The following is a work of fiction. However all the solutions are real things I’ve attempted in my time as a Cloud Consultant. Image this, you’re minding your own business when an empowered developer pops out of nowhere. They need to get an application deployed. You begin to open your [...]
I recently helped a client migrate their Devops Pipelines to Github Actions. One of the nice features about GH is that its relatively easy to setup and use an identity provider that will allow Github to do what it needs without having to store credentials. I found some great resources online for how to do this, including this one for terraform. In my case I needed to write one using CloudFormation. Thought I’d share:
The above contains a sample CFN doc for creating the Identity Provider and a sample role that allows access to ECR. The condition in the IAM policy restricts its usage to a specific repo so that other arbitrary Github users can’t assume the role.
I hear a lot of talk about cloud lockin. I hear it from people with self funded startups, authors on tech blogs and developers. The argument I hear most is ...
