@iangrunt: thanks so much for making this video. I am having to learn terraform and terragrunt at the same time (for AWS deployment) so it is really useful and insightful to watch your video!! 🙏🏼🙏🏼☺️☺️
DRY is not optional, I treat Terraform file sets as templates and relaise env specific versions of them by rendering with values This fits perfectly with the "don't do it manually" philosophy as when a change is made CI/CD packages the set as templates and renders for the lowest env, then applies. The PR can include a plan execution and output to review when pulling in the new templates. I feel like it's an anti pattern to combine stuff like a VPC or account with stuff like an app deployment in the same execution runs. I want those lower level components to only get touched when needed, and be rock solid stable otherwise and not subject to a typo from a well meaning infra guy.
the issue with that is occasional drift caused by changes of underlying cloud APIs and features of a service itself, let's say you have VPC peerings, balancers, IAM roles, and whatnot, but you haven't run their plan in a year since they're "stable and rarely touched", but one day the underlying features of those services have changed on the aws side (like some deprecation of ELB options, which you haven't updated in your terraform for a while) and your terraform gets more and more out of touch with what really going on in the cloud. but multiply this by 3-4 cloud providers (GCP, Azure, DigitalOcean, Vultr, etc) if you have a large infra with dozen of teams and dozen projects and products, who you need to take care of, and it becomes a problem over time. I know you're coming from a startup scale point of view (when you have only 1-2 products to run, at most) but when large organizations of 5000+ people have to organize terraform correctly, it becomes very different and challenging, the startup approach just doesn't work (you get lost among all the runs with different values you feed to different workspaces and simply losing control over the infra at scale when you get to 100+ workspaces of different flavor each).
but if it's a single product or single project, without too much scale in terms of teams and products to serve by that IaC, the approach of just feeding different values to modules in different workspaces works totally fine, that's true
Hey Ian :), Just a message to salute your initiative to publish videos, maybe going live someday ? I've had only few opportunities with customers, to use terragrunt, and I publishing video, presenting business cases: I loved yearrs ago Yvgeni Brikman's well known presentation, yet, it's getting a bit old, and you know it: give us somesimplebusiness case to proove the value ofterragrunt very quickly toteams, will helpus sooooo much, to convince. makes me smile you haveyetonly 30 (now 31) subscribers, you must have thousands soon, and the debate with terragrunt will be chilling :)
@iangrunt: thanks so much for making this video. I am having to learn terraform and terragrunt at the same time (for AWS deployment) so it is really useful and insightful to watch your video!! 🙏🏼🙏🏼☺️☺️
Amazing!!
DRY is not optional, I treat Terraform file sets as templates and relaise env specific versions of them by rendering with values This fits perfectly with the "don't do it manually" philosophy as when a change is made CI/CD packages the set as templates and renders for the lowest env, then applies. The PR can include a plan execution and output to review when pulling in the new templates. I feel like it's an anti pattern to combine stuff like a VPC or account with stuff like an app deployment in the same execution runs. I want those lower level components to only get touched when needed, and be rock solid stable otherwise and not subject to a typo from a well meaning infra guy.
the issue with that is occasional drift caused by changes of underlying cloud APIs and features of a service itself, let's say you have VPC peerings, balancers, IAM roles, and whatnot, but you haven't run their plan in a year since they're "stable and rarely touched", but one day the underlying features of those services have changed on the aws side (like some deprecation of ELB options, which you haven't updated in your terraform for a while) and your terraform gets more and more out of touch with what really going on in the cloud. but multiply this by 3-4 cloud providers (GCP, Azure, DigitalOcean, Vultr, etc) if you have a large infra with dozen of teams and dozen projects and products, who you need to take care of, and it becomes a problem over time. I know you're coming from a startup scale point of view (when you have only 1-2 products to run, at most) but when large organizations of 5000+ people have to organize terraform correctly, it becomes very different and challenging, the startup approach just doesn't work (you get lost among all the runs with different values you feed to different workspaces and simply losing control over the infra at scale when you get to 100+ workspaces of different flavor each).
but if it's a single product or single project, without too much scale in terms of teams and products to serve by that IaC, the approach of just feeding different values to modules in different workspaces works totally fine, that's true
Hey Ian :), Just a message to salute your initiative to publish videos, maybe going live someday ?
I've had only few opportunities with customers, to use terragrunt, and I publishing video, presenting business cases:
I loved yearrs ago Yvgeni Brikman's well known presentation, yet, it's getting a bit old, and you know it: give us somesimplebusiness case to proove the value ofterragrunt very quickly toteams, will helpus sooooo much, to convince.
makes me smile you haveyetonly 30 (now 31) subscribers, you must have thousands soon, and the debate with terragrunt will be chilling :)