Document Cloud Posse vs Gruntworks

[osterman]

what

• Describe our differentiators

---

Gruntworks is an awesome contributor to open source and demonstrate solid engineering skills. They have a vast, well-tested, library of proprietary terraform modules and a closed community. It cannot be questioned that they build solid stuff.

The key differentiator between Cloud Posse and Gruntworks is our approach.

Business

"Rising tide floats all boats"

1. We Open Source 100% (APACHE2) of everything we do and we accept most Pull Requests. Customers who believe in our vision of Infrastructure as Code have paid us millions of dollars to implement all the essential boilerplate code you need to get started.
2. We have an active/vibrant public community using our toolchain. Anyone can join our slack team.
3. We share everything we have for free. No contracts. No credit cards.
4. We don't lock you into our Infrastructure as Code library and service catalog.
5. We provide paid commercial support for our entire toolchain and will help you write new terraform modules, helm charts, or anything else so long as it's Open Source.

Solution - "Collaborative DevOps"

1. We don't rely on a wrapper like terragrunt (but we're compatible with it). geodesic is a superset of tools including terragrunt. We are not mutually exclusive, but terragrunt is made redundant by our strategy and toolchain. We believe in lots of small purpose-built tools that do one thing well.
2. We containerize our entire tool chain and docker extensively to deliver the solution using geodesic. This container can be run on the desktop under docker, in Kubernetes as a Pod or on ECS as a task. We support Windows, Linux and Mac.
3. We distribute our toolchain as alpine packages
4. We treat every AWS account as a Git repo (polyrepo). This allows companies to easily delegate responsibility, ownership, and privacy settings per repo. Each repo defines a Dockerfile and pulls in source from a shared terraform service catalog (terraform-root-modules). Everything is strictly version pinned. The docker image services as an artifact containing all dependencies/tools at one point-in-time.
5. We support GitOps with atlantis for "Operations by Pull Request"
6. We use one terraform state backend (S3 Bucket + DynamoDB table) per account. We provision that backend with terraform, because that way it's consistent.
7. We automated our coldstart process for setting up the account infrastructure
8. We provide lots of original helm charts and support many community provided helm charts
9. We've been focused on shipping kubernetes tools since 2015; our usage of terraform is primarily to support our kubernetes implementation
10. We specialize in integrating best-of-breed technologies.

• We use teleport for enterprise-grade SSH with audited sessions and youtube-style session replays; everything else pales by comparison, including Netflix BLESS.
• We use the BeyondCorp model to deploy Identity Aware Proxies for remote access management rather than traditional VPNs which are difficult to secure. This is the same security model used by Google. But if that's not desirable, we support OpenVPN with SSO
• We support Fluentd log forwarding and support ElasticSearch, Sumologic, Splunk, Datadog
• We prefer to use purpose-built, vendor-agnostic tools like aws-vault and support Okta SSO aws-okta

11. Our modules are used by thousands of companies. With over 100K forks (nearly 5-8k forks per day), our modules are visited by over 10k+ unique visitors every single day and growing.

references

• Check out our mantras Document Mantras #356

[osterman]

Our philosophy is further captured in this reddit post: https://www.reddit.com/r/Terraform/comments/afznb2/terraform_without_wrappers_is_awesome/?st=JQY9U281&sh=e114a6fb