4 tips

The power of ECR's Pull-Through Caching Feature

I actually wasn't aware of how cool ECR's pull-through caching ability was until quite recently.

I was generally aware that it was a neat way to save on egress costs and speeding up build times, but what I did not know was that, once your cache is first seeded, ECR will look for updates to that tag every 24 hours. Nothing needs to be done on your end. The tag simply gets updated in the cache, and your workloads can pull from it entirely over the AWS network (e.g., using an ECR VPC endpoint).

Man, you gotta love when AWS really does make it simple.

awsclouddevopscontainersecr

Your Call to Refactor your Terraform

Sick of poorly named Terraform resources, but don't want to write out a bunch of terraform state mvs? No problem! Terraform's moved blocks will sort you right out.

They've been a thing for a while, but I don't see them used enough. I was under the illusion for the longest time that you need to persist them in order for the address move to remain in place (and that misconception dissuaded me from using them for ages), but that's not the case at all! You can chuck one in, apply your Terraform, and remove it! You can even move entire modules with them at once.

Ah, sorry. Guess I just swept away your excuse not to refactor that horrific Terraform module you've been putting off, huh? 😝

terraformdevopscodingiac

Terraform Design Patterns: Data Modules

You know what Terraform design pattern I don't see enough of?

Data modules.

Just in the way that you have read-only data blocks, in contrast to resource blocks, which provision resources β€” who says modules always need to provision resources either? A "data" module can be used to share configs, metadata, and other reusable information across complex, distributed architectures. For example, all of the IP addresses you'd like to trust in firewalls across all the systems you manage. You can even use them for reusing complex logic/calculations, as I did for my RFC 1918 CIDR checker (very cool; check it out; shameless plug).

It's a surprisingly underrated means of DRYing up your Terraform.

terraformdevopscodingiac

CloudWatch Log Subscription Filter Limits!

Did you know you can only have up to two log subscription filters per log group on AWS? Came as a surprise to me.

To those with sanity: split out your log groups at the producer. To those without: I hacked together a "demux" Lambda for splitting your measly 2 subscription filters into as many as you want, and you can find it on my GitHub here.

Yes, I'm a psychopath.

awscloudwatchlogging