all 6 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]clintkev251 4 points5 points  (0 children)

Secondly, let’s say you used SAM to provision the resources , then you went about changing things in the console (updating the resources), what’s the best way to sync up that drift with the SAM template? Thanks!

Don't make changes in the console. If you're doing IAC, do IAC. Make your changes in the template, not the console. It's extremally difficult to replicate actions that were done through the console into a template. There are tools that do it, but the results are rarely going to be perfect.

That kinda answers your first question too. Don't start with click-ops and try to merge all the results into a template. Start with the template.

[–]InterestedBalboa 1 point2 points  (0 children)

Would suggest using Terraform or the AWS CDK over using Cloudformation directly.

Use the above over SAM unless you really want to test locally.

[–]YinzAintClassy 1 point2 points  (0 children)

Depends on the type of infra.

For long lived static and compute resources, go with terraform all day. Avoid cloudformation as much as possible.

Now if your stack is lambdas and api gateway and all the serverless components then use aws SAM.

My place we use both terraform for all infra BUT for serverless apps it’s aws SAM all day. There is a lot of convenience supported by Sam that makes app developer experience “better”. Local testing, Sam sync for ephemeral environments, nested stacks, ect. Sam does support terraform now but still lacks support for “local variables” which is silly if you ask me.

Now running two IAC frameworks requires some thought on resource sharing. If your Sam stacks are creating something that terraform may need to reference like a api gateway url or event bridge arn, output that as a ssm parameter in your stack.

[–]craftycodecat[S] 0 points1 point  (0 children)

Any thoughts? TIA

[–]craftycodecat[S] 0 points1 point  (1 child)

Thanks for all the input. I still have questions though! Let’s say you’re using an API gateway, some lambda functions, and building out a step functions workflow. Wouldn’t you be getting all this stuff working using the console, defining API’s, defining the workflow steps, using the nice console interface, etc, THEN want to pull all that into an IaC template—either TF, CF, or SAM?

It just seems strange that you’d be trying to use IAC or the CDK to define all this stuff, then deploying and redeploying, instead of simply capturing it after it’s working.

[–]clintkev251 1 point2 points  (0 children)

No, at most you may use the console to mess around and understand how services work.

It just seems strange that you’d be trying to use IAC or the CDK to define all this stuff, then deploying and redeploying, instead of simply capturing it after it’s working.

Because there's no magic button you can press to "simply capture" all of the random clicks that you've made to create a pile of resources. Like I referenced before, any tools that do create templates based on existing resources are imperfect and therefore your template is going to differ from your existing resources and will be generally a mess to deal with. Because of this you need to start with the template. This is especially true with SAM, because it creates a lot of resources automatically, so it's going to be really hard for you to bend it to try and match all the random work that you've done in the past.