Terraform

If we are talking about IaC, Terraform would be on the list. It made IaC popular and help a lot of companies maintain infrastructure at scale. Especially when you have multiple sets of infrastructures to maintain, Terraform can help you reduce the setup time tremendously via using Terraform Modules. Think of this like a function / class in programming languages. I’ve been cranking out a lot of Terraform, a lot of trials and errors along the way. Picking other people’s brains by reading a lot of blog posts, trawl community forums to see how other people use Terraform and what are their challenges. Below are summarizations of what I’ve experienced, in addition to what the general sentiments are. ...

When it comes to IaC (infrastructure as code), most people might have heard of HashiCorp’s Terraform (it uses HCL as DSL. Interestingly enough, Terraform also has its own CDK to translate programming languages into HCL), Pulumi or AWS CDK. The latter two support programming languages as DSL. Mostly there are two camps: People who swear by HCL and think you shouldn’t use programming languages for IaC People who don’t see why you need to pick up a new language in order to use IaC, so they prefer using a programming language they already are familiar with instead Both camps are not wrong, they are both valid. However, I want to share my take on why you should use HCL for IaC. ...

Background Think of websites you visit each day. Most likely they are hosted on a cloud provider such as AWS, GCP, Azure. The good news is it’s very easy to create a simple deployment with a virtual machine, but for scalable and high-availability workloads, usual recommendations is to use a container-based runtime such as AWS ECS/EKS, GCP Cloud Run/GKE. These services also require more configurations than a simple VM deployment. ...

Sometimes you’ll have to grant other people (or entities) access to your Kubernetes cluster. Easiest is you can give them your admin credentials, but this is similar to giving your house key to a friend, when they only need access to your living room. You can give them different keys, depending on access level required. Those could be readonly access to view services status, or deploy service account that can create/update services. ...

I love not having to manage databases. Hosting it on your compute is guaranteed to be cheaper, but I don’t want to be constantly worrying about backups and database upgrade / maintenance. AWS offers managed databases, known as RDS. Mostly I use postgres, which works well for most use cases. (It’s also a given that - if you don’t really need NoSQL database, then don’t use it). If I spin up RDS postgres, I can reach it assuming I have set up the correct networking pathways. (And you shouldn’t expose your database to public, unless it’s for playground with no sensitive data.) ...