[jcusch]

That's actually something nitric helps with, it provides an API for deployments, separating it from application code. Those other teams like devops/sre/etc. are free to customize that process how they see fit. They can enforce naming standards, tagging, sizing, etc. all through automation.

[stackskipton]

Ops type person here. We have these tools now, Terraform and cloud specific tools (Bicep/CloudFormation). What devs tend to miss is benefit to this approach puts up guardrails against common dev mistakes. Stuff like Nitric and Pulumi can end up with some really nasty deployment because there is multiple nesting, dead ends and other things that result in difficult to debug infrastructure deployment. Also JS unfortunately is not a common language for us DevOps types. We lean towards Python and Go because they are most useful for our line of work.

[jcusch]

Nitric is a layer on top of Pulumi/Terraform. It also supports Python, Go and Dart. Other language support is also possible.

The Ops side of nitric (the providers) can be written in any language, but the out of the box providers are all built with Go, interacting with Pulumi or CDK for Terraform. You can just as easily write the deployment part of nitric with Terraform HCL to avoid the nasty issues you mentioned.

[cryptonector]

It'd better make it possible to change permissions apart from the code.

[tholm]

Interesting take, what would be the benefit here? If the application code writes to a resource and you change the permissions externally without updating the code you've essentially broken the application.