|
StabbinHobo posted:I'm curious what other peoples realworld workflows are like. My team manages nearly all infra through terraform -- we are small 10devs, and optimize to avoid aws lock in and auditibility. For new infrastructure a checkout of terraform will be done locally and after changes are made updates to state files will be pushed to github. Any post provision configuration is done through Ansible tower runs of our playbooks (also in github). Local testing and development of Ansible stuff is just running the playbook against the container that development is done against. In some cases that's not enough so we keep a dev environment in terraform as well. Longer term goal is to get to as much idempotent infrastructure as possible where the build process will bake app images completely. That too will be managed through terraform. In the cases where we need ssh access we route everything through gravitational teleport. This gives us some central auditing of who ran what where and a level of access control. The main drawback we've encountered so far is that we don't have a good way of managing terraform state changes. As you need to place your tfstate files centrally. In practice, though we've not had any merge conflicts that cause problems. We're a little weak on deeper audits -- I suspect most places will be? I think if cost became an issue we'd end up writing some scripts to true up reality to terraform.
|
# ¿ Apr 3, 2017 00:48 |
|
|
# ¿ May 3, 2024 15:20 |
|
Scrapez posted:Is there a way from the command line on an EC2 instance to retrieve just the public IP address associated with that instance based on the private IP? From within the instance you can use the metadata service to find the public ip. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-retrieval code:
|
# ¿ Jan 8, 2019 17:28 |