I was excited to read this but sadly the author provides hardly any examples to support their statements, and several of their complaints are desirable properties of a provisioning lifecycle management tool (e.g., the complaint that multiple users of a shared terraform component need to contend with a state lock -- hint: this is a good thing...)
“ We at RunX are core contributors of Opta, an open source IaC tool built on top of terraform. It aims to solve a bunch of these issues for the most common use-cases in a modern tech stack.”
Maybe the posted article is an advertisement, but a little surfing around their repo gave me the most anti-advertisement I could possibly imagine: https://github.com/run-x/opta/pull/534/files
So, (a) "it never worked" (b) it took them 7 months to know that[0] (c) who can possibly find the python string literal "arn:aws:iam::*:user/$${{aws:username}}" legible in order to know why in the world the dollars are doubled, the mustaches are doubled but not in an f-string (d) what in the world is the relationship between a .json file, a .yaml file, a .py file, and a tf-module directory containing HCL: https://github.com/run-x/opta/tree/v0.24.3/modules/aws_iam_u...
I'm glad that system works for them, but to then write a blog post saying "terraform is hard and opaque" takes some chutzpah
I would guess the doubling is because AWS IAM and Terraform both do interpolation with `${...}`, and this is one way it can look like when Terraform passes un-evaluated template strings to AWS. (I think recent versions of the TF AWS provider use `&{...}` for slightly improved legibility here.)
SREs live in a special kind of hell and are often willing to accept partial solutions that other SWEs would turn their noses at. If most software tools are "80% solutions," Terraform is more like 70%. And yet it is far, far better than what came before. (And to be quite frank, Pulumi is fundamentally the same as TF and suffers from very similar shortcomings, despite its veneer of more flexible programmability.)
That said, pulling up a random PR and making cantankerous and baseless claims about its authors and their employer strikes me as ridiculous.