Terraform Posts

Manually shipping containerized Lambda functions works for experiments. Build the image locally, push it to ECR, update the function, verify it works. Fine for one function updated once a week. The moment you have multiple functions, multiple environments, or more than one engineer deploying? It falls apart. Someone forgets to tag the image. Someone pushes to the wrong ECR repository. Someone updates production instead of staging. I have personally done all three of those in a single bad afternoon. The worst one is deploying a broken image with no way to roll back except pushing the previous image and hoping you remember which tag it was. I have watched this exact progression on enough teams to know the pipeline question is never "if" but "when," and the answer is almost always "after something breaks in production at 2 AM."

Any iOS app with real users generates telemetry. Session starts, feature usage, error events, performance metrics, purchase funnels. Most teams start by shipping all of it to Amplitude or Mixpanel and calling it done. That works for a while. Then the monthly invoice triples, you discover the vendor's data model cannot answer a question your PM asked three days ago, and you realize you are paying somebody else to store your data in a format optimized for their business.

Infrastructure as Code is one of those concepts that every cloud team claims to practice, yet the architectural differences between the tools they use (and the downstream implications for team velocity, operational safety, and organizational scaling) are rarely examined with the rigor they deserve. I have provisioned and managed infrastructure across hundreds of AWS accounts using all four major IaC tools over the past decade, from wrestling with early CloudFormation YAML to adopting CDK for its high-level abstractions to running Terraform at scale across multi-account landing zones. That experience has given me strong opinions about when each tool shines and where each one will hurt you in production.