First I need to choose a language to write it in. Currently the teams I work with use python. I have used python for a few years now so that seems the logical choice (NOT). I adamantly avoided python choosing to use perl in the past… I do admit now that python has won and no longer write in perl. I have been using PowerShell since version 1 which admittedly sucked but I wouldn’t give it up.
Having used terraform, cloudformation, boto, AWS Tools for PowerShell and c# (standard, framework and core) to manage actionsresourcesmonitoring in AWS. I have an idea in my head of what it would take to not only implement it for a POC to look cool but to maintain it and make a production grade tool in the long run.
The obvious choice is PowerShell. It would take me literally 100’s of hours longer to write it in python to obtain the same level of maintainability and reliability. Python is based on a non-object oriented language and is more or less flat file managed. PowerShell is object native and was designed for system maintenance to replace the flat file system processing done with Unix hosts but retain the best feature of a pipeline (google monad manifesto). The big change is the structured architecture is built in to the pipeline to pass objects it is just magic. Not to mention i can use .net libraries if we find gaps in features with AWS. Try piping your python script into each other natively…
Just compare the AWS Docs for boto and c# and it will becomes clear which is more mature. The AWS PowerShell tools are just an extension of the c# api so if the tools are missing anything we can just sneak some c# assembly calls in.
We will be approaching this as a well structured POC that will be backfilled as it is adopted.
Considerations at the beginning:
- Terraform needs to be able to consume the variable during a plan.
- We need the variables to be stored in either AWS – Parameter StoreSecrets Manager
- Easy choice for me it is going to be Secrets Manager. I have used it extensively for this purpose. I currently use the Parameter Store so this will have to be another discussion.
- Just compare the API operations available between the two and it is easy to see using the Parameter store just isn’t up to it.
- Automation for updating the values
- Start with script then terraform as that code base matures?
- Always maintained via script?
My choice always maintained via script!
- Notification when a value changes.
- slack will do…
- How do i automate it?
- Easy make it automatically run after an apply stage is completed. Eventually only scanning resource groups affected with the current terraform context.
- Run scheduled checks for drift and alert.
- Slack will do..
- Add tagging to determine if the value was detected or from a terraform plan action.
- Easy was it detected from a scheduled run or from the ci that will run after a terraform plan.
- Start with a script, bunch of cmdlets or just do up a module?
- Anything to start…
- Module named vger-virtual-memory??? -> VgerCloudMemory
- wasdx
hum… time to start getting it wrong for a few posts. pwsh…