From dcdfaaa1ec6efcd87660ce6d21e14b2b48497432 Mon Sep 17 00:00:00 2001 From: Noah Boyers Date: Tue, 2 Dec 2025 16:18:26 -0500 Subject: [PATCH] clean up --- .gitleaksignore | 1 + docs/INFRASTRUCTURE_BEST_PRACTICES.md | 74 --------------------------- 2 files changed, 1 insertion(+), 74 deletions(-) diff --git a/.gitleaksignore b/.gitleaksignore index 69c27b1..bc7137f 100644 --- a/.gitleaksignore +++ b/.gitleaksignore @@ -23,3 +23,4 @@ ac48444a685bde17f83221a9c0efb6f3fee2ebbb:infra/aws/us-east-2/terraform-backend/m 8fa97fe4d1e4a477bf69361498a8801050856a3c:infra/aws/us-west-2/route53/main.tf:terraform-sensitive-variable:31 8fa97fe4d1e4a477bf69361498a8801050856a3c:infra/aws/us-west-2/route53/main.tf:terraform-sensitive-variable:14 8fa97fe4d1e4a477bf69361498a8801050856a3c:infra/aws/us-east-2/route53/main.tf:terraform-sensitive-variable:54 +ac48444a685bde17f83221a9c0efb6f3fee2ebbb:infra/aws/us-east-2/acm/main.tf:terraform-sensitive-variable:22 diff --git a/docs/INFRASTRUCTURE_BEST_PRACTICES.md b/docs/INFRASTRUCTURE_BEST_PRACTICES.md index 2a80306..7491296 100644 --- a/docs/INFRASTRUCTURE_BEST_PRACTICES.md +++ b/docs/INFRASTRUCTURE_BEST_PRACTICES.md @@ -393,80 +393,6 @@ oidc_principals = { --- -## Key Takeaways for Sales Engineers - -### When Discussing Load Balancers - -1. **NLB is the right choice for Coder** - - Optimized for long-lived WebSocket connections - - Lower latency than ALB - - Source IP preservation for audit logs - - Static IPs for enterprise firewalls - -2. **NLB DOES support TLS termination** - - Common misconception that it doesn't - - Fully supported via ACM certificates - - Show AWS documentation if questioned - -3. **ALB only needed if:** - - Path-based routing required - - WAF integration needed - - HTTP-specific features required - - None of these apply to standard Coder deployments - -### When Discussing Multi-Region - -1. **Latency-based routing provides:** - - Automatic performance optimization - - Built-in failover - - No user action required - -2. **Region-specific URLs allow:** - - Manual region override - - Demo flexibility - - Testing and troubleshooting - -3. **Shared database is critical:** - - Users need unified accounts across regions - - Workspace state must be accessible everywhere - - Consider RDS read replicas for performance - -### When Discussing LiteLLM - -1. **Separate subdomain approach:** - - Keeps architecture simple - - No ALB needed - - Independent scaling - - Clear separation of concerns - -2. **Automatic key rotation:** - - Security best practice - - No manual key management - - Zero downtime rotation - - AWS Secrets Manager integration - -3. **Internal-only option available:** - - Maximum security - - No external exposure - - Simpler architecture - - Recommended if no external access needed - -### When Discussing Infrastructure as Code - -1. **`upgrade_install = true` is critical:** - - Enables idempotent Terraform applies - - Required for CI/CD pipelines - - Prevents deployment failures - - Standard best practice - -2. **Terraform module structure:** - - Reusable across regions - - Consistent configuration - - Easy to add new regions - - Clear separation of concerns - ---- - ## Additional Resources ### AWS Documentation