One thing I'm personally wondering about is whether I can import my Terraform state file - because that'd be a pretty good starting point for many orgs.
Regardless, I'm curious how this pans out. Though we've had a few different iterations of IaC in the past decade or so, the infra crowd has been known for being sceptical when it comes to adopting new things than your usual software engineer, especially something that is more like a step change than a gradual evolution.
Very happy someone's taking on this task with a very fresh approach.
> When you turn infrastructure into data rather than code, you obviously don't want to stick it in Git
Why not? I still do.
Does it have a way to add support for underlying infrastructure that isn't natively supported, similar to terraform provider plugins?
How do you plan on keeping these "simulations" up to date, and consistent with real infrastructure, especially as you add support for more cloud providers?
2. How is a "multiplayer" experience superior to code review-based collaboration flows, in general and for infrastructure work in particular? (I'm someone who values peer review highly and thinks that an independent reviewer improves both the credibility of the process and the quality of the outcome, but who doesn't think a pairing session counts as an objective review.)
My only hope is that we learned and we don't end up managing things like GH repositories or Pagerduty schedules.
> When modeling AWS IAM policy in System Initiative, we realized that AWS provides a sophisticated Policy Simulator. So we modeled it, connected our IAM Policies and resources to it, and had a new, real time interface to test the validity of IAM policy. It took less than an hour from start to finish.
Clicking the link takes you to the docs on policy simulator, which seems to show it’s quite limited and isn’t representative of actual, deployed IAM rules:
> Important:
> The policy simulator results can differ from your live AWS environment. We recommend that you check your policies against your live AWS environment after testing using the policy simulator to confirm that you have the desired results.
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_poli...
Charge per user or a percentage of cloud spend under management.
(Off-topic to the post, but since the discussion seems to be dying down anyway, this seemed worth commenting before the post disappears to the back rooms of HN.)
We're here if you have any questions.
Is there any tldr somewhere?
The simulator, if it works as described, is huge. Would be worth 5 figures/year/engineer in time saved alone. If I can deploy to a simulator and it's close enough to the real thing that passing means g2g to prod the you have a gold mine. Oh lord, if you could write tests against the simulator and bring first-class unit testing to devops I might cry.
Suppose that for one reason or another, I want to migrate off of the SI platform. Am I able to get any reusable IAC out in some form? Does SI provide any ways to migrate out of the platform? Or do I just have to rebuild all my infrastructure from scratch outside of SI?