Terraform

OpenTofu is a new open source tool for Infrastructure-as-Code (IaC) management across multiple cloud providers, created by the community following the terraform licence change by HashiCorp. With the recent v1.7.0 release, OpenTofu now supports state file encryption. This guide explains how to configure OpenTofu to manage AWS resources with encrypted status files stored on a remote AWS S3 buckets backend using AWS Key Management Service (KMS). 1 — Why State Encryption: State encryption is a very important security feature for infrastructure-as- code tools such as Terraform and OpenTofu. Initially, these tools stored the entire state file, including potentially sensitive access keys, passwords and resource details, in the clear in back-end storage such as S3 buckets or local files. This meant that anyone able to access the status file could see all the confidential data, creating a significant risk if the status file was compromised. Encrypting the contents of the status file protects this sensitive information from unauthorized access. Without encryption, infrastructure credentials and provisioning secrets could be exposed, allowing malicious individuals to make unwanted changes or gain access to private systems and data. ...

In Terraform, drift detection helps spot any mismatches between the infrastructure you’ve outlined in your code and what’s actually out there running in your cloud accounts. This is super important for keeping your Infrastructure as Code (IaC) practices on point, making sure everything is consistent, efficient, and secure. Steampipe, which is an open-source tool, takes this a step further by letting you run real-time SQL queries on your infrastructure data. When you bring Steampipe into the mix, you get a clearer picture and more control over your setup, making it easier to keep your code and infrastructure in sync and strengthening your IaC game. ...

Dear AWS Enthusiasts, We’re thrilled to announce the launch of the AWS Morocco Newsletter, your new go-to source for all things AWS within our vibrant Moroccan tech community! Every issue will bring you the latest AWS updates, insightful tutorials, and stories of local innovation. Our aim is to empower your cloud journey and keep you ahead in the ever-evolving world of technology. Join us in this exciting venture and stay informed with the cutting-edge of cloud computing ...

Photo by Taylor Vick on Unsplash AWS PrivateLink provides a secure and reliable way to connect VPCs within the same region, but it doesn’t directly support connections between VPCs in different regions. To address this limitation, inter-Region VPC peering offers a viable solution. Inter-Region VPC Peering x PrivateLink: Inter-Region VPC peering enables private connectivity between VPCs in different AWS regions ( have a look into [this previous article](https://awsmorocco.com/aws-multi-region-vpc-peering-using- terraform-a0b8aabf084b) for a deep dive into AWS VPC peering). ...

Photo by frank mckenna on Unsplash Container Storage Interface (CSI) drivers play a crucial role in managing persistent storage for containerized applications. When working with Amazon Elastic Kubernetes Service (EKS), integrating CSI drivers becomes essential for efficient storage management. In this guide, we will delve into the details of CSI drivers on Amazon EKS and explore how to install and use them seamlessly with file systems. Understanding CSI Drivers: CSI is a standardized interface that allows storage vendors to develop plugins that can be used across various container orchestration platforms. With EKS, these drivers help manage the lifecycle of storage resources, enabling dynamic provisioning, attaching, and detaching volumes to and from pods ...