Manual configuration and deployment of your infrastructure is prone to errors and mistakes. Industry best practice suggests implementing a process called Infrastructure-as-Code (IaC) to increase automation and reduce deployment risks.
IaC is the process of capturing and managing your infrastructure in a similar way to your code base. Implementing IaC reduces the risk of knowledge gaps due to employee turnover or hierarchical changes in your business.
On a post on Medium, Vladimir Fedak reviews the meaning as well as some benefits and use cases for IaC. Fedak explains the DevOps’ concept of IaC in the context of software development, cloud infrastructure, as well as cloud monitoring, logging, and alerting. He outlines 5 benefits of IaC to be:
Immutable infrastructure
Deployment speed
Change management
High scalability
Shorter feedback loops
Today, we’re going to tell you about some additional benefits and gotchas that we’ve observed through our experience capturing infrastructure as code.
Benefits
Servers are reproducible and deployment processes are repeatable.
Existing modules for common services makes it easy to conform to industry standards.
Terraform files are shareable and portable thanks to Terraform Cloud.
The team/person responsible for infrastructure develops the habit of maintaining inventory.
Gotchas
Gotcha: The misconception that IaC is a fail-proof solution may lead to accidental destruction of infrastructure. IaC does not make infrastructure immune to malicious third parties, hackers, or accidental deletion of data.
Solution: We make sure that we educate clients on the capabilities and restrictions of IaC.Gotcha: Over-engineering or using IaC excessively may introduce issues in new environments.
Solution: We always make sure to assess each IaC request to determine whether we can or we should capture it as code.Gotcha: Terraform or other IaC software updates may change current IaC. In the worst case scenario, something as simple as the introduction of new syntax could break existing plans.
Solution: When implementing IaC, we always leave “bread-crumbs” to make it easier to troubleshoot in the future. Examples of this include comments in the code and detailed commit messages via a version control system like Git.Gotcha: Lack of maintenance and upgrades of IaC may “break” existing plans.
Solution: We make sure that we provide clients with the appropriate documentation and training, so they are equipped to maintain and update the IaC, as needed.
Do you need help capturing your infrastructure as code? Tell us about your infrastructure.