

Discover more from Neocrym Tech Blog
Provose: The easiest way to manage your Amazon Web Services infrastructure
Deploy containers, databases, and filesystems with just a few lines of code.
At Neocrym, we are heavy users of Amazon Web Services to run distributed web crawlers and machine learning pipelines.
We built all of our AWS infrastructure using HashiCorp Terraform. We built Provose—an open-source tool built on top of Terraform—to make it easy to quickly spin up lots of containers, databases, and network filesystems.
Why we needed Provose
Terraform is a wonderful tool, but it does come with a few drawbacks:
The official Terraform AWS Provider is a fairly low-level binding to the AWS API, making it repetitive to build complex infrastructure.
Terraform syntax is intentionally limited and lacks the syntactic sugar common in more fully-featured programming languages.
Others have tried to mitigate these drawbacks by building Terraform-style tools that can be used from programming languages like Python or JavaScript, such as Pulumi or the AWS Cloud Development Kit (CDK).
However, I believe that Terraform’s limited syntax is a feature—not a bug. It makes it easier to statically analyze a Terraform plan before actually using it to create or delete resources in the cloud.
What makes Provose different
Provose is intentionally designed to be simpler than tools like Pulumi and AWS CDK. Here are a few benefits of Provose:
Provose is a high-level API for AWS. There are many common patterns—like serving HTTP traffic from a Docker container—that require stringing together a dozen-odd Terraform “Resources.” Provose packages together these Resources and lets the user configure them with a few lines of code.
Provose automatically handles security/networking configuration for you. You specify all of the containers, databases, and filesystems that you wish to deploy within a single VPC, and Provose will create Security Groups, IAM, and networking configuration to ensure that everything you can deploy can talk to each other. As such, Provose encourages creating many small VPCs for the purpose of practicing defense-in-depth.
Provose is written in pure Terraform (plus a few calls to shell commands). This makes it easy to integrate Provose into existing Terraform codebases and to use Terraform-parsing tools on Provose projects.
Examples of using Provose
Provose documentation is hosted at provose.com. You can find documentation for deploying:
Docker containers with AWS Fargate or AWS Batch
databases like MySQL, PostgreSQL, Redis, and Elasticsearch
network filesystems like AWS Elastic File System (EFS) and AWS FSx Lustre
On the Provose homepage is an example of deploying an HTTP server in a Docker container. Provose automatically:
provisions a TLS certificate using AWS Certificate Manager (ACM).
attaches the certificate to an AWS Application Load Balancer (ALB).
deploys the container to AWS Fargate, sitting behind the ALB.
I have also written an example of how to deploy a Ghost.org blog using Provose.
If you have made it all the way to the end of this post, let us know what you think of Provose.