This is the second post of our five part – The Rationale Behind CloudTruth series.
More than a year ago we started CloudTruth with an ambitious endeavor: create a configuration intelligence system solution that will help teams stay on top of the ever-increasing complexity of their modern cloud systems.
CloudTruth is a platform that centrally manages parameters, templates, environment variables and secrets, working alongside your existing tools such as Terraform, Cloudformation, ARM, and Vault.
We’re just beginning our journey, expanding our product offerings, and starting to help customers by providing a globally available, abstracted single record of provisioning and configuration truth for infrastructure, applications and services, and secrets management.
Find and Change Configurations
CloudTruth makes it easy to locate the key configurations (such as parameter values in JSON & YAML files in Git repos, AWS SSP Paramstore, Vault, Consul, Hiera, etc.) that are driving any of your component systems. In addition, with our simple, intuitive interface, anyone in your organization can track and change those vital configurations whenever necessary. Instead of relying on experts or training various teams in a whole host of complicated, interlocking systems (such as reliably sharing application deployer secrets with a CI/CD pipeline), CloudTruth makes it possible for all stakeholders to access and modify on demand the configuration data that is relevant to them.
Share Configuration Data Between Systems
With CloudTruth’s comprehensive platform approach, you can seamlessly share configuration data between different provisioning and configuration systems whenever needed.
For example, simplify your configuration by eliminating static configuration files which require frequent updates. Keep up-to-date with the latest Terraform state, without writing specialized configuration code. Keep your parameters updated and generate new configurations as part of your CI pipeline.
With this approach, if a component relies on inputs from some other tool, service, or application, that data can be transferred automatically without any manual effort from developers or other teams. That means your interconnected stack of decoupled cloud services can function as smoothly as a single, centralized system, while still reaping the benefits of numerous specialized tools.
Track Configuration Dependencies
In addition to sharing data between systems, CloudTruth also enables you to confidently track dependencies between those different components. Instead of being taken by surprise when a change in service A leads to an error in application B, our solution makes it possible to maintain comprehensive visibility over the entire system with all of its interconnected systems.
By tracking these dependencies, you can ensure that you know exactly which systems will be affected (and how), whenever you update a configuration. As a result, you can make changes faster and more reliably, meaning your team can stop putting out fires and focus on their primary responsibilities.
Determine the Blast Radius of Configuration Changes
Too often, one team will make a limited change to a specific cloud tool, only to discover that the change has caused problems for multiple other teams and systems. Even if you attempt to determine which systems will be affected by any given change, most modern stacks are so complex that this is next to impossible to figure out manually. Our survey of over 300 cloud DevOps practitioners found that misconfigurations is the leading contributing factor to unplanned downtime or security breaches.
With CloudTruth, you can easily identify exactly what impact any given change will have, enabling you to coordinate with any potentially affected teams and systems. You can also iterate on a proposed change before launching it to the whole system, in order to make sure it will have the desired effect in the desired area (and nowhere else).
Improve Forensics and Audits
Finally, CloudTruth is powerful not just because it supports real-time configuration monitoring and updating, but also because it provides insights into your entire system that can add future value. With visibility into system-wide configuration changes over time, teams can develop accurate forensics to determine and resolve the root cause of issues when they occur.
Similarly, this access to comprehensive configuration data logs makes it possible to conduct preventative audits and reviews, empowering teams to move forward with changes with greater confidence and reliability. For example, if a review of past configuration data reveals that modifying a certain setting has consistently created errors in a seemingly unrelated application, that can be leveraged to change the update process and avoid the issue in future releases.
We’re constantly looking for new ways to improve and expand our configuration intelligence solution. While we’re already providing a number of important services to our customers, we are always on the lookout for new ideas for features that could help you stay on top of your complex cloud infrastructure. If you’ve got any feedback, let us know!