There’s a lot of articles comparing the two and telling you about their differences and when you should go with one or another. I’ll make it slightly different.

I’ll tell you what I want to accomplish considering technology, culture, operations, costs, support and compliance and what is my choice to do so.

I want to provide developer teams a platform so they can easily build, deploy and run their apps in compliance with the Cloud Engineering Team’s best practices and Security Team’s policies.

Speedup cloud usage, cloud services details abstraction, best practices and security policies enforced, costs and permissions controlled with no bureaucracy and 100% cloud provider support.

Continue reading

André Ramoni

Main account preparation

First things first. Before we can create resources as code through a pipeline, we need to create some resources to make it possible, specially because we don’t want to use any credentials variables on the pipeline tool.

Read more: Main account preparation

Most companies already have all the needed resources to run a terraform project through a pipeline but, as we want to make everything repeatable, we’ve manually created just the very basic resources and made a repository with the “not so basic” resources.

So, what we need to be able to run the “not so basic” terraform project:

  • IAM user with access key and secret key
  • IAM Identity Center (formerly AWS SSO) enabled

IAM User

Our IAM user will be “iac-main-iam” and will have the following policies:

  • AmazonS3FullAccess
  • AWSSSOMasterAccountAdministrator
  • IAMFullAccess
  • STS:AssumeRole

Don’t forget to create access and secret keys.

IAM Identity Center

Go to your main region and enable it.

Terraform pre-reqs project

Get the code here: https://bitbucket.org/arglabs/arglabs-main-org-prereqs/src/master/

Change variables on variables.tf file and remove the state file.

Run it, like in this video:

That’s it.

Terraform Org Stuff project

With these basic resources created, we can now run the next terraform project, now using the pipeline tool.

ARGLabs Org Stuff project: https://bitbucket.org/arglabs/arglabs-main-org-stuff/src/master/

It will run like:

Now the basic stuff on the main account is ready.

André Ramoni

Why a .church domain ?

Because churches are places of faith.

I love IaC. I really do IaC. I think I understood what we can really do with IaC.

But I’ve seen many “good practices” out there that I thought aren’t good enough, many written by famous people and others even by the tool suppliers themselves.

In fact, everyone can write and publish anything and call it a “best practice”, and in fact, it could be for them, for many reasons. Good practice is what works best for your way of working.

ARGLabs is my church because this is where I’m going to show what I believe are best practices for the work I do.

In ARGLabs Church, I am the law (as Rodrigo Goes says 🙂 ).

These are not intended to be best practices for everyone.