It all started with an email. Back in 2015, I was working as a consultant at my one-man company, Atomic Squirrel, and I was looking to hire a DevOps Engineer to work with me on a few projects. One September morning, I woke up to find the following message in my inbox:

I saw that you’re looking for a DevOps consultant, which is pretty much what I do.

It was from someone named Josh Padnick, who had found me through some blog posts I had published years ago about some open source web frameworks. After digging into Josh’s background, I…

Once a month, we send out a newsletter to all Gruntwork customers that describes all the updates we’ve made in the last month, news in the DevOps industry, and important security updates. Note that many of the links below go to private repos in the Gruntwork Infrastructure as Code Library and Reference Architecture that are only accessible to customers.

Hello Grunts,

In the last couple months, we updated all Gruntwork Terraform repos so that you can use them directly from the Private Module Registry in Terraform Cloud / Enterprise, released the version 1.3.0 upgrade for the CIS AWS Foundations benchmark…

CIS Benchmarks are objective, consensus-driven configuration guidelines developed by security experts to help organizations improve their security posture. The CIS AWS Foundations Benchmark is a set of configuration best practices for establishing a secure foundation for running workloads on AWS. In September, 2020, version 1.3.0 of the benchmark was released, introducing a number of new security controls and recommendations. In this blog post, I’ll walk you through some background on the AWS Foundations Benchmark and what new requirements were added in version 1.3.0. Also, for Gruntwork Compliance customers, I’m happy to announce that we’ve updated all our modules to be…

Once a month, we send out a newsletter to all Gruntwork customers that describes all the updates we’ve made in the last month, news in the DevOps industry, and important security updates. Note that many of the links below go to private repos in the Gruntwork Infrastructure as Code Library and Reference Architecture that are only accessible to customers.

Hello Grunts,

In the last month, we finished updating all our modules to work with Terraform 0.13, began the upgrade process for Terraform 0.14, got most of the CIS v1.3 upgrade done, added a new module for managing AWS Secrets Manager…

In the last few years, two of the projects we open sourced at Gruntwork have grown more and more popular:

• Terragrunt: a tool for keeping your Terraform code DRY and maintainable.
• Terratest: a Go library for writing automated tests for infrastructure code, including Terraform, Packer, Docker, Kubernetes, AWS, GCP, and more.

Thousands of developers and companies are using these tools every day to manage and test their infrastructure, and the number of users, questions, GitHub issues, and pull requests is growing every month:

Once a month, we send out a newsletter to all Gruntwork customers that describes all the updates we’ve made in the last month, news in the DevOps industry, and important security updates. Note that many of the links below go to private repos in the Gruntwork Infrastructure as Code Library and Reference Architecture that are only accessible to customers.

Hello Grunts,

In the last month, we revealed the new design of the Infrastructure as Code Library, which now consists of three layers: a Module Catalog, Service Catalog, and Architecture Catalog. This is a new standard for infrastructure code and we…

Today, I’m excited to reveal the new design of the Gruntwork Infrastructure as Code Library (IaC Library):

• The Gruntwork Module Catalog
  Build your infrastructure by mixing & matching hundreds of reusable, battle-tested modules.
• The Gruntwork Service Catalog [NEW]
  Deploy off-the-shelf services, without writing any code. Each service combines multiple modules into a highly configurable package that’s designed to be deployed directly to production.
• The Gruntwork Architecture Catalog [NEW]
  Deploy proven, end-to-end architectures that contain all the services you need to go to prod, already wired together and fully automated.

Read on to learn how you can use these three types…

One of the most common questions we get about using Terraform to manage infrastructure as code is how to handle secrets such as passwords, API keys, and other sensitive data. For example, here’s a snippet of Terraform code that can be used to deploy MySQL using Amazon RDS:

resource "aws_db_instance" "example" {
  engine               = "mysql"
  engine_version       = "5.7"
  instance_class       = "db.t2.micro"
  name                 = "example"  # How should you manage the credentials for the master user?
  username = "???"
  password = "???"
}

Notice how Terraform requires you to set two secrets, username and password, which are the credentials for the…