Devops

If we are talking about IaC, Terraform would be on the list. It made IaC popular and help a lot of companies maintain infrastructure at scale. Especially when you have multiple sets of infrastructures to maintain, Terraform can help you reduce the setup time tremendously via using Terraform Modules. Think of this like a function / class in programming languages. I’ve been cranking out a lot of Terraform, a lot of trials and errors along the way. Picking other people’s brains by reading a lot of blog posts, trawl community forums to see how other people use Terraform and what are their challenges. Below are summarizations of what I’ve experienced, in addition to what the general sentiments are. ...

It’s hard to escape AWS, seeing how prevalent it is in global internet infrastructure. Chances are, most websites you visit are hosted on AWS. As a software engineer, you probably encounter AWS at certain point in your career, and while getting AWS IAM credentials to work locally during development (via aws-cli) would suffice, sometimes in production land, you might need some adjustments. Having worked with AWS extensively, here are what I found to be useful to keep in mind while working with AWS IAM credentials. ...

These days there are multiple ways to deploy a workload, be it cloud-based or bare-metal. For cloud, depending on whether you are using PaaS or IaaS, backup options can vary. Why do we need to backup? Because your workloads can contain a state, this can be stored as local files, inside a database, or as other assets outside the application itself. Take a database for example, ideally you would need a daily backup so you can revert a database to a state before its corruption without losing as much data. Some workloads might store uploaded images, for simplicity let’s say they are being written to disk. ...

When it comes to IaC (infrastructure as code), most people might have heard of HashiCorp’s Terraform (it uses HCL as DSL. Interestingly enough, Terraform also has its own CDK to translate programming languages into HCL), Pulumi or AWS CDK. The latter two support programming languages as DSL. Mostly there are two camps: People who swear by HCL and think you shouldn’t use programming languages for IaC People who don’t see why you need to pick up a new language in order to use IaC, so they prefer using a programming language they already are familiar with instead Both camps are not wrong, they are both valid. However, I want to share my take on why you should use HCL for IaC. ...

If you look online, many sources would tell you that you should use service account to authenticate for GCP services. While this is true, it’s not for all the cases. For local development, you should use Application Default Credentials Imagine working in a team, and you have to work with Cloud Run, so you request your infra team for a service account. This looks good, but then your teammates also have to work with this service. They happen to be in a hurry, so you share your service account to your teammates. Now this can be a problem, because now there are multiple users who have access to this service account. It would be very tricky to trawl through the audit logs and identify which developer interact with cloud run, because the system only sees a single identity. ...