Infrastructure as code (IaC) often fails during deployment due to dynamic constraints such as name collisions, quota limits and other resource-specific constraints that devs run halfway into an IaC deployment. We witnessed this first hand at TinyStacks and built precloud - an open-source framework to define and run dynamic tests before IaC deployments.
The precloud framework currently supports Terraform and AWS CDK with several default checks (unique names, service quota checks and more) and ability to define your own!
Why does infrastructure-as-code (IaC) fail often?
IaC is static and there are many dynamic constraints in the cloud. Just because you define an S3 bucket to be created -- doesn't mean it actually will! There may be quota constraints, naming conflicts or just not a valid config.
Furthermore, when IaC is often deployed, resources often are sequentially created. If that S3 bucket won't create successfully but is item 50/75 in the queue, you won't find out till 30 min into the deployment that it is going to fail and rollback.
IaC deployments and rollbacks are extremely time consuming. With a rollback the whole process could take over an hour because IaC will often attempt to cleanup any resources that it created if the deployment fails.
As platform and DevOps teams start to think about self-servicing their application, ensuring that IaC will actually deploy successfully with tests is crucial. But static tests isn't enough! Due to the dynamic nature of constraints, it's important to have dynamic tests for IaC.
After seeing this countless times, we decided to open-source precloud -- an open-source CLI that runs checks on infrastructure as code to catch potential deployment issues before deploying.
https://github.com/tinystacks/precloud Check it out and let us know what you think!