|
I've also made the switch from managing a few thousand Terraform modules to handling most app-code things in Pulumi and have run into some of these limitations. With Terraform + Terragrunt + Atlantis, we created https://github.com/transcend-io/terragrunt-atlantis-config and had an extremely robust and easy to use flow for updating all infra code. We've since moved to an approach where more of our infra/security things are managed in Terraform (like Guardduty, SSO, Github repo settings, etc.) maintained by more devops folks, and our app code is mostly in Pulumi (lambdas, Fargate, CloudFront/CloudFlare CDNs, etc.). To accomplish this without something like Atlantis, we moved the app code infra deployments from being deployed continuously pre-merge via Atlantis to being deployed via `pulumi up` calls in our normal CI flows, so like right next to where we build the docker images and restart ECS services, as an example. Overall I actually really love this flow. It is so, so much easier to create multi-regional infra in Pulumi with a quick for loop, and it's also much easier to do things like run esbuild over our code in typescript, and then bundle the output of that call and send it up to a Lambda function all from pulumi/typescript without needing separate build steps or to do things like using terragrunt pre-hooks or Docker build steps inside terraform provisioners, which I always found slow and clunky. I would agree that Pulumi's plans are a disappointment though, exactly as you said. Overall I've been happy with the change, and we've seen some improvements I think in the velocity that developers can launch services that meet our requirements. |