Long-lived AWS access keys in GitHub Actions secrets are the wrong default. OIDC federation gives every workflow a scoped, short-lived role assumption with no secret to leak. The trust-policy shape, the GitHub Actions wiring, and the gotchas that make it harder than the blog posts suggest.
The S3-plus-DynamoDB backend is the most common Terraform state setup in the world and the most commonly misconfigured. The versioning, encryption, lock-table, and cross-account patterns that hold up across customer engagements, and the failure modes that take teams a week to debug.
OpenTofu 1.6 went GA on January 10. For most teams the migration is renaming a binary and updating a CI step. The interesting parts are what 1.6 actually shipped, how the BSL clause reads five months on, and why I moved quickly on it for the engagements I'm currently on.
Most multi-cloud Terraform writeups are hypothetical. The customer engagements I keep doing aren't, they're the same workload running on AWS, Azure, and GCP in parallel, and the lessons about where abstraction actually helps and where it bites are not what the architecture diagrams suggest.
Drift gets all the attention. The inverse problem, your statefile says a resource exists, the cloud says it doesn't, is weirder, harder to detect, and causes a different shape of failure. Closing out 2023 with the ghost-resource problem and a note on where IaC observability has to go next.
Every IaC vendor talks about drift in the abstract. Here's what it actually looks like in a real cloud account, the security groups that no longer match the code, the manual fixes that never made it back into the repo, and the next terraform apply quietly fighting reality.
Nobody starts greenfield. Most Terraform work is taking infrastructure already in the cloud and putting it under code. The import flow I've used on customer engagements, the gotchas that bite every time, and why 'good' Terraform from scratch can make brownfield import worse.
Three weeks after the BSL announcement, the OpenTF Manifesto became OpenTofu, now under the Linux Foundation. The fork happened faster than any IaC story I can remember. Here's what actually shipped, what migration looks like, and why this is structurally healthy for IaC.
HashiCorp moved Terraform from MPL to BSL on August 10. The license itself is narrower than the panic, but the panic is rational. Here's what actually changed, what it means for teams running multi-cloud Terraform in production, and what to do this week.
Overview One of the most frequent asks when using vRA is, "How do I deploy machines using my company''s hostnaming standards automatically using vRA?" Sinc
Folks this truly is an amazing leap forward for the vRA platform. Just look at the list of new features below, which is not a complete list of all there is
Have you ever tried to build a day 2 operation for use with Multi-Machine applications? Well if you have chances are you hit the same issue one of my colle
