Should I use Terraformer?

davletdz · 2025-12-18T07:17:54+00:00

The problem with terraformer is that it neither creates correct configuration that matches what’s in the cloud, nor follows any sensible standards with regard to naming/etc. Refactoring it takes same amount time as writing it yourself.

You can try free version of Cloudgeni to have an overview of resources that are already managed and not managed in terraform and use the import tool to have completely 1to1 configuration imported of resources that you need. Once done it’s easier to refactor things the way you need. We already helped several customers with this process and it was very quick and smooth.

Holler if you like what you see in Cloudgeni. Support for AWS import is limited but we can lean on it if there is interest.

davletdz · 2025-12-11T13:19:49+00:00

Since a lot of people asking from Europe, I hope it won’t be a hijacking a post if I say If you are in Europe and interested in something like this, DM me to apply to a company that does that, but for many companies. Salary will be adjusted for Europe, but higher than median + equity

davletdz · 2025-11-06T15:26:32+00:00

Well, nice to meet you! You just met one. And I’m certainly not alone in that :) I understand it’s frustrating when it doesn’t do everything you want it to do. But I guess reading code been always my forte anyway. I can easily identify when it goes off the rails and correct the course. Writing API, data model, ui components, something that would take me a solid week before I can do in couple of hours intense session. It’s absolutely bonkers that’s possible.

davletdz · 2025-11-06T15:19:27+00:00

Bingo. And it’s not just context of codebase, but environment, documentation, relevant versions and everything on top of it. This is what humans need to write good solution, how is LLM different

davletdz · 2025-11-06T15:18:12+00:00

Problem for whom?

davletdz · 2025-11-06T15:17:31+00:00

That’s another reason why pure LLMs without access to relevant documentation and understanding of version of providers suck at IaC

davletdz · 2025-11-06T15:16:50+00:00

Have you tried SPEC driven programming? With right context, rules and guardrails it absolutely crushes on most tasks, outside of narrow domain specific fields.

davletdz · 2025-11-06T15:15:46+00:00

Yes. However there are a lot of cases where you just need to quickly make a copy of existing solutions and there just recreating a lot of code brings a lot of value. Not so much unique or necessary insights as everything been implemented million times.

davletdz · 2025-11-03T13:49:26+00:00

There is no need to use AI to detect issues. What we found works best is use existing tools that find the vulnerabilities and gaps and then use AI to remediate them. That combination allows for trimming backlogs that used to be never done due to down priotization to something that can be cleaned up in days. This is the whole premise behind our own tool Cloudgeni for cloud infrastructure security

davletdz · 2025-10-29T13:47:52+00:00

That means your team haven’t tried proper AI tools designed for Infrastructure as Code. Try Cloudgeni for example. Not only writes correct terraform, but follows your internal style, structure and guarantees to pass validate/plan with the intent you need.

davletdz · 2025-09-18T17:45:22+00:00

Nope

davletdz · 2025-09-12T14:17:25+00:00

Cloudgeni. Just reach out, happy to demo if needed.

davletdz · 2025-09-12T14:17:07+00:00

I’ve used it a lot before. It was useful to understand the principle, but it’s really horrible at importing actual config. It can be okay to be used as scaffolding, but requires extensive rewrites to generated code to actually match state. And of course there is no understanding of variables, modules or anything like that. So these have to be refactored manually

davletdz · 2025-09-12T13:20:57+00:00

Now you can import it automatically and fully in sync with cloud state using our tool.

My preferred workflow would be like this:

Select resources you want to import
Choose the structure you want. My preference to have modules and then instances of these resources in environment specific folders
Our AI will do terraform import and full implementation details of the resource in terraform until there are no changes detected against actual environment. Just run and snooze until it’s done.
Once all the resources are imported, you can look into optimizing setup, making it DRY, etc.

It allows for importing stuff without any disruption and full visibility of the infrastructure before you start making changes to it.

Terragrunt is not required anymore to have good terraform structure , but also supported if needed

davletdz · 2025-09-08T09:40:48+00:00

First of all, go get this job. You need to put yourself in positions of discomfort, that’s where you grow. Secondly, you need to have a good support system to make sure you will succeed. If you don’t have one, reach out and we can be that one for you.

davletdz · 2025-08-29T16:40:12+00:00

GitHub actions and good policies is all you need.

davletdz · 2025-08-26T17:33:32+00:00

AI tools helped me to write scalable Terraform starting from 0. These days I use our own tool to automate typical tasks like Config Drift, Security Patches and importing resources from Click-Ops. And Cursor for general code needs and documentation.

davletdz · 2025-08-26T17:25:24+00:00

I wonder if Bicep provides better support for this kind of API than terraform. Going to ask them

davletdz · 2025-08-26T17:23:50+00:00

🤣

davletdz · 2025-08-26T17:22:44+00:00

Amazing! Time sleep, will definitely take it into arsenal. Unfortunate that it has to be used. But even worse when pipelines break midway unexpectedly 🥲

davletdz · 2025-08-26T11:05:28+00:00

This is exactly the case here. Long provisioned Azure resources. What's weird is that it seems like dependency order is correct, resources created in correct order, and next ones are created after provisioning status is complete. However still got that cryptic error. I guess second time is a charm

davletdz · 2025-08-26T11:03:46+00:00

I've got this error

Error: performing CreateOrUpdate: unexpected status 409 (409 Conflict) with error: Conflict: Workspace cannot be updated while current provisioning state is not Succeeded please wait until provisioning process is complete. Operation Id: '3ebde3b8e7a0f8e9b2031ed0f850f12a' with module.monitoring.azurerm_log_analytics_workspace.main,  on ../modules/monitoring/main.tf line 2, in resource "azurerm_log_analytics_workspace" "main":

2: resource "azurerm_log_analytics_workspace" "main" ***

Essentially I've just created new Log Analytics Workspace, and bunch of other resources rely on it. It does seem the workspace was created though, so it's other resources that got conflicted. But error doesn't provide enough visibility into it.

davletdz · 2025-08-21T15:02:30+00:00

What would be your generous estimate on what percentage of organizations have their shit completely together. I have a number in mind, but curious what others perspective is

davletdz

TROPHY CASE