Workflow Deep Dive

LinkedIn Draft — Workflow (2026-01-27)

{{opener}}

Terraform DAGs aren’t deterministic at scale — your abstractions are

Terraform’s graph is great at parallelism, not safety. The sharp edges show up when the graph gets wide (mono-repos, shared modules, many resources).

What usually bites later:

• Implicit dependencies hide ordering until a refactor turns into a surprise destroy/create chain.
• Fan-out graphs (100s of resources) explode apply time and make blast radius review basically impossible.
• depends_on “fixes” symptoms, then quietly couples modules and kills reuse.

My default rule:
If a module needs depends_on to be safe, the module boundary is leaking — redesign the interface, don’t paper over it.

When I’m sanity-checking this, I usually do:

• Use terraform graph | dot -Tsvg > graph.svg and inspect fan-out + cycles before big refactors.
• Gate applies with policy (OPA/Conftest or Checkov) + a human review on any planned destroys.

Deep dive (stable link): https://neeraja-portfolio-v1.vercel.app/workflows/terraform-dag

{{closer}}

terraform #iac #devops #sre