#software/infrastructure/terraform #software/infrastructure/cloudformation #software/infrastructure/arm #software/infrastructure/crossplane
Background
Infrastructure of code works well.
But does it work well enough?
The go-to-tool for infra-as-code is usually Terraform. Other options exist. There are cloud-provider-specific tools like CloudFormation for AWS, Bicep for Azure (or ARM templates for the traditionalists), and GCP has it's own thing.
Other coding tools are available that try to abstract the problem in other ways. E.g., Pulumi and the AWS CDK.
Terraform is the go-to though, and the one that I have the most experience in. (These days though, following the Terraform license change, I default to OpenTofu.)
Terraform challenges
These things are bothersome. And some of them apply to other infra-as-code tools as well.
- Repo sprawl.
If you put each module in it's own repo, which I personally think is the correct pattern[1], then you eventually end up with a lot of repos. - Dependency management challenges.
It's almost inevitable that you will have modules that depend on other modules. This increases cognitive load. And once you start to nest those dependencies the load multiplies. - Version drift.
You have multiple environments, each environment is defined with it's own Terraform that depends on versioned modules. Unless you have some kind of scaffolding in place then another inevitability is that you will eventually see some version drift between environments. And if you try to fix this problem by backfilling scaffolding later on then it will take much longer to put in place. - It isn't really a Lego kit.
In theory, you plug some modules together and magic happens, and you have all the infrastructure that you need to run your services. In practice, you start with the modules, and then write more HCL code to glue them together. Then you swear at IAM while you figure out how to actually get them talking. Then Security politely swears at you for making a hash of the IAM. It is not always as simple as it is sometimes made to appear.
Alternatives
I have been very interested in Crossplane recently. It installs an Operator on Kubernetes, and manages cloud provider infrastructure.
This article does a good job of elaborating on how Crossplane can help with some of the challenges traditionally associated with Infrastructure as code: Outgrowing Terraform and adopting control planes
Separate repos for each module let's you version branch modules independently of other things. If you have a module monorepo then you can end up in tag management hell. ↩︎