This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!

Hey all!

I recently saw an opportunity for automation while working with a developer. The developer described their very manual process of building and testing docker containers. The process basically goes like this:

  1. Update any necessary files, scripts, Dockerfile, etc.
  2. Build the Dockerfile
  3. Tag the docker image
  4. Authenticate to the AWS Elastic Container Registry (ECR)
  5. Push the docker image to the ECR
  6. Go to the AWS console and run several AWS Batch (compute on demand) jobs…

Hey all!

Terraform has this great concept of “modules” which have a ton of uses. One of the most common is to have a resource-specific module that builds a resource with the required security and operational settings your org has standardized on. That lets your module receive just the bare minimum of values (making life easier for developers), and still building things appropriately and securely.

Terraform’s behavior with most resources and calls works well in this way, but interestingly, AWS EC2 is not in that list. There is a significant bug with how Terraform (and the AWS API) handles building…


This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!

Hey all!

I wrote a blog entry recently about a desire in my company to automate review and approval of terraform changes. I started out with really simple logic:

  • If only adds or changes → Automatically approve
  • If any destroys or rebuilds → Require manual approval

For more details on how I built that, see here.

However, every single time I presented this cool new thing to folks, I got the same questions back.

What if…


This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!

Hey all!

I’ve written a series of blogs about running an Azure DevOps Terraform CI/CD in an enterprise environment (for more info please see my profile). One item my business very much wanted, and which CI/CDs twist themselves up in knots to support is manual approvals for particular stages or steps.

For instance, say we want terraform plan to run automatically, and before terraform approval runs we want the environment owner to approval the run? …


This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!

Hey all!

Over the past few years, I’ve worked to build up a highly scalable and secure terraform CI/CD platform based on Azure DevOps for many internal teams. We now maintain 150+ terraform pipelines across both AWS and Azure (I keep hearing teams might require GCP, but none have demanded it yet!), with ~50 runs per day. That amounts to some serious computer, and a great deal of investment into our processes and technologies to keep…


This is a tech talk — a deep dive into how a project came together and was delivered. I talk about Smokeping — we’ve converted a Linux app into a fully CI/CD bootstrapped SaaS embedded in client networks.

Smokeping is basically a half-dozen open source technologies in a trench-coat, so automating and scaling it is a challenge of syncing tools. There’s some deep Linux coolness, Azure DevOps CI/CD coolness, and general strategy talk of why platforms, and our vision for the future.

I cover:
• What is Smokeping? Why Smokeping vs other tools?
• How does a Smokeping cluster work…


This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!

Hey all!

I’ve been working with Hashi’s open-source community recently to test out some patches for a long-standing issue with the Terraform AzureRM provider that broke every part of building and managing Azure FrontDoor resources on the Azure Cloud platform. I’ve written extensively about it, and a good write-up is here:

Part of helping test new patches is downloading branches of the Terraform provider in the public repo, building the binary executable for your architecture using…


This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!

Hey all!

I’ve recently been spending a lot of time figuring out the idiosyncratic world of Ansible AWX, the open-source leading edge of RedHat’s Tower product. AWX is a platform for running Ansible code, and it supports all sorts of great features:

  • Dynamic Inventories — It can talk to cloud providers directly and download, filter, and build targetable inventory groups of hosts that exist in those clouds.
  • Job templates and credential injection — Jobs can be…

This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!

Hey all!

This article will be focused on AWX dynamic inventories from Azure. If you need to work with AWS, check out this article:

In my last post we discussed what Ansible AWX/Tower is and how powerful it can be. We also went over how to build and deploy AWX to a local instance with Vagrant in less than 10 minutes.

So assuming you followed along, you now have a version of AWX running. Woot!

However…


tl;dr: Azure API bug renders Terraform helpless to manage FrontDoor and several other Azure services. Both companies publicly say they’re working on it. Meanwhile, customers are stuck. Read on for more details.

Update: After much pressure, Hashi has rolled back their patch that more stringently enforced case and caused this issue to be exposed to users. As of AzureRM provider release 2.40 this issue should be fixed. If it’s not please report back!

Update 2: Microsoft has now also released a patch to their API that ignores case on API requests. That missed the point a bit — it’s a…

Kyler Middleton

DevNetSecOps engineer, consultant, business owner, Pluralsight author. Fascinated with computer security and privacy policy. Teacher. He/They.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store