terraform VS sceptre

When a change earns its way onto main, the train builds the container image one time and tags it by the commit SHA. That image is the artifact. It runs in dev immediately. And here's the part that makes promotion boring: shipping to prod doesn't rebuild anything. It re-points a config overlay (a Kustomize overlay, in practice, committed to the same repo) at the same SHA that's already running in dev. Same bytes, different environment. Promotion is a routing decision, not a build decision. The thing you tested in dev is the literal thing that runs in prod. Not a rebuild from the same commit and a hope. The same image. That cleanly splits two worlds that most setups jam into one giant deploy job. The slow-moving substrate (the cluster, the network, IAM, the shape of your manifests) changes on the order of a quarter and belongs to Terraform, ideally run through something like Terraform Cloud so applies are deliberate and auditable instead of run from someone's laptop. The fast-moving payload (image refs, rollouts, the things that change every commit) belongs to Git, reconciled continuously by a GitOps controller. Argo CD is the common one: it watches the repo, diffs the declared state against what's actually running in the cluster, and makes the cluster match. Change the overlay in Git, Argo CD notices and applies it. Flux does the same job if you prefer it. TF for the building, Git for the lights. The rule is simple: if it changes per release, Git owns it; if it changes per quarter, Terraform owns it. Match the tool to the rate of change and the six-hour deploy job that rewrites your infrastructure mid-flight just stops existing. One more piece falls out of this: tags are markers, not artifacts. The cluster never deploys a tag. The tag is a point-in-time anchor that says "this commit's state was live in prod," useful for audit, for rollback targeting, and for release notes. It records what shipped and when. Nothing reads it to decide what runs.

AWS EC2 / Azure VMs (Linux and Windows) — Dedicated job run terraform to provision and de-provision instances from packer templates.

Use an IaC tool like Terraform to define every resource declaratively, and a configuration management tool like Ansible for anything that runs on the instance itself.

⭐ hashicorp/terraform — 48,279 stars, 10,324 forks

Look, I don't know what else to tell 'ya, but in 2026 if you're getting "mysterious" charges from AWS after "deleting everything", you're simply not competent.

With a plethora of free billing tips from places like Duckbill https://www.duckbillhq.com/, to full-on repos like AWS-Nuke, https://github.com/ekristen/aws-nuke , down to AWS's own account monitoring and management services like Control Tower https://aws.amazon.com/controltower/, and Config https://aws.amazon.com/config/ , and full IAC ecosystems like Terraform https://developer.hashicorp.com/terraform or OpenTofu https://opentofu.org/ , you are not leveraging all the cost-management capabilities of the modern cloud.

Terraform has been iterating a lot more in the past few months introducing features or updates to the core binary which were always desired. Looking at the release notes of v1.15.0-alpha20260204 version , you see a few gems.

Having pre-execution options like in Terraform makes agent operations easier.

There's a Terraform GitHub issue that's been open for years: people want to customize modules without forking them. Add a lifecycle block. Tweak a tag. Simple stuff.

You’re integrating Puppet with other tooling (Terraform, CI/CD, internal platforms).

See: * https://github.com/hashicorp/terraform-provider-aws/issues/10491 * https://github.com/Sceptre/sceptre/issues/674

our AWS SAs tried to sell us on it. but it seems worse than my current sceptre pipeline that I also run in CodePipeline 🤷‍♂️

Cloud formation or AWS cdk. If you're leaning towards cloud formation check out some management tools like sceptre if you like the cdk idea you could also check out terraform.

Also have a look at Cloudreach's Sceptre.

On the tool side you have sceptre: https://github.com/Sceptre/sceptre

https://github.com/Sceptre/sceptre - here's a good example. Terra form knockoff written and managed by a consultancy. As part of their "services", they can code themselves into your organization for a small monthly consulting fee! Yay!