[antonvs]

> anybody who has maintained a large repository of CloudFormation code will tell you its not a panacea.

CloudFormation is one of the worst IaCs out there, so it's not really a good example.

One really nice model is managed Kubernetes with IaC/GitOps via tools like ArgoCD or Flux CD. This eliminates the need for things like CloudFormation, Terraform, Ansible, Puppet, OS version and patch management, etc. - most of the stuff that those tools are used to manage is replaced by the cloud provider's management of the cluster nodes. This lets you focus on the application layer, which is where the business value is. IaC in this context is pretty seamless. It also makes you much less dependent on the cloud provider's specific APIs - Kubernetes becomes your interface to all that.

[hdjjhhvvhga]

I agree it's a reasonable solution as far as workloads are concerned, but at the same time you still need the infra around it. Most of the time you need to store data outside of Kubernetes, so you'll need to deal with things like S3, RDS, DynamoDB. You will probably want ECR etc. All these things need policies and configuration. And, depending on the size or your org, also security/governance/compliance services, and you end up with a complex setup even if your main focus is k8s.