Daniel Buaon

Check out my latest article: AI Agents Can Run Bash. Linux Fundamentals Still Matter. linkedin.com/pulse/ai-agent… via @LinkedIn

Strong point. I’ve been contributing to Checkov recently, and this is exactly how I see it: static analysis is a strong safety net, but it is only one layer of a Terraform audit. A real audit also needs Git history, PR reviews, plan/apply history, backend configuration, state access, version pinning, secrets scanning, drift detection and apply permissions. The state file is useful evidence, but it shows what Terraform believes it manages, not necessarily the complete operational reality.

#Terraform #audits tend to get reduced to "did we run Checkov?" but the real picture is wider. Code, run history, state, and backend each tell a different part of the story, and skipping any of them leaves gaps that show up later during #compliance reviews. This guide breaks the process into nine concrete steps, from version control hygiene to module pinning and secrets scanning. It also clarifies what state files actually reveal, and the limits of treating them as a source of truth for your real infrastructure. Check out this article from Flavius Dinu if you are setting up audit practices or trying to make existing ones less ad hoc. lckhd.eu/bRkgrt

Strongly agree. I see AI for IaC as a productivity tool, not as an autonomous decision maker. It can speed up Terraform and reduce repetitive work, but automation still relies on tests, policies and predefined logic. There will always be edge cases, business constraints and operational trade-offs that IaC or AI may not synthesize correctly. For production infrastructure, the hard part is not generating code. It is understanding intent, risk, blast radius, rollback, quotas, state and operational consequences.

AI-generated infrastructure code adds hidden complexity. Models often miss subtle design patterns or quotas. Blindly trusting LLM output for IaC is risky. - Always run `terraform plan` to verify resource changes. - Use static analysis (e.g., `Checkov`) for policy checks.

That sounds more like a platform engineering template than just a Terraform repo. Closest references I know: - Kubestack: github.com/kbst/terraform… - Camptocamp DevOps Stack: github.com/camptocamp/dev… - kube-hetzner: github.com/kube-hetzner/t… I’ve been contributing to IaC tooling like Checkov and looking into TFLint AWS rules, and this is exactly the gap I keep seeing: great tools and modules exist, but complete, opinionated platform templates that teams can fork and adapt are still fragmented.

@st0yanov yea im looking for a free github repo with all the manifests and k8s configs for a platform +/- terraform too - a complete template

Is there a good free infra-bootstrap template suitable for startups? Not gate-kept by an agency tho

Good list. On state conflicts, it feels like this area is evolving too. For a long time, S3 + DynamoDB was the default answer, but with Terraform 1.7+ and `use_lockfile`, it seems worth revisiting whether older backend patterns still make sense for every team. A lot of the trade-off now is simplicity vs concurrency.

13 Terraform challenges that hit teams in production (and how to fix them): 1⃣ State conflicts → Use remote state + locking 2⃣ Secrets leaking in state files → Use write-only args / secret managers 3⃣ Configuration drift → Run terraform plan -refresh-only 4⃣ Broken resource ordering → Use references instead of depends_on 5⃣ Provider upgrade surprises → Commit .terraform.lock.hcl 6⃣ Cloud API rate limits → Reduce -parallelism 7⃣ Environment chaos (dev/staging/prod) → Separate states + credentials 8⃣ Module sprawl across teams → Version modules properly 9⃣ Refactoring destroys infra → Use moved blocks 1⃣0⃣ Importing existing infra pain → Use config-driven import 1⃣1⃣ Slow plans at scale → Split large stacks 1⃣2⃣ Dangerous changes reaching prod → Policy as code + automated checks 1⃣3⃣ Terraform licensing concerns → Keep OpenTofu as an option

@devops__cmty Completely agree. In practice, most pipeline issues I’ve seen come from mixing too much logic in one place. Separating build, test, and deploy — and keeping configuration closer to the code — made a big difference in reliability.

CI/CD Is Not About Speed. It’s About Confidence. Many teams think CI/CD means: “Deploy faster.” That’s only half the story. Real CI/CD is about deploying with confidence. Here’s what most teams misunderstand. 1️⃣ CI Is More Than Running Tests Continuous Integration should verify: • Code compiles • Unit tests pass • Dependencies are secure • Linting and standards are enforced • Infrastructure changes are validated If CI only checks “build success”, it’s weak protection. 2️⃣ CD Is Risk Management Continuous Delivery is not auto-deploying everything. It should include: • Environment-based approvals • Canary or blue-green rollout • Health checks before traffic switch • Rollback automation • Monitoring after release Deployment is a controlled event, not a blind push. 3️⃣ Pipelines Should Fail Loudly If your pipeline: • Hides warnings • Ignores security findings • Skips flaky tests • Allows force-merges You don’t have CI/CD. You have automated risk. 4️⃣ Infrastructure Must Be in the Pipeline Modern CI/CD should handle: • Terraform validation • Docker image scanning • Kubernetes manifest checks • Policy enforcement Application code and infrastructure must evolve together. 5️⃣ Feedback Speed Matters More Than Deployment Speed The fastest teams are not those who deploy most. They are those who get feedback fastest. Short feedback loops: • Reduce bugs • Reduce fear • Reduce rollback stress • Increase developer productivity Final Truth CI/CD is not a DevOps checkbox. It is a reliability mechanism. A strong pipeline makes releases boring. A weak pipeline makes every deployment stressful. If deployments still create anxiety, your CI/CD design needs improvement. #CICD #DevOps #Jenkins #Automation #ProductionEngineering

One interesting detail: With S3 native locking, Terraform creates a lock object alongside the state. No external system needed.

Terraform state locking is evolving. For years, the standard setup was: S3 + DynamoDB

Good reminder: Even long-standing Terraform "best practices" evolve. Worth revisiting them based on real usage. #terraform #aws

But it's not just “new = better”. Concurrency and team size still matter. Different setups need different trade-offs.

@PythonPr c

Python Question / Quiz; What is the output of the following Python code, and why? Comment your answers below!

@Python_Dv 2

🤔🚀 Comment your answers below! 👇

@SalvaDiStefano Si compras se cae a los dos segundos, si vendes sube …

El Bitcoin perfora el nivel de los U$S 100.000, veremos si esta para rebotar o profundizar la baja, por ahora selo ve muy débil.

LA FRASE DE HOY...

Gran verdad #ElVueloDelEscandalo

Fus Delei: Tocaron muy bien y tuvieron muy buenas devoluciones del público! Felicitaciones!

Hasta fin de año, el dólar blue no bajará de los $13 y no subirá de los $15 - igdigital.com/2014/11/hasta-…

“@HarvardBiz: A glimpse of how the human mind works, and how the internet of things can work in parallel: s.hbr.org/1xydG8a”