PowerShell DSC In Vagrant

I work mostly on Apple Mac OS X. I've also been writing a lot of Windows automation, and that means PowerShell DSC. PSDSC doesn't work on OS X yet, and even once it does I won't be able to test Windows-only resources. To test my configurations, I use Vagrant boxes. It took a little fiddling … Continue reading PowerShell DSC In Vagrant →

PowerShell Install-Module: Use Install-Package Instead

Hello! When I restarted in the Windows ecosystem, I was installing PowerShell modules like this: This is similar to installing a Python package with pip in Linux: Install-Module installs PSDscResources from the PowerShell Gallery. Pip installs Ansible from PyPI. Like the Linux ecosystem, the Windows ecosystem has several package databases. The PS Gallery I linked … Continue reading PowerShell Install-Module: Use Install-Package Instead →

Which PowerShell DSC Resources Module To Import

Hello! These three modules all implement various PowerShell DSC resources: PSDesiredStateConfiguration xPSDesiredStateConfiguration PSDscResources That gives us three top-level Import-DSCResource lines we could use in configurations (check out this article for an in-context example): Here are the differences: PSDesiredStateConfiguration is the built-in module that ships in Windows as part of PowerShell 4.0. xPSDesiredStateConfiguration is an experimental version of … Continue reading Which PowerShell DSC Resources Module To Import →

Don’t Import requests From botocore.vendored

Hello! I've seen this anti-pattern scattered around plenty DevOps code, especially in AWS lambda functions: Vendoring libraries like requests into other libraries like botocore is arguably an anti-pattern in general, but reaching in to botocore and importing it in your own code is definitely one. Here are some of the reasons: The maintainers may un-vendor … Continue reading Don’t Import requests From botocore.vendored →

Simple Headless PowerShell DSC Script

Hello! In clouds, "headless" deployment means instances provision themselves when they start. There's no external server infrastructure orchestrating their config, everything they need to do they do on their own. This is the most common deployment pattern I've seen in DevOps. It took me some fiddling to get this pattern set up in PowerShell DSC … Continue reading Simple Headless PowerShell DSC Script →

PowerShell: Getting Properties From Objects In Arrays

In PowerShell, I often run commands that return arrays I need to filter. Once I've filtered out object I'm looking for, I need to read a property off that object. There are a few ways to do this. Here are three. These are also good examples if you're new to PowerShell and trying to switch … Continue reading PowerShell: Getting Properties From Objects In Arrays →

How to Use Out-String in PowerShell: Don’t

In my PowerShell Help Commands For Linux Users post, I showed you this pattern for searching for command aliases: A beginner mistake! Here's the problem: I'm used to the Unix shells, like bash, where everything is a string. When you run alias in bash, you get this: A multiline string with one alias per line. You search … Continue reading How to Use Out-String in PowerShell: Don’t →

Python: Simple JSON Structured Logging

Hello! If you're setting up JSON logging in AWS lambda, check out this instead. You need some extra code to prevent duplicate log messages. Recently, I've been switching to logs structured as JSON. Using the sample command in my pattern for production-ready Python scripts, that means we replace delimited-strings like these: With JSON objects like … Continue reading Python: Simple JSON Structured Logging →

Route 53: How To Alias Application Load Balancers

Hello! This is a simple one but I kept getting stuck trying to figure it out. My brain was blocked on it. I'm sharing the pattern here in case you had the same problem. All I needed was a Route 53 Hosted Zone with an alias record for an Application Load Balancer. I needed these … Continue reading Route 53: How To Alias Application Load Balancers →

CloudWatch Logs: Preventing Orphaned Log Groups

Hello! When you need to publish logs to CloudWatch (e.g. from a lambda function), you need an IAM role with access to CloudWatch. It's tempting to use a simple policy like the one in the AWS docs. You might write a CloudFormation template like this: Obviously, the role is too permissive: arn:aws:logs:*:*:* But, there's another … Continue reading CloudWatch Logs: Preventing Orphaned Log Groups →