Excellent and thoroughly well written post Ian.
As I was reading I found myself a little bit conflicted. One one hand I completely align with the end goal and the principles you applied to automating the solution:
- Principle of least privilege
- Automated infrastructure
- Serverless by default
On the other hand, it seems a lot of code to build and maintain to implement a solution that should be provided out of the box.
I guess you decided you absolutely wanted to (or had highly compelling reasons to) use GCP and GHE and those were the constraints?
A few questions spring to mind:
- How do you feel about the maintenance costs of this solution?
- Did you consider alternatives to GCP and GHE that would have resulted in a simpler solution?
- Would this be something that is managed by a platform team as an enabler for multiple dev teams or is this an approach taken by just a single team?
Thanks. Looking forward to more posts.
