Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Who's Using Terraform?
5 points by vogtb on March 11, 2019 | hide | past | favorite | 3 comments
I've used terraform for a couple of personal projects, and a bit at a company I used to work for, and I'm considering using it for my company. But I'm curious how other people are using it. I'm mostly interested in:

1) Do you use it for everything (eg ALL cloud resources created, updated, removed via terraform?)

2) Do you use it for isolated cases (eg creating roles and permissions in your cloud provider?)

3) Who runs it, and where? (eg run by individual contributors, or in an automated environment, or some other way?)

4) What are some things to watch out for? (eg patterns/anti-patterns.)

Just curious what it looks like out in the wild. Thanks!



At Lob we just finished migrating all of our AWS resources to Terraform. We have a strict policy where everything (creating, updating or deleting) should be done through Terraform and the AWS console should be used as a read-only dashboard (some actions on the console such as invoking Lambdas, deleting an SQS messages, etc. are fine). We have alerting setup for any action that is performed in our AWS accounts that was done through the console.

Right now, changes are applied manually by the terraform changes author (every engineer has access to provision infrastructure they need, some teams have access to more AWS accounts than others) but we're looking to move to an automated environment such as Atlantis or Terraform Enterprise later this year.


Nice, that sounds ideal! I've always found it frustrating to use the AWS console for anything other than dashboards and one-off trouble shooting.

You don't ever have issues with teams not applying resource changes? I.e. contributor A adds a resource, but doesn't apply it, and then contributor B goes to apply their changes and sees unexpected resource changes that they potentially don't have the permission to create? I guess that would be as much of a cross-team problem as a technical one.


Most of the Terraform changes are done by the infrastructure team which is currently 5 people. We're pretty diligent about making sure that whatever is in our master branch in the repo is what the source of truth is and what our environment should look like. If there's anything that looks off it gets caught by running a plan before applying and we quickly sync up and make sure to push the changes upstream or override them. For the smaller changes that are performed by other teams, they need a stamp of approval from someone in our infrastructure team and we make sure to be proactive about being available to not block them as well as making sure the changes are applied properly.

That being said, our current approach will definitely not scale well and that is why we're going be looking into a CI/CD pipeline way of applying changes.

It's also worth noting that it took _a lot_ of effort to migrate everything into terraform. The infrastructure team took the initiative to migrate everything in a zero-downtime way such that we wouldn't be affecting the application teams.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: