Author Archives: anuj - Page 3
Rolling back state and encrypting secrets – Terraform Enterprise
This is a work in progress. TFE Rolling back State file (versioning) - Only viewing a previous state is possible, not actual rollback. One can then copy the contents of…
Recommendations for Secrets Use from an AWS Application
How do I ensure that my app uses secrets securely ( on AWS )? Create IAM roles for each application. Grant those roles the ability to retrieve secrets Update your…
Terraform Basics
How do you apply to just a single resource? tf apply target How do you destroy without being prompted? terraform destroy --approval-true flag When would you use a null resource…
How many Pipelines?
Also read How many Non Prod Environments should you have? The TWO most commonly implemented ones would be the managed infrastructure services pipeline (or just infra pipeline) and the app…
Production Terraform
Single NON PROD Environment or MULTIPLE, SEPARATE ( DEV TEST STAGING ) Environments? Also read Multi developer Terraform and Reusable Modules in Terraform One of the common questions that arises…
Deep Monitoring – Vulnerability Management on GCP VMs
First, let us distinguish between Image Protection and Instance Protection. Instance Protection - Protection of a running instance GCP Shielded VMs - Vulnerability Management built in Image Protection -…
Terraform Landing Zones
Where does Terraform fit in? Terraform modules can be common to any CI CD pipeline (whether Azure Devops or gitops). One typically starts with a baseline module - sometimes called…
Azure Devops versus Gitops
Azure Devops has tooling for the entire CI CD pipeline and also the Agile management of the delivery. Azure Boards, Azure Repos and Azure Credentialing is what will be part…
tfplan sentinel policies in Terraform
Terrform policies fall into three broad categories - tfplan based, tfconfig based and tfstate based policies. This post discusses a couple of common tfplan based policies. A simple tfplan sentinel…
The Vault Provider in Terraform
These are some notes from the field around using Vault and Terraform. Storing a Sample Secret in Vault - Resource vault_generic_secret provider "vault" { # It is strongly recommended to…