@Freja sorry for the slow response but I will be glad to share some updates! There has been some success early on moving resources associated with github, iam, storage etc. into terraform. One of the big wins thus far has been starting to allow teams to make pull requests against git repos that contain the terraform for managing those resources. That's all being done through a set of custom modules that wrap existing modules but enforce certain invariants / policies that act as guard rails. I've been less involved in the IAM part but it has been very cool to see take shape. I'm personally more involved in the planning and tool selection for updates to our stack as well as understanding our needs for GKE (particularly w/r/t our more resource intensive analytics workloads). We've been using skaffold+kustomize+cloudbuild successfully on a few small projects so far and people seem happy with the developer experience. Still weighing cloud deploy vs. some of the other options as well.