Rohit Kumar Ankam

4 reasons for not to use terraform.

Back Story

Managing infrastructure is hard at scale. So that we have tools like terraform and ansible to handle infrastructure as code. But sometimes managing infrastructure as code will become harder than managing it with GUI. For my personnel projects, I use various tools from different cloud service providers. Recently I thought I should try infrastructure as code tool so I tried terraform for the first time. Then I realized it was a bad idea for me.

Problems

1.Importing existing resources

If you want to import existing resources to terraform you need to run terraform import command hundreds of times. This entry barrier is stopping many people from using terraform. In my case, I wanted to import all the Cloudflare DNS records to terraform. I am managing DNS records of 7 domains through Cloudflare. To import all of those I need to create a separate script to get all of the resources ids’s from Cloudflare API and then I need to import all of those DNS records to terraform using terraform import by providing the resources id’s of DNS records and then I need to write that as code in terraform config file. I think this is a huge waste of time.

2.Handling secrets:

If I started using terraform I need to handle terraform config securely because we need to provide API access keys to terraform in order to make it work. Personally, I don’t like handling secrets because if you expose the AWS API key this will be one point of failure. If any hacker got access to the key your whole infrastructure will be compromised within seconds. We can host terraform files in GitHub private repo but what if they stop providing private repos for free tier accounts.

3.Terrible documentation:

When I first tried terraform I don’t understand anything by reading the documentation because it is very bad. There are no examples to try and start with.

4.Config language:

Personally, I don’t like HCL(hashicorp config language). Because the conditional logic looks like trash in hcl.

Feel free to email me if you have any solutions to these problems.

For now, the answer is no.

Yes, I want to try out Pulumi.

Tags:

* This post is licensed under CC BY-SA 4.0