We’re excited to announce the open source release of cztack (we pronounce it “stack”), a major tool in CZI’s infrastructure. cztack is a framework of Terraform modules that enables teams to build better, more robust cloud infrastructure with less pain. Along with fogg for managing Terraform infrastructure-as-code repositories, cztack provides a set of common building blocks that CZI engineers use to build infrastructure.
To explain why this project exists, we’ll tell you a bit about how CZI works.
CZI is a philanthropy that brings together world-class engineering with grant-making, impact-investing, policy, and advocacy work. Almost half of CZI’s 250-member team works in technology. Most of our CZI-Tech colleagues are focused on specific CZI initiative projects, building tools and products that will “move the needle” for that particular initiative. Our team, Shared Infrastructure Engineering, has a different focus.
Our team works on common infrastructure tools that support work across CZI’s initiatives and beyond.
Because CZI is amenable to open sourcing projects, our small (but growing) team is empowered to meet goals like this one: enable every engineer at CZI to build the infrastructure that they need. And what’s the best way to get this done? That’s right, build tools! Because our tools are general purpose and we want to help as many as possible, open sourcing most of our work just makes sense.
One of the most powerful ways that our team can scale its impact is to build automation tools that all engineers across CZI can use, even if they’re not infrastructure specialists. Terraform makes that possible by providing a toolchain to automate the provisioning and configuration of cloud resources. The modules we’re open releasing are AWS-focused since that’s where the majority of our usage is, but there might be room to grow in the future.
And if you are wondering – every CZI team and a few partners are using the modules.
Although there are many, many Terraform modules available in places like the Terraform Module Registry, they all work slightly differently. Due to the different coding styles, naming conventions, and design philosophies, mixing and matching them can be difficult.
To address this, we’ve developed a single style and design philosophy for CZI infrastructure and we’re applying it in cztack via standardized naming and consistent tagging of resources, secure-by-default, and a consistent repository layout.
As you might know, plenty of teams open source their modules only after they realize that they can’t invest the time needed to support them. Since CZI collaborates on technology projects with many outside groups, we understand that we won’t be able to provide sufficient support to everyone we want to if our tools aren’t open sourced.
We feel like many things about building infrastructure are important and require thoughtfulness. So, if we can eliminate style and basic security concerns, our users can just get to the differentiated work that matters to their team. We already highlighted some of our design approaches in #1. On top of that, we take some strong stances, including forcing encryption at rest, SSL in transit, and addressing other security concerns.
The current cztack modules are the first wave of many so expect more to come. With the fogg release, this is the second major tool in our infra toolbox.
This article was also posted on Medium.