[thanatos519]

I recently experienced this firsthand, in a company which owned no computers beyond employee laptops. The product was entirely built of AWS services created by a pile of Terraform spaghetti. It was only really understood by someone whose superpower was the ability to keep an apparently unlimited number of levels of indirection in his head.

I hear they might need to move it all to Azure soon!

[bogota]

Terraform just does too much and is abused. Its great for simple config but quickly turns into custom modules to make things easier. Eventually those modules need to change and stuff breaks but you never know until someone trys to run it again. Then you just pray no one trys to manage their database with it.

Additionally as its put together over time if you actually had to re create the environment it would never work. I spent time automating recreating an environment and quickly stopped. Terraform is the illusion of infra as code and fails miserably at any scale.

[williamxd3]

You know you can lock modules versions, right? And of course the environment recreation needs to be tested periodically if you have a disaster recovery plan.

[bogota]

Locked modules only works if all of your modules are pulled in through the registry. that isn't an option at some places.

Testing environment recreation is impossible at a certain scale. Try it when you have hundreds of people adding terraform code most of who only know how to copy and paste.

[clipradiowallet]

> I hear they might need to move it all to Azure soon!

I'm not sure if you made that post as a joke or not...but you just described a certain San Francisco based startup that operates in the SPF/DKIM/DMARC space...

Which company (if you can say) were you describing?