Guardrails supported by Terraform against misadevnture or mistakes in landscape configuration ( esp. on customer landscape)

[sharathmg-sap]

Right now, any change to the structure is restricted to a couple of users with a higher level of privilege.
Does moving to Terraform expose us to the risk of allowing anyone else to mess up with the infrastructure through the code

In general, the safeguard provided by Terraform against misuse or mistakes

[lechnerc77]

There are several aspects to this:

• As soon as you switch to Terraform and manage the setup via Infrastructure as Code the users that can change something on the platform should be removed to the bare minimum to avoid unnecessary changes resulting in configuration drift.
• For those who have access to the cockpit the assigned role collection should be reduced to the maximum needed to execute potentially necessary tasks for the user. The reason is the same as before, namely to avoid unnecessary changes and unwanted configuration drift

The leading source of changes and configurations should be the Terraform configuration.

The Terraform configuration should be kept a a source code repository using git mechanisms. Changes to the configuration must be authored via changes of the code i.e., via pull requests and we recommend to have a decent safety net for these changes in place (code review, automated checks, preliminary planning of the changes etc.). This is the safeguarding that you need to have in place. I would assume that potential reviewers are the same as the admins of the platform as of today. The change process you have in place will shift towards the checks in the code repository that hosts the changes with the potential that you can have a higher degree of automation and definitly less sources of manual errors.

The application should be done after the pull request passed all checks. The execution of the change (= the execution of the terraform apply) is then usually executed via a CI/CD pipeline. This requires an additional technical user with the right authorizations.

In summary, you will have one more technical user in place that can do the changes. Coming back to your question, this would be one additional (technical) user that can apply changes. However, in the best case the number of user that can do changes on the platform can potentially be reduced or at least their privileges can be reduced.