So before you write another Terraform module, ask yourself: "Does this actually need to be infrastructure as code, or am I just doing it because that's what we're supposed to do?"
Your future self (and your on-call rotation) will thank you.
22.07.2025 07:57 β π 0 π 0 π¬ 0 π 0
Sometimes the "best practice" is knowing when to ignore the best practices.
The goal isn't perfect Infrastructure as Code. The goal is reliable infrastructure that your team can actually maintain, debug, and operate without losing sleep.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
Sometimes the most professional thing you can do is tell your team that not everything needs to be in Terraform. Sometimes a bash script is the right answer. Sometimes clicking through the console is perfectly fine for that one-off resource.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
The Bottom Line:
Terraform and OpenTofu aren't bad tools - they're just overused tools. The real problem isn't the software, it's the industry's obsession with making everything "Infrastructure as Code" even when it makes operations more complex and fragile.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
The companies with the most reliable infrastructure aren't the ones with the most comprehensive Terraform configurations. They're the ones that picked the right tool for each job and didn't try to force everything into a single "Infrastructure as Code" paradigm.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
The Industry Reality Check:
The dirty secret is that most successful infrastructure teams use Terraform for maybe 20% of their actual infrastructure management. The other 80% is handled by specialized tools, scripts, and yes, sometimes even manual processes where that makes more sense.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
Focus on operational reality. Optimize for debugging, not elegance. Prioritize clarity over cleverness. Plan for the 3 AM production incident when you're half-asleep trying to figure out why the apply failed. Document why you made decisions, not just what the code does.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
Embrace hybrid approaches. Use Terraform for the foundation, then use cloud-native tools for everything else. Don't force everything through one tool just for consistency's sake. Let each tool do what it does best.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
The Sane Terraform Strategy:
Start simple and stay simple. Write plain Terraform first. Add complexity only when you feel real pain, not because a blog post said you should. Test everything in disposable environments. Keep state files small and focused on related resources.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
Don't ignore blast radius. One monolithic Terraform state managing 500 resources across every environment is a ticking time bomb. Break it up by failure domains and operational boundaries, not by "logical separation" from some consultant's diagram.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
Don't Terraform all the things. Your application code doesn't belong in Terraform. Your monitoring dashboards don't belong in Terraform. Your team's lunch orders don't belong in Terraform. Keep it focused on actual infrastructure.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
Don't DRY yourself to death. Some repetition is good! Copy-pasting 3 similar resources is often cleaner than building a complex loop with conditional logic that nobody can debug at 3 AM. If you can't understand your own code in 6 months, you've gone too far.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
The Anti-Pattern Playbook:
Stop over-modularizing everything. A simple aws_instance doesn't need to be wrapped in 3 layers of abstraction. Modules should solve real problems, not just follow "best practices" from blog posts.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
Frequent Changes - If it changes daily, weekly, or even monthly, it probably shouldn't be in Terraform. The overhead isn't worth it.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
Configuration Management - Use Ansible, Salt, or good old bash scripts. Don't try to manage application configs through infrastructure tools.
Secrets Management - Use dedicated secret stores, not Terraform state files. Your database passwords have no business being in a state file.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
Where you should stop fighting the tool:
Application Deployments - Use proper deployment tools like Helm or Nomad. Terraform doesn't understand application lifecycles.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
Disaster Recovery scenarios - Resources you need to recreate identically in another region when everything goes sideways.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
Stateful Resources - Databases, storage buckets, DNS zones. Things you absolutely need to recreate identically if disaster strikes.
Foundation Layer - IAM roles, policies, networking backbone. The plumbing that everything else depends on.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
Here's what Terraform/OpenTofu is actually good at:
Core Infrastructure - VPCs, subnets, security groups, load balancers. The foundational stuff that changes rarely and has clear dependencies.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
But Here's The Real Issue: We're Using It Wrong
Most Terraform disasters happen because we've bought into the myth that everything must be "Infrastructure as Code." This is like using a hammer for every job because someone told you "everything is a nail."
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
No autocomplete, no hints, just pure archaeological guesswork until you match whatever the provider thinks that resource should look like.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
The Import Circus deserves special mention. Need to import existing infrastructure? Hope you enjoy playing "guess the exact configuration that matches your existing resource." Get one attribute wrong? Start over.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
" Hours of debugging later, you discover it's a known provider bug from 2019 that's still not fixed, but somehow it's your configuration that's wrong.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
What we got was learning three different flavors of the same broken abstraction.
My personal favorite error: "Provider produced inconsistent final plan." This is Terraform's way of saying "I have no idea what I'm doing, but it's definitely your fault.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
Provider inconsistency is another nightmare. Each cloud provider implements Terraform differently. AWS provider works one way, Azure has its own special interpretation, GCP throws curveballs. "Multi-cloud" they promised. "Consistent experience" they said.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
The gap between plan and reality is where careers go to die, and we've all learned to hold our breath during every apply.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
Then there's the Plan vs Apply Russian Roulette. terraform plan cheerfully shows you'll create 5 resources. terraform apply somehow destroys half your infrastructure and creates 3 resources you never asked for.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
Your tfstate is simultaneously the most critical and most fragile part of your entire infrastructure. One corrupted state file and you're manually rebuilding production at 2 AM while explaining to executives why "Infrastructure as Code" just broke everything that was working fine.
22.07.2025 07:57 β π 0 π 0 π¬ 1 π 0
Let's talk about Terraform/OpenTofu - the tools that promised to revolutionize infrastructure management but instead gave us a masterclass in why "declarative" doesn't mean "predictable."
After 10+ years in the trenches, here are the real issues nobody talks about.
22.07.2025 07:57 β π 1 π 0 π¬ 1 π 0
