Recently, I was creating a terraform module that creates an S3 bucket. An S3 bucket can only have one aws_s3_bucket_policy, and the module needed to include a default policy to force TLS v1.2. I also needed to be able to pass additional policy statements to the module which may or may not include a condition. Unfortunately, there is not an obvious way to include the condition only when it is part of the policy. This post shows how you can include a nested dynamic condition block when the block exists, and exclude it if it doesn't.
Tags [ terraform ] [ optional ] [ dynamic ] [ aws ] [ iam ] [ s3 ]
Tags [ terraform ] [ optional ] [ dynamic ] [ aws ] [ iam ] [ s3 ]
In this post I explore how to login to Hashicorp Vault using OIDC. I wanted to be able to automate some interactions with Vault that the official vault cli does not easily support. To do so I needed to be able to run the equivalent of `vault login -method=oidc`. This post is the result of that.
Tags [ go ] [ golang ] [ hashicorp ] [ vault ] [ oidc ] [ login ] [ vault-client-go ]
Tags [ go ] [ golang ] [ hashicorp ] [ vault ] [ oidc ] [ login ] [ vault-client-go ]
Exploring the power of two random choices load balancing algorithm.
Tags [ go ] [ golang ] [ loadbalancing ] [ algorithm ] [ load ] [ balance ] [ poc ] [ random ] [ round-robin ] [ power of two choices ]
Tags [ go ] [ golang ] [ loadbalancing ] [ algorithm ] [ load ] [ balance ] [ poc ] [ random ] [ round-robin ] [ power of two choices ]
This is a quick overview of how to pass custom configuration values to EKS managed addons using Terraform.
Tags [ addon ] [ aws ] [ eks ] [ clusterip ] [ kubernetes ] [ coredns ] [ daily note ] [ terraform ] [ configuration ] [ jq ]
Tags [ addon ] [ aws ] [ eks ] [ clusterip ] [ kubernetes ] [ coredns ] [ daily note ] [ terraform ] [ configuration ] [ jq ]