DoorDash has written a nice article about them leveraging policies-as-code for Terraform with Atlantis. They are using OPA with Conftest for that.
For me the interesting part was the idea to keep the policies in an S3 bucket for Atlantis. It looks a bit over complicated (why not store them just in Git?), but I don’t have much experience with Atlantis, so I dunno.
Also, there’s this passage that can make a grownup man cry:
> The core-infra team engineers soon became full-time code reviewers for all the changes that were needed to keep the platform from breaking.
#terraform #atlantis #opa
For me the interesting part was the idea to keep the policies in an S3 bucket for Atlantis. It looks a bit over complicated (why not store them just in Git?), but I don’t have much experience with Atlantis, so I dunno.
Also, there’s this passage that can make a grownup man cry:
> The core-infra team engineers soon became full-time code reviewers for all the changes that were needed to keep the platform from breaking.
#terraform #atlantis #opa
DoorDash Engineering Blog
How DoorDash Ensures Velocity and Reliability through Policy Automation - DoorDash Engineering Blog
Learn how DoorDash enables their engineers to self-serve infrastructure through policy automation while ensuring reliability and speed