Development Operations

infrastructure as code

Infrastructure as Code (IaC)

Infrastructure as Code is the practice of defining and managing infrastructure—networks, VMs, containers, databases, etc.—using machine-readable configuration files instead of manual setup or ad-hoc scripts.

What Is Infrastructure as Code?

IaC definitions live in version control and pass through code reviews and CI/CD pipelines like application code. This makes infrastructure repeatable, testable, and auditable.

Common IaC Tools
  • Terraform: A cloud-agnostic tool using HCL to manage infrastructure across AWS, Azure, GCP, Kubernetes, and more.
  • AWS CloudFormation: AWS-native declarative templates for provisioning and managing AWS resources.
  • Azure Resource Manager (ARM) / Bicep: Azure’s native IaC model using JSON (ARM) or the higher-level Bicep language.
  • Others: Google Deployment Manager, Pulumi (uses general-purpose languages), and configuration tools like Ansible, Chef, or Puppet.
Why Is IaC Superior to Manual Provisioning?
  • Consistency & Repeatability: The same code creates identical environments every time, reducing configuration drift and deployment mismatches.
  • Speed & Automation: Environments can be built, updated, or destroyed automatically—supporting CI/CD and rapid scaling.
  • Reduced Human Error: Replaces manual, error-prone setup steps with tested, codified definitions.
  • Version Control & Auditability: Every infrastructure change is a code change—reviewed, traceable, and reversible.
  • Security & Compliance: Security baselines, IAM rules, and encryption policies are applied consistently with full audit history.
What Is Drift?

Drift occurs when actual infrastructure differs from what’s defined in your IaC code. It happens due to manual changes (e.g., through cloud consoles), one-off scripts, or failed runs leaving intermediate states.

Drift leads to inconsistent behavior, harder debugging, and potential security risks because your code and live environment no longer match.

How IaC Tools Manage State

Most declarative IaC tools maintain a state file that records what the infrastructure currently looks like. The system compares the desired state (code) vs the current state (tracked) to apply only necessary changes.

Best Practices for State Management:
  • Store state centrally and securely (e.g., S3 + DynamoDB lock, Azure Storage, or Terraform Cloud).
  • Enable locking so only one apply runs at a time to prevent state corruption.
  • Encrypt the state file and restrict access since it can include sensitive data.
  • Back up the state regularly; treat it as critical infrastructure metadata.
Handling Drift with State
  • Run plan or diff commands frequently to compare desired vs actual infrastructure and detect drift early.
  • When drift occurs, fix it by updating your IaC code and re‑applying, rather than making manual changes directly.
  • This ensures your code remains the single source of truth for the environment.