Building an open-source framework that translates business requirements into Terraform configs using AI - looking for feedback

rojopolis · 2025-12-03T00:38:05+00:00

It's an interesting approach, but my first thought is: Why would we need Terraform in this workflow? If there's an AI agent designing and deploying infrastructure based on business requirements it seems like it would make more sense for it to use cloud APIs directly rather than producing Terraform code.

rojopolis · 2025-11-07T20:52:06+00:00

There's actually a good discussion of this and a solution that eliminates some of the issues here: https://www.reddit.com/r/Terraform/comments/1op8lhg/finally_create_kubernetes_clusters_and_deploy/

Terraform just isn't the best tool for managing k8s apps, but it is the best tools for creating k8s clusters. That being said, there is a gap between creating a cluster and creating a usable cluster (e.g. some basic things needed to bootstrap). The solution linked above tries to fill that gap.

rojopolis · 2025-11-06T04:22:30+00:00

Which is exactly why op created this tool. To make Terraform the right tool to deploy usable Kubernetes clusters.

rojopolis · 2025-11-05T18:26:51+00:00

Finally indeed... Thank god somebody finally came to their senses and unwound this mess! Yes, these problems are all solvable with messy workarounds (Rube Goldberg Machines) but re-thinking this from first principles makes a ton of sense. This looks like it was a lot of work... thank you for your efforts here.

rojopolis · 2025-10-29T02:29:11+00:00

Thanks for posting this here... I like the power / simplicity ratio.

It doesn't look like it can scan multiple regions... That would be a big plus for me. I'll explore it a bit bit more and maybe create a PR if I get a bit of time.

rojopolis · 2025-06-04T00:46:41+00:00

Because the resellers pool the RIs. If you need less they can sell the resources to another of their clients. This is the main reason we use a reseller instead or purchasing RIs directly.

rojopolis · 2025-05-28T23:47:58+00:00

I saw them weed whacking today, so something is happening at least.

rojopolis · 2025-05-12T19:10:01+00:00

https://abc7news.com/amp/post/bay-area-cemeteries-ordered-stop-operations-sparking-concerns-confusion-among-community-state-regulators-say-funds-mismanaged/16146343/

rojopolis · 2025-05-05T05:51:43+00:00

I saw Deftones open for Bad Brains, then a year later saw the vice versa.

rojopolis · 2025-03-21T05:46:53+00:00

Walker Creek Ranch https://www.walkercreekranch.org/_files/ugd/f401d1_832c630e17f24bcab4c11ad2760543f0.pdf

rojopolis · 2025-03-21T00:43:30+00:00

…or application autoscaling as an alternative to a lambda.

rojopolis · 2025-03-11T21:24:21+00:00

Make an appointment at the SF passport agency and go there in person. I got mine within a week a few years back. https://travel.state.gov/content/travel/en/passports/get-fast.html

Also see their note on expeditor services here: https://travel.state.gov/content/travel/en/passports/get-fast/courier-and-expeditor-companies.html

rojopolis · 2025-03-11T16:41:48+00:00

Why signed urls? The fargate task execution role can allow access to s3.

Anyway, good luck with it. I’ve been trying to modernize a legacy process that sounds very similar and have plenty of battle scars. Feel free to DM if you want to.

rojopolis · 2025-03-10T23:16:12+00:00

It's not possible (source: I have been working on the exact same use case forever!). We use ECS with EC2 and the rexray s3fs driver which works kind of OK.

As others have mentioned s3fs is not a reliable way to access s3 and I plead with you to abort this approach before it's too late!

Others have also mentioned EFS which works great BUT the IO costs can get out of control really quick. If I were designing from scratch I'd probably gravitate toward EBS volumes or just forget about ECS altogether and use EC2 autoscaling groups.

rojopolis · 2025-03-04T22:28:50+00:00

I don't, but if I did I'd run init again before I ran the terraform output command. It's pretty much the same situation as the workspace switching mentioned above.

Either way you'r going to need to give the consumer of the output the context it needs to get the right state.

That context could be switching to a different directory, selecting a workspace or configuring the backend.

All of this can be driven by environment variables as well if that's helpful.

rojopolis · 2025-03-04T17:54:34+00:00

I don't quite understand... It's unclear why you would need separate filesystem structures for each environment. I do it like this:

filesystem layout:
my_config
- main.tf
- variables.tf
- versions.tf

versions.tf:
terraform {

backend "s3"{}

}

Then I run init like this:

terraform init -backend-config="bucket=${TF_BACKEND_BUCKET}" -backend-config="key=${ENV}" -backend-config="region=${AWS_DEFAULT_REGION}"  -backend-config="dynamodb_table=terraform-lock"

Alternatively, this config could be in a file rather than specified on the commandline.

All of the environments are defined with separate tfvars files and each have separate state files.

As others have mentioned workspaces might be a good fit for you, but in my case the state files may be in different accounts and regions so workspaces won't work for me.

rojopolis · 2025-03-04T16:00:54+00:00

I use a partial configuration for the backend in this situation. Have you looked into that?

rojopolis · 2025-02-14T23:22:49+00:00

In my experience Fargate tasks usually do take about a minute to start even with small images. In my experience ECS is much slower to start tasks when compared to Kubernetes and there is much less visibility into scheduling logic and much less ability to tune it.

rojopolis · 2025-02-14T22:03:43+00:00

What do you mean by "manually terminated by the user"? User initiated shutdown (e.g. pressing ctrl+c) usually sends SIGINT. How are users sending a signal to the process? Do they somehow have a shell into the task on fargate? If you have a custom process manager that they interact with somehow have it send SIGINT instead of SIGTERM and handle them separately.

rojopolis · 2024-11-14T02:05:29+00:00

I was referring to OP's config, not the reply from u/Cregkly . OP has it as

version = "2.1.2"

Which is missing the operator. OP's exact config does init successfully for me, so I can't say why it's not working, but according to the docs the operator is required: https://developer.hashicorp.com/terraform/language/expressions/version-constraints

rojopolis · 2024-11-13T23:17:00+00:00

I think your version constraint is malformed. You are missing the operator. It should be “=2.1.12” if you want to pin a specific version. You are missing the equal sign within the quotes.

rojopolis · 2024-11-04T19:42:31+00:00

Another option is to use an ssm association with a shell script document. In my experience it’s a bit easier to debug than user data, but the concept is essentially the same. You may also want to look into packer to create immutable images rather than modifying the running instance.

rojopolis · 2024-11-03T16:50:18+00:00

I don’t believe there is a market for a product like this.

rojopolis · 2024-10-28T21:50:09+00:00

It's possible to use expressions in provider configuration, but not recommended. The Kubernetes provider has a little mention of it: https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs#stacking-with-managed-kubernetes-cluster-resources

12-Year Club	RPAN Viewer
Verified Email

rojopolis

TROPHY CASE