←back to thread

How when AWS was down, we were not

(authress.io)
203 points mooreds | 1 comments | 17 Nov 25 17:07 UTC | HN request time: 0s | source
Show context
rdoherty ◴[17 Nov 25 21:02 UTC] No.45958246[source]
This is probably one of the best summarizations of the past 10 years of my career in SRE. Once your systems get complex enough, something is always broken and you have to prepare for that. Detection & response become just as critical as pre-deploy testing.

I do worry about all the automation being another failure point, along with the IaC stuff. That is all software too! How do you update that safely? It's turtles all the way down!

replies(2): >>45958417 #>>45958775 #
evanmoran ◴[17 Nov 25 21:16 UTC] No.45958417[source]
Iac is definitely a failure point, but the manual alternative is much worse! I’ve had a lot of benefit from using pulumi, simply because the code can be more compact than the terraform hcl was.

For example, for the fall over regions (from the article) you could make a pulumi function that parameterizes only the n things that are different per fall over env and guarantee / verify the scripts are nearly identical. Of course, many people use modules / terragrunt for similar reasons, but it ends up being quite powerful.

replies(3): >>45958669 #>>45958804 #>>45958816 #
xyzzy123 ◴[17 Nov 25 21:55 UTC] No.45958804[source]
I actually like terraform for its LACK of power (tho yeah these days when I have a choice I use a lot of small states and orchestrate with tg).

Pulumi or CDK are for sure more powerful (and great tools) but when I need to reach for them I also worry that the infra might be getting too complex.

replies(2): >>45958835 #>>45958977 #
1. wparad ◴[17 Nov 25 21:58 UTC] No.45958835[source]
Agreed, it is much too easy to fall into bad habits. The whole goal of OpenTofu is declarative infrastructure. With CDK and pulumi, it's very easy to end up in a place where you lose that.

But if you need to do something in a particular way, the tools should never be an obstacle.