New Open-Source Tool Spotlight

TerraSchema converts Terraform `.tf` files into JSON Schema (Draft-07) for variable validation. It handles types, defaults, and validation rules directly, making `.tfvars.json` file generation seamless. Install via `go` or binaries. #Terraform #JSONSchema

Project link on #GitHub https://github.com/HewlettPackard/terraschema

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Speculative plans in Terraform Cloud can open an attack path.

On a Red Team engagement, we compromised a Terraform token with plan permissions. By adding a custom external data source, we ran code on the Terraform Cloud runner.

That exposed short-lived AWS and GCP credentials, letting us work outside the version control workflow.

Even VCS-backed workspaces do not stop this. The runner still holds the keys during a plan — and that is the risk.

Jack McBride explains the technique and how tighter token scopes and Sentinel allow lists can prevent it.

https://www.pentestpartners.com/security-blog/terraform-token-abuse-speculative-plan/

Hmmm #Terraform #IaC

https://mkdev.me/posts/announcing-the-open-source-terraform-provider-for-openai

> You crazy son of a bitch, you actually did it.

Yes, I did it. I added a CI and (near) CD to my personal blog, and I wrote up some notes on the experience (given my slightly unusual tech stack) of App Engine (dynamic and static hosting) and Hugo.

I even quickly reached the conclusion that Terraform would reasonably have a place here give modern IAM ecosystem needs and prototyped what a WIF/OIDC Terraform configuration would look like.

https://matttproud.com/blog/posts/blog-ci-cd.html

Proxmox fully automated! From ClickOps to Code: Automated. Audited. Revisioned. Repeatable.

Starting from the base by automating:
- Cluster initialization
- Cluster join
- Storage Integration
- Proxmox Backup Server Integration
- SDN Networks (different ones for pros/dev)
- Guest Resources utilizing the cluster infrastructure

#Proxmox #PVE #Pbs #ProxmoxBackupServer #opensource #Automation #Ansible #python #devops #terraform #cicd #pipeline #cluster #nfs #iscsi

https://peertube.gyptazy.com/w/4cp7ddLdSHGSUeUwUPsuo9

Day 483. When managing an #Azure Database for PostgreSQL flexible server through #Terraform, upgrading your database's version by changing the 'version' property forces a recreation of the resource, wiping all of your data.

Carta is hiring Director of Engineering, Infrastructure

#golang #java #python #grpc #aws #docker #kubernetes #postgresql #terraform
Waterloo, Canada
Full-time
Carta

Job details https://jobsfordevelopers.com/jobs/director-of-engineering-infrastructure-at-carta-com-apr-4-2025-de842b?utm_source=mastodon.world&utm_medium=social&utm_campaign=posting
#jobalert #jobsearch #hiring

New video episode on YouTube!

GitOps for the Linux Administrator — I sat down with #ChristianHernandez to talk about GitOps, sysadmin mindset shifts, and why YAML isn’t the enemy.

Learn how tools like Ansible, Terraform, and Argo CD can transform your infrastructure.

Watch: https://youtu.be/2uhIva1siXU

IT pros and #SysAdmins! Tired of late-night patching? Check out my new episode, GitOps for the Linux Administrator on The #ITGuyShow! Join me with #ChristianHernandez, a #Linux guy and #DevOps advocate, as we explore his journey from Solaris servers to #GitOps evangelism.

Learn: The true meaning of GitOps, a new mindset, tools like #ansible, #terraform, and #ArgoCD! Perfect for "lazy" admins valuing efficiency! Enhance your skills and transform infrastructure management: https://podcast.itguyeric.com/10

I built my website using @enhance_dev a couple years ago but I feel like I should use a more popular #IaC framework for deploying to #AWS like #CDK, #SAM, #Terraform or just raw #CloudFormation.

The problem is, I'm spoiled; Enhance makes #serverless so easy. I find myself just reimplementing all it's features; file based routing, html templates, session management, etc.

Sheesh, managing Cloud Flare with Terraform is an absolute shit show. Is everyone just doing clickops with cf? #terraform #cloudflare

#Terraform is great because it is not simply for one provider/one cloud. You can target multiple clouds in the same Terraform configuration. It doesn't have to be multiple clouds, the more generic term is multiple providers (e.g. #Azure + Entra ID)

Read my article on using Terraform for multi-cloud over at #Spacelift https://spacelift.io/blog/terraform-multi-cloud

Pulumi Enables Direct Consumption of Terraform Modules

Pulumi now allows developers to use Terraform modules directly, without converting them first. This preview feature allows…
#NewsBeep #News #Artsanddesign #Architecture&Design #Arts #ArtsAndDesign #CA #Canada #Design #Development #DevOps #Entertainment #InfrastructureasCode #pulumiterraformmodulesupport #Terraform
https://www.newsbeep.com/ca/12461/

Pulumi Enables Direct Consumption of Terraform Modules

Pulumi now allows developers to use Terraform modules directly, without converting them first. This preview feature allows…
#NewsBeep #News #Artsanddesign #Architecture&Design #Arts #ArtsAndDesign #Design #Development #DevOps #Entertainment #InfrastructureasCode #pulumiterraformmodulesupport #Terraform #UK #UnitedKingdom
https://www.newsbeep.com/uk/12260/

https://www.europesays.com/uk/279127/ Pulumi Enables Direct Consumption of Terraform Modules #Architecture&Design #Arts #ArtsAndDesign #Design #Development #DevOps #Entertainment #InfrastructureAsCode #PulumiTerraformModuleSupport #Terraform #UK #UnitedKingdom

"Software trends have shifted dramatically — languages have come and gone, release cycles have shrunk from months to hours, architectures have evolved, and AI has taken the industry by storm. Yet the code that automates software deployment and infrastructure has remained largely unchanged.

“The state of infrastructure automation right now is roughly equivalent to the way the world looked before the CRM was invented,” says Jacob.

A skeptic might ask, why not use generative AI to do IaC? Well, according to Jacob, the issue is data — or rather, the lack of it. “Most people think LLMs are magic. They’re not. It’s a technology like anything else.”

LLM-powered agents need structured, relationally rich data to act — something traditional infrastructure tools don’t typically expose. System Initiative provides the high-fidelity substrate those models need, says Jacob. Therefore, System Initiative and LLMs could be highly complementary, bringing more AI into devops over time. “If we want that magical future, this is a prerequisite.”

System Initiative proposes a major overhaul to infrastructure automation. By replacing difficult-to-maintain configuration code with a data-driven digital model, System Initiative promises to both streamline devops and eliminate IaC-related headaches. But it still has gaps, like minimal cloud support, and few proven case studies.

There’s also the risk of locking into a proprietary execution model that replaces traditional IaC, which will be a hard pill for many organizations to swallow.

Still, that might not matter. If System Initiative succeeds, the use cases grow, and the digital-twin approach delivers the results, a new day may well dawn for devops."

https://www.infoworld.com/article/4021153/can-system-initiative-fix-devops.html

Ya love to see it

Terraform vs OpenTofu — Which is right for your org?

We break down the pros & cons:
Terraform: mature, commercial support, but now BSL-licensed
OpenTofu: open-source fork, community-driven, MPL-licensed

Thinking about portability, governance, or vendor lock-in?
This blog helps you decide https://atix.de/en/blog/terraform-vs-opentofu-which-solution-is-suitable-for-your-company/

Kicking another page out of the drafts folder, so to speak.

This project page is about running the @warn_act_ca bot in AWS for $0.00 per month. In the "because I could" category.

https://is-here.com/project/warn-act/