Simplifying Messy Conditions: Adaptive Models

Hello! Today we're getting into the thorns of programming. Beware cactus. 🌵 Years ago I found Martin Fowler's article on Adaptive Models. Adaptive models let you replace nests of conditions with a declaration of actions. That pattern has helped clean up my DevOps code a ton of times. Fowler is a better programmer than me. His … Continue reading Simplifying Messy Conditions: Adaptive Models →

How to Upgrade DevOps Code to Python 3

Python 2 is going away! It's time to upgrade. 🐍3️⃣ You shouldn't run anything in prod that's not actively supported. If there are security flaws you won't have a sure path to remediation. Start the upgrade now so you have time to finish before support ends. In DevOps you’re not usually writing much raw Python. … Continue reading How to Upgrade DevOps Code to Python 3 →

CloudFormation Gotcha: Numbers Are Strings

Good day! CloudFormation templates take parameters. There are several types. One of those types is Number. Here's a super-simple demo template: It just passes the CF param into an SSM param. It's a little funky that we can create an SSM param with type String from a CF param with type Number, but in CF all … Continue reading CloudFormation Gotcha: Numbers Are Strings →

Python DevOps Code error checking: lint with Pyflakes

Hello! For those unfamiliar with linting (static analysis), read Dan Bader's introduction. There are several linters for Python, but when I'm doing DevOps I use Pyflakes. I love the opening sentence of its design principals: Pyflakes makes a simple promise: it will never complain about style, and it will try very, very hard to never … Continue reading Python DevOps Code error checking: lint with Pyflakes →

CodePipeline: Python AWS Lambda Functions Without Timeouts

Hello! Today we're going to cover how to add Python AWS lambda functions to CodePipeline, and specifically how to do that without getting stuck in timeout loops you can't cancel. Copy/pastable code first, details below. Replace the two highlighted lines with the code you actually need to run in the pipeline. The commented raise is … Continue reading CodePipeline: Python AWS Lambda Functions Without Timeouts →

Securing AWS Security Groups: Restricting Egress Rules

Good afternoon! Today's article demonstrates a surprisingly easy way to tighten the network-layer permissions in an AWS VPC. (If you're in AWS but you're not in a VPC: 😡) Security Groups have ingress and egress rules (also called inbound and outbound rules). In most SGs, the egress rules allow all traffic to everywhere. You've probably seen … Continue reading Securing AWS Security Groups: Restricting Egress Rules →

How to Paginate in boto3: Use Collections Instead

Hello! When working with boto3, you'll often find yourself looping. Like if you wanted to get the names of all the objects in an S3 bucket, you might do this: But, methods like list_objects_v2 have limits on how many objects they'll return in one call (up to 1000 in this case). If you reach that … Continue reading How to Paginate in boto3: Use Collections Instead →

Better boto3 Error Handling: Stopping Silent Failures

Good morning! Today's post covers a pattern I use to increase my confidence that my infrastructure code is working. It turns silent errors into loud ones. I've handled plenty of code that runs without errors but still ends up doing the wrong thing, so I'm never really sure if it's safe to go to sleep … Continue reading Better boto3 Error Handling: Stopping Silent Failures →

CloudFormation: functions like ImportValue and GetAtt inside a Sub

Hello! In CloudFormation, I think !Sub is the best way to generate strings that contain dynamic values. It's better to interpolate, like this: Than to join, like this: Both are common solutions, ${SG} resolves to the same value as !Ref SG, but I think interpolation is the right tool here. Join is better for other … Continue reading CloudFormation: functions like ImportValue and GetAtt inside a Sub →

The New Project Manager’s Glossary: Cloud and DevOps

I often meet Project Managers who are new to the cloud or DevOps or sometimes new to software altogether. There's plenty of jargon in these spaces, and often definitions are hard to find. Quite a few folks have asked me to help define the jargon, so I decided to write it up. This is an opinionated … Continue reading The New Project Manager’s Glossary: Cloud and DevOps →