This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!

Hey all,

Terraform is a wonderfully flexible, powerful Infrastructure as Code (IaC) tool that can help you manage your AWS accounts at scale. However, it’s not (yet) magic, and still, need to be told about the individual resources and to link each real resource with an individual configuration block.

I work at a shop that had a huge amount of time and effort invested in SparkleFormation, a ruby-based tool that is a constructor for CloudFormation, the…


This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!

Hey all!

I’ve written extensively about how we’ve migrated from static VM hosts to scale-sets, then to docker for our Azure DevOps builders. We are also preparing GitHub as a platform for our internal teams, and one challenge has been the builders, or as GitHub calls them, Self-Hosted Runners. …


This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!

Hey all!

As we’ve scaled out our CI/CD (~175 pipelines across 75 accounts) to have many builders (~25 pools, ~50 or so builders), we’ve seen pain points where the way we were doing it before just wasn’t cutting it. I’ve written extensively about how graphical, manually-managed pipelines just couldn’t scale beyond about 50 — I’d spend literally all day every day just updating Terraform versions, and double-checking store accounts, and no one wants that job.

We…


This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!

Hey all!

I’ve spent the last week working on building a generalized AWS ECS module for Terraform so my team can easily deploy containers on Fargate, AWS’s provided container compute.

Source: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html

There are lots of resources available from both Hashi and AWS on how to deploy an ECS cluster, but they mostly focus just on the ECS resource. They don’t help you configure the other required resources, like:

  • Cloudwatch log group to store logs
  • “Execution” IAM role…

This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!

Hey all!

I have written lots of blogs (43 and counting!) under the heading “Let’s Do DevOps,” or simple, picture and code-heavy descriptions of how to succeed at many different modern DevOps tasks and architectures.

In this video I give a talk (with assistance from Sai Gunaranjan) to an internal company audience about how we have replaced our internal-facing CI/CD static ec2 builders with container-driven pools that are replaced after every job.

These containers are rebuilt…


This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!

Hey all!

I recently saw an opportunity for automation while working with a developer. The developer described their very manual process of building and testing docker containers. The process basically goes like this:

  1. Update any necessary files, scripts, Dockerfile, etc.
  2. Build the Dockerfile
  3. Tag the docker image
  4. Authenticate to the AWS Elastic Container Registry (ECR)
  5. Push the docker image to the ECR
  6. Go to the AWS console and run several AWS Batch (compute on demand) jobs…

Hey all!

Terraform has this great concept of “modules” which have a ton of uses. One of the most common is to have a resource-specific module that builds a resource with the required security and operational settings your org has standardized on. That lets your module receive just the bare minimum of values (making life easier for developers), and still building things appropriately and securely.

Terraform’s behavior with most resources and calls works well in this way, but interestingly, AWS EC2 is not in that list. There is a significant bug with how Terraform (and the AWS API) handles building…


This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!

Hey all!

I wrote a blog entry recently about a desire in my company to automate review and approval of terraform changes. I started out with really simple logic:

  • If only adds or changes → Automatically approve
  • If any destroys or rebuilds → Require manual approval

For more details on how I built that, see here.

However, every single time I presented this cool new thing to folks, I got the same questions back.

What if…


This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!

Hey all!

I’ve written a series of blogs about running an Azure DevOps Terraform CI/CD in an enterprise environment (for more info please see my profile). One item my business very much wanted, and which CI/CDs twist themselves up in knots to support is manual approvals for particular stages or steps.

For instance, say we want terraform plan to run automatically, and before terraform approval runs we want the environment owner to approval the run? …


This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!

Hey all!

Over the past few years, I’ve worked to build up a highly scalable and secure terraform CI/CD platform based on Azure DevOps for many internal teams. We now maintain 150+ terraform pipelines across both AWS and Azure (I keep hearing teams might require GCP, but none have demanded it yet!), with ~50 runs per day. That amounts to some serious computer, and a great deal of investment into our processes and technologies to keep…

Kyler Middleton

DevNetSecOps engineer, consultant, business owner, Pluralsight author. Fascinated with computer security and privacy policy. Teacher. They/Them.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store