---
title: "Writing · Ruslan Akchurin"
canonical_url: https://ruslanakchurin.dev/blog
description: "I write about infrastructure decisions that are easy to hand-wave and hard to live with later"
---

# Writing · Ruslan Akchurin

I write about infrastructure decisions that are easy to hand-wave and hard to live with later

## Making IaC boring

https://ruslanakchurin.dev/blog/making-iac-boring

- Part 1 — [Start with the shape](https://ruslanakchurin.dev/blog/making-iac-boring/01-shape) — By the time anyone reviews an IaC codebase, its shape is already decided.
- Part 2 — [Resolve by contract](https://ruslanakchurin.dev/blog/making-iac-boring/02-contract) — Cross-stack dependencies make another stack's outputs a public interface. A typed contract on a producer namespace and key is the alternative.
- Part 3 — [Define tier membership](https://ruslanakchurin.dev/blog/making-iac-boring/03-membership) — Environment boundaries blur when workload-specific members (service accounts, IAM bindings, DNS records) accumulate in the shared environment tier.
- Part 4 — [Fail before apply](https://ruslanakchurin.dev/blog/making-iac-boring/04-fail-before-apply) — An IaC contract holds only if the release path enforces it: a resolver checks type and context, then refuses invalid composition before apply.
- Part 5 — [Re-cut the system](https://ruslanakchurin.dev/blog/making-iac-boring/05-re-cut-the-system) — Refactoring a live IaC system toward a new architecture: freeze the old boundary, publish the new contract beside it, delete only after consumers move.
- [Appendix A: The shape, runnable](https://ruslanakchurin.dev/blog/making-iac-boring/appendix-a) — A companion repository makes the series architecture executable: four tiers, typed cross-tier contracts, and resolver probes that refuse bad composition before any provider call.