Use HashiCorp Vault AWS engine with multiple accounts

I received a question recently on how to properly configure the AWS secrets engine on HashiCorp Vault to work with multiple AWS accounts. It took me a bit, but I did figure out how to do it and what the limitations are. In this post, I will break down how the secrets engine works and how to use it to dynamically create credentials across multiple AWS accounts using the assume_role feature.

Continue reading “Use HashiCorp Vault AWS engine with multiple accounts”

Mysterious missing “region” argument in Terraform

I’m working on my next course for Pluralsight, Implementing Terraform on AWS. I probably don’t need to explain what the course is about. Anyhow, I was trying to show how you can create multiple instances of an AWS provider using the alias argument. Running through the initialization and validation process I ran into an error that was not very helpful.

Error: Missing required argument

The argument "region" is required, but was not set.

No mention of what line the error occurred on, or what resource in the configuration was throwing it. Just a missing region argument. Let’s see what’s going on here.

Continue reading “Mysterious missing “region” argument in Terraform”

The Terraform Certified Study Guide

As I mentioned in a previous post, HashiCorp has officially announced the availability of two certifications, Terraform Certified Associate and Vault Certified Associate. In that post I detailed a bunch of different resources to help you study for the Terraform exam. One of those resources was a study guide that Adin Ermie and I put together called the HashiCorp Terraform Certified Associate Preparation Guide, which does not lend itself well to an acronym – HTCAPG? I guess we could go with Hat Cap? Nah. Anyway, I thought I would give you an idea of what is in the guide, and a free sample of a few pages.

Continue reading “The Terraform Certified Study Guide”

Preparing for the HashiCorp Terraform Certification

HashiCorp has recently announced the availability of the Terraform Certified Associate exam. This is an excellent way to assess your skills and demonstrate your competence with the Infrastructure as Code tool, Terraform. Those who have been following me for any period of time know that I am a pretty big fan of Terraform, and may have authored more than a few posts and courses on the topic. What you might not know is that I was actively involved in writing and reviewing the questions for the exam. In this post, I will give you an overview of what to expect in the exam, how I think you should study for it, and some materials to help you along the way.

Continue reading “Preparing for the HashiCorp Terraform Certification”

Enabling Conditional Access for Azure Active Directory Applications

I’m in the process of updating my Managing Identities in Azure Active Directory course on Pluralsight. One of the demos in the course is configuring Conditional Access for an Azure Active Directory integrated application. The idea is that you can set up a Conditional Access policy that restricts users from logging into the application from outside the US. When I went to go record the updated demo, the application I had created in Azure AD was missing. What followed was a journey into the bowels of Azure AD to find what triggers the appearance of an app in Conditional Access.

Continue reading “Enabling Conditional Access for Azure Active Directory Applications”