I use a couple tools to make it easier for me to get work done:
-
cliv. This installs all my typical Ops tools that aren't packaged by my Linux distribution. This also allows me to switch versions of any tool at any time, either by specifying a particular version of a tool, or by pinning a version in a
.COMMAND-versions
file. No need fortfenv
. -
terraformsh. This wrapper for Terraform makes it much easier to manage lots of environments and run common Terraform commands. It's simpler than TerraGrunt and still allows me to keep my code and configs DRY.
-
terraformer. I use this tool whenever there's a legacy AWS, Azure, New Relic, etc cloud infrastructure that isn't managed by Terraform yet. I dump all the files, edit them to connect the resources together / link dependencies, and commit them to a repo and start managing the infrastructure as code.
-
Git. Kinda hard not to use Git these days, eh?
-
saml2aws. At work we use SAML to authenticate to AWS and generate temporary credentials, and this is the best tool for the job.
-
GnuPG. I keep a master GPG key used to sign Git commits, keep my SSH private keys, and secure my
pass
store. -
pass. I use this to store my passwords/keys/etc. Combined with GnuPG and Git, I can keep an encrypted store of passwords and sync them, version-control them. Combined with
saml2aws
andaws-cli
, this becomes the System Keychain used to store mysaml2aws
username/password used to generate credentials foraws-cli
. -
aws-cli. Command-line interface to AWS. I use the following config to automatically authenticate via
saml2aws
when my credentials expire.[profile org-product-dev] output = json credential_process = saml2aws login --skip-prompt --quiet --credential-process --role DEV-ROLE-ARN-HERE --profile org-product-dev-saml2aws [profile org-product-prod] output = json credential_process = saml2aws login --skip-prompt --quiet --credential-process --role PROD-ROLE-ARN-HERE --profile org-product-prod-saml2aws
-
docker. Anything I do "for work" gets automated eventually, and I use Docker containers to create a single environment so I can run this work from some CI/CD tool. Deploys, troubleshooting tools, dev tools, etc all get kept in and run from a container. The actual code is kept in Git repositories and either volume-mounted into or checked-out from the container.