> In general, Terraform is doing a lot of cutting-edge thinking with orchestration tools and represents IMO a best-of-breed approach.
Terraform isn't really doing anything that snazzy compared to Cloudformation [1] (an AWS tool) unless you're also orchestrating in concert with non-AWS services.
> Terraform isn't really doing anything that snazzy compared to Cloudformation
I'd disagree with that. Just take a look at the Terraform Changelog[1] for some of the latest & greatest.
For example, the concept of "Data sources" is pretty cool. Basically, you can reference pre-existing data, potentially do rich queries against it, and get a read-only value back. For example, you can use a Data source to find the latest AMI for a given search string.[2]
CloudFormation has a concept of Custom Resources[3] which could achieve similar functionality, but not without a lot of hassle.
Terraform has also been building up a rich language of interpolation functions [4] that can be used for string replacement, hash generation, and even arithmetic.
There's a lot more, too. I think it goes well beyond "cloud-agnostic."
I don't disagree it has some "cool" features, but we've been bitten pretty hard in production when Terraform takes action that wasn't expected (and fell outside of what the plan called for before performing the apply).
Doing devops, I prefer boring and reliable over cool.
Definitely hear you on that, and we've taken steps to mitigate Terraform's "surface area" after we encountered some problematic use cases.
This excellent article [1] does a nice job of talking about why it's important to keep your tfstate files small and isolated. Since we started doing that, working with Terraform has been much nicer (and safer!).
Absolutely correct. We are using NAT Gateways in our architecture, and I love not having to manage it all myself, but it is definitely a tradeoff in costs.
From the AWS documentation [1]:
"Each NAT gateway is created in a specific Availability Zone and implemented with redundancy in that zone. You have a limit on the number of NAT gateways you can create in an Availability Zone. For more information, see Amazon VPC Limits.
Note
If you have resources in multiple Availability Zones and they share one NAT gateway, in the event that the NAT gateway’s Availability Zone is down, resources in the other Availability Zones lose Internet access. To create an Availability Zone-independent architecture, create a NAT gateway in each Availability Zone and configure your routing to ensure that resources use the NAT gateway in the same Availability Zone."
https://aws.amazon.com/blogs/aws/new-managed-nat-network-add...
> In general, Terraform is doing a lot of cutting-edge thinking with orchestration tools and represents IMO a best-of-breed approach.
Terraform isn't really doing anything that snazzy compared to Cloudformation [1] (an AWS tool) unless you're also orchestrating in concert with non-AWS services.
[1] https://aws.amazon.com/cloudformation/details/