Terraform is part of a movement called “Infrastructure as Code” (IaC) which allows engineers to define their cloud infrastructure using code.
This is extremely useful as it allows you to:
version infrastructure changes
automate resource and configuration creation and management
have reproducible environments (think production and staging envs, or deploying a new production env to another datacenter)
Terraform (and OpenTofu) is different to most IaC project as it is agnostic of cloud providers: you can use it to deploy infrastructure to multiple providers, where their competitors are limited to their own platform (I think of AWS’s Cloud Development Kit)
In my experience with AWS, you run into issues using terraform that CDK just doesn’t have. I’d rather have a different reliable system for each cloud environment than one system that is suboptimal for each environment. Since the providers are different, you don’t really have anything in common besides using HCL as the language anyway.
Out of curiosity, what kind of issues have you faced?
I work with aws in gov and terraform is used for everything, I’ve not encountered any issues as of yet.
The one that comes to mind is changing the security group for lambdas from an auto generated one (unspecified in terraform) to a specified one. It had some kind of chicken/egg situation so I ended up having to run two change sets - one to have both security groups set then another to remove the extra. Had to do the same thing in cdk and it just worked. There have been other similar things where everything is fine until you hit some edge case and then you’re just wasting time and money doing acrobatics to work around the quirks (that don’t exist in cdk).
I’m not in the devops group and they’re attached to TF for some reason so I don’t get a say in what we use, but I am the “everything is busted call in anyone that can help” guy so I end up dealing with the problems lol
it is agnostic of cloud providers: you can use it to deploy infrastructure to multiple providers
Nicely put. I frequently see the first part of this sentence and not the second. (Maybe I only pay attention to the first part and then disappoint myself…)
Terraform/Tofu allow me to use the same basic syntax and to have one project that controls AWS/GCP/K8s/my home servers, but I cannot use it to describe “a running server process” and just deploy that on any of those places. Instead I’d need to have like aws_beanstalk_service { ... } and gcp_application { ... } and kubernetes_manifest { ... } and systemd_service { ... } and the contents of those blocks would be totally different (and I’d need a bunch of different ancillary blocks for each of those).
Terraform is part of a movement called “Infrastructure as Code” (IaC) which allows engineers to define their cloud infrastructure using code.
This is extremely useful as it allows you to:
version infrastructure changes
automate resource and configuration creation and management
have reproducible environments (think production and staging envs, or deploying a new production env to another datacenter)
Terraform (and OpenTofu) is different to most IaC project as it is agnostic of cloud providers: you can use it to deploy infrastructure to multiple providers, where their competitors are limited to their own platform (I think of AWS’s Cloud Development Kit)
In my experience with AWS, you run into issues using terraform that CDK just doesn’t have. I’d rather have a different reliable system for each cloud environment than one system that is suboptimal for each environment. Since the providers are different, you don’t really have anything in common besides using HCL as the language anyway.
Out of curiosity, what kind of issues have you faced? I work with aws in gov and terraform is used for everything, I’ve not encountered any issues as of yet.
The one that comes to mind is changing the security group for lambdas from an auto generated one (unspecified in terraform) to a specified one. It had some kind of chicken/egg situation so I ended up having to run two change sets - one to have both security groups set then another to remove the extra. Had to do the same thing in cdk and it just worked. There have been other similar things where everything is fine until you hit some edge case and then you’re just wasting time and money doing acrobatics to work around the quirks (that don’t exist in cdk).
I’m not in the devops group and they’re attached to TF for some reason so I don’t get a say in what we use, but I am the “everything is busted call in anyone that can help” guy so I end up dealing with the problems lol
Nicely put. I frequently see the first part of this sentence and not the second. (Maybe I only pay attention to the first part and then disappoint myself…)
Terraform/Tofu allow me to use the same basic syntax and to have one project that controls AWS/GCP/K8s/my home servers, but I cannot use it to describe “a running server process” and just deploy that on any of those places. Instead I’d need to have like
aws_beanstalk_service { ... }andgcp_application { ... }andkubernetes_manifest { ... }andsystemd_service { ... }and the contents of those blocks would be totally different (and I’d need a bunch of different ancillary blocks for each of those).Thanks for the detailed comment!