Image for post
Image for post

CIS Benchmarks are objective, consensus-driven configuration guidelines developed by security experts to help organizations improve their security posture. The CIS AWS Foundations Benchmark is a set of configuration best practices for establishing a secure foundation for running workloads on AWS. In September, 2020, version 1.3.0 of the benchmark was released, introducing a number of new security controls and recommendations. In this blog post, I’ll walk you through some background on the AWS Foundations Benchmark and what new requirements were added in version 1.3.0. Also, for Gruntwork Compliance customers, I’m happy to announce that we’ve updated all our modules to be…


Image for post
Image for post

Once a month, we send out a newsletter to all Gruntwork customers that describes all the updates we’ve made in the last month, news in the DevOps industry, and important security updates. Note that many of the links below go to private repos in the Gruntwork Infrastructure as Code Library and Reference Architecture that are only accessible to customers.

Hello Grunts,

In the last month, we finished updating all our modules to work with Terraform 0.13, began the upgrade process for Terraform 0.14, got most of the CIS v1.3 upgrade done, added a new module for managing AWS Secrets Manager…


Image for post
Image for post

In the last few years, two of the projects we open sourced at Gruntwork have grown more and more popular:

  • Terragrunt: a tool for keeping your Terraform code DRY and maintainable.
  • Terratest: a Go library for writing automated tests for infrastructure code, including Terraform, Packer, Docker, Kubernetes, AWS, GCP, and more.

Thousands of developers and companies are using these tools every day to manage and test their infrastructure, and the number of users, questions, GitHub issues, and pull requests is growing every month:


Image for post
Image for post
Photo by Tunafish Mayonnaise on Unsplash

Once a month, we send out a newsletter to all Gruntwork customers that describes all the updates we’ve made in the last month, news in the DevOps industry, and important security updates. Note that many of the links below go to private repos in the Gruntwork Infrastructure as Code Library and Reference Architecture that are only accessible to customers.

Hello Grunts,

In the last month, we revealed the new design of the Infrastructure as Code Library, which now consists of three layers: a Module Catalog, Service Catalog, and Architecture Catalog. This is a new standard for infrastructure code and we…


Image for post
Image for post

The most secure, battle-tested way to go to production on AWS

Today, I’m excited to reveal the new design of the Gruntwork Infrastructure as Code Library (IaC Library):

  • The Gruntwork Module Catalog
    Build your infrastructure by mixing & matching hundreds of reusable, battle-tested modules.
  • The Gruntwork Service Catalog [NEW]
    Deploy off-the-shelf services, without writing any code. Each service combines multiple modules into a highly configurable package that’s designed to be deployed directly to production.
  • The Gruntwork Architecture Catalog [NEW]
    Deploy proven, end-to-end architectures that contain all the services you need to go to prod, already wired together and fully automated.

Read on to learn how you can use these three types…


Image for post
Image for post

One of the most common questions we get about using Terraform to manage infrastructure as code is how to handle secrets such as passwords, API keys, and other sensitive data. For example, here’s a snippet of Terraform code that can be used to deploy MySQL using Amazon RDS:

resource "aws_db_instance" "example" {
engine = "mysql"
engine_version = "5.7"
instance_class = "db.t2.micro"
name = "example"
# How should you manage the credentials for the master user?
username = "???"
password = "???"
}

Notice how Terraform requires you to set two secrets, username and password, which are the credentials for the…


Image for post
Image for post

Once a month, we send out a newsletter to all Gruntwork customers that describes all the updates we’ve made in the last month, news in the DevOps industry, and important security updates. Note that many of the links below go to private repos in the Gruntwork Infrastructure as Code Library and Reference Architecture that are only accessible to customers.

Hello Grunts,

We’ve got three major new releases to share with you in this newsletter! First, Gruntwork Pipelines, which you can use to create a secure, automated CI / CD pipeline for Terraform/Terragrunt code, with approval workflows and Slack notifications, using…


Image for post
Image for post

Once a month, we send out a newsletter to all Gruntwork customers that describes all the updates we’ve made in the last month, news in the DevOps industry, and important security updates. Note that many of the links below go to private repos in the Gruntwork Infrastructure as Code Library and Reference Architecture that are only accessible to customers.

Hello Grunts,

In the last month, we made a number of improvements to our EKS modules, including adding support for Managed Node Groups and Fargate (serverless worker nodes), launched Gruntwork CIS Compliance for the Reference Architecture, added a new module for…


Three lessons that helped us nearly triple our recurring revenue from $1M to $2.7M (with $0 in funding)

Image for post
Image for post

Back in October, 2018, we reached a big milestone at Gruntwork of $1M in annual recurring revenue (ARR). Today, a little over a year later, we’ve grown to roughly $2.7M ARR. And we’ve done all of this with $0 in funding. In this blog post—the second in our year-in-review series—I’d like to highlight a few of the key lessons that helped us get here:

  1. Listen to the data: how we used A/B testing to double conversions.
  2. Listen to the team: how we had to deliberately design a process to make communication work in a 100% distributed company.
  3. Listen to the…


Image for post
Image for post

I’m happy to share with you the video and slides from my QCon talk on how to test infrastructure code! This talk is a step-by-step, live-coding class on how to write automated tests for infrastructure code, including the code you write for use with tools such as Terraform, Kubernetes, Docker, and Packer. Topics include unit tests, integration tests, end-to-end tests, test parallelism, retries, error handling, static analysis, and more.

You can find the video and slides on InfoQ:

Yevgeniy Brikman

Co-founder of Gruntwork, Author of “Hello, Startup” and “Terraform: Up & Running”

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store