This message was deleted.
# awss
sparse-intern-71089
07/30/2020, 2:24 PMThis message was deleted.
m
millions-furniture-75402
07/30/2020, 2:41 PMThe best I’ve come up with so far is an a lambda in the same private subnet that can run the provisioner. However, pulumi currently has a limitation where it won’t package (some of) its own libraries in lamdbas, so it would have to be deployed separately.
Inline with your approach would maybe be setting up a bastion with a ssh local forward to the rds host, establishing the ssh connection before running
pulumi upf
faint-motherboard-95438
07/30/2020, 2:46 PM@millions-furniture-75402 thanks !
Indeed I came up with more or less the same conclusion (giving what I know/understand so far), but didn’t think using lambdas for provisioning, that’s a neat idea.
I was actually thinking setting up the vpn in another pulumi project and then start a client as a prerequisite on the provisioner host before running the
pulumi upfaint-motherboard-95438
07/30/2020, 2:47 PMBut I was wondering if there was an easier way because it add some work and complexity to the pipeline then.
m
millions-furniture-75402
07/30/2020, 2:52 PMLet me know what approach you end up going with. Right now I’ve settled for having a manual step for provisioning databases with the aid of a script on a bastion.
b
billowy-army-68599
07/30/2020, 3:07 PM
i personally use a vpn, although the clientvpn was a little bit of a pain to set up. I switched to using tailscale and a bastion host, and it works pretty flawlessly
https://twitter.com/briggsl/status/1283141723489595392?s=20
🤩 1
billowy-army-68599
07/30/2020, 3:08 PM
the code for this is here:
https://github.com/jaxxstorm/iac-in-go/tree/master/bastion
f
faint-motherboard-95438
07/30/2020, 3:13 PM@billowy-army-68599 great, thanks ! I’ll have a look and keep you guys updated here
q
quiet-leather-94755
08/01/2020, 6:24 PMNice, @billowy-army-68599! I'll have to look closer at your solution, and Tailscale!
5 Views