We currently use Terraform and Chef together as we are in the process of moving our APIs into Docker, but you always have your long-lived, back-plane servers, i.e. a RabbitMQ cluster. We use DataDog to monitor and recently had to change the API key for each node due to their breach. Replacing every instance in our fleet to do this instead of changing the config via Chef seems excessive.

I think it is also worth mentioning the state of Chef / Puppet / Salt / Ansible w.r.t. infrastructure orchestration. Chef has chef-provisioning but it is not really an option -> https://coderanger.net/provisioning/. I initially created our infrastructure using Ansible, but quickly ran into module bugs and missing ones, i.e. CodeDeploy. The overhead of testing and fixing on a separate AWS environment became too heavy as you can’t do a dry-run (tf plan). I haven’t played enough with Puppet or Salt to have an opinion. Terraform’s learning curve is also a lot lower than even Ansible, so it really makes sense to use it instead of the other 4 to spin up your infrastructure.

Great articles though, will comment on the others too.