Channels
aws
azure
azure
back-end
building-our-platform-engineering-team
chaos
devex
documentation
entryleveldevops-jobs
envoys
envoyz
events
gcp
general
gitops
idp-architectural-design
idp-resources
intros
it-meetups-organizers
jobs
kubernetes
loc-angola
loc-atlanta
loc-austin
loc-australia
loc-bangalore
loc-belgium
loc-boston
loc-brazil
loc-bulgaria
loc-canada
loc-china
loc-dallas
loc-dcmetro
loc-france
loc-germany
loc-hong-kong
loc-india
loc-ireland
loc-irvine
loc-israel
loc-italy
loc-japan
loc-korea
loc-myanmar
loc-netherlands
loc-norway
loc-philadelphia-chapter
loc-poland
loc-russia
loc-scotland
loc-seattle
loc-sfbayarea
loc-singapore
loc-sweden
loc-switzerland
loc-turkey
loc-uk
loc-ukraine
loc-usa-eastcoast-chapter
loc-vietnam
metrics
mychannel-
observability
outages
platform-coffee
platform-culture
platform-design
platform-engineering-in-edge-computing
platform-leadership
platform-stories
platform-tech
platformcon-news
platformk8sathome
platformscript
product_management
product-management
qualityassurance
security
serverless
support
team
terraform
test2
testrsetserfsdf
verisure-commonservice-datastax
Title
a
Ala Shiban
01/17/2023, 9:58 PMHey friends š We just published a new post on Infrastructure from Code (not as-code), we worked on it with all the startups in the space which gives it a really nice balanced view of the space. Curious on what you guys think š https://klo.dev/state-of-infrastructure-from-code-2023/
j
Jasper Hahn
01/19/2023, 2:01 PMHuh. Never heard of this, thanks for sharing! My initial thought is that this might be fun for university/hobby projects or PoCs. Unfortunately I am skeptical regarding real-world applications,. Just as many get-started-instantly approaches (e.g. AWS Amplify) I suspect it initially looks impressive but IMHO quickly shows it's limitations when it hits the real world in anything but the tinies organisations. Staging, recovery strategies, auditing, security guardrails etc. are likely to be big headaches with this. I would love to be proven wrong but I am personally not going to bet any important initiatives on this any time soon.
PS: CDKv2 is amazing and a huge improvement over CloudFormation or TerraForm IMHO, so that will remain my go-to solution for a while.
a
Ala Shiban
01/22/2023, 10:54 PMI appreciate that @Jasper Hahn, related to our own approach with Klotho, it's been in production with multiple companies for almost a year now - we're continuously hardening and handling larger scale. In our case we look at CDK as a description language - and while we use Pulumi today, we're planning on supporting terraform and CDK next.
from your perspective what do you think needs to happen for these approaches to become more viable?
j
Jasper Hahn
01/23/2023, 11:55 AMSeveral aspects:
ā¢ While I would love for all engineers to understand a bit about cloud infrastructure, I keep encountering people that are good at their particular jobs (e.g. payment logic, data science, deep-learning, ...) and generally just want to write code in a single language. It is doable to set up some blueprints and let their CI build their own infrastructure in their team accounts and require limited "hand-holding". I doubt they would be happy to have their code "polluted" by infrastructure details they do not care about.
ā¢ Infrastructure often relies on specific security hardening needs, connectivity to certain sites, delegation of permissions between systems, passing of ARNs, ... and a lot of those things can be nicely wrapped in e.g. CDK constructs. I would expect the same level of abstraction and sharing of custom modules to be present in an "IfC" tool.
ā¢ With mature tools come mature 3rd-party tools, such as "IaC-to-diagram", linters, vulnerability-scanners, ... and that is still lacking for something this niche