Why specifically is that worse than config files?

config files / templates are typically declarative, you tel some orchestrator “this is how I want my infrastructure to look like, please detect changes and make it happen”.

it makes it much more easy to reason about things, as state is abstracted away.

What's the difference in declarativeness between:

- Opening a YAML file in a text editor, deleting some lines, then doing a Kubernetes or Terraform or whatever apply operation

- Creating a SQL migration to delete some rows from a table, checking the migration into the repo, and then running a database migration

?

If properly modelled so the modifying operations are consistent and logical, SQL for modification has the advantage over "proper code to update" has the advantage that in many cases the same query to find something is used with only minor alteration to modify it.

Now the real magic, would be to make changes atomic!

TF has locks so that two people cannot modify infra at the same time.

There are also dependencies within the resources to consider, such as network creation before firewall rule before VM

Yeah, and Terraform providers can be buggy and actually mess up those dependencies. I ran into this very recently where Terraform planned my changes successfully but failed to delete something because it had a dependency on another thing which it was planning to delete later.

It would be very difficult to mess this up with SQL foreign keys.