top | item 37062698

(no title)

Sounds useful!

We're using service control policies to enforce tagging on certain resource types, and retroactively for the rest.

Considering to use a "shift-left" tool as well, but it would need to support Terraform, CDK, Serverless and Cloudformation.

discuss

aliscott|2 years ago

Awesome, yeah we’ve seen people using this method and the main complaint we’ve heard is this is annoying for developers since it blocks their deployments when they run `terraform apply`, so they need to create new pull requests and wait for another code review. Combining both can definitely help with this.

cube2222|2 years ago

Not sure if with shift-left you mean specifically shifting left infracost and FinOps or general Infrastructure-as-Code shift left.

In case it's the latter, I can recommend Spacelift[0] - a specialized CI/CD tool for IaC and supports all the tools you've mentioned. It basically helps you build policies and orchestrate your infra (don't want to go into too much detail in this comment) to scale it to bigger teams and setups. Policies to enforce tagging would indeed be a good example.

It integrates with infracost too, but obviously just for the tools infracost works with, no CloudFormation.

Disclaimer: Work at Spacelift so obviously take the recommendation with a grain of salt, but I do legitimately think it's a great tool.

[0]: https://spacelift.io

P.S. Congrats on the Show HN Infracost team!