Infrastructure as Code (IaC)
Infrastructure as Code (IaC)
What Is IaC?
Infrastructure as Code (IaC) is the practice of defining and provisioning infrastructure (such as servers, storage, networking) using code. It can be done in two main styles:
- Declarative: Describe what the infrastructure should look like.
- Imperative: Write how to build it using real code.
Common Categories and Tools
| Category | Tools | Language Used | Purpose |
|---|---|---|---|
| Declarative IaC | Terraform, CloudFormation | HCL, YAML, JSON | Define infrastructure as a desired state |
| Imperative IaC | AWS CDK, Pulumi | TypeScript, Python, etc. | Define and deploy infrastructure using real programming |
| Container Definition (not IaC itself) | Dockerfile, docker-compose | Docker syntax, YAML | Define app containers and services layout |
| Configuration Management | Ansible, Chef, Puppet | YAML, Ruby | Set up OS-level configurations |
Declarative vs. Imperative IaC
| Aspect | Declarative | Imperative |
|---|---|---|
| You write... | What you want | How to achieve it |
| Tools | Terraform, CloudFormation | AWS CDK, Pulumi |
| Style | Configuration | Programming code |
| Analogy | "Build a 3 BHK house with garden" | "Lay bricks, install plumbing, then paint" |
| Flexibility | Limited, static | High, with loops, conditions, classes |
| Ease of use | Easier to read and manage | Easier to reuse and integrate with logic |
| Debugging | Less transparent | Easy to debug with standard tools |
Declarative IaC Example (Terraform)
resource "aws_s3_bucket" "my_bucket" {
bucket = "my-cool-bucket"
versioning {
enabled = true
}
}
- You describe the final outcome.
- Terraform figures out the steps to achieve it.
Pros:
- Simple and readable
- Great for managing large infra at scale
- Easy auditing and compliance
Cons:
- Limited logic (no loops, conditions without workarounds)
Imperative IaC Example (AWS CDK, Pulumi)
const bucket = new s3.Bucket(this, 'MyBucket', {
versioned: true,
});
- You write code that builds infrastructure.
- Supports logic, reuse, and integration with app pipelines.
Pros:
- Familiar to developers
- Flexible and reusable
- More automation-friendly
Cons:
- More complex for non-developers
- Slightly harder to audit visually
Why Both Styles Exist
| Use Case | Best Fit |
|---|---|
| Large-scale infra teams | Declarative (e.g., Terraform) |
| DevOps teams building infra with apps | Imperative (e.g., CDK, Pulumi) |
| Environments needing full visibility/compliance | Declarative |
| Code-based logic reuse | Imperative |
Tools That Mix Both
- AWS CDK generates CloudFormation templates, blending both styles.
- Pulumi uses imperative code but also tracks desired state like declarative tools.
Quick Summary
| Goal | Recommended Approach |
|---|---|
| Simplicity and visibility | Declarative (e.g., Terraform) |
| Logic and flexibility | Imperative (e.g., CDK, Pulumi) |
| Hybrid usage | Tools that support both (CDK, Pulumi) |
Related Terms and Concepts in IaC
Core Concepts
| Term | Description |
|---|---|
| Provisioning | Automatically creating cloud resources |
| Declarative Configuration | Defines what infrastructure should exist |
| Imperative Configuration | Defines how to create infrastructure |
| Desired State | The target infrastructure configuration |
| Idempotency | Running code multiple times produces the same result |
| State Management | Tracks current vs. desired infrastructure state (e.g., Terraform .tfstate) |
Common IaC Tools
| Tool | Type |
|---|---|
| Terraform | Declarative, multi-cloud |
| AWS CloudFormation | Declarative, AWS-only |
| AWS CDK | Imperative, AWS |
| Pulumi | Imperative, multi-cloud |
| Ansible | Declarative (mostly for config) |
| Chef / Puppet | Config management |
| Kubernetes YAML | Declarative (container infra) |
DevOps Practices Related to IaC
| Practice | How It Relates to IaC |
|---|---|
| CI/CD | IaC is used to set up infra automatically in pipelines |
| GitOps | Infra code stored in Git and applied via automation |
| Immutable Infrastructure | Destroy and recreate infra instead of editing in-place |
| Blue-Green Deployment | Use IaC to switch traffic safely between environments |
| Rolling Update | Gradually deploy updates using IaC |
| Automated Testing | Infrastructure can be tested like application code |
Cloud Resources Commonly Managed by IaC
| Cloud Component | Example Use via IaC |
|---|---|
| EC2 / Compute Engine / Azure VM | Create virtual machines |
| S3 / GCS / Blob Storage | Create storage buckets |
| VPC / Subnets / Route Tables | Define networking and connectivity |
| IAM Roles / Policies | Set up permissions and access control |
| RDS / DynamoDB / Cloud SQL | Provision managed databases |
| ECS / EKS / AKS | Set up container orchestration (including services, tasks, etc.) |
Supporting Concepts
| Term | Description |
|---|---|
| Dockerfile | Describes how to build container images (used with IaC) |
| Container Orchestration | Kubernetes and IaC often used together |
| Secrets Management | IaC integrates with tools like AWS Secrets Manager, Vault |
| Monitoring and Logging | IaC can provision tools like CloudWatch, Datadog |
| Cost Optimization | IaC can define auto-scaling and shut down idle resources |