Category: Continuous Integration

  • AccessDenied: User: is not authorized to perform: elasticloadbalancing:AddTags on resource

    I recently updated a deployed helm chart’s ingress definition to add an SSL redirect on port 80 and was surprised to find that the operation also resulted in the removal of several listener rules from my ALB and a failure to update the SSL redirect. I pulled the logs from the AWS LoadBalancer Controller pods […]

  • AWS LoadBalancer SSL Redirect with Bitnami Helm Chart(s)

    First of all, thank you to Bitnami for providing such valuable helm charts to the community. What a great resource! Why doesn’t Bitnami support adding an SSL redirect for AWS LoadBalancing in their helm charts? I have worked with several lately where the templates baked into the helm charts will not allow the addition of […]

  • AWS CLI v2 on OSX – Upgrade to latest

    I was working on a project with a client where I wasn’t able to initialize a terragrunt deployment when using SSO: The version of the AWS CLI that I was using was 2.0.56. Upgrading to the latest version solved the issue (2.1.32). Be sure to login again after upgrading. Verify by running the following command: […]

  • AWS Access Keys in S3 Bucket Policies

    I’ve seen what appeared to be AWS Access Keys in S3 bucket policies as an AWS principal in the past. I could never figure out why this was happening and nobody appeared to be adding them. The Access Key never showed up as a valid user Access Key in a search of IAM objects either. […]

  • Apache Airflow 1.10.2– Active Directory Authentication (via LDAP[s])

    This basic guide assumes a functional airflow deployment, albeit without authentication, or perhaps, with LDAP authentication under the legacy UI scheme. This guide also assumes apache airflow 1.10.2, installed via pip using MySQL and Redis. The guide also assumes Amazon Linux on an EC2 instance. Pre-requisites: An Active Directory service account to use as the […]

  • SSH in a for loop is a solution…

    I just read an article by Jay Valentine on LinkedIn where he talks about Puppet and how they were not profitable, and also noted that Chef is not, and has never been, profitable. That got me to thinking, why are IT professionals investing in these technologies (time, knowledge, effort…). As an IT pro, it’s tempting […]

  • Standalone puppet with hiera 5 error…

    With puppet moving more and more away from supporting a standalone model, it’s somewhat difficult to get puppet standalone working. I recently got bit by a hiera update that caused my puppet standalone deployments to stop interacting with hiera the way that I had deployed it. Affected versions: puppet 4.10.10 hiera 3.4.3 The error that […]

  • Adding Global Environment Variables to Jenkins via puppet…

    When using Jenkins in any environment, it’s useful to have variables related to that environment available to Jenkins jobs. I recently worked on a project where I used puppet to deploy global environment variables to Jenkins for use with AWS commands — typically to execute the awscli, one must have knowledge of the region, account, […]

  • Retrieving puppet facts from AWS System Manager

    AWS System Manager makes it easy to store and retrieve parameters for use across servers, services, and applications in AWS. One great benefit is storing secrets for use, as needed. I recently needed to retrieve some parameters to place in a configuration file via puppet and wrote a short script to retrieve these values as […]

  • Running Apache 2 under Ubuntu 16.04 on Docker

    I recently wanted to setup a new Ubuntu 16.04 host running Apache under Docker for some AWS ECS/Fargate testing I was doing and encountered the following error: docker run -p 8085:80 aws-ecr-hello-world:v0.5 [Thu Mar 15 00:11:31.074011 2018] [core:warn] [pid 1] AH00111: Config variable ${APACHE_LOCK_DIR} is not defined [Thu Mar 15 00:11:31.074576 2018] [core:warn] [pid 1] […]