I've used terraform for a couple of personal projects, and a bit at a company I used to work for, and I'm considering using it for my company. But I'm curious how other people are using it. I'm mostly interested in:<p>1) Do you use it for everything (eg <i>ALL</i> cloud resources created, updated, removed via terraform?)<p>2) Do you use it for isolated cases (eg creating roles and permissions in your cloud provider?)<p>3) Who runs it, and where? (eg run by individual contributors, or in an automated environment, or some other way?)<p>4) What are some things to watch out for? (eg patterns/anti-patterns.)<p>Just curious what it looks like out in the wild. Thanks!
At Lob we just finished migrating all of our AWS resources to Terraform. We have a strict policy where everything (creating, updating or deleting) should be done through Terraform and the AWS console should be used as a read-only dashboard (some actions on the console such as invoking Lambdas, deleting an SQS messages, etc. are fine). We have alerting setup for any action that is performed in our AWS accounts that was done through the console.<p>Right now, changes are applied manually by the terraform changes author (every engineer has access to provision infrastructure they need, some teams have access to more AWS accounts than others) but we're looking to move to an automated environment such as Atlantis or Terraform Enterprise later this year.