Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Amazon Web Services - Cloud Giant Hits Hard
 
  • Post
  • Reply
2nd Rate Poster
Mar 25, 2004

i started a joke

StabbinHobo posted:

I'm curious what other peoples realworld workflows are like.

For instance, do you work from a text editor editing cloudformation templates and then run an aws cli command on your laptop? Do you have an ssh bounce host? Do you use the web interface on a day to day basis? How do you really deeply browse/survey/crawl an account to make sure you haven't accidentally left some rds instances running in brazil for a month?

My team manages nearly all infra through terraform -- we are small 10devs, and optimize to avoid aws lock in and auditibility.

For new infrastructure a checkout of terraform will be done locally and after changes are made updates to state files will be pushed to github.

Any post provision configuration is done through Ansible tower runs of our playbooks (also in github).

Local testing and development of Ansible stuff is just running the playbook against the container that development is done against. In some cases that's not enough so we keep a dev environment in terraform as well.

Longer term goal is to get to as much idempotent infrastructure as possible where the build process will bake app images completely. That too will be managed through terraform.

In the cases where we need ssh access we route everything through gravitational teleport. This gives us some central auditing of who ran what where and a level of access control.

The main drawback we've encountered so far is that we don't have a good way of managing terraform state changes. As you need to place your tfstate files centrally. In practice, though we've not had any merge conflicts that cause problems.

We're a little weak on deeper audits -- I suspect most places will be? I think if cost became an issue we'd end up writing some scripts to true up reality to terraform.

* # ¿ Apr 3, 2017 00:48
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 3, 2024 15:20
  • Quote
2nd Rate Poster
Mar 25, 2004

i started a joke

Scrapez posted:

Is there a way from the command line on an EC2 instance to retrieve just the public IP address associated with that instance based on the private IP?

I can do `aws ec2 --region us-east-1 describe-addresses` which returns a list of all addresses and I could parse out the PublicIP of the instance I'm looking for with a combination of grep and awk but is there a better way of doing this?

I would be putting the private IP in a variable as I can obtain that via ifconfig and then I'd like to return the public IP based on the private IP.

I'm writing a bootstrap script that will update a config file on the instance with the public IP of that instance. Thoughts?

From within the instance you can use the metadata service to find the public ip.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-retrieval


code:
curl [url]http://169.254.169.254/latest/meta-data/public-ipv4[/url]

* # ¿ Jan 8, 2019 17:28
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Amazon Web Services - Cloud Giant Hits Hard