Terraform¶

January 23, 2025
in AWS, Terraform, SSO
2 min read

Terraform Provider with Dynamic AWS Role or SSO

Terraform Providers can sometimes be a bit clunky when you are working locally vs what your final pipeline configuration will be. For instance, often an AWS role will be limited to pipeline access and not allowed to be assumed by users for security reasons. Users will have to authenticate with their SSO roles for any actions they perform instead.

While Terraform supports this with the profile = <your-sso-profile> configuration, this means setting specific values in your local development, remembering to change those before committing/pushing to your project, etc.

Now, there is way you can get the best of both worlds, with dynamic "assume_role" and some clever logic!

July 31, 2024
in Terraform, AWS, MkDocs
1 min read

Build a MkDocs Site with Terraform and S3

PAGE UNDER CONSTRUCTION

Find the latest code for this project on my GitHub

Chances are you have seen a website or documentation that make use of MkDocs, and especially Material for MkDocs. In fact, this blog site runs using Material for MkDocs and I have to say it is a delight compared to typical blog or WordPress platforms!

This becomes really powerful - and cost-effective - combined with the ability to host a static website using Amazon S3.

In this post I will show you how to create the AWS resources necessary for hosting your website using Terraform, as well as how to set up a basic MkDocs site.

July 31, 2024
in Terraform, CI/CD
1 min read

Unit Test IaC with Terraform Tests

PAGE UNDER CONSTRUCTION

A challenge of being a DevOps engineer is that some of the typical dev parts don't always fit nicely. Unit testing is one example, where IaC is often hard to test in isolation and without some sort of actual deployment in a "test" or "sandbox" environment to validate against.

The lines between unit and integration testing become blurred for many DevOps or Platform engineers. Thankfully, HashiCorp has seen this gap and has introduced Terraform Tests to help bridge this gap!

In this post I will go over some basic unit testing that can be done for validating your IaC using terraform test to improve your code quality and provide additional peace of mind when making changes to your IaC!

February 3, 2024
in AWS, IAM, Security, SSO, Terraform
15 min read

AWS SSO with Terraform and Secrets Manager

You can find the latest code for this project on GitHub: https://github.com/shadetree-dev/terraform-aws-sso-permission-sets-example

We'll go through a few stages in this journey to get there:

Bitch about SSO a bit and why it's such a burden to deal with
Delegate an administrator for IAM Identity Center (SSO)
Set up some AWS Secrets Manager secrets to pull dynamically from (avoid hard-coding)
Write some Terraform and apply it!