DEV Community: Coang Ha

🚀Hailow - Bootstrap Your Engineering Workspace with AI Agents

Coang Ha — Sat, 28 Mar 2026 15:55:09 +0000

Stop setting up projects manually. Let AI agents do it for you.

Hey everyone 👋

I'm Harvey --- a DevOps engineer who spends way too much time setting
up the same environments over and over again.

Recreating configs
Rewriting boilerplate
Reinstalling tools
Rebuilding workflows

So I built something to fix that.

👉 Meet Hailow: an AI agent--driven CLI that bootstraps your
engineering workspace in seconds.

🔗 GitHub: https://github.com/Harvey-N-Lab/hailow

🤯 The Problem

Every time you start a new project:

You recreate your environment from scratch\
You configure tools manually\
You copy configs from old repos\
You lose time before writing actual code

And even worse...

👉 Your workflow isn't consistent across projects\
👉 Your setup isn't reusable\
👉 Your knowledge isn't structured

⚡ The Idea

What if your setup was:

reusable\
composable\
automated\
powered by AI agents

That's what Hailow does.

🧠 What is Hailow?

Hailow is a CLI that installs domain-specific AI agent workflows into
your workspace.

Each domain includes:

🤖 agents (researcher → planner → architect → implementer → reviewer)\
📏 rules (best practices & standards)\
🧰 skills (via npx skills)\
⚙️ commands (workflow automation)\
🧠 contexts (project-specific knowledge)

⚡ Install

Download the latest binary:

curl -sSL https://raw.githubusercontent.com/Harvey-N-Lab/hailow/master/scripts/install.sh | bash

Verify installation:

hailow --version

🚀 Usage

Install a domain

hailow install python-backend-engineer

Install multiple domains

hailow install devops-engineer js-ts-software-engineer

Install all domains

hailow install all

🤖 Choose agent platform

Hailow supports:

Roo Code\
Claude Code

hailow install python-backend-engineer --platform roo

hailow install devops-engineer --platform claude

🧰 Install skills (optional)

Example for Python backend:

npx skills install python-backend

📁 What gets installed

After running Hailow, your workspace will include:

.claude/ or .roo/
  agents/
  rules/
  skills/
  commands/
  contexts/

Each domain provides:

structured AI agent workflow\
reusable configs\
domain-specific best practices

⚡ Example workflow

hailow install devops-engineer python-backend-engineer

👉 Your workspace is instantly ready with DevOps + backend workflows.

💥 That's it

From zero → structured AI workflow in one command.

Give it a try and let me know what you think 🚀

Setup Account Factory for Terraform and enable default VPCs deletion (with bug fix on source code)

Coang Ha — Mon, 02 Oct 2023 14:37:13 +0000

In today's article, we will learn step by step how to deploy Account Factory for Terraform (AFT), alongside with that, we will enable Cloud Trail and default VPCs deletion feature to remove default VPC in all regions on every newly created account. After that we will have a little bug fix on aws-ia code since we are leveraging it.

I have raise the issue in here, you can check it out.
https://github.com/aws-ia/terraform-aws-control_tower_account_factory/issues/393

Prerequisite

An AWS Control Tower that already setup. If you haven't setup one, check it out here
A Github account.
Terraform installed. If you haven't installed follow my guide on this post.

The following is what we will do in this article:

Setup OU and Account for AFT
Setup repositories
Deploy AFT to Control Tower
Enable Cloud Trail and default VPCs deletion feature with bugfix

Let's get into details!

Setup OU and Account.

First, let's setup a separate OU and account for AFT as AWS recommended. Go to Control Tower console and in Organization tab, create a new OU and select Root as parent OU.

Next, choose Account Factory tab and provision a new account. Select account's OU as the OU you just created and skip Account Factory customization for now.

Wait couple of minutes and you should have a new account in your organization.

Setup repositories

Next, go to Github and create following 4 repositories:

aft-account-request for handling account request
aft-global-customizations for customizing all AFT managed accounts
aft-account-customizations for specific customization on AFT managed accounts
aft-account-provisioning-customizations for customizing account provision.

After that, please use the code that I already prepare to the repositories:

Finally, clone aws-ia AFT repository to your Github to create custom version for our own. I will show you later.

Deploy AFT to Control Tower

Now, the main step, we will deploy AFT to our Control Tower. Before you start, you need to prepare:

An account or role with Administrator policy on Control Tower management account (account that you deploy AWS Control Tower) and create access key for it.
A terraform environment with the access key above.

If you have never done 2 things above, no worry, check out my post, it will guide you
step by step how to do it.

After it all setup, create main.tf file and call to aws-ia module that you just clone in previous step. You can use the following code.

module "aft" {
  source = "github.com/<Your-Github-Org>/terraform-aws-control_tower_account_factory"
  # Required Vars
  ct_management_account_id    = "<your-ct-management-account-id"
  log_archive_account_id      = "<your-ct-logging-account-id>"
  audit_account_id            = "<your-ct-audit-account-id>"
  aft_management_account_id   = "<aft-management-account-id>"
  ct_home_region              = "<your-region>"
  # VCS Vars
  vcs_provider                                  = "github"
  account_request_repo_name                     = "<your-github-org>/aft-account-request"
  global_customizations_repo_name               = "<your-github-org>/aft-global-customizations"
  account_customizations_repo_name              = "<your-github-org>/aft-account-customization"
  account_provisioning_customizations_repo_name = "<your-github-org>/aft-account-provisioning-customization"
}

Insert correct information and run terraform apply to deploy the infrastructure, it will provision for us resources like Codebuild, CodePipeline, Step Function, Lambda, S3,... You can see overview architecture with picture below.

Before moving to next step, you will need to update Codestar connection. AFT will automatically trigger by committing code to aft-account-request repo, in order for AFT to track the code change, it will use AWS Codestar.

Access AFT Management account, then go to CodeCommit

On the left, choose Settings > Connections, you will see a pending connection. Click on the connection and choose Update pending connection.

As you can see, I already enabled the connection, the steps is quite easy, so you can take it on yourself, just a few click and you will get it done.

Finally, go to Codepipeline and re-run the ct-aft-account-provisioning-customizations pipeline, it will create a step function for account provisioning customization, we need to do this so our account provisioning step funciton won't failed.

You can ignore the first pipeline, I created it for testing.

Enable Cloud Trail and default VPCs deletion feature with

bugfix
Enable Cloud Trail and default VPCs deletion feature by adding this 2 lines to the code block.

  aft_feature_delete_default_vpcs_enabled = true
  aft_feature_cloudtrail_data_events      = true

Run terraform apply to apply the infrastructure.
Now, let's create an account by AFT to see if everything is working as expected.
Edit terraform/main.tf file in aft-account-request repo, you should use the example code I provided on previous section.

module "sandbox_account_01" {
  source = "./modules/aft-account-request"

  control_tower_parameters = {
    AccountEmail = "<email-for-new-account>"
    AccountName  = "sandbox-account-01"
    # Syntax for top-level OU
    ManagedOrganizationalUnit = "Sandbox""
    SSOUserEmail     = "<email-for-sso>"
    SSOUserFirstName = "<sso first name>"
    SSOUserLastName  = "<sso last name>"
  }

  account_tags = {
    "ABC:Owner"       = "john.doe@amazon.com"
    "ABC:Division"    = "ENT"
    "ABC:Environment" = "Dev"
    "ABC:CostCenter"  = "123456"
    "ABC:Vended"      = "true"
    "ABC:DivCode"     = "102"
    "ABC:BUCode"      = "ABC003"
    "ABC:Project"     = "123456"
  }

  change_management_parameters = {
    change_requested_by = "John Doe"
    change_reason       = "testing the account vending process"
  }

  custom_fields = {
    custom1 = "a"
    custom2 = "b"
  }

  # account_customizations_name = "sandbox-customizations"
}

Commit code to the main branch and observe the pipeline. You should see the pipeline is running and new account is being provisioned.

After the pipeline have run successfully, it will add an record to DynamoDB table and trigger a list of functions to provisioned new account. You can check CloudWatch Logs to see how it run.

After couple of minutes, you should see your account had been provisioned, let check it if everything is good.

Cloud Trail have been enabled, that's good news. Next, let's see if default VPCs have been delete in all regions.

Seem like it's not working, as mentioned above there is a bug in the function so we need to edit it a little bit. Go to file src/aft_lambda/aft_feature_options/aft_delete_default_vpc.py and in the part where we will iterate through regions to delete default VPCs, change the session like below:

You can also check this link for clearer view.
Now create another new account, you will see the default VPCs have been deleted.

Ignore the region which have 1 VPC, I created it for testing.

Congrats! Now you have officially deployed your Account Factory for Terraform.

Conclusion

This article just only guide you steps to deploy your first Account Factory for Terraform, you should read the document to learn more about the tool. It's a very interesting tool, I recommend you to have a deep dive look into it and the value it bring to us.

You can checkout the code in here:
AFT Deployment Repo.
Custom AFT module Repo.
Also, check out my Github!

See you in next post! Happy Hacking!

[EKS Hand-on Series] Introduction and setup environment

Coang Ha — Wed, 20 Sep 2023 04:26:42 +0000

With the power of Amazon Elastic Kubernetes Service (Amazon EKS), we are now able to run Kubernetes in the AWS cloud and on-premises data centers. In this series of blogs, let find out what EKS offer to us and how to implement best practices to it.

About me

I'm currently a DevOps Engineer at MegazoneCloud, I have over 2.5 year of experiences in DevOps. I have experience in AWS, GCP, Terraform, Kubernetes,... You can check out my Linkedin profile in here.
I'm not experience in blogging :'> so your feedback is really appreciated. Please feel free you share your thought regard the blogs, I will try to improve the content. Thank you.

About this series

What is this series about?
This series will help you getting started with Kubernetes and EKS with mainly hand-ons, from beginner-friendly to intermediate and some advanced, the series will also contain lots of hand-on with popular tools like terraform, kubectl,... so stay tuned :3. To me, the best learning method is to practice first and theory later, so I will be mainly focus on doing the exercises, labs and I will explain some theory on the way (in plain-text of course :3).

This series is for who?
This series is mainly designed for students, developers who new to K8s, EKS, but anyone who interested can take this as well.

Hope you will learn something from this. Neither to say, let start the series :3.

Prerequisite

What you will need to follow this series:

An AWS account
Accessibility to machine terminal

The following step is what we will do in this article:

Step 1: Create IAM user and access key.
Step 2: Install and configure tools.
Step 3: Setup terraform environment.

Without further ado, let's get our hand dirty! :D

Create IAM user and access key

When we first create our AWS Account, we will have a root user from email and password we registered to AWS. AWS recommend not to use this root user for managing and deploying resources on AWS, instead we should create an IAM user to handle this.

First, go to IAM and create a new user.

Fill out the user information, make sure to leave a tick on option Provide user access to the AWS Management Console and untick the option Users must create a new password at next sign-in like the picture below to save ourself some time.

After hit next, in the permission section, provide the user with policy AdministratorAccess.

AWS recommend to provide least privilege for our user but for purpose of this series we will make this simple by providing full permission for our user. For production environment, please follow AWS best practices in here

After that hit next, and next and wala, you have created your IAM user, remember to save the csv file for later use.

Next, let create an access key for this user so we can use it for command line interface later.

Select Command line interface (CLI) and hit Next, Create Access Key and the key is your. Remember to download CSV file for later use.

Install and configure tools

AWS CLI

For AWS CLI, please follow this link to install. If you are a Mac user like I do, you can use the following command.

curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg ./AWSCLIV2.pkg -target /

Let verify the installation by following command.

~ aws --version
aws-cli/2.11.11 Python/3.11.2 Darwin/22.4.0 exe/x86_64 prompt/off

If you get output similar to above, it's mean you have successfully install AWS CLI.
Alright, let's get used to AWS CLI a little bit. Let's create an CLI profile to store your access key so you can connect to AWS resources via CLI. Run the following command:

aws configure --profile eks-hand-on-series

Then input the access key and secret from the csv file you saved above.

To select the profile, export the following environment variable:

export AWS_PROFILE=eks-hand-on-series

Let's verify if AWS CLI is authenticated

~ aws sts get-caller-identity --no-cli-pager
{
    "UserId": "<your-user-id>",
    "Account": "<your-user-account-number",
    "Arn": "<your-user-account>"
}

If the output include your user, it's mean AWS CLI is authenticated. Great work!

Terraform

For the terraform installation, please follow this link. For Mac, you can the following commands:

brew tap hashicorp/tap
brew install hashicorp/tap/terraform

If you don't have brew yet, install it from here.
Let's verify if terraform is installed.

~ terraform --version
Terraform v1.4.5
on darwin_arm64

Your version of Terraform is out of date! The latest version
is 1.5.7. You can update by downloading from https://www.terraform.io/downloads.html

Good job! Let move on to setup terraform environment.

Setup terraform environment

First, setup your directory like this.

├── README.md
├── backend
│   └──  main.tf
├── data.tf
├── main.tf
├── outputs.tf
├── provider.tf
├── variables.tf
└── version.tf

Next let's setup initialize terraform directory and create remote backend for terraform state file, open up your favorite IDE and edit backend/main.tf file with following content:

# Bucket used to store our state file
resource "aws_s3_bucket" "state_file" {
  bucket = "terraform-lock-state-<random-number>"
}

# Enabling bucket versioning to keep backup copies of the state file
resource "aws_s3_bucket_versioning" "state_file" {
  bucket = aws_s3_bucket.state_file.id

  versioning_configuration {
    status = "Enabled"
  }
}

# Table used to store the lock to prevent parallel runs causing issues
resource "aws_dynamodb_table" "state_file_lock" {
  name           = "terraform-lock-state-<random-number>"
  read_capacity  = 5
  write_capacity = 5
  hash_key       = "LockID"

  attribute {
    name = "LockID"
    type = "S"
  }
}

provider.tf file.

provider "aws" {
  region = "ap-southeast-1"
  default_tags {
    tags = {
      environment = "Dev"
    }
  }
}

version.tf file

terraform {
  required_version = " ~> 1.4.5"

  backend "s3" {
     bucket         = "eks-hand-on-series-<random-number>"
     key            = "tf-aws-bootstrap/terraform.tfstate"
     region         = "ap-southeast-1"
     dynamodb_table = "terraform-lock-state-<random-number>"
  }

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0.0"
    }

    kubernetes = {
      source  = "hashicorp/kubernetes"
      version = "~> 2.20.0"
    }
    helm = {
      source  = "hashicorp/helm"
      version = "~> 2.9.0"
    }
    kubectl = {
      source  = "gavinbunney/kubectl"
      version = ">= 1.14"
    }
  }
}

Note: Please remember to change to a random number so the bucket won't be duplicate and run terraform.
Now, let's run terraform init to install the provider and initialize local backend, make sure you are in correct directory (backend). The result should look like this.

Next, run terraform apply --auto-approve to create remote backend. You should get the result below.

Go back to main directory and run terraform init.

Now your state file will be store in S3 bucket. Don't worry about the cost. S3 and DynamoDB won't charge you until 5GB of storage being used, so you can keep this until you have finished the series or you can terminate it whenever you like with terraform destroy (remember to be in correct directory)

Conclusion

Congrats! We have successfully setup terraform environment... Finally, we can focus on the main task :). In the next post, I will show you how to create your first cluster with encrypted feature enabled using terraform. It will be really exciting so stay tune :3

The source code is upload here
I will update it usually so be patient.

Thank you and happy hacking!