← All Steps

Cloud & Infrastructure

Everything we run goes through code. Get these tools installed so you can actually work on infrastructure.

AWS CLI

Install the AWS CLI:

brew install awscli

Configure your credentials (you’ll receive an IAM user or SSO details from a team lead):

aws configure

Or for SSO:

aws configure sso

Verify access:

aws sts get-caller-identity

Multiple Profiles

If you work across multiple AWS accounts, use named profiles in ~/.aws/config:

[profile staging]
sso_start_url = https://gremlin.awsapps.com/start
sso_region = eu-west-1
sso_account_id = 123456789012
sso_role_name = DeveloperAccess
region = eu-west-1

[profile production]
sso_start_url = https://gremlin.awsapps.com/start
sso_region = eu-west-1
sso_account_id = 987654321098
sso_role_name = ReadOnlyAccess
region = eu-west-1

Switch profiles:

export AWS_PROFILE=staging
aws sso login

Terraform

We use tfenv to manage Terraform versions per project:

brew install tfenv

Install the latest version:

tfenv install latest
tfenv use latest

Projects with a .terraform-version file will auto-select the right version.

Verify:

terraform version

Terraform Basics

# Initialise a project (downloads providers)
terraform init

# Preview changes
terraform plan

# Apply changes
terraform apply

# Show current state
terraform show

Never run terraform apply in production without a reviewed plan. Use CI/CD for production changes.

Pulumi

Some of our infrastructure uses Pulumi with TypeScript and Python. These are mainly used for client projects, so you’ll set up the specific stack when you’re assigned to one.

brew install pulumi

For TypeScript Pulumi projects:

cd infra/
bun install        # install dependencies
pulumi preview     # preview changes
pulumi up          # apply changes

For Python Pulumi projects:

cd infra/
uv sync            # install Python dependencies
pulumi preview     # preview changes
pulumi up          # apply changes

Your team lead will walk you through the specific client project setup, including which Pulumi backend and cloud credentials to use.

Docker

Install Docker Desktop or use OrbStack (faster, lighter alternative for macOS):

brew install --cask orbstack

Verify:

docker version
docker compose version

Tailscale

We use Tailscale heavily for accessing internal tools, dev environments, and client infrastructure that isn’t exposed to the public internet. Think of it as a VPN that just works.

brew install --cask tailscale

Open Tailscale from your menu bar and sign in with your Gremlin account. Once connected, you’ll be able to reach internal services by hostname (e.g. grafana.tail1234.ts.net) without any port forwarding or VPN client fiddling.

What’s on Tailscale

  • Internal dashboards and monitoring
  • Dev/staging environments
  • Shared databases and services
  • SSH access to infrastructure that isn’t publicly routable

Your team lead will add your device to the right ACL groups when you join. If you can’t reach something, check that Tailscale is connected (menu bar icon should be active) and ask if you’ve been added to the right group.

Multiple Devices

Tailscale works across your laptop, phone, and any VMs or containers you need to reach. Install it on anything that needs access to the internal network.

Infrastructure Repos

Key repos to clone:

cd ~/git/gremlin
git clone git@github.com:GremlinLTD/iac.git

The iac repo contains our infrastructure code. Read its README for project-specific setup instructions.

Next Steps

Continue to Development Workflow to learn how we work day-to-day.