Bruno Kinoshita

03/15/2023, 11:58 PM
Hey guys, Does anyone else want to contribute an opinion?

Adarsh Shah

03/16/2023, 12:55 AM
Hi Bruno, If I understand correctly you are asking an opinion on IDP/tools that provide an abstraction over IaC and hide away the complexity but take away the control user has over the IaC (including the tfvars) like an option to run IaC directly or via another tool if needed & also losing the benefits of having everything in Source Control. My opinion is that these (mostly no code/ui tools) are great for simple use cases but as the environment becomes complex user needs more control over the IaC and I’m a big fan of having IaC (including tfvars) in source control. Thats why with CloudKnit: An Open Source Solution for Managing Cloud Environments, we support storing the
Environment as Code
(abstraction layer) as well as the iac/tfvars in source control. We also have an option of generating some terraform but that also goes into a source control. You can check our architecture diagram here and you will see we store terraform in an
Intermediate Language source control repo
In my opinion this provides best of both worlds: an abstraction layer (inluding UI) to simplify environment provisioning & also access to the IaC code if needed but I might be baised here. This also allows you to use GitOps for environment provisioning and unlocks usecases like reprovisioning/cloning envs when needed.

Hugo Pinheiro

03/16/2023, 4:44 AM
Pretty much what Adarsh mentioned, most platforms mentioned that have built in escape hatches work either by using a workflow engine and executing tf plans by pulling from git or by being terraform runners directly also by pulling from git, for what you are looking for those would be the kind of platforms you would want to investigate.