What is Infrastructure as Code (IaC)?

Gui Alvarenga - April 5, 2022

Infrastructure as Code (IaC) simplifies app development, configuration and runtime by managing and provisioning the infrastructure through code, instead of manually. IaC is an IT practice that leverages code to:

  • Automate infrastructure provisioning, deployment, configuration and management
  • Orchestrate the operation of all infrastructure components, such as hardware, software, networks, virtual machines, containers, databases and cloud infrastructure elements
  • Configure, monitor and manage all infrastructure components and systems

With the vast adoption of workloads, containers and cloud computing, IaC is an important part of DevOps, enabling automation and continuously monitoring the entire application lifecycle, from integration and testing to delivery and deployment.  It is also an important aspect of application and container security, as well as overall workload protection.

You can think of IaC as a single source of truth for the IT environment. In this approach, the same configuration files are deployed over and over, ensuring a consistent and accurate environment for all infrastructure components. In so doing, developers and other teams can provision, edit, distribute and reproduce configurations, consistently – without manually configuring hardware, software, endpoints, cloud components or the operating system. By automating this process, organizations can generate valuable efficiency gains, as well as maintain code security.

Why is IaC a useful tool

Infrastructure as a Code has been widely adopted for years, and most software developers and IT don’t need to even consider the benefits, because it’s just the air they breathe .

Have you ever managed an environment created manually? Do you fear having to make changes and what might happen, or crushing the server? Or do you fear not being able to recreate the environment?

IaC gives you the freedom and confidence that you can code, and if something doesn’t go well, you can always roll back. It gives you better visibility and understanding of the environment, allowing you to be comfortable making the changes needed, troubleshooting, auditing.

With IaC, all configuration is dictated by source code. This not only ensures a consistent and secure production environment but also makes it far simpler for the IT or development team to edit, update, and distribute.

IaC is a critical enabler of agile, continuous integration/continuous delivery (CI/CD) and DevOps practices in that it eliminates most manual provisioning and configurations of cloud infrastructure components. IaC is also modular in nature, which means that different pieces of code can be divided and combined to meet the needs of various use cases. This helps make the entire software development lifecycle more efficient and enable faster development times.

Declarative vs Imperative Infrastructure as Code

There are two main approaches for writing IaC code:

  1. Declarative
  2. Imperative

Declarative IaC

A declarative approach to IaC is one in which the user defines the future state and lists all resources and attributes within the infrastructure; however, the  tool or platform will determine how to best install and configure the system to achieve the future state.

Imperative IaC

An imperative approach requires far more input and specificity than a declarative approach. In this method, the developer or IT team will define the future state and also specify the process for doing so. The tool or system will not deviate from the steps within the process or change the order.

The value of declarative IaC

Most organizations tend to adopt a declarative approach because it offers far greater flexibility in enabling a variety of use cases. Specific benefits include:

  • Simplicity: Declarative IaC requires little input from the developer beyond specifying the desired future state.
  • Speed and flexibility: A declarative system automatically compiles an inventory of all objects within the environment. Having this record makes it easier and faster to alter or disassemble the infrastructure when needed in the future.
  • Automation: In a declarative approach, any changes made within the desired state are automatically applied by the IaC platform. In an imperative approach, it would be up to the developer to reflect the changes within the environment.
  • Optimization: In an IaC approach, organizations can limit deployment scripts and other imperative code, which helps contain and reduce technical debt over time.

Benefits of IaC

In the modern IT landscape, IaC should be considered an essential component within the IT strategy. Even relatively simple infrastructure requirements can be made more efficient and cost effective by leveraging IaC principles.

While IaC may add complexity within the IT environment, the advantages of doing so generally outweigh the cost of implementation and management.

The main purpose for using IaC is to deliver a consistent, stable and reliable environment, at speed and at scale. Specific benefits include:

  • Speed: IaC allows the team to provision infrastructure via a coded script, which is significantly faster than doing so manually.
  • Accuracy: By relying on code, IaC limits mistakes within the configuration process and also cuts down on inconsistencies that may occur when more than one person is responsible for configuration.
  •  Efficiency: IaC is a strategic enabler of DevOps in that cloud infrastructure components can be made available rapidly as they are needed. This helps streamline software development and optimize resources within the IT team.
  • Cost savings: Automation generally leads to cost savings and IaC is no exception. By allowing organizations to optimize limited resources, including hardware costs, staffing costs, storage costs and more, IaC drives down overall costs and enables teams to focus on the higher-value tasks that require human oversight and intervention.

Infrastructure as Code Platforms and Tools

Some of the most popular infrastructure as code platforms and tools include:

Terraform

Terraform is an open source IaC tool that allows developers to define and provide data center infrastructure across a variety of platforms, including Amazon Web Services (AWS), Microsoft Azure, Oracle Cloud, Google Cloud Platform and other public cloud platforms.

Pulumi

Pulumi is an open source IaC software development kit (SDK) that allows developers to create, deploy, and manage infrastructure on any cloud, using a variety of languages, including Python, TypeScript, JavaScript, Go, C#, and F#.

Ansible

Ansible is an IaC tool that supports application development for IBM Power Systems clients. Like Terraform and Pulumi, Ansible is an open source resource that can automate provisioning, configuration management, and application deployment.

Chef Infra

Chef Infra, along with Puppet, is a pioneer in the DevOps space and one of the first infrastructure management tools for defining IaC.

Puppet

Puppet, another infrastructure as code pioneer, is a software configuration management tool that uses its own declarative language and models to configure systems.

CFEngine

CFEngine is another open source configuration management system. It is considered to be one of the most mature tools on the market and can support complex configuration needs.

AWS CloudFormation

AWS CloudFormation is an IaC tool that enables users to model, provision, and manage AWS infrastructure as well as other external resources.

Azure Resource Templates (ART)

Azure Resource Templates is an infrastructure as code service that uses JSON to configure infrastructure components within the Azure environment.

Google Cloud Deployment Manager

Google Cloud Deployment Manager is an infrastructure deployment service that automates the creation and management of Google Cloud resources.

IaC and automation simplifies application development, delivery and deployment. It enables DevOps and IT to build, configure and manage the infrastructure more efficiently.  Security is an extremely important aspect to build, deliver and deploy applications.  Think it, Build it, Secure it with CrowdStrike.

GET TO KNOW THE AUTHOR

Guilherme (Gui) Alvarenga, is a Sr. Product Marketing Manager for the Cloud Security portfolio at CrowdStrike. He has over 15 years experience driving Cloud, SaaS, Network and ML solutions for companies such as Check Point, NEC and Cisco Systems. He graduated in Advertising and Marketing at the Universidade Paulista in Brazil, and pursued his MBA at San Jose State University. He studied Applied Computing at Stanford University, and specialized in Cloud Security and Threat Hunting.