Tips

You know what Terraform design pattern I don't see enough of?

Data modules.

Just in the way that you have read-only data blocks, in contrast to resource blocks, which provision resources — who says modules always need to provision resources either? A "data" module can be used to share configs, metadata, and other reusable information across complex, distributed architectures. For example, all of the IP addresses you'd like to trust in firewalls across all the systems you manage. You can even use them for reusing complex logic/calculations, as I did for my RFC 1918 CIDR checker (very cool; check it out; shameless plug).

It's a surprisingly underrated means of DRYing up your Terraform.

Did you know you can only have up to two log subscription filters per log group on AWS? Came as a surprise to me.

To those with sanity: split out your log groups at the producer. To those without: I hacked together a "demux" Lambda for splitting your measly 2 subscription filters into as many as you want, and you can find it on my GitHub here.

Yes, I'm a psychopath.