Tags
Read More
Read More
Read More
Read More
Read More
Read More
Read More
Read More
Read More
Read More
.editorconfig
The EditorConfig enables developers to define and maintain consistent coding styles between different editors and IDEs. It consists of a simple file format (.editorconfig) for defining coding styles such as tabs vs spaces. Most text editors support the format and adhere to defined styles. The config files are easily readable and they work nicely with version control systems.
.env
An Environment Variable is an an interface provided by nearly every OS to pass configuration information to a process.
12-factor
An Environment Variable is an an interface provided by nearly every OS to pass configuration information to a process.
ACL
Amazon’s IAM is a service that helps you securely control access to AWS resources.
agreement
This is our Contributor Covenant Code of Conduct.
alert escalations
An incident management platform that provides reliable incident notifications via email, push, SMS, and phone, as well as automatic escalations, on-call scheduling, and other functionality to help teams detect and fix infrastructure problems quickly.
audit logs
Read More
automated deployments
A process in which immutable code artifacts (E.g. packages, rpms, images, etc) are shipped to permanent storage and optionally deployed to an environment such as staging or production. This process is usually associated with “Continuous Deployment” or “Automated Deployment”
aws
Amazon Certificate Manager is a service that lets you easily provision, manage, and deploy TLS certificates for use with AWS services such as ELBs and CloudFront.
An Amazon Machine Image provides the information required to launch an EC2 instance, which is a virtual server in the Amazon public cloud.
Amazon’s Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources such as configurations with Parameter Store. Systems Manager simplifies resource and application management, shortens the time to detect and resolve operational problems, and makes it easy to operate and manage your infrastructure securely at scale.
aws-vault is a utility for securely managing secrets with AWS Systems Manager (SSM) Parameter Store and KMS
Chamber is a tool by Segment IO for managing secrets with AWS SSM+KMS and exposing them as environment variables.
Amazon CloudFront is a content delivery network (CDN) used to improve latency for end users by hosting cacheable content on distributed global edge locations.
Read More
Amazon CloudWatch is a monitoring service for AWS cloud resources and applications.
Amazon CloudWatch Logs is a central store for managing logs from AWS cloud resources and applications.
Amazon CodeBuild is a fully managed build service that compiles source code, runs tests, and produces software packages that are ready to deploy. With CodeBuild, you don’t need to provision, manage, and scale your own build servers.
Amazon CodeDeploy is a service that automates software deployments to AWS cloud resources.
Amazon CodePipeline is a continuous integration and continuous delivery service for fast and reliable application and infrastructure updates.
Read More
An ECS Service is a specified number (the “desired count”) of instances of an ECS Task simultaneously running in an Amazon ECS cluster.
An ECS Task is a JSON document that describes one or more containers, that form an application. It can be thought of as a blueprint for an application.
Amazon ECR is a fully managed Docker container registry to store, manage, and deploy Docker container images on AWS.
Amazon Elastic Beanstalk is an orchestration service offered from AWS for deploying infrastructure which orchestrates various services, including EC2, S3, ELB, SNS, CloudWatch, auto-scaling, auto-healing, and Elastic Load Balancers.
Goofys is a utility that implements S3-backed filesystems using FUSE.
HashiCorp Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers such as AWS as well as custom in-house solutions. Configuration files describe to Terraform the components needed to run a single application or your entire datacenter.
Amazon’s IAM is a service that helps you securely control access to AWS resources.
A managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses FIPS 140-2 validated hardware security modules to protect the security of your keys. A
Kops ships with geodesic and is the easiest way to get a production grade Kubernetes cluster up and running on AWS.
AWS serverless (functions as a service) offering.
The Amazon Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management.
Amazon Relational Database Service is a service that makes it easier to set up, operate, and scale a relational database in the cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks such as backups, restores, and automatic failover.
Amazon S3 is an object storage service with a simple web service interface and API capable of storing and retrieving any amount of data from anywhere on the web. It is designed to deliver 99.999999999% durability, and scale past trillions of objects worldwide.
An S3 bucket is a logical unit of storage in S3 that stores collections of objects.
Amazon Simple Notification Service is a fast, flexible, fully managed push notification service that lets you send individual messages or to fan-out messages to large numbers of recipients.
The many tools that make up the SweetOps approach
A Virtual Private Cloud is a logically isolated network within in AWS.
aws-cli
cli is common abbreviation for client and usually refers to some kind of command line tool.
bad practice
The act of performing systems administration and configuration by pointing and clicking on proprietary tools.
Wiki documentation driven operation processes.
bash
This is a common approach to installing various tools via a terminal prompt. You see this commonly done like so: curl example.com/install.sh | bash
This is a SweetOps pattern used to install tooling via a terminal prompt. The primary usage is in Geodesic, which looks like: docker run --rm cloudposse/geodesic:latest-debian | bash -s latest-debian
bastion
A bastion host is the only host permitted to be directly addressed via SSH from the internet.
Best Practices
Here are some of our tips for conducting Code Reviews the SweetOps way. If you haven’t already, become familiar with our Best Practices and Terraform Best Practices.
Use the “Suggest” feature as much as possible. This makes it quick and easy for the contributor to accept or dismiss the recommendations. Use proper markdown in suggestions (e.g. code blocks) Always be polite and appreciative of the contributions! Use emoticons to up-vote other comments (rather than +1 comments) Use ChatOps commands like /rebuild-readme or /terraform-fmt to fix common problems Use ChatOps commands like /test all, /test bats, /test readme, /test terratest to run integration tests Recommend changes to better conform to our best-practices.
We’ve written thousands of lines of Makefile. These are our best practices from the trenches.
Our opinionated best-practices for Terraform
best-practice
A build-harness is like a “test harness”. It provides reusable methods for building and deploying software.
Multifactor authentication is a security “Best Practice” of requiring more than one method to verify access credentials during authentication
Single sign-on (SSO) is an authentication system that allows a user to login to multiple applications with one set of credentials.
cattle
Read More
CDN
Amazon CloudFront is a content delivery network (CDN) used to improve latency for end users by hosting cacheable content on distributed global edge locations.
chamber
Amazon’s Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources such as configurations with Parameter Store. Systems Manager simplifies resource and application management, shortens the time to detect and resolve operational problems, and makes it easy to operate and manage your infrastructure securely at scale.
A managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses FIPS 140-2 validated hardware security modules to protect the security of your keys. A
The many tools that make up the SweetOps approach
change control
A formal process followed in order to make changes in a document, systematic process.
change Management
A formal process followed in order to make changes in a document, systematic process.
chartmuseum
A Chart Registry is responsible for storing and serving Helm chart packages (.tar.gz) to the helm tiller running in the kubernetes cluster.
CI/CD
Amazon CodeBuild is a fully managed build service that compiles source code, runs tests, and produces software packages that are ready to deploy. With CodeBuild, you don’t need to provision, manage, and scale your own build servers.
Codefresh is CI/CD as a service, built for containers with native support for Docker, Kubernetes and Helm.
A process in which immutable code artifacts (E.g. packages, rpms, images, etc) are shipped to permanent storage and optionally deployed to an environment such as staging or production. This process is usually associated with “Continuous Deployment” or “Automated Deployment”
A process in which code is automatically checked out from version control (e.g. git) and submitted to a battery of automated tests to ensure that the recent changes will not have adverse effects on the code base and product stability.
A sub-discipline of software engineering concerned with the compilation, assembly, and delivery of source code into finished products or other software components that are subsequently shipped to production
CI/code
Amazon CodePipeline is a continuous integration and continuous delivery service for fast and reliable application and infrastructure updates.
circleci
CI/CD is the practice of combining “Continuous Integration” with “Continuous Delivery” (aka “Continuous Deployment”)
cli
kubectl is a command line tool (cli) for running commands against Kubernetes clusters
clickops
The act of performing systems administration and configuration by pointing and clicking on proprietary tools.
Wiki documentation driven operation processes.
cloud native
The 12 Factor Pattern is a software methodology for building cloud-friendly (or cloud-native), scalable, maintainable applications that deploy easily on a Platform-as-a-Service (aka PaaS).
cloudposse
A subject-matter expert (SME) is a person who is an authority (domain expert) in a particular area or topic, which is referred to as the domain such as DevOps, Kubernetes, Terraform, etc.
cloudwatch
Amazon CloudWatch Logs is a central store for managing logs from AWS cloud resources and applications.
CMP
Read More
Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. Kubernetes builds upon 15 years of experience of running production workloads at Google, combined with best-of-breed ideas and practices from the community.
code style
The EditorConfig enables developers to define and maintain consistent coding styles between different editors and IDEs. It consists of a simple file format (.editorconfig) for defining coding styles such as tabs vs spaces. Most text editors support the format and adhere to defined styles. The config files are easily readable and they work nicely with version control systems.
codebuild
Amazon CodePipeline is a continuous integration and continuous delivery service for fast and reliable application and infrastructure updates.
CI/CD is the practice of combining “Continuous Integration” with “Continuous Delivery” (aka “Continuous Deployment”)
codefresh
CI/CD is the practice of combining “Continuous Integration” with “Continuous Delivery” (aka “Continuous Deployment”)
The ability to run complete, disposable apps on Kubernetes for Staging and Development.
codepipeline
Amazon CodeBuild is a fully managed build service that compiles source code, runs tests, and produces software packages that are ready to deploy. With CodeBuild, you don’t need to provision, manage, and scale your own build servers.
CI/CD is the practice of combining “Continuous Integration” with “Continuous Delivery” (aka “Continuous Deployment”)
Component
Every Terraform configuration has at least one module, known as its root module, which consists of the resources defined in the .tf files in the main working directory. Root modules are the terraform configuration that we actually apply and have terraform state.
config
YAML (or YAML Ain’t Markup Language) is a human-readable data-serialization language.
configuration
YAML (or YAML Ain’t Markup Language) is a human-readable data-serialization language.
configuration management
The imperative approach focuses on how precisely the infrastructure should be defined.
Container Management Platform
Read More
curl
This is a common approach to installing various tools via a terminal prompt. You see this commonly done like so: curl example.com/install.sh | bash
curl-bash
This is a common approach to installing various tools via a terminal prompt. You see this commonly done like so: curl example.com/install.sh | bash
This is a SweetOps pattern used to install tooling via a terminal prompt. The primary usage is in Geodesic, which looks like: docker run --rm cloudposse/geodesic:latest-debian | bash -s latest-debian
Database
Amazon Relational Database Service is a service that makes it easier to set up, operate, and scale a relational database in the cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks such as backups, restores, and automatic failover.
dev
One of the phases in the SDLC whereby software is deployed to an environment. Common stages are “Production”, “Staging”, “QA” or “Development”
Development
Here are some of our tips for conducting Code Reviews the SweetOps way. If you haven’t already, become familiar with our Best Practices and Terraform Best Practices.
Use the “Suggest” feature as much as possible. This makes it quick and easy for the contributor to accept or dismiss the recommendations. Use proper markdown in suggestions (e.g. code blocks) Always be polite and appreciative of the contributions! Use emoticons to up-vote other comments (rather than +1 comments) Use ChatOps commands like /rebuild-readme or /terraform-fmt to fix common problems Use ChatOps commands like /test all, /test bats, /test readme, /test terratest to run integration tests Recommend changes to better conform to our best-practices.
A sandbox environment is a place where developers can play around with new technologies without risk of impacting staging or production environments.
DevOps
Cloud Posse is a DevOps Accelerator
A subject-matter expert (SME) is a person who is an authority (domain expert) in a particular area or topic, which is referred to as the domain such as DevOps, Kubernetes, Terraform, etc.
docker
Docker Compose is a tool for defining and running multi-container Docker applications. Typically used for local development.
A docker image is a self-contained, layered archive containing an application and all of its OS dependancies and is the artifact of running a docker build. The image is what gets stored in a docker registry.
A Docker registry is a place to store and distribute Docker images.
Here’s a collection of some nice little hacks for docker.
A Dockerfile is a lightweight DSL that contains all the commands a user could call on the command line to assemble an image in order to run an application.
Amazon ECR is a fully managed Docker container registry to store, manage, and deploy Docker container images on AWS.
Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. Kubernetes builds upon 15 years of experience of running production workloads at Google, combined with best-of-breed ideas and practices from the community.
A container that performs other duties that are related to our main application but shouldn’t be directly built into that application.
This is a SweetOps pattern used to install tooling via a terminal prompt. The primary usage is in Geodesic, which looks like: docker run --rm cloudposse/geodesic:latest-debian | bash -s latest-debian
Docker Hub
A Docker registry is a place to store and distribute Docker images.
docker image
Geodesic is an interactive command-line shell which bundles all essential open source cloud orchestration tools needed administer clusters from the command line. The only dependency is that docker is installed. The tools provided include kops, terraform, eb cli, aws cli, etc
docker-bash
This is a SweetOps pattern used to install tooling via a terminal prompt. The primary usage is in Geodesic, which looks like: docker run --rm cloudposse/geodesic:latest-debian | bash -s latest-debian
Dockerfile
The imperative approach focuses on how precisely the infrastructure should be defined.
docs
Wiki documentation driven operation processes.
documentation
Wiki documentation driven operation processes.
dotenv
An Environment Variable is an an interface provided by nearly every OS to pass configuration information to a process.
Duo
Multifactor authentication is a security “Best Practice” of requiring more than one method to verify access credentials during authentication
Single sign-on (SSO) is an authentication system that allows a user to login to multiple applications with one set of credentials.
EC2
An Amazon Machine Image provides the information required to launch an EC2 instance, which is a virtual server in the Amazon public cloud.
ECR
A Docker registry is a place to store and distribute Docker images.
ecs
Read More
The ECS Agent is a component of Amazon Elastic Container Service (ECS) and is responsible for managing containers on behalf of Amazon ECS.
An ECS Service is a specified number (the “desired count”) of instances of an ECS Task simultaneously running in an Amazon ECS cluster.
An ECS Task is a JSON document that describes one or more containers, that form an application. It can be thought of as a blueprint for an application.
environment
One of the phases in the SDLC whereby software is deployed to an environment. Common stages are “Production”, “Staging”, “QA” or “Development”
environment variables
Chamber is a tool by Segment IO for managing secrets with AWS SSM+KMS and exposing them as environment variables.
fluentd
Amazon CloudWatch Logs is a central store for managing logs from AWS cloud resources and applications.
formatting
The EditorConfig enables developers to define and maintain consistent coding styles between different editors and IDEs. It consists of a simple file format (.editorconfig) for defining coding styles such as tabs vs spaces. Most text editors support the format and adhere to defined styles. The config files are easily readable and they work nicely with version control systems.
fuse
Goofys is a utility that implements S3-backed filesystems using FUSE.
Geodesic
Geodesic is an interactive command-line shell which bundles all essential open source cloud orchestration tools needed administer clusters from the command line. The only dependency is that docker is installed. The tools provided include kops, terraform, eb cli, aws cli, etc
A geodesic module is a docker image that extends the geodesic base image and implements functions specific to that stage or account.
A geodesic shell is an invocation of a geodesic module. Said differently, it’s when you run a geodesic docker image and enter into the bash shell.
Kops ships with geodesic and is the easiest way to get a production grade Kubernetes cluster up and running on AWS.
The many tools that make up the SweetOps approach
git
A small collection of helpful hints
GNUMakefile
The many tools that make up the SweetOps approach
goofys
FUSE stands for Filesystem in Userspace and is an interface that allows developers to implement custom filesystems without requiring complex kernel modules.
S3FS refers both to an application, script and the concept of mounting a remote S3 bucket as a local filesystem.
Single sign-on (SSO) is an authentication system that allows a user to login to multiple applications with one set of credentials.
HashiCorp
HashiCorp Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers such as AWS as well as custom in-house solutions. Configuration files describe to Terraform the components needed to run a single application or your entire datacenter.
HCL
HCL is HashiCorp’s configuration language used in multiple products, but most notably in terraform.
helm
cli is common abbreviation for client and usually refers to some kind of command line tool.
A Helm Chart is a package that defines all the kubernetes resources necessary for deploying an application to kubernetes.
Infrastructure as Code (IaC) is the process of managing/provisioning Infrastructure as a Service (IaaS) using machine-readable definition files (usually DSLs), rather than rely on humans doing physical/manual hardware configuration.
The many tools that make up the SweetOps approach
helm chart
The many tools that make up the SweetOps approach
helm charts
Helm is one of the predominant package managers for kubernetes which is used for installing applications on the cluster.
helm manifest
The imperative approach focuses on how precisely the infrastructure should be defined.
helmfile
The declarative approach focuses on the desired outcome, but doesn’t expose any method to influence how that outcome is achieved.
Helm is one of the predominant package managers for kubernetes which is used for installing applications on the cluster.
A Helm Chart is a package that defines all the kubernetes resources necessary for deploying an application to kubernetes.
The many tools that make up the SweetOps approach
helmfile.yaml
The declarative approach focuses on the desired outcome, but doesn’t expose any method to influence how that outcome is achieved.
heroku
The 12 Factor Pattern is a software methodology for building cloud-friendly (or cloud-native), scalable, maintainable applications that deploy easily on a Platform-as-a-Service (aka PaaS).
IaaC
HashiCorp Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers such as AWS as well as custom in-house solutions. Configuration files describe to Terraform the components needed to run a single application or your entire datacenter.
IaaS
Infrastructure as Code (IaC) is the process of managing/provisioning Infrastructure as a Service (IaaS) using machine-readable definition files (usually DSLs), rather than rely on humans doing physical/manual hardware configuration.
IaC
Infrastructure as Code (IaC) is the process of managing/provisioning Infrastructure as a Service (IaaS) using machine-readable definition files (usually DSLs), rather than rely on humans doing physical/manual hardware configuration.
The many tools that make up the SweetOps approach
IAM
aws-vault is a utility for securely managing secrets with AWS Systems Manager (SSM) Parameter Store and KMS
IAP
BeyondCorp is an enterprise security model pioneered by Google that enables every employee to work from untrusted networks without the use of a VPN. One critical component is an Identity Aware Proxy.
Identity Aware Proxy
BeyondCorp is an enterprise security model pioneered by Google that enables every employee to work from untrusted networks without the use of a VPN. One critical component is an Identity Aware Proxy.
installer
The many tools that make up the SweetOps approach
jenkins
CI/CD is the practice of combining “Continuous Integration” with “Continuous Delivery” (aka “Continuous Deployment”)
jq
jq is a Go-based command line tool for JSON that supports standard CRUD operations.
yq is a Go-based command line tool for YAML that supports standard CRUD operations.
jumpcloud
Single sign-on (SSO) is an authentication system that allows a user to login to multiple applications with one set of credentials.
jumphost
A bastion host is the only host permitted to be directly addressed via SSH from the internet.
k8s
Helm is one of the predominant package managers for kubernetes which is used for installing applications on the cluster.
A Helm Chart is a package that defines all the kubernetes resources necessary for deploying an application to kubernetes.
Kops ships with geodesic and is the easiest way to get a production grade Kubernetes cluster up and running on AWS.
The many tools that make up the SweetOps approach
KMS
Amazon’s Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources such as configurations with Parameter Store. Systems Manager simplifies resource and application management, shortens the time to detect and resolve operational problems, and makes it easy to operate and manage your infrastructure securely at scale.
Chamber is a tool by Segment IO for managing secrets with AWS SSM+KMS and exposing them as environment variables.
A managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses FIPS 140-2 validated hardware security modules to protect the security of your keys. A
The many tools that make up the SweetOps approach
kops
cli is common abbreviation for client and usually refers to some kind of command line tool.
kops manifest
The imperative approach focuses on how precisely the infrastructure should be defined.
kubectl
cli is common abbreviation for client and usually refers to some kind of command line tool.
Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. Kubernetes builds upon 15 years of experience of running production workloads at Google, combined with best-of-breed ideas and practices from the community.
kubernetes
Read More
An Ingress Controller is a native resource type in Kubernetes that functions like a Layer 7 Load Balancer (e.g. HTTP Load Balancer) to route requests to various backend services based on incoming hostname (e.g. Host header) and request path (e.g. /foo).
kubectl is a command line tool (cli) for running commands against Kubernetes clusters
Kops ships with geodesic and is the easiest way to get a production grade Kubernetes cluster up and running on AWS.
A container that performs other duties that are related to our main application but shouldn’t be directly built into that application.
kubernetes jobs
A container that performs other duties that are related to our main application but shouldn’t be directly built into that application.
kubernetes manifest
The imperative approach focuses on how precisely the infrastructure should be defined.
Layer 1
OSI is a conceptual model consisting of 7 abstraction layers that represent the various functions of a computing system without regard to its underlying internal structure and technology.
Layer 2
OSI is a conceptual model consisting of 7 abstraction layers that represent the various functions of a computing system without regard to its underlying internal structure and technology.
Layer 3
OSI is a conceptual model consisting of 7 abstraction layers that represent the various functions of a computing system without regard to its underlying internal structure and technology.
Layer 4
OSI is a conceptual model consisting of 7 abstraction layers that represent the various functions of a computing system without regard to its underlying internal structure and technology.
Layer 5
OSI is a conceptual model consisting of 7 abstraction layers that represent the various functions of a computing system without regard to its underlying internal structure and technology.
Layer 6
OSI is a conceptual model consisting of 7 abstraction layers that represent the various functions of a computing system without regard to its underlying internal structure and technology.
Layer 7
OSI is a conceptual model consisting of 7 abstraction layers that represent the various functions of a computing system without regard to its underlying internal structure and technology.
license
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
load balancer
The “Application Layer” (e.g. HTTP)
logmein
Single sign-on (SSO) is an authentication system that allows a user to login to multiple applications with one set of credentials.
make
We’ve written thousands of lines of Makefile. These are our best practices from the trenches.
The many tools that make up the SweetOps approach
makefile
We’ve written thousands of lines of Makefile. These are our best practices from the trenches.
The many tools that make up the SweetOps approach
manifest
The imperative approach focuses on how precisely the infrastructure should be defined.
mesos
Read More
Module
Every Terraform configuration has at least one module, known as its root module, which consists of the resources defined in the .tf files in the main working directory. Root modules are the terraform configuration that we actually apply and have terraform state.
monitoring
Pingdom is a service that tracks the availability (e.g. uptime & downtime) as well as the performance of websites.
Synthetic monitoring is a style of monitoring that attempts to closely emulate the behavior of an end-user.
monorepo
Monorepo refers to a strategy of storing all code for possibly unrelated applications within the same source code repository.
Polyrepo describes an approach of using multiple, independent source code repositories that are independently versioned and controlled.
okta
Single sign-on (SSO) is an authentication system that allows a user to login to multiple applications with one set of credentials.
on-call
An incident management platform that provides reliable incident notifications via email, push, SMS, and phone, as well as automatic escalations, on-call scheduling, and other functionality to help teams detect and fix infrastructure problems quickly.
open publication license
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
open-source
This is our Contributor Covenant Code of Conduct.
opl
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
OSI
The “Application Layer” (e.g. HTTP)
PaaS
Amazon Elastic Beanstalk is an orchestration service offered from AWS for deploying infrastructure which orchestrates various services, including EC2, S3, ELB, SNS, CloudWatch, auto-scaling, auto-healing, and Elastic Load Balancers.
password management
The many tools that make up the SweetOps approach
pattern
This is a common approach to installing various tools via a terminal prompt. You see this commonly done like so: curl example.com/install.sh | bash
This is a SweetOps pattern used to install tooling via a terminal prompt. The primary usage is in Geodesic, which looks like: docker run --rm cloudposse/geodesic:latest-debian | bash -s latest-debian
pki
Amazon Certificate Manager is a service that lets you easily provision, manage, and deploy TLS certificates for use with AWS services such as ELBs and CloudFront.
pods
A container that performs other duties that are related to our main application but shouldn’t be directly built into that application.
polyrepo
Monorepo refers to a strategy of storing all code for possibly unrelated applications within the same source code repository.
Polyrepo describes an approach of using multiple, independent source code repositories that are independently versioned and controlled.
prod
One of the phases in the SDLC whereby software is deployed to an environment. Common stages are “Production”, “Staging”, “QA” or “Development”
Pull Request
A process of reviewing Pull Requests to enable collaboration between team members, improves code quality/stability through creation of alternative solutions to problems, increase transparency through proof of work, increases team awareness by involvement, and improves business continuity through knowledge transfer.
qa
A process in which code is automatically checked out from version control (e.g. git) and submitted to a battery of automated tests to ensure that the recent changes will not have adverse effects on the code base and product stability.
s3
Goofys is a utility that implements S3-backed filesystems using FUSE.
An S3 bucket is a logical unit of storage in S3 that stores collections of objects.
The many tools that make up the SweetOps approach
s3fs
FUSE stands for Filesystem in Userspace and is an interface that allows developers to implement custom filesystems without requiring complex kernel modules.
Goofys is a utility that implements S3-backed filesystems using FUSE.
An S3 bucket is a logical unit of storage in S3 that stores collections of objects.
SaaS
Infrastructure as Code (IaC) is the process of managing/provisioning Infrastructure as a Service (IaaS) using machine-readable definition files (usually DSLs), rather than rely on humans doing physical/manual hardware configuration.
SDLC
A process of reviewing Pull Requests to enable collaboration between team members, improves code quality/stability through creation of alternative solutions to problems, increase transparency through proof of work, increases team awareness by involvement, and improves business continuity through knowledge transfer.
A form of Change Control that uses Git as the system of record.
One of the phases in the SDLC whereby software is deployed to an environment. Common stages are “Production”, “Staging”, “QA” or “Development”
secrets
Chamber is a tool by Segment IO for managing secrets with AWS SSM+KMS and exposing them as environment variables.
A managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses FIPS 140-2 validated hardware security modules to protect the security of your keys. A
The many tools that make up the SweetOps approach
security
Read More
Amazon’s IAM is a service that helps you securely control access to AWS resources.
Multifactor authentication is a security “Best Practice” of requiring more than one method to verify access credentials during authentication
The many tools that make up the SweetOps approach
Selenium
Synthetic monitoring is a style of monitoring that attempts to closely emulate the behavior of an end-user.
semver
Semantic versioning (e.g. 1.0.3) is the most widely adopted scheme for assigning unique version numbers to software releases.
Software versioning is the most widely adopted scheme for assigning unique version version numbers to software releases.
Software development
A process of reviewing Pull Requests to enable collaboration between team members, improves code quality/stability through creation of alternative solutions to problems, increase transparency through proof of work, increases team awareness by involvement, and improves business continuity through knowledge transfer.
A form of Change Control that uses Git as the system of record.
The SDLC describes the process for planning, developing, testing, and deploying an application.
ssh
A bastion host is the only host permitted to be directly addressed via SSH from the internet.
SSM
Amazon’s Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources such as configurations with Parameter Store. Systems Manager simplifies resource and application management, shortens the time to detect and resolve operational problems, and makes it easy to operate and manage your infrastructure securely at scale.
Chamber is a tool by Segment IO for managing secrets with AWS SSM+KMS and exposing them as environment variables.
A managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses FIPS 140-2 validated hardware security modules to protect the security of your keys. A
The Amazon Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management.
The many tools that make up the SweetOps approach
SSO
Multifactor authentication is a security “Best Practice” of requiring more than one method to verify access credentials during authentication
staging
One of the phases in the SDLC whereby software is deployed to an environment. Common stages are “Production”, “Staging”, “QA” or “Development”
task runner
The many tools that make up the SweetOps approach
terraform
HCL is HashiCorp’s configuration language used in multiple products, but most notably in terraform.
Infrastructure as Code (IaC) is the process of managing/provisioning Infrastructure as a Service (IaaS) using machine-readable definition files (usually DSLs), rather than rely on humans doing physical/manual hardware configuration.
Our opinionated best-practices for Terraform
Every Terraform configuration has at least one module, known as its root module, which consists of the resources defined in the .tf files in the main working directory. Root modules are the terraform configuration that we actually apply and have terraform state.
A small collection of helpful hints
The many tools that make up the SweetOps approach
tfstate
The init-terraform script is a helper for configuring and then initializing terraform remote state in combination with the terraform-aws-tfstate-backend module.
Tips & Tricks
A small collection of helpful hints
tips-and-tricks
Here’s a collection of some nice little hacks for docker.
tls
Amazon Certificate Manager is a service that lets you easily provision, manage, and deploy TLS certificates for use with AWS services such as ELBs and CloudFront.
tool
We’ve written thousands of lines of Makefile. These are our best practices from the trenches.
tools
The many tools that make up the SweetOps approach
travisci
CI/CD is the practice of combining “Continuous Integration” with “Continuous Delivery” (aka “Continuous Deployment”)
Virtual Machine Image
An Amazon Machine Image provides the information required to launch an EC2 instance, which is a virtual server in the Amazon public cloud.
vpn
A Virtual Private Cloud is a logically isolated network within in AWS.
wiki
Wiki documentation driven operation processes.
yaml
The many tools that make up the SweetOps approach