How Cloud Posse uses the drift detection feature to help account for technical debt

Cloud Posse provides a public registry of Terraform modules that are free and publicly available, as well as an extensive service catalog for hundreds of services (e.g. RDS db, kubernetes, ECS) and other components that they implement in client engagements.

Erik Osterman, Cloud Posse’s CEO, delivers insights into their IaC DevOps journey and how they have adopted and leveraged Spacelift to orchestrate their customer’s IaC DevOps.

As experts in DevOps and IaC, Cloud Posse focuses on designing and implementing an optimized IaC DevOps capability for customers. However, they had been consistently encountering limitations with the solutions they used. Various IaC vendors and open-source solutions for IaC DevOps had all fallen short of their needs and those of Cloud Posse’s clients.

Having used all the mainstream IaC solutions available for Terraform, they understand the desirable and undesirable characteristics of each of them. Either they were too primitive, too expensive, too restrictive, or didn’t provide the required information.

These solutions fell short in four key areas critical to customers’ ability to gain the most value from their IaC DevOps capability. Cloud Posse needed a solution that enabled the company to account for the following:

• Tracking the state of all the components — 1 stack is simple, but 50 stacks are challenging, and some Cloud Posse clients have 600+ stacks, which are impossible to manage without proper accounting.
• Controlling access and what could be added or changed through policy
• Identifying resource drift and its impact
• Understanding dependencies between components

“Having to establish workarounds with existing tools and then maintain them for our customers just wasn’t an option for the long term,” CEO Erik Osterman points out. Cloud Posse spent significant time and resources on solutions that were not alleviating the pain points associated with scaling IaC.  They had invested two years of effort trying to adopt tools like Atlantis, Jenkins, and Terraform Cloud, but those tools came nowhere near delivering what was needed. They also tried working with the Atlantis community, but the open source project stopped taking contributions. Eventually, the project was resuscitated and started accepting contributions, but unfortunately, it was still far from what is now required to meet customer needs.

The team started the process of finding and evaluating the best possible solution for solving Cloud Posse’s most pressing issues. They reassessed existing solutions they had experience with already, but their capabilities had changed little. Then, a customer suggested they take a look at a new addition to the IaC CI/CD tools market that had caught their attention — Spacelift. They started assessing the company and, after an initial demo, decided a more rigorous proof of concept was required.

Cloud Posse implemented Spacelift in the IaC DevOps environment of the customer who had referred them to the platform. “Spacelift not only worked, it exceeded all expectations,” Erik recalls. “We were really impressed with both the Spacelift product and the team behind it. The rapid product evolution and tremendous customer service convinced us that it would add immense value to our customers’ ability to effectively manage their IaC-based infrastructures.”

Cloud Posse started evaluating Spacelift from a pure engineering perspective around IaC, but as they gained more experience with the platform, they soon discovered that the solution had far greater value.

“We recognized that Spacelift is actually a powerful accounting system for IaC. You can’t manage the finances of a business without modern accounting software, so imagine trying to manage your infrastructure(s) without knowing the state of it,” Erik explains. The IaC CD tools they had tried previously were not able to identify what had been deployed, let alone what had been pushed through to all instances. Without this visibility, there is no way of knowing if a change has been fully implemented. Spacelift delivered full traceability back to origin.

Continuous drift protection is another aspect of the power of Spacelift for Cloud Posse. This feature helps them account for technical debt customers didn’t even know they had. Customers didn’t understand why drift detection is so important until they realized how frequently they had to deal with it. The best part is that not only does Spacelift detect the drift, it automatically remediates it.

Spacelift has given Cloud Posse and its customers exceptional visibility into the end-to-end process and enables accountability across the entire infrastructure, no matter how complex or geographically distributed.

“Any customer IaC implementation we complete includes Spacelift as an essential part of the final DevOps IaC environment we set up for them. Spacelift just gets IaC,” Erik concludes.