[Octabrain]

> - Terraform to create the API gateway, database, lambdas, queues, Route 53 records: 1 week

- Terraform to create the IAM policies: 4 weeks

Perhaps it's because I am very familiar with the aforementioned tool and cloud but 5 weeks for writing those resources gives me the impresion of:

1. Lack of experience on AWS.

2. Lack of experience with Terraform.

3. Both.

I don't want to sound arrogant by any means but a Terraform project for something like that, documented, with its CI and applying changes via CD, would take me 4 days being generous.

[marcus_holmes]

I got handed a Terraform project for a GCP-based service. Simple dev, staging, prod environment. Secrets managed by secret manager, SQL Run without a public IP address for prod (but accessible via SSH for admins).

I more or less gave up after a month of beating my head on the brick wall. We hired an expert. Took him another month to get it all more or less sorted. There were still aspects that we wanted that we could not get Terraform/GCP to do.

In the end, we dropped Terraform and went back to modifying the GCP manually.

[waz0wski]

That's a generic and well documented stack that utilizes GCP defaults and works out of the box. An "expert" should not take a month to fail to set it up.

I've deployed similar, additionally including GKE, via terraform in a day - Checking TF code for an example 3-env GCP/GKE/CloudSQL stack it's less than 300 LoC

That said, it's not all good - my ongoing complaint with terraforming GCP is that the provider lags behind the features & config available in GCP console - worse than the AWS provider - especially w/r/t GKE and CloudSQL

[marcus_holmes]

Maybe we should have hired you instead of a "terraform expert" ;)

and yes, which features worked in GCP but not in terraform GCP were not clear, and there was always a "this works in beta" thing going on.

[makestuff]

We have been using CDK on AWS and it is really nice because you can do complex things through Typescript.

[0x445442]

Been a couple of years since I used AWS and I remember when CDK was just coming out. My big question at the time was whether or not the CDK would alert you to errors at compile time and save a bunch of whaling and gnashing of teeth that comes with Terraform.

[makestuff]

Yeah it is much more mature now. Basically the CDK will generate YAML cloudformation templates at compile time so any errors are generally caught then. If you utilize typescript it is even safer since you know there are no missing parameters or anything like that.

I have not used terraform that much, but they did launch a CDK for terraform that does a similar thing https://www.terraform.io/cdktf. Basically you write in code and at compile time it converts it to the terraform templates.

[shadowgovt]

Five weeks sounds about right based on my experience coming up to speed with Terraform. It's flexible enough to solve everybody's problems so it solves nobody's problems. Not until you inundate yourself enough with it to build the intermediary layer between what it does and what you want to do.

[throwaway2016a]

Same, I do it routinely and maybe the first time I ever did it, it took me a week but after that it was fast. But I may be being generous.

The only thing that could make that tough is if you put the Lambdas in a VPC. That can get tricky because you have to plan out subnets and whatnot but still not a week.

The AWS documentation is also extremely good with regards to what properties are on each resource. I can't speak for Terraform since I usually use CloudFormation / SAM directly. Maybe it's a Terraform problem?

[acdha]

> The only thing that could make that tough is if you put the Lambdas in a VPC. That can get tricky because you have to plan out subnets and whatnot but still not a week.

Yeah, it’s about 20 minutes if you use the VPC and Lambda modules from https://github.com/terraform-aws-modules. I could see a week if you had to learn all of this first with little prior experience but that’s true of everything. A newbie running a Linux colo server isn’t going to get all of the security & reliability issues right in less time, either.

[scarface74]

I know those tools too. It’s kind of my job to know them seeing I work at AWS in ProServe.

But if someone gave me the same use case as the author. I wouldn’t suggest any of those tools. What’s the business case for introducing the complexity of AWS for someone who is just trying to get an MVP out the door who doesn’t know cloud?

I’ve been in the industry for 25+ years and only first logged into the AWS console in mid 2018. I had a job at AWS two years later. That gives me a completely different perspective

[lorenzotenti]

It's a joke. Or at least I've interpreted it as such. Still true that you always spend more time terraforming the little things compared to what you expected.

[ianbutler]

You have to concede that that's most of the industry right? The state of implementing IaC is new and foreign for the majority of teams.

[icedchai]

Based on my own personal experience, 4 weeks for IAM does seem high, especially since it took 1 week for all the other stuff.

[nijave]

Four days sounds fair if you're experienced. If you're new to TF/AWS I could easily see it taking significantly longer. If you assume IAM is the devil and refuse to learn it, it will absolutely take a while to get correct

[holografix]

The more I use Terraform and GCP the less I want to bother with Terraform.

TF is not Infra as Code it’s infra as configuration files and it’s a mess.

I haven’t used Pulumi but that’s kind of what I really want. Give me Python and better abstractions to gcloud cli.

[dimgl]

Agreed here. There is no reason setting up IAM policies through Terraform takes four weeks. Anecdotally, on my own personal projects it took me maybe three hours, or more, to set up IAM policies for AWS Lambda, ECS and RDS.

[acedTrex]

Terraform is a nice tool but its a VERY slow development cycle. just due to the nature of the cloud