When doing infra as code, you want to plan your deploys around what infra state—that is, resource graphs—you want to achieve, not around what graph manipulation your tooling restricts you to. To that end, here's a maturity model for CloudFormation support for AWS services 1/10
Stage 1: CloudFormation support at launch, for every launch. For cloud-native customers, if it's not in CloudFormation, it doesn't exist. This should be table stakes at this point. But it's not, so let's make it a milestone. 2/10
But CloudFormation support at launch isn't the real story. CloudFormation resource designs are constrained by the underlying control plane API of the service, and these are often designed long before CloudFormation support is even thought about. 3/10
What defines a good control plane API design? One that has no functionality that cannot be accessed through CloudFormation. But further than that, one in which *advanced* CloudFormation usage is planned for and well-supported. Let's see what that looks like: 4/10
Stage 2: Any (control plane) state of the service is representable in a single CloudFormation template (setting aside limits on number of resources).
Lambda, API Gateway, and Kinesis are among services that fail this test. 5/10
Stage 3: It is possible to achieve any (control plane) state of the service in a single stack operation. You can move from any resource graph to any other graph without an defining an intermediate graph or arbitrary dependencies. DynamoDB fails this test. 6/10
Stage 4: The service's resources are designed to allow decoupled management of the service according to common use cases (e.g., managing primary definition and operational parameters as separate resources, so they could be deployed by separate dev and ops teams) 7/10
Very few CloudFormation resources look like Stage 4. Lambda's recent decision to have provisioned concurrency as a separate set of APIs is a start, though it did not show up in the same way in CloudFormation. 8/10
Note that Stage 4 implies engaging customers very early on to understand how they would want to manage a theoretical service or feature. It may also mean being more willing to make API changes in beta. 9/10
The move to open source resource provider development is great, but it also implies that resource design happens after the API is fixed, which means you're going to be stuck in Stage 1. CloudFormation resource design needs to happen in concert with API design. 10/10
You can follow @ben11kehoe.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.