What is Infrastructure as Code
Learn about what & why of IaC along with its benefits and challenges
Intro
The IT industry is full of buzzwords. As you learn new tools and technologies, these words become a part of your work life and are not jargon anymore. One such word you may have heard about a lot is IaC.
Using this blog, we'll explore what infrastructure as code is, what problem it solves, its history, benefits, limitations, and much more.
Are you excited to strike off the word IaC from your "I know this word but don't understand it yet" list? Well, let's get started!
What constitutes IT infrastructure?
Before getting started with IaC, you should be clear about what infrastructure consists of in the IT industry. This section will clear your doubts regarding which tool counts as an IaC and which does not.
According to IBM,
The components of IT infrastructure are made up of interdependent elements, and the two core groups of components are hardware and software.
Hardware components include desktop computers, servers, data centers, hubs, routers, cables, switches, facilities, etc.
Software components include Content management systems (CMS), Customer relationship management (CRM), Enterprise resource planning (ERP), operating systems, web servers, etc.
Cloud services, such as AWS, GCP, Azure, etc., can provide these hardware and software components. So, while working with cloud infrastructure, you need not worry about these components. Using the IaC tool, you will provide and manage the infrastructure.
Now that you know what comprises infrastructure, you won't ask the same question as this guy below.
Infrastructure as Code
According to RedHat,
Infrastructure as Code (IaC) is the managing and provisioning of infrastructure through code instead of through manual processes.
With IaC, configuration files are created that contain your infrastructure specifications, which makes it easier to edit and distribute configurations
IaC Tools
Organizations are embracing the IaC revolution. The IT market is getting flooded with IaC tools.There are various types of tools that can allow you to deploy infrastructure as code, such as Terraform, CloudFormation, Heat, Ansible, SaltStack, Chef, Puppet, and others.
Based on the use cases and requirements, you will be working with one of them. You can read this article if you want to know when to use which IaC tool. Here's a visual representation of various tools, from the article, based on the problems they address:
The below figure represents a timeline of more than ten years of various popular infrastructures as code tools:
How IaC works?
Let's see how does IaC works. Shall we?
Declarative vs Imperative Approach
There are two approaches to writing code while dealing with IaC tools: declarative and imperative. Let's understand how they differ.
Declarative Approach
You need to define the desired state of the infrastructure, basically what resources you want and what should be their configurations. And, an IaC tool will do the work.
Examples of IaC tools following this approach are Terraform, Pulumi, CloudFormation, etc.
Imperative Apporach
In the imperative approach, we define the commands in an ordered manner to achieve the desired configuration of the infrastructure.
The Chef tool is one such example of the imperative approach.
Let's understand their difference with this comparison table that I got from this blog:
IaC in action
Let me take Terraform tool as an example to describe how the declarative approach in IaC works. It will give you a deeper understanding of the behind-the-scenes.
In Terraform, we write code in a file with a .tf extension. We code what resources we want to provision, along with the configurations. This is our desired state. We store these configurations file into a version control system.
Terraform communicates with providers through plugins and provisions the infrastructure. Provider, for example, are AWS, Azure, GCP, GitHub, etc. The current state is the actual state of a resource that is deployed. If there is a difference between desired and current state, terraform plan
will display the changes required to achieve the desired state.
Below image will give you a visual representation of how IaC works:
I also wrote a blog about how to launch an ec2 instance using Terraform. Check it out here if you want to see IaC in action. If possible, follow the blog and launch an ec2 instance.
Benefits of IaC
IaC help in the following problems in the software development process:
Faster deployment
IaC helps eliminate a lot of manual tasks to get more done in less time.
Also, IaC can provision dev, test, and production environment within a few minutes. This increases the speed of software development cycle.
Version Control
To manage, monitor, and keep track of these files, IaC lets you version control your configuration files.
Keeping these files in a VCS also lets you collaborate with other team members.
Scalability
Using IaC, we can easily add or destroy resources of existing infrastructure.
IaC provisions upgrade quickly, so you can quickly expand during burst periods.
Consistency
Using IaC, you have consistency in your software development process.
You can use the same infrastructure configuration file for development, testing, and production environment.
Automation
IaC provides automation that reduces the risk of error and consumes lesser time than manual tasks.
You can automate tasks like continuous integration testing, which otherwise consumes labor and time.
Cost Optimization
IaC automates time-consuming infrastructure configuration tasks. It reduces time and lets engineers and IT people focus more on important tasks. Time=Money!
Destroy your resources quickly and easily with IaC when there is no requirement, and save money!
Challenges faced in IaC
Despite its advantages, IaC has its own set of challenges. We'll discuss a few of them below:
Learning Curve and Complexity
IaC tools have a steep learning curve.
It also depends on a coding language. Some of the languages used in IaC tools are JSON, HCL, YAML, Ruby, etc. You have to be skilled in these languages.
Also, Complex logic is harder to express in these languages.
Manual changes in the infra
- You have to make sure nobody make manual changes. It defeats one of the purposes of using IaC in the first place. Your infrastructure configurations should be written in a code.
Monitoring is challenging
- Additional tools are needed for monitoring and keeping track of who is provisioning what, where, and how often.
Sometimes slow
It can take quite some time to make changes with IaC, especially if you work in a smaller environment.
You may only want to change a security group inbound rule, but to do so, you have to update scripts and commit those changes. You also have to run the changes against a test environment and also against a production environment.
All of this can be toilsome, but the payoffs can be huge.
Be ready to work around these challenges!
IaC Best Practices
Knowing about best practices lets you reap the benefits of a tool to the fullest. IaC is an approach that leverages software engineering practices. Here are a few best practices to follow while implementing IaC. Apply these IaC best practices to leverage the software development cycle.
Codifying everything in IaC
The configuration files should be the single source of truth for your infrastructure specification.
Therefore, you should code all the infrastructure specifications in the configurations file of the IaC tool you're using.
Version control your code
Keep your code file in a version control system like git or subversion. It will let you manage and keep track of your configuration files.
This way, you can also collaborate and peer review your codebase.
Minimum Documentation
Keep the documentation as minimum as possible.
IaC in itself is documentation. On top of this, it is always up to date. Therefore, it reduces the workload and time required to update the documentation.
Test and monitor code files
IaC, like any code, can be tested.
Employing a testing and monitoring tool for IaC lets you check for errors and consistencies in your desired infrastructure configuration before deploying them to production.
Whenever there is a code modification, automate various tests, like unit, integrations, or regression tests.
Conclusion
IaC is an integral part of the software development process. So, if you're interested in DevOps, it's high time you learn IaC tools and start implementing them in your work project.
In this blog, we learned about what IaC is, what problem it solves, and its limitations. We also saw the difference between imperative and declarative ways, how IaC works, and what the IaC best practices are.
I hope this blog was helpful. Happy learning!