20200203 - CfgMgmtCamp 2020 - Can TypeScript really make infrastructure management easy?, Paul Stack

by Thierry de Pauw on 3 February 2020 at 1:50 am

#cfgmgmtcamp

Can TypeScript really make infrastructure management easy?, Paul Stack @stack72

Nay, there are a couple of caveats. So TLDR; yes.

=> Can Python really make infrastructure management easy?

@oduquesne: Moving to the cloud is so easy... #cfgmgmtcamp https://t.co/2VuOlyT8QP

Pulumi Platform: modern infrastructure as code
- define cloud infrastructure in general-purpose languages
- review, test, and version cloud apps and infrastructure using familiar software engineering techniques
- continuous integrations and continuous delivery: ability to use a deployment pipeline

Pulumi Crosswalk for AWS:

provision AWS services that are Well-Architected by default

Resource Definitions like Terraform but in real code

Test-Driven Infrastructure using the tools you already know.

Secrets Management

build-in encrypted secrets management and configuration
has a secrets engine build-in (part of the free tool)
strong encryption at all state ensuring secrets are not leaked (Terraform state => S3)
use built-in Pulumi KMS build on top of AWS KMS

Organisations > Projects > Stacks for organising infrastructure

Policy as Code:
- Develop -> Validate -> Deploy
- enforce cost

Enforce Security across infrastructure using tests.