What is Infrastructure as Code?

calendar May 9, 2023 · 2 min read · iac terraform ansible  ·
Share on: linkedin copy

What IaC is, its core principles and purpose

IaC is an approach to deploying infrastructure in which manual actions are kept to a minimum or eliminated entirely.

No approach in DevOps gets by without tools, which is why we have a whole zoo of them:

  • Terraform — probably the most popular tool for managing almost any kind of resource. There are plenty of modules and providers for every occasion.
  • AWS CloudFormation — in terms of functionality, it's a subset of Terraform. It can only manage AWS resources.
  • Azure Resource Manager
  • GCP Cloud Deployment Manager
  • Ansible — often used in addition to the above, since it differs in purpose and operation.

An example of Terraform code:

 1data "yandex_compute_image" "ubuntu-2004-latest" {
 2  family = "ubuntu-2004-lts"
 3}
 4
 5resource "yandex_compute_instance" "my-virtual-machine" {
 6  name = "my-virtual-machine"
 7  zone = "ru-central1-a"
 8  resources {
 9    cores         = 4
10    memory        = 8
11    core_fraction = 100
12    gpus          = 0
13  }
14  boot_disk {
15    initialize_params {
16      image_id = data.yandex_compute_image.ubuntu-2004-latest.id
17      size     = 100
18      type     = "network-hdd"
19    }
20  }
21  network_interface {
22    subnet_id      = yandex_vpc_subnet.k8s-vpc-subnet-a.id
23    nat            = true
24    nat_ip_address = "11.22.33.44"
25  }
26  metadata = {
27    ssh-keys = "ubuntu:${var.sshkey-ivanov}"
28  }
29}

This code describes the creation of a virtual machine with the specified parameters and network settings

The "Infrastructure as Code" approach has become a standard in the DevOps world, and there are several reasons for this:

  • Code is also documentation that is always up to date, unlike other types of documentation. But that doesn't do away with comments in the code itself — they are still useful.
  • Redeploying a proven stack is automated and free of the errors that are easy to make when deploying infrastructure by hand.
  • It standardizes processes and collaboration within the infrastructure team.

When using IaC makes no sense:

  • If it's known in advance that the planned deployment will be one-off and temporary. For example, to test something.
  • When, after deployment, you frequently have to change something manually. This gives rise to what is known as drift, that is, a divergence between the actual and the described state.
  • When writing the code takes too much time compared to manual deployment, while it's known that the procedure will rarely be repeated, or never.
  • When the resulting code is unreliable, works poorly, and uses modules that are no longer maintained.
  • When maintaining the code itself and updating the versions of IaC tools takes a lot of time.