Isolation and access control in GreenField projects:

Innovation is critical to businesses who seek to break new ground or gain competitive advantage. Prototyping is central to innovation as new ideas are best incubated and demonstrated with new projects. The leap between a version 1 of a product and its user acceptance is facilitated when end-users can take it for a spin without being tethered to existing infrastructure, processes, and practices.  A Greenfield project is one that unwraps a cloud offering for end-users from scratch. With isolation and access control such that the offering can be tried out in a sandbox and unraveled with many functionalities into an offering with terms such as runtime-in-a-box, cloud-in-a-box, the end-user is given the option to treat the entire instance as a private resource, a personal toy if you will but with the same capabilities as a shared instance for various organizations, teams and members.

The setup and deployment of tools on hosts were facilitated with installers that benefitted from commit and rollback transactions and software-maker-defined order of execution bringing with it several decades of experience in gaining end-user acceptance. Cloud solutions have rarely been seen as personal computing to warrant a similar experience for end-users and tend to be shared between teams and members with subscriptions and resource groups. Fortunately, cloud adoption has brought about significant strides and popularity of change tracking and control technologies and manifestations of existing and new cloud resources.

Infrastructure-as-a-code or Iac for short is a declarative paradigm that is a language for describing infrastructure and the state that it must achieve. The service that understands this language supports tags, RBAC, declarative syntax, locks, policies, and logs for the resources and their create, update, and delete operations which can be exposed via the command-line interface, scripts, web requests, and the user interface. Declarative style also helps to boost agility, productivity, and quality of work within the organizations. 

Terraform’s appeal is that it can be used with multiple IaC providers for end-to-end integration. For example, it can deploy Azure Functions and a storage account with Azure, manage Microsoft Azure Active Directory users and groups, and provision repositories in GitHub with teams that correspond to those users and groups. It is the poetry like brevity of describing the IaC that makes it easier to explain the sequences and dependencies for describing the concepts for solutions to problems.

Isolation and Access control is not specific to cloud artifacts. It has been traditionally used with both code and data. The innovation is the leverage of GitHub repositories and teams introducing change tracking and control into processes that were previously as hidden as setup and deployment of products and cloud solutions as well as the organization and structure that filesystem brings without requiring the use of transactions and instead using robust idempotent operations. One of the benefits of using an independent repository is that we can achieve simultaneous publishing across replications or other scenarios including Continuous Integration/Continuous Deployment.

For example, the following example in IaC describes the concept of a massive copy tool as a personal cloud utility for moving Terabytes of data in hours with the convenience of isolation and access control for an end-user for her private collaborators.