Introduction to HashiCorp Nomad

Whilst looking for a platform to host some small projects, I recently took HashiCorp Nomad for a spin in my home lab. This is a brief run-through of my setup and a guide on getting started with a small but flexible Nomad installation. To be clear, this is not an immediately scalable, production ready setup - if there is such a thing - but may help lay the foundation for something that works for your project.

Checking out GitHub pull requests to a local branch

After some trial and error, here’s how I check out Github pull requests to a local branch with tracking. Edit .git/config, add the following line in the section for the desired remote. fetch = +refs/pull/*/head:refs/remotes/origin/pr/* Ensure to add it before the existing line for remote branches, e.g. [remote "origin"] url = fetch = +refs/pull/*/head:refs/remotes/origin/pr/* fetch = +refs/heads/*:refs/remotes/origin/* Run git fetch and see all the new remote “branches” appear. Now you can check out a PR branch: git checkout pr/123

Accessing AWS Services When Remoting

Having recently moved out of my place, where I had comparitively great Internet access supplied with static IP addresses, I’m currently working mostly tethered to my phone. It turns out that good LTE service actually works pretty well for most things - even long distance SSH - but sitting on a cellular network with a dynamic IP address can get really annoying. Yes, I should be establishing a VPN to reach internal services.

Terraform: AWS ACM Certificates for Multiple Domains

My life got better when AWS introduced Certificate Manager, their service for issuing validated TLS certificates for consumption directly by other AWS services. You don’t get to download certificates issued by ACM to install on your own servers, but you can use them with your EC2 Load Balancers, CloudFront and some other services, alleviating the need to upload certificates and renew them since ACM renews them automatically. Closing the loop on automated certificates however, was still difficult since domain validation was done through verification emails.

AWS Account Switching with Ansible

I recently worked on a project involving multiple AWS accounts, with different projects and environments spread through those accounts in different combinations. Having opted to use Ansible for driving deployments, I looked at built-in capabilities for account switching. It turns out you can easily inject credentials authenticating with another IAM user, but this can only be done on a per-task (or perhaps, per block?) level. This might seem flexible at first glance, but when you consider you have to duplicate tasks, and therefore roles, and even playbooks, when you have to use different accounts, it quickly becomes unwiedly.

Bitwarden review

Having been an avid user of password managers for as long as I can remember, I was an entrenched premium customer of LastPass for several years. It served me well with its multi-platform support, reliable sync and support for quirky authentication schemes, however as time went on I encountered more and more issues, and eventually I had enough and decided to start looking for alternatives. I put myself together a list of must-have features and started searching.

Terraform: Cross Account S3 Bucket Access Control

Whilst auditing a set of organizational AWS accounts, I wanted to consolidate operational S3 buckets into a single account and grant access as required. It might not be immediately obvious the first time you do this, so this post is a bit of a primer on cross-account S3 access control, and implementing such with Terraform. Connecting a remote IAM principle to an S3 bucket involves two distinct steps. First you create a trust relationship with the remote AWS account by specifying the account ID in the S3 bucket policy.

Beyond Facts: Retrieving AWS Resource IDs

I’m a huge fan of Ansible and I’ve made use of it in several projects to orchstrate AWS services. Ansible is designed to be simple, with most functionality contained in modules which are callable via tasks in playbooks. This has huge benefits, but also bears the major drawback of significant boilerplate when you need to retrieve data from external sources. From the beginning, Ansible has had a dynamic inventory facility to allow host data to be dynamically imported from sources like AWS, but although this is undergoing great improvements in Ansible 2.

Ansible Recommended Patterns

It can be tricky to figure things out when structuring new projects. You might set out to make things as comprehensive as possible, to accommodate future expansion, but this raises the barrier to entry and can leave you in a quandry about where things should go. Or you might opt for the lean approach, making things super simple and extending as you go, but you don’t want to set yourself up for big refactoring sessions later on.