Trying to deploy my app with Elasticbeanstalk

Hi guys, so I'm new to AWS and I'm trying to deploy my Django app with elastic-beanstalk. Right now I'm trying to create an environment with my terminal. The following commands I've used:

1. eb create; Then I choose the default environment name and DNS CNAME prefix. I also choose us-east-1(N virgina) for location
2. I choose application load balancer and No for spot fleet requests.

I then get this error;

WARNING: Insufficient IAM privileges. Unable to determine if instance profile 'aws-elasticbeanstalk-ec2-role' exists, assuming that it exists.
Creating application version archive "app-5537-221115164654825241".
Uploading django-blog-v2/app-5537-221115164654825241.zip to S3. This may take a while.
Upload Complete.
Environment details for: django-blog-v2-dev
Application name: django-blog-v2
Region: us-east-1
Deployed Version: app-5537-221115164654825241
Environment ID: e-vwmssiuvwt
Platform: arn:aws:elasticbeanstalk:us-east-1::platform/Python 3.8 running on 64bit Amazon Linux 2/3.4.1
Tier: WebServer-Standard-1.0
CNAME: django-blog-v2-dev.us-east-1.elasticbeanstalk.com
Updated: 2022-11-15 21:46:58.561000+00:00
Printing Status:
2022-11-15 21:46:57 INFO createEnvironment is starting.
2022-11-15 21:46:58 INFO Using elasticbeanstalk-us-east-1-347584916308 as Amazon S3 storage bucket for environment data.
2022-11-15 21:47:00 ERROR Unable to assign role. Please verify that you have permission to pass this role: aws-elasticbeanstalk-service-role.
2022-11-15 21:47:00 ERROR Failed to launch environment.

ERROR: ServiceError - Failed to launch environment.

I have two users, Administrator and django\user. I've tried adding multiple permissions/policies to both users but it's still not working. Anyone knows what to do.?

Administrator: https://imgur.com/MkUU3nR

django_user: https://imgur.com/FmR1mz5

users: https://imgur.com/DuDH7gV

aws-elasticbeanstalk-service-role: https://imgur.com/dy7ygoN

aws-elasticbeanstalk-ec2-role: https://imgur.com/y4Nzwo1

roles: https://imgur.com/yQRlLdg

current config.yml file: https://imgur.com/8pVhfXp

https://redd.it/ywbeda
@r_devops

Rapidly rising costs; bloated over-provisioned infra; and a lack of ownership of cloud expenses among IT teams are increasingly common issues. Did you know that FinOps is the answer to addressing these challenges? Read full blog here:

https://www.umbrellainfocare.com/blogs/finops-best-practices-to-manage-cloud

https://redd.it/z0udo8
@r_devops

Advise for someone going back to work after burnt out

Headed back to work after a month or two of a break. I definitely had a lot going on before leaving the last place (personal and work related) and unintentionally I realise I got burnt at the end of it.

Took sometime, went off digitals and eventually reset myself. Some of it also came from stopping my continuously studying and learning habits (as the grind must go on).

Moving forward my approach has been a bit direct and focus on industry I wanted work in, with team I want to be involved with and the technology I want to look at, so I can build up on my skills for my personal self that I have been practicing and building in my own time.

( My background is Sys Engineer moved to Development and looking after Site Reliability operations. I’m definitely not new to the space but haven’t grown enough grey hair yet)

However, I have just come back into the market and have found myself something good with great opportunity to learn and be involved in.

In this space, I have found learning is part of life, but it concerns me to end up in the same rabbit hole as I did before.

Any advise for someone who maybe had a similar experience or can relate?

https://redd.it/z0ubym
@r_devops

Awesome Black Friday & Cyber Monday Deals For Developers

Hey everyone,

I hope you guys are doing fine.

I'm sharing here some awesome black Friday deals for developers in 2022.

* [Themeselection Admin Templates & UI Kits- 30% Off Storewide](https://themeselection.com/)
* [WPRocket- 30% OFF](https://wp-rocket.iss.one/)
* [Vue School – Premium Vue.js Tutorials – 51% OFF](https://vueschool.io/sales/blackfriday?)
* [Weblium - 30% OFF](https://weblium.com/)
* [Pluralsight - 50% OFF](https://www.pluralsight.com/)
* [Laracast – 45% Off](https://laracasts.com/sales/black-friday)
* [SeedProd - 65% OFF](https://www.seedprod.com/black-friday/)
* [65% OFF on DataCamp Annual Plan](https://www.datacamp.com/promo/black-friday-2022)
* [Udemy Black Friday Deals 2021 Up to 90%](https://www.udemy.com/)

I hope you all find it helpful.

https://redd.it/z0xmg8
@r_devops

AppSec: How to gain full security code scanning coverage of all projects via CI/CD pipelines?

I work for a large old company with over 1000 projects (or apps), projects are split into different domains in Azure DevOps and a bit scattered in GitHub. Currently, we have about 10 percent of projects going through our scanning tools via CI/CD pipeline. We are currently trying to enforce any projects going live to meet our vulnerabilities pass criteria (e.g. public app needs to have all high and mediums fixed, etc). This is a priority, we cannot have any public apps that are not security scanned as it poses a threat to our company. Is there a way to force this in ADO?

How do we ensure complete coverage of all apps, what can we do to enforce developers/devops to add our security tooling into their pipeline and what do you do in your organisation?

https://redd.it/z0xug5
@r_devops

Cyber Threat Advisories Study (Tufts University & University of Edinburgh)

Hello r/devops we need your help!!


I (researcher from University of Edinburgh) am working with a PhD student and their advisor from the Tufts Security & Privacy Lab, and we are conducting a survey to understand where organizations get information about potential cyber threats (i.e Vulnerabilities or even Patching Information). After discussing with a moderator of this community we have been allowed to post here and would love to have your input! We will share any publications that come out of this work with the communities that allow us to post :)


We want to know where you go for this information and what you think of your sources. Our goal is to improve how information about potential cyber threats is communicated, which will make warnings more effective and reduce alert fatigue. The survey will ask where you get cyber threat information and how useful you perceive certain sources to be, along with a couple general questions about your organization’s sector.

You are eligible to take the survey if you manage the security of computer systems (for example, applying security patches) or have held such a job in the last 2 years. Respondents currently located in Mainland China are not eligible. (Respondents in Hong Kong SAR, Macao SAR, or Taiwan are eligible.)

Survey respondents can choose to enter their email address in a raffle to win one of 30 $100 Amazon.com gift cards. We will protect the privacy and confidentiality of any information shared on the survey with the utmost of our abilities. You can see more information about the survey here - https://tsp.cs.tufts.edu/cybersecurity-advisory/


If you are interested, go to https://tufts.qualtrics.com/jfe/form/SV\_e4c9iqHdLJUjRfE to complete the survey. Please contact us at ir\[email protected] if you have any questions about the study and I will also answer any questions I can on this post!

Additionally - please do share this post/survey with any other admins/security personel who work in Vulnerability and Patch Management.

Thank you again for any participation and help given!

https://redd.it/z0z76w
@r_devops

Aws or azure in 2022

hey guys my ccna exam is at the end of this month.
And now that I’m getting the foundation of my networking I want to understand cloud networking next.

I was full steam ahead for getting AWS SAA-03 but a older coworker stated the azure is on the come up, and aws is out is that actually true?
I just don’t want to waste time is all.

https://redd.it/z0zn0q
@r_devops

Deploying in Prod right before the holidays

Anyone have their employer tell you to deploy a new cluster environment in Prod the day before Thanksgiving or Christmas? How'd that go?

https://redd.it/z102lo
@r_devops

I created a open source secrets manager, check it out!

Read through some pain points regregarding secrets managers on this sub. I created a secrets manager to hopefully alleviate some these pain points. Give it a try! https://github.com/Infisical/infisical

https://redd.it/z14z7z
@r_devops

Taking a Month off, what would be a something worth learning / reading to become a tad bit better?

Hi everyone,
I am taking the month of December off (official 30 day vacation that needs to be taken in the working year) and I am heading back home with no huge travel agenda on the books.

Within this year, I was able to bring some paradigm shifts at my employer using DevOps/IaC tools like:

- Hashicorp Packer, Vagrant
- Ansible
- QEMU
- Docker / Compose

The tools above are what are used on a day-to-day basis for the company I work, which is NOT about cloud, but rather more into developing its own hardware for industries.

I really do like DevOps in general, and would like to spend some nominal time in my vacation to explore other tools that may help me grow a bit professionally.

Some recommendations for light reading / new tech learning over a couple of hours a day with some coffee would be highly appreciated.

https://redd.it/z166ge
@r_devops

Options for Smaller Scale CI/CD?

To give some background

I am in a small development team (<5) working for an ecommerce company. We sell product on many sites (Amazon, Walmart, Wayfair, etc..).

The majority of the development work is connecting our ERP with these systems. These take the form of scheduled jobs to do things like check for new orders, upload inventory, etc...
We also develop a variety of internal tools in the form of sites that are designed to make certain tasks easier for users (think uploading products into our ERP, a simplified interface for creating orders, etc..).

Current Setup

We use GitHub for version control but other than that we don't have any kind of CI/CD.
Servers are VMs hosted in Azure.
Our jobs are scheduled via Task Scheduler and logs are sent to a Graylog server for debugging.
We use gRPC and Proto definitions to communicate between programs where needed. Our programs do not directly interact with our ERP. Instead we have several gRPC services that implement this behavior.

The Issue

The lack of CI/CD has presented a few issues with control over the deployment of code, a mismatch of what is live and what is in GitHub, and an overall lack of visibility.

What I've Looked Into

I've already decided that dockerizing our applications and services is the way I want to go. There's plenty of benefits so I don't want to rehash why they're a good idea.

Kubernetes: I believe this is overkill for our situation. We do not need to scale up/down or break our services down into a large amount of microservices. To host and maintain it alone would take away valuable development time.
Azure Container Instances, Azure Container Apps, Azure Kubernetes Services: I am actually a fan of Azure Container Apps. I was able to setup CI/CD with GitHub Actions and use dapr for service-to-service calls. However, they are relatively expensive and there is no method of scheduling the invocation of these docker applications for our batch applications.
Nomad: I've seen nomad mentioned as an alternative to Kubernetes in smaller deployments. It also has the ability to schedule jobs. However, I still found it rather complicated for our kind of development needs.
Rundeck: This is definitely simpler than anything above, but I don't know if it is really applicable to the kind of setup I am trying to create. I could be mistaken, however.

If anyone has any insight I'd love to hear! Or if there is any clarifications needed, I'd be happy to elaborate.

https://redd.it/z0zwpt
@r_devops

For someone trying to get into devops, how can you showcase your skills that you learned?

I apologize in advance if this question has been asked but I’m stuck on how to how to properly learn everything in the world of devops. I know the topics I need to learn in order to become proficient in DevOps however what do i do after each topic? let’s say learning Docker.

Do I create docker specific projects and upload on git? Do I move on and learn kubernetes? Can I add the fact that I know how to use Docker after watching a 3 hour course on youtube?

I’m genuinely curious as my overall goal to prove to the recruiter in the future, that I’ve learned and am ready to help the company automate their development points. I’d like to understand what is the next best course of action after learning a skill on DevOps.

Thanks in advance.

https://redd.it/z1bv8m
@r_devops

My DevOps Engineer Title Problem Canada

Hey, I need to explain what I am in. I studied 3 years of computer engineering in my origin country but I couldn't get my diploma. I left just 3 courses to finish my engineering degree and I completed 4 months of internship too. My university doesn't accept transfer credit for their computer engineering program. After that, I start to study computer science in Canada, and I got an internship. I working there for almost one year. I used the DevOps Engineer title in my Linkedin profile since 2018. Right now, my boss told me you cannot use the Engineer term in my job title. You should have studied a computer engineering program to get this title. There is no other title (You can search in google "What is difference between Devops Engineer and Devops Developer).

I know they want to pay less due to my degree is not in engineering when I graduate. Also, my teammate and I are doing the same jobs, and they want to separate our hierarchy and salary for this reason. Also, my team mates wants that but I don't want that. Can you give me an idea of what I should do? I forgot to add, I am working and studying at the same time. It's getting stressful to tell you that at my final exam time.

https://redd.it/z1chwq
@r_devops

Makefiles vs. Bash Scripts

Hey all, first time posting in this community.

When working with a compiled language and using Makfiles, how much of your local development environment do you throw in there? Like for instance, do you typically also have dedicated bash scripts to handle things like logging, or do you just write those directly into the Makefile to keep them behind a single interface? Are you calling bash scripts that call the makefile, or vise-versa, and how are you making those decisions?

I could see the Makefile getting really large and I'm curious when you decide to throw scripts in there, or any command-line interface really, versus in a bash script or another helper binary.

I've been in shops that keep all these little local utilities in a /bin folder at the root of the project; was curious what other folks are doing. Thanks!

https://redd.it/z1eegq
@r_devops

Is centos still in use?

I am doing some practices in some vm and i want to know if companies will still using centos, o are they migrating to other plataforms as Rocky Linux o ubuntu server?. in my last company we were using centos 7, but right now i have not idea if is more convenience start to using Rocky Linux instead

https://redd.it/z1brdh
@r_devops

Review->Stage->Prod deployment strategies for teams with multiple devs

This feels like such a simple thing, but I’m having a hard time finding the best practice(s) online.

I’m trying to set up my team with a Trunk-Based Dev approach. We have a main branch that automatically deploys to a staging environment , and we can also trigger manual deploys from our main branch to our prod environment.

Our team has three devs, and I’m already struggling with scaling up our workflow.

Example, let’s say devs #2 and #3 have feature branches merged into main that are ready for deploy, but my work hasn’t been QA’d yet and/or requires manual review before getting deployed. What am I supposed to be doing in order to not be holding the other devs’ work back? Merge in-progress work into a separate dev branch/server for review? Or some other workflow that I’m not thinking of?

We’re already running into scaling issues with a small team (mostly due to a lack of conceptual understanding of DevOps/CICD on my part). How do teams with hundreds/thousands of developers do what I imagine is a fairly simple workflow?

https://redd.it/z1gg45
@r_devops

Have you ever used Python in your daily tasks as DevOps? if so, how?

Is it worth learning it!? Or just Google it if necessary

https://redd.it/z1bh5r
@r_devops

open-source ML-based WAF add-on for NGINX/NGINX Ingress

https://github.com/openappsec/openappsec

https://redd.it/z1avgh
@r_devops

Brainstorm

I have this use can that I want to publish test reports from Gitlab to s3 so authorized people can get sns notification and go to s3 and see the report. This is the current flow I implemented but I feel it’s still need something maybe like cloud front distribution for these index.html to review reports in static website but not sure how the arrangement will be of the htmls .. even if I add time stamps it feels missing something

https://redd.it/z1j1af
@r_devops

Is “Platform Engineering” the new kid on the block?

Tailwinds take on platform engineering. Pls, read thro', looking forwarding hearing from you

https://www.linkedin.com/pulse/platform-engineering-new-kid-block-tailwinds-ai

https://redd.it/z1o1sl
@r_devops

Looking for an artifact store for generic assets, rather than specially-formatted packages or containers. Thinking maybe ORAS, but wondering if there are other options.

I'm looking for a way to store build artifacts that are completely arbitrary; just binaries or frontend assets that don't conform to any particular standard. I can just throw them in a bucket store, of course -- that's what I'm doing right now -- but that seems wasteful when so many of the assets don't change on most builds.

I really like how this works with container registries -- content-addressed storage organized by tags. So oras.land seems like a really appealing solution: it uses the registries we already work with and has the exact same tagging capabilities. It doesn't seem like it's used much, though, so I'm curious if there's something else most people use to solve this problem. Or maybe I'm just overthinking it and most people throw their builds in S3 and don't worry about the storage costs?

https://redd.it/z1olcx
@r_devops