Infrastructure as code (IaC) often fails during deployment due to dynamic constraints such as name collisions, quota limits and other resource-specific constraints that devs run halfway into an IaC deployment. We witnessed this first hand at TinyStacks and built precloud - an open-source framework to define and run dynamic tests before IaC deployments.<p>The precloud framework currently supports Terraform and AWS CDK with several default checks (unique names, service quota checks and more) and ability to define your own!
Any time I see a nodejs tool aimed at systems tasks (general infrastructure, IaC, etc) I immediately disregard it. While, to be honest, I'm not sure that's a fair way to look at tools like this, it's the reality.<p>I always wonder at the authors motivation to use node when the majority of the ecosystem is written in golang. This is actually one of the main reasons I dont use terraform CDK right now. Why is CDK node first (I know there is golang support) when terraform is all golang?
This looks really cool! I wonder if it only checks for collisions in the current statefile/template, or whether it actually makes call to the cloud provider and checks for even external collisions there? Though I guess that would be very complicated to accomplish without writing tons of glue code.<p>That said, if you like infra-as-code and are scaling your usage to more people, I recommend taking a look at tools like Spacelift[0].<p>We're a CI/CD that's specialized for infra-as-code and integrate very deeply with Terraform, CloudFormation, and similar tools workflows. This way we can give you better visibility, security and easy customizability through automations that are tailor-made for infra-as-code use cases. You can ofc additionally also hook in tools like this one.<p>Esp. if you want a single team creating reusable templates and guardrails for the whole company, Spacelift can help you a lot, but it's very useful for any bigger group of people using IaC together.<p>Disclaimer: Software Engineer at Spacelift, grains of salt shall be taken with the above<p>[0]: <a href="https://spacelift.io" rel="nofollow">https://spacelift.io</a>
It looks like an useful tool, thank you! It looks like it's written in JS and has several dependencies so for security reasons I'd run it on a separate box to minimize blast radius.
Some similar IaC dynamic analysis tools written in golang:<p><a href="https://github.com/terraform-linters/tflint-ruleset-aws/blob/master/docs/deep_checking.md">https://github.com/terraform-linters/tflint-ruleset-aws/blob...</a><p><a href="https://github.com/aws-cloudformation/rain/pull/93">https://github.com/aws-cloudformation/rain/pull/93</a>
This is really cool. I am co-founder of Terrateam[0] and we see failed runs for these reasons a lot more than we expected and it's dangerous. It wastes time and a failure during an apply leaves your infrastructure in an inconsistent state. I'm excited to play with this.<p>[0] <a href="https://terrateam.io" rel="nofollow">https://terrateam.io</a>
I see that GCP support is "coming soon"--even just a quota comparison would be really nice, as these are numerous and a big pain there. Any ETA on when there might be something for GCP?