[zhouzhao]

>policies are scattered across IAM, config, and application layers

Where is the problem with that? We handle IAM with HCL/Terraform on GCP. Application config should imo. be out of scope of Terraform. You can handle that in config files, managed via ansible or kustomize, whatever.

Overall I think this article is not to be taken seriously. Terraform is not perfect, but depending on the provider used, it does its supposed job. Configure my cloud infrastructure, GCP/AWS/Azue, even proxmox has a provider.

I think the author just wants one tool that does all things, an AI that builds everything for you.