awsclouddevopsplatform-engineeringterraformgithub-actionsopen-source

The Modern Stack on AWS

Erik Osterman
byErik OstermanCEO & Founder of Cloud Posse
Jun 09 2025

Let's be blunt: AWS infrastructure is complex enough. You don't need to make it harder with trendy tools or Rube Goldberg CI/CD systems.

What actually works, again and again, across hundreds of real-world AWS platforms?

  • Terraform
  • GitHub Actions
  • Open source modules

It's simple. It's proven. It fits how modern teams actually deliver software.

Yet too many teams get distracted chasing "next-gen" IaC tools or overbuilding their pipelines.

Here's the truth:

  • You don't need a "platform as a product."
  • You don't need another hammer.
  • You need a blueprint — and a stack you can trust.

Let's walk through why this stack is still the smartest choice for AWS infrastructure today — and why it's future-proof for what's coming next.

Why Terraform Is Still the Standard for AWS IaC

Every year, new IaC tools hit the hype cycle: CDK, Pulumi, Crossplane, Wing, WeaveWorks/Flux, EarthlyCI...

Some even raised $8-50M+ (Wing, WeaveWorks, EarthlyCI). Some are now bankrupt (Wing, WeaveWorks, EarthlyCI).

Meanwhile — Terraform is still here, and still dominant for AWS infrastructure.

Why?

  • Battle-tested across nearly every AWS service
  • Declarative: easier to reason about and review
  • Large ecosystem of modules, providers, and tools
  • Language-agnostic: works for polyglot engineering teams

Put bluntly: Terraform is the lingua franca of AWS IaC.

CDK? Great if everyone on your team is TypeScript-proficient and comfortable writing imperative code for infra.

Crossplane? Great if you have a full-time team to operate Kubernetes as a control plane for everything (and the iceberg of infrastructure beneath it).

Wing? They burned VC dollars trying to replace Terraform — and didn't stick.

WeaveWorks? The company behind Flux is gone.

Terraform wins because it is simple, proven, and widely adopted.

Why GitHub Actions Works — You Don't Need Another Hammer

Here's the trap we see all the time:

Teams start building their AWS platform, and they think:

"Should we use Terraform Cloud? Spacelift? Crossplane with GitOps? Flux CD? Atlantis?"

Sure, those are fine tools. But they're just more hammers.

What most teams actually lack is not a better hammer — it's a blueprint.

No amount of nails, screws, or lumber will help if you don't have a clear architecture and a plan to implement it.

  • More tooling won't save a poor architecture
  • CI/CD complexity often becomes platform tech debt
  • Buying "yet another control plane" ≠ solving delivery velocity

GitHub Actions already gives you what you need:

  • First-class GitOps workflow (PR-driven infra changes) with Enterprise-grade governance
  • Simple to integrate with policy checks (OPA, tfsec, drift detection)
  • Self-hosted runners — scale without per-runner pricing
  • No extra system required to operate — native to GitHub

The winning pattern: Terraform + GitHub Actions + open source modules as a blueprint — not a pile of hammers.

How Cloud Posse's Open Source Modules Give You Leverage

Here's the real multiplier: you don't have to write your AWS Terraform code from scratch.

Cloud Posse's open source module library (160+ production-tested modules) lets you compose modern AWS architecture fast:

  • Battle-tested: used by 100+ companies across industries
  • Composable: build the platform you want
  • Extensible: fork or wrap as needed
  • Open source: no lock-in, transparent community-driven

Successful teams leverage this head start, instead of reinventing common patterns.

How This Stack Fits With Modern SDLC Practices

How does this stack fit with how high-performing teams build software today?

  • Git-based workflows — declarative infrastructure + GitHub Actions fits perfectly with GitOps principles.
  • Trunk-based development — easy to align infra changes with app code delivery.
  • PR-based review and compliance — Terraform + Actions gives auditable, reviewable infra changes.
  • Shift-left security — simple to layer in static analysis and policy checks (OPA, tfsec).
  • Reusable components — open source modules = clear separation of concerns.

In short: Terraform + GitHub Actions + open source modules aligns perfectly with modern DevSecOps and platform engineering practices.

Why You Won't Get Locked In or Boxed In

This is a key concern we hear from thoughtful teams:

"Will choosing this stack lock us into a vendor or limit future flexibility?"

The answer: no — it's the opposite.

  • You're not tied to a SaaS platform
  • You're not boxed into a proprietary IaC language
  • You're not forced to adopt a full-blown "platform as a product"

Instead:

  • Terraform is portable
  • GitHub Actions is flexible
  • Open source modules are forkable and extensible

This is a stack you can evolve over time — swap pieces as needed, layer in new capabilities — without major rework or migration risk.

Final Thought: You Don't Need Another Hammer — You Need a Blueprint

Most teams don't need to invent new tools or adopt "next-gen" platforms.

They need a proven blueprint and a stack they can trust:

  1. Terraform — still the standard for AWS IaC
  2. GitHub Actions — simple, effective CI/CD
  3. Open source modules — real-world leverage, not greenfield yak shaving

If you find yourself asking:

"Should we adopt another tool? Should we build from scratch? Should we platform-engineer the platform?"

Pause. You probably don't need another hammer.

You need a blueprint. And this stack — Terraform + GitHub Actions + open source — gives you exactly that.


Want help adopting this stack — or tuning your current approach?

Our Quickstart and Jumpstart blueprints can help you get there faster.

Talk to an engineer. No fluff. Just straight advice from teams who've done this 100+ times.

Erik Osterman
Erik Osterman
CEO & Founder of Cloud Posse
Founder & CEO of Cloud Posse. DevOps thought leader.

Share This Post