I'm a junior and you're teaching me what I have struggled to learn for almost a year now (and nobody had the patience to explain so far)... thank you SO much
Love the way you make videos. Aesthetic, simplicity and helpfulness. All the time I stay away from video tutors because of how boring these are. But I really like to watch your content.
My friend, you are making some truly fantastic videos! Seriously, this video was so well done. I can tell the work that went into it, from the script, to the editing, etc etc. Just 10/10 job, you got a new subscriber from me :)
If you're a developer who does *everything* through automation, Terraform can be great, but if you're a sysadmin who has to clean up after developers' messes, Terraform quickly becomes the bane of your existence. It is very powerful but also very blunt. Trying to apply (or import) small incremental changes to your environment can quickly spiral out of control.
I think you're right, you either have to fully commit or not at all. We've had many problems where someone has made a manual change and not reflected it in terraform. That being said, we've had little to no problems when we have everything in IaC, and we've made exceptions for a few fields by marking them as ignore_changes.
But that also apply to different platforms that provide an UI and API, or for example with Kubernetes, we can have a pipeline to deploy the code but if a developer has permissions can also change stuff manually using the dashboard or kubectl
Disagree. Cleaning up terraform code is infinitely easier than cleaning up random resources that no one knows exists. Just remove the resource from whichever state file contains it and run apply. Terraform has commands for all this so there's no need to manually parse state files. All of which can be automated. I've been working in ops for 7 years and nothing is worse than unterraformed(or some form of IAAC) resource creep. As the other poster mentioned, id recommend learning how to use a hammer before having an opinion on how it does with the nail use case.
Checked out a couple of videos in the last few days. Excellent youtube channel. You have a unique style where the video has a nice and relaxing aesthetic and the information feels very high level, but before you know it you've learned a lot of the lower level details with nice examples. Its like 100 seconds meets in-depth tutorial meets Sebastian Lague. Very cool. Subscribed.
After a few years of working with TF, I’ve found it to be a great, but limited product. It’s well suited to configuration management, but not application development imo. With serverless stacks (as you showed in this vid) it starts to fall apart when you need to build your code bundles for lambda, as well as when you want to implement common deployment strategies like feature branches. I’ve been working with Pulumi for the last two years and have found that it takes the best elements of terraform (it’s providers) and let’s you create really nice build, test and deploy abstractions. AWS CDK is great, but obviously limited to AWS, which can be limiting if for example you want to deploy a db on another provider and monitors on another again. Pulumi is basically general purpose language terraform (compared to HCL) that gives you some really ergonomic developer experiences, whilst still being declarative, though frustratingly it’s not available in Rust…yet.
I'm a huge fan of Pulumi, its definitely got some huge benefits over terraform (as well as not being in HCL). Unfortunately, TF is still probably the most used at places I've worked. I'm also pretty excited for the potential of K8s operators, which seem to be getting better and better every year. Although, you need a K8s cluster, which is pretty costly for hobbyists. Unless you run some pi nodes like I do. Is Rust on Pulumi a possibility...? cause that's v exciting if so.
There is already a Terraform CDK (not in rust I don't think). I've used some CDK and automated some of the HCL module creation, but yeah it's a pain sometimes. TF can sometimes do app deploys but oviously just having a serverless cli / sam cli / etc. step your pipeline works to. The future isn't a bunch of IaC, but actually less if you can and relying more on the cloud provider. You can have terraform that creates yaml policies and those policies apply to newly created resources vs having to write a bunch of TF modules to apply to them (i.e. WAF). It's really YML Policies / Drag-n-Drop (confusing how to add that into IaC / Client Onboarding pipelines (with shared IaC state can be boto3 or others) / and IaC pipelines. Eventually it will just be a prompt you enter what app you want and AWS will create a SOC compliant app for you. Maybe SaaS As a Service.
Even when the resources like IAM users are first created manually, it can be a good idea to import the resources into the Terraform Also bootstrapping with an admin user to create Terraform IAM user+minimal policies required to run the Terraform, then using those minimal credentials for subsequent runs, can be a good approach
i think that is best to have another "admin" terraform which could set those IAMs to be imported, you don't want self-assigned roles lol, also operating IAM with each little detail of access is pain and huge bottleneck when starting out or testing out, so it should be just production
As Davidlavieri suggests, I also use an admin terraform typically. I also do more than just iam with it. Ill set up the project repo and any other supplementary resources that are needed.
To be clear, in my approach the deployment IAM User gets only read-only permissions to its IAM policies - so plan will work but if there is any drift the deployment will fail. The admin IAM user creates and updates the IAM policy when necessary, they are not self-assigned. Separating into Terraform admin/bootstrap and Terraform deployment steps is a good choice I think - but I'd at least keep the scripts in the same repository. If you're going to need it in production anyway, I think it's best to bite the bullet upfront and enforce the minimal required policies from the beginning - the alternative I see encourages Devs to be laissez-faire about permissions management and everything seems to end up with admin credentials and db_owner and sacred access key that none dare rotate
This video really stands out, it is packed full of useful information. Using a practical example of how to stand up IAC fits well with how I learn. I'm curious to know how you added the animations into the video? Thanks for putting this super helpful content up.
Thank you for the feedback! I use Davinci Resolve and create a lot of the animations myself. I'm actually starting to package these up into an effects package that others can use. I'm also going to start a new channel with tutorials on how do this: @dreamsofmotion I'll keep you updated with it!
Think it's important to note, before using a tool like Terraform or any other IaC you should be familiar with the cloud provider and its services. No point writing Terraform when you don't know what a vpc is etc...
I was thinking I should start a channel about how I do some of it. I did a bit of a write up on my discord. It's mostly Davinci Resolve with some After Effects and then ffmpeg for screen recording
While I do get the sentiment, as soon as you got to the IAM permissions part, terraform lost a huge deal of appeal for me. Writing IAM statements is hell. I still think that using AWS CDK in Python is the easier way, especially while dealing with permissions as they have built-in methods that attach the right permissions to resources without needing to write a dissertation-long IAM statement.
I prefer TF personally when comparing the two, mainly because TF can be used for more than just aws. Such as repo management, documentation sites, and user setup. It also means you're not confined to AWS either. If you only have AWS resources then CF may work!
with terraform right now, im going my way to deploy SvelteKit SSR on lambda (creating my own adapter), s3, cloudfront so far so good, but i know by heart somewhere down the line i will hit a nightmarish issue, the usual with serverless
Thank you! All my wallpapers are from Freepik. Some of them are free and others licenced so I can't give them out unfortunately! Freepik should have a free version though. I can provide the search term if that helps
Terraform is fine, but level up with Pulumi. Much easier to reason about, code based not yaml based, and is much easier to import existing infra configurations.
Is terraform an alternative to ansible? Or do they do different things? I’m a dev but I’ve never done infra stuff before, so which would be more suitable for me to start with?
They both serve different use cases I'd say. Ansible is more for automation, whereas terraform is much more of a dependency graph for infrastructure as code. If you're a dev and learning infra, terraform is probably going to be a better skill to learn IMHO!
@@dreamsofcode I think i will. I’m still not sure how terraform works though at a high level. In this video you showed us aws provisioning through terraforming . Im assuming this works through the aws API? Is terraform mostly just a declarative interface for various APIs underneath?
Terraform can be used for more than just AWS, which is one advantage. Although it still requires some knowledge of the different providers. If you're AWS focused though, then it probably comes down to personal preference and vendor lock in.
I've not played with CDK enough to give a full opinion, but it looks really cool. Pulumi may win out because it's more cloud agnostic, but if you're working purely in AWS then CDK is probably going to be great!
No no no. You don't have to write software, fortunately. You just spend time automating everything so that when code is finally written, it sets off a chain reaction that feels really comfy.
@@dreamsofcode This is a great video. How to you do this with code build? What is the process? How do you deploy a new lambda in a production environment? Anything you can point me to? I can't find a good resource that really lays it out.
CDK is good if you're solely in the AWS ecosystem! However terraform can do more than AWS which makes it more versatile. If you don't need more than AWS then it's likely personal preference!
Thank you! After a lot of digging I realized that you can actually apply a `source_code_hash = data.archive_file.zip_lambda.output_base64sha256` and that will check for underlying source code changes !! Thanks for a truly fantastic video. Love your content!
@@joshpetit Yeah just those two, and mainly D.R. more than anything else. Fusion is pretty awesome once you get the hang of it. I use After effects on a windows PC, and just bought a MacBook Pro so I can edit on a single machine moving forward, which will save a lot of time.
I type 'make deploy' and it runs a one line SSH command that's sitting in a Makefile in the project's repo. Took five minutes to set that up, a quarter of the time just watching this video would take
@@MrA26749 Thats what I started out with and it works fine, I totally can relate. But lets not kid ourselves here, this isn't even remotely close to what the IaC approach can do for you. Especially if you don't just have one repo and now need to manage those Makefiles across different projects or have different VMs/Clusters to deploy to.
Thanks!
Thank you so much!
I'm a junior and you're teaching me what I have struggled to learn for almost a year now (and nobody had the patience to explain so far)... thank you SO much
You're very welcome! Please let me know if there's anything else you wish to learn.
Love the way you make videos. Aesthetic, simplicity and helpfulness. All the time I stay away from video tutors because of how boring these are. But I really like to watch your content.
Thank you, that means a lot!
I noticed that as well.
Beautifully orchestrated 😊
Your videos keeps getting better and better, it was joy to watch, thanks!
Thank you! I definitely push myself with this one in the motion graphics. I'm glad you enjoyed it
Been using Terraform at my job for more than a year and I'm really happy with it.
It's really changed the way I work!
My friend, you are making some truly fantastic videos! Seriously, this video was so well done. I can tell the work that went into it, from the script, to the editing, etc etc. Just 10/10 job, you got a new subscriber from me :)
Thank you! I appreciate the feedback and am glad you liked the video, friend!
Amazing video! Terraform was always a black box to me. This broke things down nicely
I'm glad to hear that!
If you're a developer who does *everything* through automation, Terraform can be great, but if you're a sysadmin who has to clean up after developers' messes, Terraform quickly becomes the bane of your existence. It is very powerful but also very blunt. Trying to apply (or import) small incremental changes to your environment can quickly spiral out of control.
I think you're right, you either have to fully commit or not at all.
We've had many problems where someone has made a manual change and not reflected it in terraform.
That being said, we've had little to no problems when we have everything in IaC, and we've made exceptions for a few fields by marking them as ignore_changes.
But that also apply to different platforms that provide an UI and API, or for example with Kubernetes, we can have a pipeline to deploy the code but if a developer has permissions can also change stuff manually using the dashboard or kubectl
you can target apply specific modules and resources. in fact, if you're a sysadmin who struggles with terraform - I'd advise you learn how to use it.
Disagree. Cleaning up terraform code is infinitely easier than cleaning up random resources that no one knows exists. Just remove the resource from whichever state file contains it and run apply. Terraform has commands for all this so there's no need to manually parse state files. All of which can be automated. I've been working in ops for 7 years and nothing is worse than unterraformed(or some form of IAAC) resource creep.
As the other poster mentioned, id recommend learning how to use a hammer before having an opinion on how it does with the nail use case.
@@dreamsofcode dont let them make manual changes if you are using terraform
Checked out a couple of videos in the last few days. Excellent youtube channel. You have a unique style where the video has a nice and relaxing aesthetic and the information feels very high level, but before you know it you've learned a lot of the lower level details with nice examples. Its like 100 seconds meets in-depth tutorial meets Sebastian Lague. Very cool. Subscribed.
Thank you! I appreciate the feedback a lot.
I've got a long way to improve still, but hearing this makes me feel like I'm on the right track!
After a few years of working with TF, I’ve found it to be a great, but limited product. It’s well suited to configuration management, but not application development imo. With serverless stacks (as you showed in this vid) it starts to fall apart when you need to build your code bundles for lambda, as well as when you want to implement common deployment strategies like feature branches. I’ve been working with Pulumi for the last two years and have found that it takes the best elements of terraform (it’s providers) and let’s you create really nice build, test and deploy abstractions. AWS CDK is great, but obviously limited to AWS, which can be limiting if for example you want to deploy a db on another provider and monitors on another again. Pulumi is basically general purpose language terraform (compared to HCL) that gives you some really ergonomic developer experiences, whilst still being declarative, though frustratingly it’s not available in Rust…yet.
I'm a huge fan of Pulumi, its definitely got some huge benefits over terraform (as well as not being in HCL). Unfortunately, TF is still probably the most used at places I've worked.
I'm also pretty excited for the potential of K8s operators, which seem to be getting better and better every year. Although, you need a K8s cluster, which is pretty costly for hobbyists. Unless you run some pi nodes like I do.
Is Rust on Pulumi a possibility...? cause that's v exciting if so.
There is already a Terraform CDK (not in rust I don't think). I've used some CDK and automated some of the HCL module creation, but yeah it's a pain sometimes. TF can sometimes do app deploys but oviously just having a serverless cli / sam cli / etc. step your pipeline works to. The future isn't a bunch of IaC, but actually less if you can and relying more on the cloud provider. You can have terraform that creates yaml policies and those policies apply to newly created resources vs having to write a bunch of TF modules to apply to them (i.e. WAF). It's really YML Policies / Drag-n-Drop (confusing how to add that into IaC / Client Onboarding pipelines (with shared IaC state can be boto3 or others) / and IaC pipelines. Eventually it will just be a prompt you enter what app you want and AWS will create a SOC compliant app for you. Maybe SaaS As a Service.
CDK only exists so AWS can dogfood it
Thank you for putting out such high quality content! Your presentation is great and your tutorials are on point!
I'm glad you liked it! Thank you for the feedback!
Do you ever have dreams of code?
No, but I have dreams of dreams of code 😆
I used to, now I have dreams of video editing software.
More like nightmares, I once dreamed I had to configure a wedding with yaml files 😢
@@quinnmikelson5777 w......what !?
@@quinnmikelson5777 🤣
I love the keeping hydrated part. As long as you are not deploying RDS or things that take ages....
It takes so long 😭.
AWS WAF is the worst
Even when the resources like IAM users are first created manually, it can be a good idea to import the resources into the Terraform
Also bootstrapping with an admin user to create Terraform IAM user+minimal policies required to run the Terraform, then using those minimal credentials for subsequent runs, can be a good approach
i think that is best to have another "admin" terraform which could set those IAMs to be imported, you don't want self-assigned roles lol, also operating IAM with each little detail of access is pain and huge bottleneck when starting out or testing out, so it should be just production
As Davidlavieri suggests, I also use an admin terraform typically. I also do more than just iam with it. Ill set up the project repo and any other supplementary resources that are needed.
To be clear, in my approach the deployment IAM User gets only read-only permissions to its IAM policies - so plan will work but if there is any drift the deployment will fail. The admin IAM user creates and updates the IAM policy when necessary, they are not self-assigned.
Separating into Terraform admin/bootstrap and Terraform deployment steps is a good choice I think - but I'd at least keep the scripts in the same repository.
If you're going to need it in production anyway, I think it's best to bite the bullet upfront and enforce the minimal required policies from the beginning - the alternative I see encourages Devs to be laissez-faire about permissions management and everything seems to end up with admin credentials and db_owner and sacred access key that none dare rotate
Would love someone to make these kind of videos for rest of the hashicorp products, especially nomad
Challenge accepted!
Awesome video. I would love to see a video on Pulumi. Keep up the great work.
I would like to thank you for providing such a simple and understandable tutorial for this topic.
You're very welcome. I'm just happy it was enjoyed!
This video really stands out, it is packed full of useful information. Using a practical example of how to stand up IAC fits well with how I learn. I'm curious to know how you added the animations into the video?
Thanks for putting this super helpful content up.
Thank you for the feedback!
I use Davinci Resolve and create a lot of the animations myself. I'm actually starting to package these up into an effects package that others can use. I'm also going to start a new channel with tutorials on how do this: @dreamsofmotion
I'll keep you updated with it!
Brilliant, just what I needed for my new project. Thanks for sharing!!
So clear, concise and insightful. Thank you 👏
Thank you for watching!
Superb video once more! Thanks kind sir
Thank you!
Berkeley Mono looks so lovely on the terminal!
out of curiosity
how many ads are there in the video !!
Nicely done
Clear !
Think it's important to note, before using a tool like Terraform or any other IaC you should be familiar with the cloud provider and its services. No point writing Terraform when you don't know what a vpc is etc...
This is a great point.
I would love to see a behind the scenes view of your editing process
I was thinking I should start a channel about how I do some of it. I did a bit of a write up on my discord. It's mostly Davinci Resolve with some After Effects and then ffmpeg for screen recording
awesome...i finally understand why terraform and iac
this is one of the clearest terraform video i ever watch '__')
Thank you! I appreciate that.
I've been using Serverless Framework instead, been meaning to learn Terraform though looks very cool
Nice video, thank you. Please share branch with final result. Currently, there is only iam file
will you be migrating to OpenTF now that Terraform has gone greedy?
While I do get the sentiment, as soon as you got to the IAM permissions part, terraform lost a huge deal of appeal for me. Writing IAM statements is hell.
I still think that using AWS CDK in Python is the easier way, especially while dealing with permissions as they have built-in methods that attach the right permissions to resources without needing to write a dissertation-long IAM statement.
What are your thoughts on TF vs using Cloudformation?
I prefer TF personally when comparing the two, mainly because TF can be used for more than just aws. Such as repo management, documentation sites, and user setup. It also means you're not confined to AWS either. If you only have AWS resources then CF may work!
I love this! Thanks
Thank you for watching!
with terraform right now, im going my way to deploy SvelteKit SSR on lambda (creating my own adapter), s3, cloudfront so far so good, but i know by heart somewhere down the line i will hit a nightmarish issue, the usual with serverless
If you hit the issues with serverless, it only means you're project is successful.
Thank you so much :)
What os are you using? Love your desktop
I use Arch! The WM is gnome with Catppuccin theme.
Thank you!
@@dreamsofcode do you think debian with gnome is also a good option?
@@albinopepegas8391 absolutely. You should be able too apply the same Catppuccin theme
Can you please do one on terraform for gcp. Great video though ❤️
Of course! That'll be fun.
Holly this is so complex and still we see how a lot of real world deployments still screw up xD
What do you find complex about it?
Hey, really good video man.
Btw can you share the wallpaper you’re using
Thank you! All my wallpapers are from Freepik. Some of them are free and others licenced so I can't give them out unfortunately! Freepik should have a free version though. I can provide the search term if that helps
Got it
Yes, search term would help
Great video!
Thank you! I'm glad you enjoyed it.
Nice theme in your terminal, the clock in the right is perfect. Share us the name of the theme, or How install that. Thanks pal. God bless you.
Sure! I'll have a video coming out soon on my terminal setup on my other channel. In the mean time, it's powerlevel 10k plugin for zsh!
Can you do a video comparing CDK, TF, and Pulumi?
Great idea!
Would you be intrested in making a video following this that covers creating a CD pipeline that will utilies this?
I absolutely would be! Any CI/CD pipeline platform that you prefer?
Terraform is fine, but level up with Pulumi. Much easier to reason about, code based not yaml based, and is much easier to import existing infra configurations.
I'm a big fan of pulumi!
Hi, I would like to ask you what terminal you are using? And what is the theme?
I am using Alacritty with the Catppuccin theme!
I also use Tmux as well with the same theme.
@@dreamsofcode thank! i love your video.
AWS are so complex that even a layer of simplification on top of it doesn't simplify it much.
Is terraform an alternative to ansible? Or do they do different things? I’m a dev but I’ve never done infra stuff before, so which would be more suitable for me to start with?
They both serve different use cases I'd say. Ansible is more for automation, whereas terraform is much more of a dependency graph for infrastructure as code.
If you're a dev and learning infra, terraform is probably going to be a better skill to learn IMHO!
@@dreamsofcode I think i will. I’m still not sure how terraform works though at a high level. In this video you showed us aws provisioning through terraforming . Im assuming this works through the aws API? Is terraform mostly just a declarative interface for various APIs underneath?
@@vikingthedudepretty much yeah
What is the advantage of using Terraform over CloudFormation?
Terraform can be used for more than just AWS, which is one advantage. Although it still requires some knowledge of the different providers.
If you're AWS focused though, then it probably comes down to personal preference and vendor lock in.
What’s your take on terraform/terragrunt vs CDK (in e.g. Go)?
I've not played with CDK enough to give a full opinion, but it looks really cool. Pulumi may win out because it's more cloud agnostic, but if you're working purely in AWS then CDK is probably going to be great!
Cdktf looks promising
Change Management and Service Management might have something to say about this 🙂
I'm so sorry you have those orgs.
We practice autonomous continuous delivery at my place of work and ship about 5 times a day per team.
Do you have or use terraform code completion with neovim ?
If AWS is your example, you should use the CDK instead of Terraform. It’s a nightmare for sysadmins
But this takes all the fun out of doing it manually.😢 Now what am I supposed to do with that extra time, actually write software?
No no no. You don't have to write software, fortunately. You just spend time automating everything so that when code is finally written, it sets off a chain reaction that feels really comfy.
So, what IS a good security policy for the terraform user?
I could do a whole video on that!
@@dreamsofcode Put it on the list. 😀😀
@@dreamsofcode This is a great video. How to you do this with code build? What is the process? How do you deploy a new lambda in a production environment? Anything you can point me to? I can't find a good resource that really lays it out.
Welcome to 8 years ago.
I though people moved onto Kubernetes; I found Terraform pretty broken in many cases.
I love K8s personally, but I usually use terraform to spin up clusters. Although it seems like k8s is being used more and more for cluster management.
Aws allows you you deploy via code using cloud formation
It does, but it's restricted to AWS. Terraform is a more general option which works across multiple cloud providers
if err != nil return err
else return nil
Real advanced coding going on here.
Normally you'd wrap errors in Go using fmt.Errorf. but given this is a tutorial, I obviously omitted it.
I hope you understand that, right?
How does it compare to AWS CDK?
CDK is good if you're solely in the AWS ecosystem! However terraform can do more than AWS which makes it more versatile. If you don't need more than AWS then it's likely personal preference!
1:49 meaning of declarative
Bro, you literally have aws CLI tool
How would you deploy a code change?
You can rebuild the app and run terraform apply again, although the best option is to automate a lot of this with CI/CD pipelines
You can rebuild the app and run terraform apply again, although the best option is to automate a lot of this with CI/CD pipelines
You can rebuild the app and run terraform apply again, although the best option is to automate a lot of this with CI/CD pipelines
Thank you! After a lot of digging I realized that you can actually apply a `source_code_hash = data.archive_file.zip_lambda.output_base64sha256` and that will check for underlying source code changes !! Thanks for a truly fantastic video. Love your content!
CDK and Pulumi is how I deploy
Pulumi is really nice
this... is not simple.
What are you confused about, friend?
what ide is used at 0:03 ???
I use Neovim! I have a video up that goes into my setup on my channel.
How to edit tutorials like you? 😮
I should link to my setup! It's mainly Davinci resolve and after effects!
@@dreamsofcode a tutorial would be cool
@@dreamsofcode Woww really just d.r and after effects? Dope stuff dude. Do you run after effects on another laptop/dual boot or do you use it in a vm?
@@joshpetit Yeah just those two, and mainly D.R. more than anything else. Fusion is pretty awesome once you get the hang of it.
I use After effects on a windows PC, and just bought a MacBook Pro so I can edit on a single machine moving forward, which will save a lot of time.
IAM destroys me :D before that i think is so cool and easy :D
I dislike IAM a lot, but it's a good practice. It's not too hard once you get the hang of it but just so much boilerplate 😭
CDK > Terraform for AWS
I'll have to give it a go!
More like
In
a
Cloud
I will put everything up as a monolithic app on digital ocean and scale to at least a million users like that. All this complication is useless.
🤣
Or we can just use Railwayapp
Choo choo
$10 / GB per month - yikes
@@dreamsofcode waaait, aren't your numbers a bit off?
Soy latte woke developer would use AWS. I just ssh my personal server and deploy it there .
Lmao I wanted to comment something very similar 😂. Great minds think alike IG 😅
I type 'make deploy' and it runs a one line SSH command that's sitting in a Makefile in the project's repo. Took five minutes to set that up, a quarter of the time just watching this video would take
Such a horrible way to deploy code 🤣🤣. At least use a cicd pipeline
@@MrA26749 Thats what I started out with and it works fine, I totally can relate. But lets not kid ourselves here, this isn't even remotely close to what the IaC approach can do for you. Especially if you don't just have one repo and now need to manage those Makefiles across different projects or have different VMs/Clusters to deploy to.
@@dreamsofcode sorry mate, I'm not going to follow you on your plant based low testosterone programming journey.
I wouldn't deploy it.
😂😂
To many distracting animations .
I shall add more next time 😉
The language sucks, mUch better is Terraform CDK
Have you got a good resource I can take a look at? I'd love to do a video on it.
I didn't understand a shit(
Danke!
Thank you so much! ❤️
Thanks for sharing. If you like IaC, then you would definitely like Pulumi.
Pulumi is awesome. I've got a video in my backlog planned for it.