Hacker News new | past | comments | ask | show | jobs | submit login

I'll ask because we're struggling with this now. What do you do to reduce the risk of an auto applied TF change going sideways? Our current workflow involves a manual review/approval by devOps.



Our teams all control their own infrastructure so there is very low risk of two pipelines trying to alter the same resources.

Step 1 plans, and outputs the changes to a local plan file.

Step 2 prompts for a human approval after viewing the above potential changes. Declining the approval simply ends the pipeline.

Step 3 applies step 1 using the plan file.


Ok, human involved in the loop, thank you!

I also think there should never be more than one source of truth for TF, but I have seen two devs fight it out in the development environment. Each add their own SNS topic with similar names, get very weirded out by how it seems to magically change as the other dev applies and deletes the first one and replaces it!


Yes, the code is treated no differently from any other language. A human has to confirm changes which will impact others.

The key is to act quickly when presented with a plan. It's advised to decline stale pending approvals and kick off a new pipeline for freshness.

There's no magic unfortunately :(




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: