https://jq1.io/ Recent content on jq1.io Hugo -- gohugo.io en Fri, 12 Dec 2025 08:23:23 -0700 https://jq1.io/posts/white_paper/ Fri, 12 Dec 2025 08:23:23 -0700 https://jq1.io/posts/white_paper/ What began as a modular Terraform experiment evolved into a full compiler-style architecture for AWS networking. The system transforms a declarative map of VPCs into complete multi-region Transit Gateway mesh configurations, performing automatic adjacency synthesis, route expansion, and deterministic cross-region propagation. Below is the white paper that documents the underlying model, a provable O(N² + V²) → O(N + V) reduction alongside empirical validation across multi-region deployments and is currently a work in progress. https://jq1.io/posts/finally_published_to_public_registry/ Sat, 04 Mar 2023 15:44:09 -0700 https://jq1.io/posts/finally_published_to_public_registry/ Hey everyone, Great news! The Terraform modules that power the TNT Architecture and Super Router projects for “scaling” VPCs and TGWs in AWS have been published to the Terraform Cloud public registry at v1.0.0, like FINALLY! They can be composed together to build a decentralized hub spoke topology with automatic peering and routing for cross-region and intra-region VPC and TGW connectivity. Tiered VPC-NG Centralized Router (includes Generate Routes to Other VPCs) Super Router Intra VPC Security Group Rule Super Intra VPC Security Group Rules The modules are mostly the same as what’s in my Terraform development repo at v1. https://jq1.io/posts/slappin_chrome_on_the_wip/ Sat, 28 Jan 2023 10:49:56 -0700 https://jq1.io/posts/slappin_chrome_on_the_wip/ Reflection in the Rear-View: Initially, I thought the TNT Architecture project and Super Router project were “good enough” to scale VPCs and TGWs in AWS. But, after looking back on what was built there were so many areas for improvement that I could not resist the extended refinement and discovery. I went ahead and gave the most useful Terraform networking modules a clean chrome wrapping with encoded engravings. Most of the work went into internal module changes and consolidating my favorite patterns to use. https://jq1.io/posts/init_super_refactor/ Tue, 11 Oct 2022 08:11:58 -0600 https://jq1.io/posts/init_super_refactor/ Aaaand we’re back with another heavy hitting round of super refactorization in Terraform! I think the first iteration of Super Router for AWS went well. It allowed us to peer and route both intra-region and cross-region TGWs and VPCs with a single module. But there was one really annoying flaw. The caveat in the design is that the peer TGWs will have to go through the Super Router’s local provider region to get to other peer TGWs. https://jq1.io/posts/super_router/ Sat, 13 Aug 2022 16:07:10 -0600 https://jq1.io/posts/super_router/ What’s up world?! Welcome back for moar spicy cloud networking Terraform takes because we servin’ them HOT over here so let’s dig in! This is a follow up to the generating routes blog post. TNT Architecture Recap The Terraform Networking Trifecta project demonstrated the ability to “scale” AWS VPCs in Terraform code by adding VPC objects to a list. Example VPC architecture but with auto named subnets: With Tiered VPCs we can narrow down the context (ie app, cicd, general) and maximize the use of smaller network sizes. https://jq1.io/posts/generating_routes/ Sat, 05 Mar 2022 16:59:00 -0700 https://jq1.io/posts/generating_routes/ Welcome to the next episode of thinking out loud to route in the cloud, you know my steez! Earlier this season we abstracted a TGW Centralized Router. Part of it’s responsibility is to manage routes between Tiered VPCs within a single region. It will create routes to other VPC networks in private and public route tables for each VPC (except itself). # snippet variable "vpcs" { type = map(object({ network = string az_to_private_route_table_id = map(string) az_to_public_route_table_id = map(string) })) } locals { # { vpc-1-network => [ "vpc-1-private-rtb-id-1", "vpc-1-public-rtb-id-1", . https://jq1.io/posts/opinion_23/ Fri, 19 Nov 2021 08:32:57 -0700 https://jq1.io/posts/opinion_23/ Lately, I’ve seen quite a bit of Terraform snippets that use a static map of maps to directly configure resources. For example: locals { map_of_maps = { name1 = { attribute1 = "name1-value1" attribute2 = "name1-value2" attribute3 = "name1-value3" } name2 = { attribute1 = "name2-value1" attribute2 = "name2-value2" attribute3 = "name2-value3" } name3 = { attribute1 = "name3-value1" attribute2 = "name3-value2" attribute3 = "name3-value3" } } } resource "some_resource" "this" { for_each = local. https://jq1.io/posts/tnt/ Thu, 22 Jul 2021 20:11:22 -0600 https://jq1.io/posts/tnt/ Intro Initially I’d planned to blog more than just about Terraform but it hasn’t turned out that way due to lack of time. But that’s OK because I really do enjoy creating and writing about networking topics with Terraform in the cloud. Content generation is hard so hats off to those who are consistently generating it. This project is for all the Terraform headz building networks in the cloud! It’s building on my previous Tiered VPC idea but by adding a couple more abstractions we can build flexible networking between multiple AWS VPCs with minimal code. https://jq1.io/posts/tiered_vpc/ Tue, 12 Jan 2021 20:03:45 -0700 https://jq1.io/posts/tiered_vpc/ Today’s Mathematics Dynamic VPC x Tiered Subnet Calculator = Tiered VPC Observing Abstractions In hindsight, the Dynamic VPC module should instead be called Simple VPC. It provides a general VPC tier including a public subnet (/24), a private subnet (/24) and NAT Gateways per AZ. The interface is simple because there is minimal focus on subnetting due to the internal subnet generation. Routing is automatic and the module outputs can be consumed for peering. https://jq1.io/posts/tiered_subnet_calculator/ Tue, 01 Dec 2020 20:48:34 -0700 https://jq1.io/posts/tiered_subnet_calculator/ I’ve been thinking about adding support for building tiered subnets of any valid size for the next iteration of the Dynamic VPC Module (which ended up being called Tiered VPC-NG). It occurred to me that auto subnet generation inside the module actually makes the subnetting less dynamic. Furthermore, auto subnet calculation should be in assistance to the process of allocating subnets and should not be fed directly as input to the VPC module. https://jq1.io/posts/hash_server_9000/ Sat, 10 Oct 2020 11:38:15 -0600 https://jq1.io/posts/hash_server_9000/ I took an internal dev challenge at work a while back because I wanted to learn more Go since I have an OO background and was not familiar with the procedural way of thinking. The goal was to build a simple non-persistent password hashing service using only the standard library while demonstrating the use of concurrency with the endpoint requirements below. Reading the blue and white book was definitely key to gaining deeper insight. https://jq1.io/posts/go_mod_terratest_localstack/ Wed, 23 Sep 2020 22:35:36 -0600 https://jq1.io/posts/go_mod_terratest_localstack/ At work we’re planning on having our IaC to grow up a bit. We’re really wanting it to get a job and start contributing more around here. Something like a shiny new Terraform Pipeline would be nice. That means we need to get our Terraform testing sorted out. I came across this HashiCorp video called Testing Infrastructure as Code on Localhost where Samuel Kihahu talks about combining Terratest + Terraform + LocalStack to allow him to test Terraform modules locally. https://jq1.io/posts/expanding_function_arguments/ Sun, 23 Aug 2020 16:31:18 -0600 https://jq1.io/posts/expanding_function_arguments/ The other day I was wondering if it was possble to unpack a list of elements as args to a function in Terraform similar to * in Python or splat in Ruby? Because this code will give invalid function argument errors: locals { new_bits = [4,4,8,4] subnets = cidrsubnets("10.1.0.0/16", local.new_bits) # <= can i unpack? } It turns out you can do this with the expansion symbol ... (three periods). Not to be confused with the Unicode ellipsis character. https://jq1.io/posts/dynamic_vpc/ Fri, 21 Aug 2020 10:28:58 -0600 https://jq1.io/posts/dynamic_vpc/ TL;DR Just show me the code! This is a Dynamic VPC Module that builds a redundant network architecture in AWS based on structured input using for_each and for constructs. It will build a VPC with private and public subnets per AZ with the proper routing and labeling. Here is the related VPC network diagram for visual reference. Preface I was planning on releasing this blog post shortly after Terraform 0.12 released but there were unexpected delays. https://jq1.io/posts/storm/ Thu, 02 Jan 2020 19:51:30 -0700 https://jq1.io/posts/storm/ “Some callin it fate while some others remain torn, some callin it rain cuz thats when I brainstorm.” - Evidence https://jq1.io/about/ Mon, 01 Jan 0001 00:00:00 +0000 https://jq1.io/about/ Resume ____. ________ ________ | |____ ___.__.\_____ \ \_____ \ ____ ____ | \__ \< | | / / \ \ / | \ / \_/ __ \ /\__| |/ __ \\___ |/ \_/. \ / | \ | \ ___/ \________(____ / ____|\_____\ \_/_____\_______ /___| /\___ > \/\/ \__>_____/ \/ \/ \/ --=[ First Nations | Cloud Tribalist | Urban Survivalist ]=-- --=[ PrEsENtZ ]=-- --=[ Ideas as Code: The Art of Demolition ]=-- --=[ Observe -> Abstract -> Synthesize ]=-- --=[ Create.