Gruntwork Newsletter, October, 2023

Every few months, we send out a newsletter to all Gruntwork customers that describes all the updates we’ve made since the last newsletter and news from the DevOps industry. Note that many of the links below go to private repos in the Gruntwork Infrastructure as Code Library and Reference Architecture that are only accessible to customers.

Hello Grunts,

In the last few months, we’ve made major strides with OpenTofu (formerly known as OpenTF), including creating the official fork, joining the Linux Foundation, creating an open source registry, and publishing the first alpha releases. At Gruntwork, we’ve also released new modules for Transit Gateway, added ArgoCD and EKS EBS CSI Driver support to our EKS code, and published documentation on setting up your core DevOps components (e.g., Landing Zone, IaC Foundations, CI / CD Pipelines, Network Topology).

As always, if you have any questions or need help, email us at support@gruntwork.io!

Gruntwork Updates

OpenTofu (formerly known as OpenTF) is now available!

In the last several months since publishing the OpenTofu Manifesto, there have been some major updates with OpenTofu:

• We created an official fork of Terraform called OpenTofu.
• OpenTofu joined the Linux Foundation.
• We published the OpenTofu roadmap.
• We created an open source OpenTofu Registry.
• We released an alpha version of OpenTofu.
• You can now install OpenTofu with HomeBrew.

Give OpenTofu a shot: installing it is as easy as brew install opentofu and it should work as a drop-in replacement for Terraform. And there’s a lot more coming in the future!

[NEW] Transit Gateway modules

In the past, the primary way to connect AWS VPCs together (including all the connections in those VPCs, such as VPNs, Direct Connect Gateways, etc.) was to use VPC peering connections. Unfortunately, peering connections only worked between pairs of VPCs, so to connect N VPCs, you had to set up N² peering connections, which became unmanageable at scale. I’m excited to announce that we now support modules for deploying and managing Transit Gateways, which offer an alternative way to connect VPCs with a hub-and-spoke architecture that only needs N connections:

• transit-gateway
• transit-gateway-route
• transit-gateway-attachment
• transit-gateway-peering-attachment
• transit-gateway-peering-attachment-accepter

For sample usage, check out the transit-gateway, transit-gateway-attachment, and transit-gateway-peering-attachment examples. Give these new modules a shot and let us know how they work for you!

[NEW] ArgoCD modules

ArgoCD is a popular, open source, declarative, GitOps-driven, continuous delivery tool for Kubernetes. Phew, that’s a mouthful. The simple version: it gives you a nice, automated way to deploy changes into your Kubernetes cluster. And we now support a module to set up Argo in your EKS cluster:

• eks-k8s-argocd

For sample usage, check out the eks-cluster-with-argocd and eks-fargate-cluster-with-argocd examples. Give these new modules a shot and let us know how they work for you!

[NEW] EKS EBS CSI Driver Module

We’ve releaesd a new eks-ebs-csi-driver module that you can use to install the Amazon EBS CSI Driver in an EKS cluster as an EKS Managed AddOn. The EBS CSI Driver manages the lifecycle of EBS Volumes when used as Kubernetes Volumes. The EBS CSI Driver is enabled by default in EKS clusters >= 1.23, but not installed. The EBS CSI Driver was installed by default on earlier versions of EKS. This module will create all of the required resources to run the EBS CSI Driver and can be configured as needed without the bounds of the EBS CSI Driver as a Managed AddOn. See the official documentation for more details.

DevOps Components Documentation

We have published detailed documentation on how to use Gruntwork to set up your core DevOps components, including:

1. Landing Zone. Configure an account factory to spin up new accounts that all have a common account baseline applied. Under the hood, integrate everything with AWS Control Tower as a single pane of glass.
2. IaC Foundations. Set up the foundational Terraform and Terragrunt coding patterns that enable your team to scale.
3. Pipelines. Roll out an infrastructure change using a secure, reliable CI / CD pipeline that that meets the needs of your organization.
4. Network Topology. Configure network connectivity and protect your internal cloud resources from external access.
5. Running Apps. Run your apps on EKS, ECS, or Lambda in a best-practices way.

Check out the docs and let us know how they work for you!

All other Gruntwork releases and updates

You can find details on every single release and update we do in the Gruntwork Releases page of our docs site. And now, you can use Patcher to update your dependencies automatically! If you’re a Gruntwork customer and don’t have access to Patcher yet, please email support@gruntwork.io. If you’re not a Gruntwork customer, please contact our sales team.

Here are the dedicated pages for new Gruntwork releases since the last newsletter:

• Gruntwork Releases 2023–08
• Gruntwork Releases 2023–09

DevOps News

EKS / Kubernetes 1.28

AWS has announced that EKS now supports Kubernetes 1.28. Quoting the announcement, the 1.28 release includes the following changes:

Kubernetes 1.28 expands the support skew between worker nodes and control plane components from n-2 to n-3. This release also includes stable support for recovery from non-graceful node shutdowns and automatic retroactive assignment of a default StorageClass.

See the announcement for the full details. We’ll be updating our EKS code soon to support this new release.

EKS control plane logs are now Vended Logs in CloudWatch

AWS has announced that EKS control plane logs will now be classified as Vended Logs in CloudWatch, which means they will be available at discounted pricing. The control plane logs include API server logs, audit logs, IAM authenticator logs, controller manager logs, and scheduler logs.