weekly.tf #32

Welcome to 2021, just like 2020, but a little more.

Due to not doing this supposedly-weekly email the last few weeks of the year, we have a good backlog of stuff to cover.

The author has clearly done the homework and built a thorough guide to using terraform to manage lambda's. If that's something you do, check it out.

Here's the thing–

I don't know about you, but I have found working with lambda's in terraform a bit challenging, for a few reasons.

First, terraform is useful for managing infrastructure- the non-differentiated technical resources that support building products. Infrastructure usually changes more slowly and is riskier to change. Sometime lambdas are part of this infrastructure. Sometimes they are used more like applications. These cases, where lambda are more application than infrastructure tend to not work well when using terraform to manage the lambda.

Second, if you are using terraform to manage a lambda and you want the process to be fully automated, you need to find a way to integrate the building and packaging of the lambda code with your terraform workflows. For simple lambdas in dynamic languages this could be as easy as using a archive_file resource. But once you start adding dependencies and compilation, it gets much more complicated.

This leads me to my belief that when working with lambda's you first need to decide- is this lambda infrastructure or an application? If it is not infrastructure, don't use terraform to manage it.

A command line wrapper for terraform which supports encrypting state files and making sensitive values on output.

A good overview of the available options for integrating cost optimization into terraform workflows.

Despite the headline, not much to worry about...

I have linked to many faun articles in this newsletter. Here they a good list of answers for common, albeit basic, questions.

Tired of writing terraform? Want to write python that writes terraform instead? Check out python-terrascript.

Notable Releases

The output command can now take a -raw flag and for_each can handle maps with sensitive values (but not sensitive keys or maps).

Remote runs will now no longer check for version mis-matches. (#27319)

A nice change here is that 0.13.6 will now be able to read state files generated by 0.14.x. Until #26692, terraform_remote_state data sources could only read from states produced by the name or newer versions of terraform. But with a stable state file format that was no longer neccessary

Same change as above.

New experimental feature for validating on save.

The language server also now has schemas for all "partner"providers. I think that is the same thing as "verified" on the registry.

New resources for ec2_managed_prefix_lists and lake_formation .

Atlantis has a new maintainer team, which have managed this release.

New -parallel-pool-size flag allows configuring number of parallel runs. #1177

A new flag -disable-apply. #1230

pre_workflow_hooks steps will run custom scripts before workflow execution #1255

Now with support for terraform 0.14, among some other changes.

The aws rules are being moved to a plugin, which causes some minor breaking changes. See #1009 for details.