|
|
|
|
|
|
by nicksantamaria
2367 days ago
|
|
|
The Good Parts ... CloudFormation Really? I mean, I get you want to recommend an infrastructure as code tool, but I really wouldn't consider it in the category of "[features] which you almost never need to consider alternatives." |
|
|
Ansible kept breaking. A minor patch on v2.5.x destroyed my VPC links, 2.6 broke my IAM, at one step I had to have an intern set log group expiration on 200 log group across several accounts because ansible doesn't support log group going from "undefined" expiration to any value.
I started with ansible because the the server modules are good... But I'm leaving them (for aws components) because there's just no quality control on the releases. I was tired of multiple sprints a year getting side tracked by a tool meant to help.
Now our DevOps team uses SAM templates, a superset/tool on CloudFormation. We've had 0 outages or sidetracks over the last year due to a SAM/CF bug, and we now have access to be features that came out in the last 18 months that ansible still doesn't support.
I don't suggest CloudFormation as a solution if you co-exist in multiple clouds, but I also reject the common belief among managers that teraform and ansible are the "god tools". Or team was almost forced onto teraform because a manager was convinced by a Hashicorp marketing guy that you could take a complex about setup from one cloud to another in 4-6 weeks using their product because the modules are cross-cloud. Right...
Anyway, Ansible is still our server control platform (though we are moving more serverless), but cloud formation is what we use to build the entire accounts supporting ecosystem