Weekly Journal 82 - GitHub, Control Tower + Terraform


I am still on the fence when it comes to picking a software forge. I would prefer to use a forge that is also open source and I think GitHub has crossed an ethical line with their use of open source code as a training set for Copilot. At the same time, GitHub is far and away the most popular forge and with that comes more tool options that have integrations for it out of the box. From a features and productivity standpoint GitHub is a clear winner, but I’m thinking more and more that I should embrace a true open source software forge (and its limitations) for my own projects as a matter of principle. Out of the alternative forges I’ve looked at, sourcehut has a good feature set. The project tracking tools aren’t as fancy or mature as GitHub’s, but it does a good job of covering the essential features I need in a forge. (git code repositories, issue tracking, discussions, continuous integration)

Control Tower

AWS has a service called Control Tower that is used to enforce governance standards around the creation of new accounts. Control Tower allows you define policies and automation that gets executed when a new account is created. This ensures that all new accounts conform to your organizations standards. For example, Control Tower can be used to automatically add new accounts to an AWS Organization, and it can deploy services like Config, GuardDuty, and SecurityHub. In the past, Control Tower only supported CloudFormation, which is AWS’ own tool for building automated provisioning of resources using code. However, AWS is starting to expand Control Tower to use other infrastructure as code tools like Terraform.

Earlier this year AWS released the Account Factory for Terraform. This feature in Control Tower allows you to use Terraform to manage your resource provisioning instead of CloudFormation. Now that it’s been around for a good six months or so, I am interested in taking it for a spin. I would love to create a tool that would allow our developers to create their own AWS accounts as needed to host projects. This way we could give them that ability, but at the same time we can ensure the new accounts will conform to our company standards.