There is a new and much easier way to interact with CodeCommit repositories from git. Forget the times when you need to run git config for setting helper scripts for authentication and enter the XXI century with git-remote-codecommit. In a nutshell, this new git helper gives you two features: Authenticate using your aws cli credentials automatically Use a new codecommit:// protocol that simplifies the url and naming of the repositories. How to install it Install the helper wi

One of the main concerns of a company when deciding to move part or all of its computing and data management resources to a cloud computing service is security. That is why data protection is the first step for an adequate cloud security strategy. Due to the pandemic, e-commerce, online transactions, and the use of digital services increased dramatically, but as companies have adapted to the digital world, thieves also find new ways to commit criminal acts and increase digita

“CodeStar Connect” will release you of that pain. Everybody knows the inconvenience of working with secrets like Tokens or Webhooks: You need to create them, save them in the Parameter Store to avoid leakage, and rotate them every couple of months. But now, using CodeStar connections and the Github App on AWS you are completely free of them! Creating this connection is as simple as you can see in this link; however, in Terraform you will find that it’s as easy as in the AWS M

In recent months, electronic commerce has acquired greater relevance as a result of the digital transformation due to Covid-19. This has made it necessary for companies that are not online to quickly centralize their sales transactions in virtual channels. In 2021, it began to require companies to continue to maintain an accelerated pace of digital maturation. Likewise, it is not only a matter of organizations starting their operations online by adopting an e-commerce platfor

Once you have all your environments working with Direnv, Advanced Direnv for Devops, if you are working with Terraform namespaces there is another improvement you can make to automate further. We use another directive from direnv called watch_file, which reloads the environment each time a particular file is changed. We can point this directive to the .terraform/workspace file, which holds the currently selected workspace in Terraform. The following code in the .envrc file im

Did you get excited about this article? Let’s have a look at how it is on a less theoretical level. Ok, so you have created an i-fafafafafafafa AWS instance in your private subnet but for some reason, you need an SSH like connection to it to maybe use it hopefully not too often. In the old days, having a bastion host used to be an acceptable choice. On these days, not so much. Basically because of the exposed ports. Even if you don't use port 22 it is still a risk. Even an el

Now you are using Direnv to manage your workspaces (see THIS), but you stumble upon a difficulty, maybe motivated (like me) by Terraform workspaces. You have a single codebase for a project, but this codebase needs to be deployed to different environments. Now, we can no longer have a .envrc file in the project's folder, because the environment should be different depending on where we want to deploy. So, how do we solve this? Direnv to the rescue, again. Using .env's Direnv

For DevOps engineers, working in many different projects and different clouds is a reality of life. We have developed many tools to help us to manage and switch among the different contexts and projects, each one with its ups and downs. Today we explore the one that, IMHO, is the best of them all: direnv. How it works Direnv has a very simple premise: each time you cd into a directory with a .envrc file, a new environment is started for that particular directory using the env

Now that you are comfortably using ServiceAccounts to interact securely with GCP, are you still not using it? Refer to this Teratip Secure your access to GCloud cli with Service Accounts and start doing so, you want to use it with Terraform too. Terraform requires setting a Token, which gives it access to the GCP API using a different identity. This token can be obtained with the gcloud cli and then exported to a variable. Once you do this, terraform will pick it up automatic

Do you want a time-sensitive way to give access to a third party to your GCP account with a low administrative burden? Look no further! Set up a service account! How to do it It's actually very simple: Create a new service account, and give it the permissions needed by the third party Ask the third party for a Google Identity Add this identity to the service account with the TokenCreator permissions Profit! Now the third party needs to execute the gcloud command with an addit