Here's the thing about infrastructure diagrams: they're optimistic.
You draw the diagram at the start of the project, when you still believe everything will stay clean. Six months later, your VPC has a NAT gateway that nobody documented, your RDS instance has a different instance class than the diagram says, and the diagram; the one you show in architecture reviews is describing a system that doesn't exist anymore.
This is called diagram drift. It's universal. It's accepted. It's stupid.
The real problem isn't that diagrams drift. It's that they're two separate things in the first place.
A diagram is a description of a system. A CloudFormation template is a description of a system. If they're the same system, why are they separate documents? Why does "keeping them in sync" require human effort? Why is the answer to this problem always another YAML file?
I spent a year asking this question before I realised: the answer isn't a better process for keeping two things in sync. The answer is one thing.
Top comments (0)