Two's Complement - Yak Shaving, Live!
Episode Date: May 22, 2023Matt and Ben hit the record button while shaving a yak and then attempt to pass it off as a podcast episode. Join our hosts as they troubleshoot DNS problems, fiddle with makefiles, and fail to rememb...er the things that their prior selves did.
Transcript
Discussion (0)
I'm Matt Godbolt and I'm Ben Rady and this is Two's Compliment, a programming podcast.
Hey Ben. Hey Matt. I was just looking at our twoscomplement.org thingamajig.
Yeah, I was looking at that too.
I always type twoscomplement.org into my browser,
and it seems that Chrome these days does the automatically,
hey, you probably meant www.that.
But if you don't do that, like if I use curl or whatever,
I get like nothing.
In fact, I think it hangs.
Let me just try it now
HTTPS
TosComplement.org
Yeah I get a
Redirect if I use curl
So I'm literally just using curl
HTTPS
I'm not doing HTTPS
I'm just doing curl
HTTPS these days
All the cool people
True
But I'm saying like HTTPS. I'm just doing Curl. Well, everyone does HTTPS these days. All the cool people. True. And it's just hanging.
Yes.
True, true, true.
But I'm saying, like, if I just do curltooscompliment.org, I get a redirect.
Oh, okay.
But, yeah.
So.
I would expect.
I think I would expect HTTPS to.
Yeah, I see.
You are being redirected in.
I see.
Yeah, if I use HTTP.
Because there's nothing listening on port 443 for
whatever that is
right because I think it's just a C name
I don't even know how this stuff's done I know that I check stuff
into the github and something something
magic happens
so should we try and fix that is that a thing
um
well I think we should I mean there might be part of that
so like
like right now the way this works is I think there's a CloudFront distribution.
And then when you check something in, it, like, builds the podcast XML, the RSS feed, basically.
The RSS feed, right, right, right.
And then, you know, the rest of the website, if it has any changes allowed, it's all static.
So, there's nothing to build.
The only thing that actually gets built is the RSS feed.
And then uploads that to an S3 bucket,
and then that CloudFront distribution
is backed by the S3 bucket.
Got it.
Yeah, that CloudFront distribution
is backed by the S3 bucket.
And then you have to invalid invalidate the cloud front distribution to
basically invalidate all the caches right right because we're not doing anything clever with like
cache busting urls and things and we definitely like essentially index.html to always be like
just come and get it again yeah i guess we could monkey with headers and things i've done that
before but like the the simple straightforward thing to do for a tiny site like ours is to say it's just all invalid like literally no one really cares about
the caching of this if exactly exactly so i'm trying to like okay so if i do an ns lookup like
in a yeah i was gonna say where does the dns actually point where does dns dns actually point
at um or actually i don't want to do a dns lookup i want to use like dig right that's what
the cool people do yeah but i'm still old school and i end up using ns lookup but let's do let's
learn dig yeah so dig is giving me an a record a yeah for um two's compliment.org yeah i think
there's something funky i think you can't have C names for the top level domain, as I recall.
That's what it is.
That's what it is.
Yeah.
So there's always like a thing.
I know my DNS provider had some hacky way of pointing the A record at where you needed it to be always.
Right.
Where is the – who's our DNS provider?
So it used to be hover.
And I am pretty sure that I moved it.
Let me pull up the AWS console here
and confirm that my memory is not failing me
because it very much...
I think I moved it to...
My memory is still being...
I have a memory of doing this because I was like oh yeah if we're ever going to get this
top level domain to work like amazon has some cool stuff that will make that work and i actually
reached out to the hover support folks and they're like yeah we don't do that um right i was using
dn simple dn simple whatever and they have like this fake... They have a name for it. It's like a made-up type of record that's just, like,
it's itself DNS look up something else
and then keeps changing the A record to point at it,
which obviously is not great for all the reasons, but...
Yeah.
I think Route 53 or whatever it is on Amazon
kind of does this out of the box.
Yeah.
Now I'm starting to worry that I didn't actually move the domain.
Oh.
Well, that's smelly.
What is even... Browser.
What even are a domain?
Hover.com.
What are birds?
What? I mean, are they real? i don't think they're real i don't know well there's two
yeah that's true actually there's two memes associated with the birds isn't it there's
obviously the uh uh are birds real thing where someone said they're all spy drones
and then obviously the thing that you and i shared a joke about is uh um uh look around you
yeah our birds we just don't know.
One might as well ask, what are birds?
That is redemption.
Bible.
Yeah, no.
Unfortunately, two's compliment.
So that is almost certainly what that A record is.
I see. It's Hover's attempt
to redirect you, and that's why
HTTP works, but HTTPS
does not, because Hover doesn't have any
concept of the SSL cert
so the
the A record
for twoscomplement.org
that is the
prefixed twoscomplement.org
is pointing at
Hover's own magic to do this
is that? Yes, yeah
and obviously they don't have our SSL cert,
so they couldn't be able to serve up a redirect on port 4443.
Exactly.
Exactly.
Yep.
Yep.
So could we at least set up the CNAME in route 53,
like now, and then test it with dig that it would work uh and then you know then set
up kick off the the process of like moving the the whatever the yeah main record and then we
can at least go through that so you can yeah yeah yeah how are you do you how do you do this in the
console or do you terraform for this kind of stuff um i mean generally i terraform but i don't
actually remember what i did for two fair enough i don't think i did set up any i mean it would be
really cool i would love to um add that terraform into the ci build that does the deployment and
everything yeah because you can do just like our day job right, you just have it do a Terraform apply and then do the deployment.
And then it's like, oh, I want to change the CNAME records or something.
Like, that's a commit along with anything else that just gets applied automatically.
Just like, you know, when we publish an episode, we just check in an updated thing to our, like, Python program that generates the XML.
Right.
And that's it.
So, yeah, it would be cool if it did that.
Although, you know, also, in fairness, right now now we don't have very many things to worry about we've
got a cloud front distribution we've got an s3 bucket and we've got um the well we would have
the dns i don't know there's anything else in there so i don't mind starting out by like just
doing this manually and then importing it at a later date just to see if we can get it working.
Unless you feel like we should spend 10, 15 minutes hacking up a Terraform thing.
There's a lot of credential nonsense to worry about and CI and all that.
I agree with you.
And the thing that pains me is that I did this before once for a bunch of my domains and I have zero memory of how I did it which means I'm going to have to learn it all over again
because I didn't encode it into anything
that is automated.
It embarrasses me to say that
I know that I have my hobby project
but I have enough other hobby projects
that I have a godbolt terraform
personal terraform setup that we might want to crib from. So if you go to my GitHub let's just have a godbolt terraform like personal terraform setup that we might want
to crib from so if you go to my github let's just have a quick look as a public it is yes and i've
after me carefully going i'm so sure there isn't anything in here that that that needs to be
done it doesn't auto apply because i do it do it manually because I know when I made a change. But github.com.
MattGodbolt slash Godbolt hyphen terraform.
Sorry for all the clicking noises.
Yeah, there it is.
And so in here is like Owlet.
Oh, that's a deployment thing.
I'm wondering, do I have in here?
I don't know if I do have a doodad.
ACM certificates, JSB.
What's the name of this repo?
It has resources and crap in it.
It's got whatever.
I don't think this has root doodad because it kind of like JSB lives on BBC.godbolt.org
and godbolt.org has long been adopted
as Compiler Explorer's real domain,
so it lives there, really.
Ah, yeah, I don't think this has any Route 53 stuff in it.
Oh, blog. Aha!
Hang on a second.
So there's Xenia.org.
Something like this,
but I don't know if it's actually relevant.
Cloud Front Distribution has got all the crap for Xenadol,
which is my blog.
I don't know that this has got the DNS for it, though,
which surprises me a little bit and embarrasses me also
because there I am touting like, hey, well, I did it.
And you're like, no, you didn't.
I've got something for this, for an old version.
I have a recipe tracking website that I made called Tasty Penny.
Again, with the hobby project side project things, right?
And I had a more sophisticated version of Tasty Penny that I was working on for a while
that had like an actual app server instead of
being a bunch of static content.
I still have the Terraform for that
and that used Route 53.
Do you want to just do some
copy-pasta and see if it looks near
enough like we could just paste it as a sub-dir
into
the TOSC? Oh, you know what?
I think I actually have a better one.
Let me read this through this one.
So, Earth is Dead.
My board game.
Oh, I thought it was a statement of fact.
Yes.
No, I clicked on the wrong button and now I've deleted the Earth.
Oh, damn it.
Well, it was nice knowing you.
Yeah, no, my board game.
So, earthisdead.com.
I have something for that i don't know if i have an ssl certificate that's cool radiesetgo yeah that was a friend of mine came up with that name i'm
like that's a good name it is how's the other rate i mean actually the same thing could be asked of me right like how do the
other radies feel about you like being a rady that's kind of stolen the name for your own
well you know my name my last name is kind of made up anyway my my dad invented it oh because
most of them aren't though you know most of them are clearly yes real some of them are
so i mean some of them are like yeah i think we talked about this before, like Taylor and Fletcher and Smith and all that kind of stuff.
Yeah.
But, you know, ultimately, it's all made up.
Yeah.
Everything is.
But yours is very specifically made up by, like, recent history.
Mine is very specifically made up.
Was it your grandpa or your dad?
That was my dad.
I mean, he just changed the spelling to be more Americanized.
I say it's made up.
It's like he changed it from R-A-D-I to R-A-D-Y.
Oh, that's cool.
Yeah, but it's funny because there's this business school out in San Diego that apparently
was paid for or founded or whatever by somebody with coincidentally the same last name.
And my brothers and I have got into the habit of collecting the schwag
from this uh business school because it has they have like stickers that say i love rady and it's
like all you know backpacks and all those other crazy bananas stuff that's super cool um yeah
this is a huge tangent but i so what i'm seeing right now is i don't necessarily have
any any terraform that we could drop in that would be exactly what we want i definitely is I don't necessarily have any
terraform that we could drop in that would be
exactly what we want. I definitely have a couple of
things, and it sounds like you have a couple of things
that would be close.
So maybe
we could do it this way.
Backing up a second, I think the big thing is
that I have never
done the
transfer over to Route 53 53 so if we feel like we can if we
feel like we can actually set up because like okay so my my memory is fuzzy on this and maybe you
remember i actually i don't even know if we need to transfer it right if who your current provider
they let you set the name servers they don't have to be their own name servers.
They can still be the registrar to start with.
And all you need to do, all you quote need to do
is edit their name server record to point at the Route 53.
Route, Route 53.
Once.
Sorry, this is a terrible word for us to have to keep going back and forth on.
Okay, so let me look at, okay, yeah.
So right now the name servers for...
Can I see this?
Yeah, ns1.hover.com and ns2.hover.com.
Can I see that if I use a dig command?
I think so.
I think that's how...
It'll take a while to propagate, but we can actually make that change.
But we need to go into the Route 53 and at least copy over what you currently have,
which we can either do manually or we can terraform that up.
Yeah, yeah, okay, okay.
Yeah, let's start with terraform.
I like that idea.
Cool.
I don't even remember, is the...
Toos compliment?
Do we have any terraforming?
Repo public, or is it private?
I don't think it's public, I think it's private.
Okay.
But you have access to it, right?
I do have access to it.
All right.
And yeah, I farted around making it all use poetry for the Python and all that stuff recently.
And we have assets and conf and tools.
Okay.
The public directory, ironically, which of course is not actually public in this instance.
Well, that is the public part.
The public directory is the part of that that is actually visible to the whole whole internet open to the world because you know well it is through the website
because we put stuff in it is but yeah like importantly it means you know when we put our
the reason why i think we shouldn't make it public is because that's where we do put our
like episodes before we finished uploading them and fighting around with them and editing them
and whatever right um yeah there's a lot of that's the same true on my blog post, but I don't blog quite as often as I used to.
Like, once a year is now my cadence.
So why don't we make a Terraform directory there
and just copy-paste in the main.tf and the Terraform.tf or whatever
from some other project, you know, in the way that we do.
And, of course, I have some makefile magic
that I think I can steal to apply this stuff
so we can make sure that the terraform that's checked in is always representative of the real world, right?
Right.
You never want those things to be able to get out of sync.
That is true. That is true.
Do we have pre-commit hooks in? I'm a big fan of pre-commit hooks now and i there's so i use dot pre-commit like we well we use it at work and
it would be cool to make it so that you can't even commit if it says hey you know oh no no no
that would be different because we want the ci to apply the terraform yeah i mean it's a nice
sort of credential management thing where it's like you don't have to have the aws credentials
all you have to have is access to the repository and the ci build is what holds the aws credential
so i'm not handing out like personally like credentials for my personal aws account to people and i mean that's absolutely for certain
i think that's a that's a very very good uh uh thing to consider but pragmatically i have found
that like it's very hard to test the terraform config without actually applying it and or like
especially if
you want to adopt existing things so anyway yeah let's start from let's start from just getting it
working at all yeah um even manually i would say so let's make it yeah make a direct reasoning
yeah okay all right uh yeah and let me let me grab this hopefully i have some make file magic
i can throw into this thing do Do we need the makefile
magic? I mean, it doesn't
do much. I mean, Terraform applies what you want to type.
Oh yeah, but like installing Terraform
as a tool and knowing what version you've got.
Oh, neat, neat, neat. Yeah, that's
better.
I think I have this, and if
I don't have this, I'm going to give up on it, but I think
I actually just have this handy.
Terraform. I was going to say, yeah, I actually use aussie for this which is the thing like as in our
company's open source version of aussie which has terraform as a as a an example
so that is a possibility but you've probably got terraform on your path and
terraform is a bit subtle because you need to have the same version.
And yeah, so I have these
Terraform and Terraform
init targets that
install Terraform and initialize
the deal.
Sounds perfect.
We're both on Linux, so
it's not going to cause me no problem.
We don't have to worry about, oh, but what operating
system? And it'll get the right version and all that crap.
So, yeah.
Do you have a major allergy to just putting the Terraform file,
like a single Terraform file, in the root of the repo
because this will only really ever be, like, a couple of things?
Or do you want to make a Terraform directory and put lots of people?
I would make a Terraform directory because it just,
because it's one extra command, mkdir.
Yeah, that works for me. terraform directory because it just because it's one extra command mcder and especially
as terraform is like it sort of globs the directory it's running in to get all the dot
tf files is like the yeah anyway let's do it now i'm down with that okay sorry um yeah so i i you'll
be able to see this in a minute when i commit it but just just to explain to you. Yeah, I was going to say, like, this is I'm making this through the medium of
through the medium of sound.
Speakings.
So I have a terraform
variable,
a makefile variable
that is going to... Like $opensquiggly's
terraform shoutcaps, no doubt.
Yeah. I mean, we could share screen, but it's
more fun to do it this way. Yes.
Uh-huh.
Okay, so I have that, and that depends on a tools home.
You know, $kirder.tools.
I have a little.file directory that holds all of the tool installations.
That's a nice subtle thing that actually kirder is the right thing to use in makefiles
because I've used Pud so many
times on some other thing and it's
like it works by coincidence
most of the time but it's a sharp
edge ready to cut your knees off when you do
make dash C or whatever.
I can't even remember what breaks it under but like now I've just
learned. Yeah, just Curdor is
the right thing.
Okay, and then I have a terraform
version variable just to make it specifically called out as like yeah this is the version thing. Cool. Okay, and then I have a Terraform version variable just to make it
specifically called out
as like, yeah,
this is the version
we're using.
Looks me, yeah.
And then I have, yeah,
this Terraform variable
which points to the executable.
And, you know,
because HashiCorp
is HashiCorp,
all of their tools
are super easy to install
with just like...
Because they are just
a static executable
you curl and put somewhere
and then schmod
or unzip or whatever it is.
It's just the best thing ever. I just wish everything in the world
looked like that. Yeah, we've talked about this before as being like a killer
feature of Go, for example, which I think
they're using.
For our tool, actually, so
did you see that we open sourced
rpy? No,
I think I missed that. Yeah, so
we, you know,
it is a read the nearest, quote, nearest, pyproject.toml.
And then there's a little stanza in there that says, no, this is the right Python to use.
Like, this is the right thing to do beforehand.
So, like, for example, you can put a stanza that says, hey, before you run Python, do make deps in this root directory where you found the pi project um and then um effectively just means like i can go into any project and it's it's uh
rpi splash space and then whatever but anyway the whole it's it's a simple cool tool but we
did it in rust and it's relatively straightforward to make that static as well relatively straightforward
so that was a nice find recently so you can just curl rpi down and also uh rizzy i think is the other thing we've
open source which is another rust thing that's similarly we just want that just copy the binary
and it works feel and that's all hashicorp and goes sort of like pushing pushing us in that
direction yeah that's good stuff.
Is my rambling covered enough while you're frantically tapping away there?
Yeah, that's good.
You don't have an offensive keyboard, incidentally.
I feel like when I...
Or maybe it's just Google is doing this amazing filtering of non-sound,
non-human sound.
Yeah, when you come back and edit this podcast later,
you're going to be like, why is this just 90% typing?
Yeah, right.
So we are just agreed that instead of just
instead of us recording a podcast episode well this is the episode now yes i guess so
hey everybody this is our podcast i guess we kind of started recording and yeah yeah i don't know
i mean we'll see if this ever sees the light of day. Right, right.
We're boring the heck out of people as we do our debugs.
But it's like listening in a pairing session, I guess.
Yeah, yeah.
Of a sort.
Okay, so I got...
I'm going to make you write tests for this Terraform.
You know, that would actually be a really interesting exercise,
is trying to write tests for Terraform.
I've written tests for SQL before.
That was a fun project.
Oh, my God.
I've written tests for Bash.
We should do an episode on my testing approach for Bash.
Yeah, it's in the list, isn't it, about testing Bash?
Although it is a number.
Yeah.
I'd be interested in the Terraform test type stuff.
I definitely use Terraform validate in some of my pre-commit hooks
to make sure that it's at least syntactically valid and i think it's terraform format that
sort of makes it canonical formatting anyway uh okay so i think i think i gotta change
something here because i'm running my target and it says nothing to be done.
So I usually when I troubleshoot this.
You haven't made it.phony, have you?
Or have you made it.phony?
Oh, my God, I bet that's it.
Because if you haven't made it.phony, you have a Terraform directory, and that's what it thinks is up to date.
It's like, yeah, I got a Terraform directory.
You didn't make Terraform, and it's like, yep, got that.
Yeah.
Well, I don't think that's it but i i
did not that's caught me out before now where i did not make them yes i mean that's i just like
okay i'm just gonna do this because there is no the target i'm trying to run is called infra
and there is no infra directory oh okay but i i'm gonna make it phony just no that's not it yeah
it's not gonna be that but but it was worth checking out.
Terraform init.
I think the problem here is I have an undefined target.
So basically, terraform init, yes, that's totally what it is.
So I had a target that I was referencing by a variable name.
So it's $terraform init.
And the intention of that is it's going to be the directory that terraform
initializes itself into.
But I hadn't declared that variable.
So I think it was just blank.
So it's like, yes.
So then make was like,
you know, I'm not going to make an empty thing.
So it does nothing.
But I also need to do
kerder slash terraform
dot terraform because we want to put this in a terraform subdirectory.
I think so.
And then we can hide all the squirrel away all the dot files and crap in there as well.
And I think what that also means is that I need to do a cd in my terraform init target before I...
Yeah.
And because it's make, you can't do that on two separate lines, right?
No. Let me just have a look does terraform has a dash ch dir equals okay so you can use that instead so a
bit like make dash capital c or ninja dash capital c where you're like hey i'm running you but don't
run here run there it might make more sense to use that it's nicer because it doesn't need to
use sub commands do i need to make the directorycommands. Do I need to make the directory first? Oh, sorry?
Do I need to make the directory first?
Oh, I think so, yeah. It literally is like
hey, you're going to CD into that directory first.
But it means you don't have to do the thing
on one line, which
is essentially a subshell and
doesn't know it, it just sort of
executes it in whatever the prevailing
shell is and says, hey, you do this.
Which is almost always sh or bash.
But, for example, fish doesn't support that kind of nonsense.
Yeah.
Even though I love it dearly.
Okay.
Yes.
So I missed a target.
No rule to make target source tools complement dot tools.
So I defined that tools directory, but I never made a target to create it.
To create it.
Yes.
So I got to grab that target, which is a very simple target.
What you're doing here is kind of working it backwards from, like, I need this thing.
So, and then, but you haven't actually told it how to make that thing yet.
Exactly.
The glory of makefiles.
Exactly.
Okay.
So now I have a tools home target, which is just make-p dollar at.
So it's like, you know, just make the thing that you
want. Make the thing that you said I needed
to be. Yeah.
Okay, so I ran that and installed Terraform
and unpacked it to the tools directory
and then it initialized
Terraform in an empty directory. So now
I would expect to see a Terraform
directory and I do?
And inside of that Terraform directory
I would expect to see a dot terraform
directory and i don't oh because it says you have no terraform files yeah you need to make a main
note here for just anything in there let's just create any old thing yes um while we're thinking
about it i know there are various lock files and other nonsense some of which need to be checked
in and some of which don't need to be checked in and i can never remember which ones are which i
think this project that i have has a gitignore that will...
Exactly, thank you. That's what I was asking
basically is do you have something we can copy?
Yeah, yeah, yeah.
Alright, let me try this
again and we're going to see how
good this make setup is if it
knows to do the right thing because
I've already created some of these directories
and so it might do nothing.
Check.
Infra.
All right, Terraform has been successfully initialized.
So now if I go into Terraform, and I have my main.tf,
I still do not have a Terraform directory?
A.terraform directory.
A.terraform directory? What is the.terraform directory. A.terraform directory?
What is the.terraform directory for?
So that is going to be terraform init.
So when I run terraform init, I'm expecting it to create a.terraform directory.
Has it created it in the root?
Did he do the.sh hdir equals?
No, yeah, I have it, terraform init is currdir slash terraform slash dot terraform.
Am I just not looking at this correctly?
Maybe it's like because there's nothing to do,
because there's nothing in the main.tf, it just doesn't bother to create it?
Yeah, almost certainly. It doesn't know what versions of anything to pull down,
because the main thing it puts in there is all the plugins that are going to be like here's the aws provider
and here's the whatever provider so let's do a very minimal thing in there then yeah the most
you're going to need to have the terraform thing and you need to have the state um management yes
the thing that says this is where the state lives which should probably be another yet another
bucket somewhere like it always is in my
world. Yeah, definitely the best
way to do that is with you store it
in a bucket.
I have sort of gotten away with not
doing that in cases, but like, yeah,
that's just not the best.
If you're going to have to solve the credentials problem
anyway for me being able to apply this,
then... Yeah,
yes. I mean, at this point,
I'm just trying to get to something
where we can test this
intersubjectively, where I'm going to commit this
and push it, and you can pull it down
and do the same thing and make sure that it's great.
Which has a credentials sort of caveat
for what it's worth.
I think I have AWS credentials.
I'm going to have to check, take a look.
Well, if all I'm doing... I mean, we're going to have to solve that problem eventually, but if all I'm going to just take a look. Well, if all I'm doing...
I mean, we're going to have to solve that problem eventually,
but if all I'm doing is just trying to initialize this directory...
Then that would be intersubjective.
You can just hopefully just do that.
Absolutely, yeah.
Okay.
Installing the backend.
Installing provider plugins.
Love it.
Finding HashiCorp AWS versions matching blah.
Installing AWS matching blah.
And now, inside of the Terraform directory,
do I have...
I do!
Drumroll.
I have a.Terraform directory,
and I have that lock file that you were talking about.
So let me go take a look at this git ignore
and see what I did, at least in here.
So in here, I am ignoring a bunch of things. I'm ignoring
the.tools directory, which makes sense. I want, you know, I don't want to check in
any of these tools. Although ironically we could actually because we both are on
Linux. We could, yeah. You could. Solved that whole thing. But you've done a nice thing for downloading it and
changing it and upgrading it and all that stuff, so let's keep it. Alright, and then I want to say terraform.tfstate... I've got an AWS thing in here, I don't think
I need that. Terraform, and then we're not doing anything with terraform-plan, so yeah.
So the three gitignores I'm adding are the.tools directory, terraform slash... do I
need that one? I was going to say terraform
slash tfstate, but I don't actually think I need
that yet. I'm not going to put that in.
And then terraform slash
dot terraform, which will be that
terraform initialized directory.
And I think...
I'm just looking
at my own...
The whole dot terraform directory is all I've
ignored in mine, and there is a dot terraform dot lock.htl, which I've accidentally been checking in, which probably I don't do it. Oh, I got a whole dot terraform directory is all I've ignored in mine. And there is a dot
terraform dot lock
dot HCL, which I've
accidentally been
checking in, which
probably I don't need
to.
We should maybe have
to Google that.
No, I actually think
you are supposed to
check in the lock
because it's like a
lock file for when
you do.
Yeah.
Yeah.
Yeah.
Yeah.
Okay.
Then that's why the
dot terraform dot
lock dot HCL is
like a stanza that
is when it's solved
the constraints,
you want everyone to be agreeing on what version.
Yes, I have that file
checked into my other project, so I think
that's actually correct.
Okay.
Okay, so I think I've got to the point now
where I can push this,
and you can give it a try.
So let me say
skeleton
terraform config with make target.
With infra make target.
And you know, we can rename this later, but this is what I got right now.
Okay.
So that's pushed.
Alright, git pull.
I see some things.
Type make. And there's nothing in the list
because you didn't add the help for the bad person.
It's not cool enough for that list yet.
And I'm going to do make.
What should you suggest?
Make terraform?
Make infra.
Make infra.
Yeah, that's, like I said,
we're going to have to rename that later
and that's probably not even going to be the,
like we're going to need like a make plan and a make apply.
Like, terraform plan, terraform apply, I think would be good targets.
But they're going to have, like, base things that sort of maybe do something.
It archived terraform.zip and inflated it, made a terraform subdirectory, which I guess we don't need to make it. That makeder is probably
unnecessary because you've made... Oh, duh! I've got the main
file in there. Yeah, thank you. Yeah, that's the
whole point of that. But yeah, so we can get rid of that.
It says initializing the backing, initializing
provider plugins, Terraform has been successfully
initialized, everything, quote,
just worked. Awesome.
You may now begin working with Terraform,
it tells me. So now we're inside that Terraform
directory. I can do Terraform plan, and it should do absolutely nothing.
I know you want to do make file nonsense, but I'm just going to go in there.
No changes.
Your infrastructure matches the configuration.
That is the no infrastructure correctly matches the no configuration.
Hooray!
Cool.
All right.
I'm going to do a very small commit to remove that unnecessary
mictor
but that requires that I
spell unnecessary correctly
so I'm just going to say unneeded
yeah
that's a
pragmatic solution to the problem
okay
alright I'm going to push that
my laptop fan has just kicked on so when i
edit this i'm gonna have a big old hiss in the background no sorry listener sorry listener
okay i'm sorry listener also that you maybe are expecting a podcast and instead you're hearing
this debugging session we should just call this episode Yak Shaving. Yeah. All right.
So the next thing that might be useful to do is either we set up the Terraform state storage and then work at credentials, which is a pain because God knows how hard it is to to do a risk credentials especially when we're kind of up against the clock we've got about like 15 minutes on my calendar before i'm
supposed to be doing something else but i can probably ignore that um or we just don't worry
about the intersubjectivity of the next bit and get the route 53 stuff done with your own credentials
on your machine so that we know that in principle it's going to work and then see where we get out
from there yeah that maybe that's a place to to start because i guess principle it's going to work and then see where we get out from there. Yeah, maybe that's a place to start.
Because I guess if this is going to be really onerous,
there's a chance we might just want to bail on automating this entirely.
And just be like, you know what?
We're just going to do this one on the console
because I'm not going to spend 20 hours getting this right.
I don't think it's going to be that bad, though.
Let me go...
So if we go to Compiler Explorer, even, let me go to.computer.
C, dev, C, compiler.
No, infra, terraform.
So there's a billion T files in here, one of which is,
is there a root53.tf?
Yes.
Aha.
So I have a root53 we can copy from. from and let me just i will send you the link oh
i've just hit my microphone oh wait a second don't we want to do like a terraform import
you can but it doesn't it just says now i manage that resource oh it doesn't but what i typically
do is i manage i import the result so you have to make an empty
resource and then you import it and then you do terraform plan it says oh i would delete all of
these things you're like great those are the things i'm going to put into the stanza in the tv
so you can definitely do it okay um it's pretty straightforward though um
like yeah no no i i so i hear what you're saying like let's just get the route 53
stuff in there because it's new and worry about everything else later i think so we can definitely
import the bucket and stuff and that's a pretty straightforward thing to do but we're going to
need to be able to store the terraform state first and foremost and then the route 53 stuff we can
just add and apply and then you should be able to refresh the console and go this looks good and
then we should be able to dig at root 53 or whatever it is
and see that they're there and then maybe that's where we can
I mean we could just do local state
for now and then we can move
it into a bucket later
yeah I don't know how easy moving
it is but it's fine
I feel like I've done this once already
but I mean it should
be straightforward like hang on
let me just see what my own app is main.tf back end s3 key bucket that's what it is it's just a back end
and in a bucket name which can be something you will call like you know infra.toothcomplement.org
just a region and a key and then we're done and it's in the terraform stanza yes i'm gonna paste this into
oh my god i don't even know where to paste it into uh discord yeah that's probably the best
place so that is what i have in the i mean obviously it's open sourcing and grab it
um so you you already put a provider in there for aws of you or have you not yeah no that's in there although the version that you're using is way
newer than the version that i have so much yeah yeah i mean that's unimportant really um well
now is the time to do it it's not gonna get any easier than grab the latest version you know yeah
and then that is what i have for like the provider block above that and that's kind of like my main
dot tf that says like the hey this is all the versions this is the whatever's and this is where i want you to store your state
and i think that's all it took i think now i think there's something you can do with dynamo db for
locking and all that kind of crap but i haven't done that no i see what you're saying there
so do you have another piece of terraform somewhere that's actually creating that bucket
no no no the back end knows how to do that that's like you know otherwise you've got a chicken and egg situation how do you create the
bucket where this where it's going to store its state before you've stored the state to be able
to create the bucket so okay okay so i think i think you can just type put anything in there
all right um or in fact we already have the bucket actually as it happens we can just use
the the existing but although no we don't want to put the TFStaker there because it actually goes to a website, so let's not do that.
I can't do that.
Okay, so bucket
state.tooscompliment.org
can be the name of the bucket.
This is cool.
If it works. If it works. Retrospectively, it'll be
cool, but right now it might just be, as you say,
another yak.
Okay.
We shaved this yak, and
inside the yak was another yak.
It's like Russian yaks.
It's a stack of yaks.
Russian doll yaks.
A yak stack.
Uh-huh.
Alright.
Oh boy.
And then I'm going to do this, and I'm going to wantonly steal from this example that you have, because it's probably better.
That, my friend, is what it's all
about.
I've typed enough times to be able
to spell correctly. Okay.
Okay. Alright. So now
if I run this, I would almost expect
a credential error
because I don't think I have any...
I tend to
not just
throw global credentials
into my Bash RC or anything like that.
And I actually really kind of don't like the fact
that the AWS client
will discover credentials that you put
in
your home
directory. So I don't really like having a
default profile in there.
There's some AWS sudo as in S-U-D-O, not sudo as in ps ue do like scripts and things you can get
which kind of make it so you can run a shell on as a this set of credentials which is kind of a
nice way of doing it effectively it's just a canonified way of setting all those horrendous
environment variables but it also some of them will support the things where you need to um log in as yourself and then effectively change role to
like developer and there's that kind of stuff but right now um yeah whatever you want to do you can
export some credential files um i typically i do use the horrible global variable pattern which is
nasty but i have them i have different credentials for different projects and i specify the credentials I typically do use the horrible global variable pattern, which is nasty,
but I have different credentials for different projects,
and I specify the credentials with the one environment variable that says,
no, these are the ones I mean this time.
Yeah, yeah, yeah.
Okay, so unfortunately,
I don't think I've made this makefile quite mature enough
to where it will detect changes to the TF and rebuild,
which I think I have.
Well,
that's typically I make those things like if it's a,
it's more of,
it's a phony target.
So it's not that there are changes.
It's because like,
who knows?
The thing is that Terraform,
there are two sources of changes in Terraform.
One is in the dot TFL that you edited.
And the other one is some clown changed it on the console,
and you want to make sure that actually you apply that.
Yeah, yeah, yeah.
Okay, so yeah, so I need to change that.
So don't worry about that for now.
No, no, I got this.
I got this.
So I'm going to change that in for target to...
Actually, I'm just going to leave it the way it is,
and then I'm going to make the Terraform apply target,
or probably Terraform plan to start a target
that's going to be phony.
Yeah, this is what we want to do.
And then this is just going to depend.
I am going to get rid of the info target and replace it with the real one.
All right.
But it's a plan.
That's what I want, is Terraform plan.
And then I just want to see the plan, right, which should be nothing initially.
Okay. I want is terraform plan and I just want to see the plan right which should be nothing initially okay so then we're going to do that and then I'm going to use my variable name for the terraform executable instead of trying to guess what it might be naked you're much see I'd be in there
just typing terraform and I didn't make a foul afterwards this is quite I'm interested in how
your process how how um rigorous you're actually saying no i never want to know yeah
i kind of like i don't know i've just done this enough times where it's like i just really like
the result from it because it's like there's a very high probability that when i get to the end
of this it will actually just work whereas if i if i sort of go back and try to do this after the
fact like because you didn't build it up interactively and you never had a chance to verify each step, because the nature
of make is this sort of branching tree of dependent tasks,
if you haven't actually walked that tree one branch at a time and
made sure that each one worked, then you tend to wind up
in these situations where it mostly works, except this situation.
But anyway, I digress.
So if I do
make terraform plan, what the hell
does it do? No configuration files.
Right, because I didn't use the dash
ch dir.
You can bake that into the
terraform command if you're being really horrible.
Oh yeah, good point.
As in the variable terraform
that's like, hey, run the Terraform in the way that
I need you to run Terraform, rather than being the executable is Terraform space dash chdir,
which is kind of naughty, but nice.
Okay, so I'm getting backend initialization required, please run Terraform init.
So my guess is that because I've already initialized this once with the wrong back end it's now
complaining it needs to be reinitialized so i'm gonna do the thing honestly i've had enough of
these problems where i this is one of the reasons why i haven't driven a lot of the terraform by
make because this like knowing the subtleties of when you need to do the re-init and is hard so
often you end up with make files that always re-init all the time and then that's painful
it means like the first 25 lines of every time you do a make thing that always re-init all the time and then that's painful it means like the first 25 lines of every time
you do a make thing is it re-initializing
the same thing
yeah I mean I've definitely gotten this
pretty solid on some of the other projects that I've
done so I'm not worried about that
for this I'm just going to delete
the directory and rebuild it
because once you get that background
right it should be pretty stable
but now I'm getting a different thing which is unsupported Terraform core version.
Which is why... why do you... this configuration...
What version of Terraform do you have?
Oh, probably like an ancient one compared to what you were using.
I have it set at 1.0.11.
Let me have a look.
I am on 1.3.2.
1.3.2.
Well, I will change...
The latest version is 137 though so why
137 yeah love it okay so now this is another great exercise here's the funny thing like when
you check this in if i try and test it i can actually make a dot ozzy dot yaml in that
directory to point it at version 137 just for when i'm running in that in that directory which
is just to me are saying ozzy's pretty. Anyway, we're rewriting Aussie in Rust
as well, for anyone who's actually using it.
Which, I really like that idea,
by the way. Anyway, sorry, we're
getting all up in the confusion.
Okay, so I ran make Terraform
planet, installed the new version of Terraform
automatically, which was cool, and now
it's saying error configuring SV backend,
no valid credential, which is the error that I expected
to see. Awesome. Right. Okay okay right so now i can go and i wonder you know if you can specify where the
credentials are expected to be yes and then you can say well and then we can get ignore them
and then we can make it so that there's a make file target that says you know you need to put the you need to go get the credentials from exogenous place and put them
here and then it'll all be like nice i can't believe this is a lot of effort for like well
we could just you could just paste it into discord and i could type it in oh man that's how we go
that's how we roll yeah yeah no i think i'm gonna i think i might do that um because i i
actually have another example of doing that in a different project oh even better uh where i say
uh aws shared credentials file i think is the name of the environment variable nice and so
and then i have a make target that is just that file, and it just prints out, like, hey, you need to...
Yeah, I can't make this file because...
Okay, so I'm going to do that.
Do we have vault? We can make a vault, and then...
No, we're done here.
The yaks are stacking.
One pass.
Yes.
All right, so yeah, I'm gonna grab that.
And then AWS shared credentials file is that.
And then this needs to be exported.
And that's why we had that.aws directory in the ignore,
because that is where it's storing the credentials.
So I will
add that again because I absolutely
positively do not want to check these credentials
into
under any circumstances.
I think something will alert you
pretty quickly to it, but it's not worth
testing it.
Actually, there is a pre-commit hook
for this. So if we do set up
pre-commit,
as in the Python
pre-commit thing,
one of the hooks is,
you know,
it has an obvious look
for like API-looking keys
and says,
no, you probably
didn't want to do that,
which is nice.
Okay.
So then I would assume
I want my Terraform init
to depend on this AWS shared credentials file, because
otherwise terraform's not going to be able to do very much for you.
And then hopefully if I run this again, I should see something else.
What the hell did it just do?
Overriding recipe...
Oh, do I...
Did I...
Oh, have you done a I... Done a typo.
What?
You got two recipes with the same name.
Yeah, I think that's what's going on here.
I'm hungry.
Why would I do that?
Oh.
We have this already.
This is already in the make file already.
Oh, get out.
We did this.
I'm going to... I lost my mouse pointer there. There, get out. We did this. I'm gonna...
I lost my mouse pointer there.
We totally did this.
It's getting funny because I'm trying to keep my mouth near the
microphone, but it means that now I'm...
AWS shared credentials file
is already in here. We did this already
for something else. Okay. Awesome.
What if I just use that?
You must get credentials and save
them here. Awesome.
Oh, yeah, because that's how we tested some of them, I'm sure.
Yeah, yeah, yeah.
Config file. It's like line 29 in the make file.
I don't have that, which is fine.
How do you not have that?
Oh, man.
Credentials.
I don't have my mind.
You must get credentials from Google Drive and save them in blah blah blah.
Yeah, that. Look at that.
Ben Rady is a clever person
so I'm going to go to Google Drive and go get them right now.
I don't know about that.
Did I put them there? Maybe I did put them there.
I think I put them there.
Anyway, you worry about that. I'm going to get them.
And then we can do an intersubjective test at the end of this.
Yes, I like this.
Pat ourselves on the back and say hey, we were cleverer than we thought.
Yeah.
I would infer, I have zero memory of anything that I've ever done, but I would infer from
this hint that I left my future self that I made some, two compliments.
Credentials.
There's a credentials directory in the shared G drive where we steal all this stuff.
Look at me
December the 14th 2020
By Ben Rady
I'm going to download those credentials right now
And I'm going to move them into place
I'm actually going to do that too
Because I don't even know that I have a copy of those credentials
Luckily Oh that's not I don't even know that I have a copy of those credentials luckily
oh that's not
I just typed VI instead of MV
that is just how stupid I am
okay make credentials
nothing to be done for credentials
look at that
how will I test that they work
well what are they used in
shared credentials file
credentials I guess it's an credentials file, credentials, credentials.
I guess it's an environment variable, so it's going to get used by, like, if you did a deploy, which you maybe don't want to do, but that would be one way to test.
I guess you could try to do, like, an S3LS.
But I'd have to hack that in because it would need to set the things yeah yeah no no no worries
anyway i'm gonna quickly i will locally hack that just so that i can do it just to see that we aren't
gonna fail while you try and get the next step done right oh yeah no no we have a website info
okay put bucket crate bucket oh no no yeah yeah I thought we had an LS I mean really
the test target should do this
you should put it in the test target
make list bucket
and it works
oh, list bucket, yeah
we've done this already
it's all coming back to us now
oh my god
dear listener, we are not
the smartest it turns out programming is a detective novel where you are not the smartest, it turns out.
Programming is a detective novel where you are both the detective and the murderer.
So very true, my friend.
All right.
What we got going on now, then?
Okay.
You're just about to check in the thing that points the Terraform config at this pre-existing configuration,
having made it also Terraform init
depend upon the credentials
in the makefile.
I'm still having trouble.
It's Tooth's Compliment? Is that where the credentials are?
Generating Tooth's Compliment?
I haven't found the credentials yet.
Oh, it's in the Tooth's Compliment
drive under credentials.
Yeah, credentials AWS.
I will paste a link to you right now in the chat, which says chat with everyone.
Yes, I found it.
I found it.
I found it.
All right.
Wonderful.
Okay.
I don't even know what that is, credentials, but I'm going to use it now to find all your secret projects.
Yeah, I had completely lost track of the fact that the
Goose Compliment drive was
a drive you shared with me.
I was looking at my own folders and I couldn't find it.
Oh, yeah. That's me,
that is. Okay, cool.
Alright, so download it there.
I see, so you were waiting to get your own credential.
Yeah, I just want to check to see if this
actually works, because I haven't
tried it.
Make dir AWS and then copy from downloads credentials to here.
And I'm just going to take a look at this thing real quick to make sure that it is the credentials that I expect it to be.
Nope, I don't, because I put it in the wrong directory.
Can you just read out the secret access key to me?
Right, uh-huh, yep.
To check?
Yep.
It is...
No, I'm not going to do that joke.
All right.
You're not even going to do it.
All right.
Cool.
Yes, that looks very reasonable.
So now I should be able to do the same thing that you just did
and say list bucket. Make list bucket. And that worked very reasonable. So now I should be able to do the same thing that you just did and say list bucket.
Make list bucket.
And that worked.
Awesome.
Yay.
So now if I do make terraform plan.
Okay, so if I get terraform.
These credentials may not have the right permissions to do whatever, but it worked.
So when I do this, it says S3 bucket does not exist.
Okay.
Maybe we do need to create this,
and then maybe permissions things about that for the state.
I mean, it would be very convenient
if we could store these things in the same bucket.
So one yak that...
Oh my god, the yaks.
The yak that the programmer in me
wants to shave right now
is moving the public content into a subkey
so that we can store
other stuff in this bucket safely um but i don't want to do that right now buckets are free
buckets are absolutely free and it's much much safer to have a top level bucket thing and just
say like this is there's it can't even be public so i have no problems with you going into the
console for this one task.
If that's what it takes.
I'm sorry.
I did think it could create them, but maybe...
I mean, maybe there is a way.
I would expect it to be able to do it, but maybe not.
So...
Dear listener as well, if you're not sure what we're talking about here.
So Terraform is a way...
I'm going to pad this while Ben fiddles around setting it up, right?
Terraform takes a textual description of the infrastructure and assets you would like to exist, and it makes sure that they are created, which is wonderful.
It can make EC2 instances.
It can make anything Google Cloud, any kind of cloud provider.
It can make all the anything google cloud any kind of cloud provider it can make um all the
resources that live in there but it needs some external state because it needs to be able to map
something that you locally have called this bucket to the identifier that amazon calls that bucket
which will be some horrific arn some giant long name for it that uniquely identifies the resource
in amazon's world or Google's world
or whatever. And so there is a state file which says, this is what the code says it is, and this
is what it got created as on the remote end. So that I can, when you then make apply again,
it doesn't try and create another bucket. It goes, no, I already have that bucket. And then it can
query that bucket and say, does it have the parameters that I expect it to have? And it
can make a modification instead. So that's what the this state file is and it has to live outside of what
it's better if it lives outside of source control because if you've got multiple people um changing
it and applying um in different locations then they you have this kind of like race condition
where until you've checked it in the state is not valid for the other person. Perfect. Have I sufficiently padded to get to this?
Yes, and I realized that I'm going to have
to use a slightly different approach
for...
Okay, right, of course, I have to add
access to this bucket. I created the bucket,
the backend attempted to
initialize and it got an access
error, which makes sense because I haven't actually
We don't know quite what the credentials,
I don't know what you did with these credentials in terms
of the creation.
This is the perennial problem of like, how do you
grant the grantor?
Yes.
Yeah, I think I have some
tradecraft on this for
that I can pull into this, but I'm not going to shave that yak right now.
What I'm going to do right now is I'm going to go into this user...
And just say, hey, you can do the thing.
Yeah.
Where the hell is this user?
Oh, the I am thing is a painter.
I only...
Oh, duh.
I clicked on user groups instead of users.
I'm like, where are my users?
Oh, there you are.
That'll be why.
No, this is...
Yes.
Oh, interesting.
You want to guess what the name of this user is?
Oh.
This is fun.
Whose compliment would be my guess, but I remember... Incor i'm correct oh what is the name of this user
uh is it uh oh what is it something about argument that we had some other name constant arguments
which was the constant arguments which was so anyone who's made it this far into the episode
gets a little bonus treat of learning what this podcast might have been called which was constant arguments how funny oh my god so funny okay um yeah attached
existing policies and we're gonna go uh s3 uh i'll come back later and I will create a custom policy that only but for now
so what Ben is doing is granting the user
for which these credentials
allows us to
log in as or effectively access
Amazon as it's granting it the
rights to a separate
bucket which won't be publicly available
unlike the website so that
Ben and I can store this state somewhere.
Okay, so
next error. Failed to
query available provider
packages.
Do not retrieve the list of available versions from
provider.
Block provider does not
match constraint.
Oh. Oh, that sounds like
another...
So I have reinitialized
Terraform, and I'm still getting this error.
If you do Terraform
init-update, I think
is the other thing which allows it to bring things
forward, I think.
Give it a go. This is now, we're into
hand-waving magical voodoo.
Yeah, yeah, yeah.
Init.
So, dash update?
I think so.
Oh, upgrade.
Dash dash upgrade.
No, that's not right.
Oh, hang on.
Init.
Because I could just blow away the lock file because there's nothing useful in there yet.
That's possible, yeah.
Do you want to give that a go?
Yeah, I'll do that.
It is terraform init dash dash upgrade
will allow it to do that.
Oh, well, if that is what it does,
I'd rather use that.
So let's try that.
Okay, we'll give it a go.
Did it make any difference?
It's working.
Okay.
So now we've made the lock file better.
Yep, exactly.
But the thing is about that dot dash dash dash upgrade
is you don't want to check that in as being
something because it will just keep pushing everything forward
all the time.
Yeah, okay. Good point.
I think. Because it would have updated.
Yeah. Okay. Anyway. So we have
a new lock file, which I'm
assuming contains our information
about the bucket.
And I'm just going to take a look
at that real fast.
I guess
it's just the registry.
What actually contains
the information about the bucket?
Oh, duh. It's the main...
Yes, of course.
That's what you put in the main.tf file.
You put the name of the bucket.
Awesome. Alright, so I think that actually worked.
So I think we're finally at the point now where I can commit this, and you can give
it a try.
Alright, I am just ha- which version did you do?
137, I think, of Terraform, right?
137, yeah.
Okay, I am just adding a.ozzy.yaml into the two-scomplement thing so that I will
Yeah, yeah, that's cool.
Terraform dash dash version.
Let me make sure I'm not doing anything else.
Installing Terraform 137- oh no no, wait a second, sorry, no. Let me make sure I'm not doing this. Installing Terraform 1.3. Oh, no, no, wait a second.
Sorry, no. It manages
Terraform itself, doesn't it? Sorry.
Yeah, I don't need to do this because you're doing it in the
makefile. That's the whole point. Right.
Though that said, it's convenient to be able to
type. I had kind of assumed that you wanted to
just be able to run arbitrary Terraform
commands in addition to the
intersubjective stuff that lives in the makefile.
Alright. So I have no heartburn
at all about putting a
file in there.
If you check this in...
I'm about to.
Adding
configuration
for...
You're spending far too long
on the...
thinking carefully about the checking comment for us.
I know it's best practice to have a decent checking comment,
and you very rarely...
All right.
Pushed.
Okay.
Give that a spin.
So I just pushed the Aussie YAML as well.
Cool.
Okay, so I'm going to do make Terraform plan.
It's inflating a new version of Terraform.
It's initializing the provider plugins
as it's reusing previous versions of some things but installing some newer things of other things
and your infrastructure matches the configuration
we accomplished nothing we've successfully done nothing but it does mean that we should now be able to literally quote yeah just type a tiny
bit make a root 53.tf or something in that directory yep i'm gonna try that right now okay
i so this is i actually i think i actually need to bounce here in a couple of minutes but let's
i want to see what you do do your thing and then we'll and then we'll see what happens. Okay, I'm literally going to copy
infra from compiler explorer terraform
root53.ts
.tf into the terraform directory
and then I'm going to vi it
and I'm going to destroy everything that's in it
other than
module zone ID.
Ah, no, we have to get zone IDs and other things.
Plus the user doesn't have permissions to do any of this stuff anyway.
Right, then we are done for now, I think.
Well, we have successfully done nothing.
We did not solve the original problem in any meaningful way.
We haven't even solved the simplified version of the problem where it's like we're not gonna
get it to resolve first of all we're just gonna set up aws so it's ready to resolve
but we have got a really shiny little place to put that change when we get it so
cool it could be worse so yeah all right then i think we should quit while we're not behind
any further right before we create more work for us to do
right but just to summarize we have a place to hang future infrastructural changes that should
be straightforward we've got to sort out some permissioning problems with the user so we can
create a root 53 thing we're going to have to actually make a root 53 zone which should be
pretty straightforward i have got the so the compiler of all this stuff is in a module because
i have multiple domains and so i set them all up the same with the module which is cool
stuff but unnecessarily complicated for what we need um then we can with a zone which will be the
two's complement org we can add some records one of which will be this is a an alias record i think
is what they call it to the cloud front thing which we can also bring in, and then we can just actually point them to each other
and Terraform import it.
And then it's like, hey, I mean that CloudFront ID,
I don't even need to know what it is.
It's just the one that's defined and declared over here.
And then once that's all applied and affixed,
we can change your DNS at your current provider
to say the name servers are Amazon's one,
and it will just work.
And then finally, I can curl HTT curl https to scum limit.org or discover that the certificate doesn't work for that
all right well this was a fun adventure this was an adventure and uh yeah this will be a fun one
to edit i think this one will be the least edited ever. So, and it'll just be as it came out.
So apologies to our listener for the lack of sounding more intelligent than we are,
which is normally how I try to edit it.
Perfect. I love it.
All right. Until next time, my friend.
Until next time.
You've been listening to Two's Compliment,
a programming podcast by Ben Rady and Matt Godbold.
Find the show transcripts and notes at www.twoscompliment.org.
Contact us on Mastodon.
We are at twoscompliment at hackyderm.io.
Our theme music is by Inverse Phase.
Find out more at inverse phase.com