Terraform

AWS PrivateLink has long been the go-to solution for private connectivity of services within a region. Until recently, sharing services across regions required VPC peering or transit gateways — and sometimes even the creation of “outpost” VPCs to serve as transit VPCs. All that changes with the native Cross-Region PrivateLink solution. 1 — The “Gymnastics” of Terraform‑Based Inter‑Region PrivateLink Before December 2024, if you wanted a private interface endpoint in Region B for a service hosted in Region A, you have two options: ...

Managing cloud resources has really changed with the Infrastructure as Code (IaC) approach, and Terraform has become one of the best tools for the job. But as things get more complicated, it can be difficult to keep your Terraform code clean, efficient and secure. Just as software developers use tools such as linters and documentation generators, infrastructure engineers also need specific tools to ensure that their Terraform code is ready for production. ...

Following our previous tutorial about using AWS KMS for secrets management, this second part explores how to leverage AWS Secrets Manager with Terraform/OpenTofu for more advanced secrets management capabilities. AWS Secrets Manager provides additional features like automatic rotation, fine-grained access control, and centralized secrets management. Prerequisites AWS Account with appropriate permissions Terraform/OpenTofu installed AWS CLI configured [Optional] Basic understanding of AWS KMS (covered in Part 1) 1 — Setting Up AWS Secrets Manager First, let’s create the necessary resources to store and manage our secrets: ...

Secure Secrets Management in Terraform — Part1: Leveraging AWS KMS One of the key principles of modern Infrastructure as Code is the secure management of sensitive information. In thins first part of our series about secure secrets management in Terraform/OpenTofu, we will focus on the use of AWS Key Management Service, better known as KMS, to securely encrypt and manage secrets with Terraform/OpenTofu. Prerequisites AWS Account with appropriate permissions Terraform/OpenTofu installed AWS CLI configured AWS KMS First, let’s create a KMS key with proper permissions and configurations: ...

EKS Pod Identity or IAM Roles for Service Accounts (IRSA) ? Photo by Isfak Himu on Unsplash Managing secure access to AWS resources has always been a major concern in EKS and a headache for cluster administrators. IRSAs (IAM Roles for Service Accounts), which we’ve covered in detail in this article, have been very useful in facilitating this process since their introduction in 2019, but had many limitations and required significant configuration and maintenance effort. ...