The Modern Stack on AWS

aws cloud devops platform-engineering terraform github-actions open-source

The Modern Stack on AWS

byErik OstermanCEO & Founder of Cloud Posse

Jun 09 2025

Let's be blunt: AWS infrastructure is complex enough. You don't need to make it harder with trendy tools or Rube Goldberg CI/CD systems.

What actually works, again and again, across hundreds of real-world AWS platforms?

Terraform
GitHub Actions
Open source modules

It's simple. It's proven. It fits how modern teams actually deliver software.

Yet too many teams get distracted chasing "next-gen" IaC tools or overbuilding their pipelines.

Here's the truth:

You don't need a "platform as a product."

You don't need another hammer.

You need a blueprint — and a stack you can trust.

Let's walk through why this stack is still the smartest choice for AWS infrastructure today — and why it's future-proof for what's coming next.

Why Terraform Is Still the Standard for AWS IaC

Every year, new IaC tools hit the hype cycle: CDK, Pulumi, Crossplane, Wing, WeaveWorks/Flux, EarthlyCI...

Some even raised $8-50M+ (Wing, WeaveWorks, EarthlyCI). Some are now bankrupt (Wing, WeaveWorks, EarthlyCI).

Meanwhile — Terraform is still here, and still dominant for AWS infrastructure.

Why?

Battle-tested across nearly every AWS service

Declarative: easier to reason about and review

Large ecosystem of modules, providers, and tools

Language-agnostic: works for polyglot engineering teams

Put bluntly: Terraform is the lingua franca of AWS IaC.

CDK? Great if everyone on your team is TypeScript-proficient and comfortable writing imperative code for infra.

Crossplane? Great if you have a full-time team to operate Kubernetes as a control plane for everything (and the iceberg of infrastructure beneath it).

Wing? They burned VC dollars trying to replace Terraform — and didn't stick.

WeaveWorks? The company behind Flux is gone.

Terraform wins because it is simple, proven, and widely adopted.

Why GitHub Actions Works — You Don't Need Another Hammer

Here's the trap we see all the time:

Teams start building their AWS platform, and they think:

"Should we use Terraform Cloud? Spacelift? Crossplane with GitOps? Flux CD? Atlantis?"

Sure, those are fine tools. But they're just more hammers.

What most teams actually lack is not a better hammer — it's a blueprint.

No amount of nails, screws, or lumber will help if you don't have a clear architecture and a plan to implement it.

More tooling won't save a poor architecture
CI/CD complexity often becomes platform tech debt
Buying "yet another control plane" ≠ solving delivery velocity

GitHub Actions already gives you what you need.

GitHub Actions gives you:

First-class GitOps workflow (PR-driven infra changes) with Enterprise-grade governance

Simple to integrate with policy checks (OPA, tfsec, drift detection)

Self-hosted runners — scale without per-runner pricing

No extra system required to operate — native to GitHub

The winning pattern: Terraform + GitHub Actions + open source modules as a blueprint — not a pile of hammers.

How Cloud Posse's Open Source Modules Give You Leverage

Here's the real multiplier: you don't have to write your AWS Terraform code from scratch.

Cloud Posse's open source module library (160+ production-tested modules) lets you compose modern AWS architecture fast:

Cloud Posse modules give you:

Battle-tested: used by 100+ companies across industries

Composable: build the platform you want

Extensible: fork or wrap as needed

Open source: no lock-in, transparent community-driven

Successful teams leverage this head start, instead of reinventing common patterns.

How This Stack Fits With Modern SDLC Practices

How does this stack fit with how high-performing teams build software today?

High-performing teams use:

Git-based workflows — declarative infrastructure + GitHub Actions fits perfectly with GitOps principles.

Trunk-based development — easy to align infra changes with app code delivery.

PR-based review and compliance — Terraform + Actions gives auditable, reviewable infra changes.

Shift-left security — simple to layer in static analysis and policy checks (OPA, tfsec).

Reusable components — open source modules = clear separation of concerns.

In short: Terraform + GitHub Actions + open source modules aligns perfectly with modern DevSecOps and platform engineering practices.

Why You Won't Get Locked In or Boxed In

This is a key concern we hear from thoughtful teams:

"Will choosing this stack lock us into a vendor or limit future flexibility?"

The answer: no — it's the opposite.

You're not tied to a SaaS platform
You're not boxed into a proprietary IaC language
You're not forced to adopt a full-blown "platform as a product"

Instead:

Terraform is portable
GitHub Actions is flexible
Open source modules are forkable and extensible

This is a stack you can evolve over time — swap pieces as needed, layer in new capabilities — without major rework or migration risk.

Final Thought: You Don't Need Another Hammer — You Need a Blueprint

Most teams don't need to invent new tools or adopt "next-gen" platforms.

They need a proven blueprint and a stack they can trust:

Terraform — still the standard for AWS IaC
GitHub Actions — simple, effective CI/CD
Open source modules — real-world leverage, not greenfield yak shaving

If you find yourself asking:

"Should we adopt another tool? Should we build from scratch? Should we platform-engineer the platform?"

Pause. You probably don't need another hammer.

You need a blueprint. And this stack — Terraform + GitHub Actions + open source — gives you exactly that.

Want help adopting this stack — or tuning your current approach?

Our Quickstart and Jumpstart blueprints can help you get there faster.

Talk to an engineer. No fluff. Just straight advice from teams who've done this 100+ times.

Erik Osterman

CEO & Founder of Cloud Posse

Founder & CEO of Cloud Posse. DevOps thought leader.

Book a Meeting

Share This Post

Continue reading with these featured articles

Why You Shouldn't Reinvent Your AWS Architecture

Moving Fast Matters

Why Building From Scratch is Hard

The Modern Stack on AWS

aws cloud devops platform-engineering terraform github-actions open-source

The Modern Stack on AWS

byErik OstermanCEO & Founder of Cloud Posse

Jun 09 2025

Let's be blunt: AWS infrastructure is complex enough. You don't need to make it harder with trendy tools or Rube Goldberg CI/CD systems.

What actually works, again and again, across hundreds of real-world AWS platforms?

Terraform
GitHub Actions
Open source modules

It's simple. It's proven. It fits how modern teams actually deliver software.

Yet too many teams get distracted chasing "next-gen" IaC tools or overbuilding their pipelines.

Here's the truth:

You don't need a "platform as a product."

You don't need another hammer.

You need a blueprint — and a stack you can trust.

Let's walk through why this stack is still the smartest choice for AWS infrastructure today — and why it's future-proof for what's coming next.

Why Terraform Is Still the Standard for AWS IaC

Every year, new IaC tools hit the hype cycle: CDK, Pulumi, Crossplane, Wing, WeaveWorks/Flux, EarthlyCI...

Some even raised $8-50M+ (Wing, WeaveWorks, EarthlyCI). Some are now bankrupt (Wing, WeaveWorks, EarthlyCI).

Meanwhile — Terraform is still here, and still dominant for AWS infrastructure.

Why?

Battle-tested across nearly every AWS service

Declarative: easier to reason about and review

Large ecosystem of modules, providers, and tools

Language-agnostic: works for polyglot engineering teams

Put bluntly: Terraform is the lingua franca of AWS IaC.

CDK? Great if everyone on your team is TypeScript-proficient and comfortable writing imperative code for infra.

Crossplane? Great if you have a full-time team to operate Kubernetes as a control plane for everything (and the iceberg of infrastructure beneath it).

Wing? They burned VC dollars trying to replace Terraform — and didn't stick.

WeaveWorks? The company behind Flux is gone.

Terraform wins because it is simple, proven, and widely adopted.

Why GitHub Actions Works — You Don't Need Another Hammer

Here's the trap we see all the time:

Teams start building their AWS platform, and they think:

"Should we use Terraform Cloud? Spacelift? Crossplane with GitOps? Flux CD? Atlantis?"

Sure, those are fine tools. But they're just more hammers.

What most teams actually lack is not a better hammer — it's a blueprint.

No amount of nails, screws, or lumber will help if you don't have a clear architecture and a plan to implement it.

More tooling won't save a poor architecture
CI/CD complexity often becomes platform tech debt
Buying "yet another control plane" ≠ solving delivery velocity

GitHub Actions already gives you what you need.

GitHub Actions gives you:

First-class GitOps workflow (PR-driven infra changes) with Enterprise-grade governance

Simple to integrate with policy checks (OPA, tfsec, drift detection)

Self-hosted runners — scale without per-runner pricing

No extra system required to operate — native to GitHub

The winning pattern: Terraform + GitHub Actions + open source modules as a blueprint — not a pile of hammers.

How Cloud Posse's Open Source Modules Give You Leverage

Here's the real multiplier: you don't have to write your AWS Terraform code from scratch.

Cloud Posse's open source module library (160+ production-tested modules) lets you compose modern AWS architecture fast:

Cloud Posse modules give you:

Battle-tested: used by 100+ companies across industries

Composable: build the platform you want

Extensible: fork or wrap as needed

Open source: no lock-in, transparent community-driven

Successful teams leverage this head start, instead of reinventing common patterns.

How This Stack Fits With Modern SDLC Practices

How does this stack fit with how high-performing teams build software today?

High-performing teams use:

Git-based workflows — declarative infrastructure + GitHub Actions fits perfectly with GitOps principles.

Trunk-based development — easy to align infra changes with app code delivery.

PR-based review and compliance — Terraform + Actions gives auditable, reviewable infra changes.

Shift-left security — simple to layer in static analysis and policy checks (OPA, tfsec).

Reusable components — open source modules = clear separation of concerns.

In short: Terraform + GitHub Actions + open source modules aligns perfectly with modern DevSecOps and platform engineering practices.

Why You Won't Get Locked In or Boxed In

This is a key concern we hear from thoughtful teams:

"Will choosing this stack lock us into a vendor or limit future flexibility?"

The answer: no — it's the opposite.

You're not tied to a SaaS platform
You're not boxed into a proprietary IaC language
You're not forced to adopt a full-blown "platform as a product"

Instead:

Terraform is portable
GitHub Actions is flexible
Open source modules are forkable and extensible

This is a stack you can evolve over time — swap pieces as needed, layer in new capabilities — without major rework or migration risk.

Final Thought: You Don't Need Another Hammer — You Need a Blueprint

Most teams don't need to invent new tools or adopt "next-gen" platforms.

They need a proven blueprint and a stack they can trust:

Terraform — still the standard for AWS IaC
GitHub Actions — simple, effective CI/CD
Open source modules — real-world leverage, not greenfield yak shaving

If you find yourself asking:

"Should we adopt another tool? Should we build from scratch? Should we platform-engineer the platform?"

Pause. You probably don't need another hammer.

You need a blueprint. And this stack — Terraform + GitHub Actions + open source — gives you exactly that.

Want help adopting this stack — or tuning your current approach?

Our Quickstart and Jumpstart blueprints can help you get there faster.

Talk to an engineer. No fluff. Just straight advice from teams who've done this 100+ times.

Erik Osterman

CEO & Founder of Cloud Posse

Founder & CEO of Cloud Posse. DevOps thought leader.

Book a Meeting

Share This Post

Continue reading with these featured articles

The Modern Stack on AWS

The Modern Stack on AWS

Here's the truth:

Why Terraform Is Still the Standard for AWS IaC

Why?

Why GitHub Actions Works — You Don't Need Another Hammer

GitHub Actions gives you:

How Cloud Posse's Open Source Modules Give You Leverage

Cloud Posse modules give you:

How This Stack Fits With Modern SDLC Practices

High-performing teams use:

Why You Won't Get Locked In or Boxed In

Final Thought: You Don't Need Another Hammer — You Need a Blueprint

Related Posts

Why You Shouldn't Reinvent Your AWS Architecture

Moving Fast Matters

Why Building From Scratch is Hard

The Modern Stack on AWS

The Modern Stack on AWS

Here's the truth:

Why Terraform Is Still the Standard for AWS IaC

Why?

Why GitHub Actions Works — You Don't Need Another Hammer

GitHub Actions gives you:

How Cloud Posse's Open Source Modules Give You Leverage

Cloud Posse modules give you:

How This Stack Fits With Modern SDLC Practices

High-performing teams use:

Why You Won't Get Locked In or Boxed In

Final Thought: You Don't Need Another Hammer — You Need a Blueprint

Related Posts

Why You Shouldn't Reinvent Your AWS Architecture

Moving Fast Matters

Why Building From Scratch is Hard