Cloud Posse, LLC

Join us to talk shop! 🙌 Get your #DevOps questions answered. SweetOps "office hours" are held via #Zoom - every Wednesday at 11:30 am PST (GMT-8). Register here →

Join us to talk shop! 🙌 Get your #DevOps questions answered. SweetOps "office hours" are held via #Zoom - every Wednesday at 11:30 am PST (GMT-8). Register here →

We've added a new --query flag to Atmos describe commands that enables filtering output using YQ expressions, eliminating the need for separate YQ/JQ binaries. This addition lets users extract specific configuration data like variables, tags, and settings using standard YQ syntax directly within Atmos. This capability makes it significantly easier to query your infrastructure configuration and get answers without workarounds or external tools. https://lnkd.in/ghyZPAKm (v1.140.0)

GitHub's new Issues update brings actual sub-issue support, finally letting us create proper parent-child task hierarchies without awkward workarounds. The rollout introduces organization-wide issue types for consistent classification and beefs up search with boolean operators. https://lnkd.in/gj6CWuUi

GitHub has added Copilot-powered error explanations for failed Actions jobs, accessible via an "Explain Error" button in pull request interfaces and Actions pages. Each error explanation counts against your Copilot chat message quota, though interestingly some users with open source contributor seats report having access while others with paid licenses don't. I tried testing this feature but couldn't access it despite having a Copilot license, so there may be some undocumented organizational requirements or settings controlling availability. https://lnkd.in/giV7hq9U

A security researcher discovered that MasterCard had been running with a critical DNS typo for five years, where their Akamai nameserver was configured to use "akam.ne" instead of "akam.net". What's particularly concerning is that Akamai, a company specializing in content delivery and security, hadn't defensively registered these obvious domain variants. By spending just $300 (and waiting a few months) to register the .ne domain, the researcher was able to start receiving DNS requests intended for akam.net but incorrectly configured for akam.ne. Had the researcher been a malicious actor, it's possible they would've been able to register SSL/TLS certificates to intercept encrypted customer communication. Mastercard responded that they fixed the issue, but claimed it did not pose a serious security threat. https://lnkd.in/gwZw7vmZ

I discovered this action that adds SSH debugging capabilities to GitHub Actions runners using tmate - a tool that's been around for over a decade. The action creates an SSH session or web shell for direct access to investigate workflow issues, similar to how I previously used tmate for debugging ECS containers. While it's useful for troubleshooting, I have serious concerns about enterprise usage since it requires outbound internet access and could enable complete takeover of workflows with administrative privileges. https://lnkd.in/gc686wjM

AWS Console now allows signing into 5 different AWS accounts simultaneously in a single browser window - a long-overdue feature for those of us managing multiple environments. The feature handles any mix of root, IAM, or federated roles across accounts, though the role name display could use some UX improvements. https://lnkd.in/guNUGcnd

GitHub has introduced repository-specific instructions for Copilot through a .github/copilot-instructions.md file - mirroring similar approaches from Cursor and other AI coding tools. This context file lets teams specify coding standards and technical preferences that inform the LLM's responses (though in my experience with Cursor, providing too much context can impact performance). I make use of this feature in Cursor extensively, and I'm not surprised to see other LLM coding tools adopting similar features. https://lnkd.in/gYPk4Bct

AWS Client VPN now supports multiple concurrent VPN connections across different accounts, with each connection getting its own IP address on the VPC subnet for direct EC2 instance communication. While this solves a common challenge when working with multiple environments, the ability for endpoints to potentially act as routers between networks raises some pretty significant security concerns - systems from both sides could theoretically communicate if routes are configured incorrectly. Use at your own risk! https://lnkd.in/dttWEsKM