Terraform: Custom Resources (without Go)
The approach bridges the gap between Terraform and other tooling that is not available via some custom provider. It can be used instead of implementing some custom provider, which allows to stay in the technology stack already adopted by the team. The approach plays nicely in the cases, which the concepts provisioning, deprovisioning and drift mitigation could be applied to. There are some things that one needs to know when using it, but in general some new case can be implemented with the pattern only once, and as long there is no need to change it drastically, it will continue to live (it is even resilient to external impact – which is covered by the drift mitigation).
Azure Traffic Manager and its certificate (with Terraform)
tl;dr: Azure issues certificates using a 3rd-party service (currently Digicert). For the proof of possession of a managed domain, Azure gets a random string from Digicert and then exposes it under a known path. Digicert then fetches it, checks that it is correct and issues a cert. For App Services which have firewall open or have Digicert IPs whitelisted.
K8s in Oracle Cloud Always Free tier (with Terraform)
Upd. March 2022: I've been banned at the Oracle Cloud for having Belarus as the origin country. All attempts to restore the access were rejected with no explanation. Still, I hold this article as a nice exercise, although now I have to warn readers of possible consequences of using Oracle Cloud.