weekly.tf - Issue #81 - GitHub environments, New features in Terraform 1.1/1.2, Least Privileges in Terraform, Pulumi vs Terraform, AWS Control Tower, bulk renames

Serhii Vasylenko published another legendary post about new features that expand resources management options.

Adam Buggia described how to use logs from AWS to inform least privilege policies. It includes an exploration of how to determine required Actions for a given Terraform project using LocalStack and iamlive (by Ian Mckay). AB: I this the described approach should be part of the Terraform Registry at some point.

Alexandre Nedelec wrote a long and very detailed post on why and whether he would choose Pulumi over Terraform for his next project. AB: This is not a boring sales pitch, but a rather well-balanced overview of both ecosystems. I recommend reading it to people who want to know the trade-offs.

Andrew Wasilczuk wrote about lessons learned from building landing zones for Terraform teams.

Jonathan Share wrote a new blog post where he described an approach to the bulk renaming of Terraform resources with a few lines of shell script and moved block (available in Terraform 1.1). AB: Alternatively, one can use tfrefactor by Ray Myers (read more).