I spend a lot of time thinking about Infrastructure as Code (IaC). At Codeherent, we are developing a platform that visualises Terraform configurations and helps businesses manage their IaC – I’m passionate about introducing new audiences to IaC whilst helping those already on that journey improve the ways that it can be put to work.
This blog assumes that you already know the basics of what Infrastructure as Code is. If you don’t, read this introduction to IaC from BMC first.
What types of IaC are there?
Infrastructure as Code can be separated into two main categories.
Imperative Infrastructure as Code tools process code which defines a set of instructions to provision your infrastructure to some desired state. Chef is an example of an imperative configuration management tool.
Declarative IaC tools process code which defines your desired infrastructure state. So, rather than a set of instructions, it’s more like a blueprint. With Terraform for example, you create a code block for each of the resources that you want and define the resource properties in these code blocks. Then, the IaC tool communicates with cloud APIs to achieve that desired state.
When did IaC gain popularity?
The concept of IaC has actually been around for a long time but its usage has increased in response to the growth of cloud services over the last decade, with the launch of Terraform in 2014 accelerating adoption and interest in Infrastructure as Code.
The rationale for using IaC is that it facilitates the rapid deployment and scaling of applications: rather than having a team who have to constantly build and scale web servers manually, IaC provides a consistent and reproducible framework for doing so. With IaC, businesses can afford to spend less time and money on their IT operations whilst also minimising the risk of human error. It is just more reliable than the old way of doing things.
Within the last three to four years, IaC has started to become more common in enterprise and business technology – but there is still some way to go, with adoption perhaps being held back by some of the challenges which I’ll outline later.
What are the benefits of IaC?
1 | Single Source of Truth
You can define your entire infrastructure in one place – git versioned code. In theory, you could shut down your infrastructure and recreate it to the same desired state, pretty much instantly! This is because you have a blueprint for your infrastructure stored in a git repository. What’s more, because they’re stored in git, the configurations are versioned meaning you can easily roll changes back if something does go wrong.
2 | Reproducability
Thanks to that blueprint, you can create your infrastructure again, and again, and again. A lot of IaC tools also support the concept of modularity. Using Terraform, you can import modules that have already been written into your IaC configuration from external sources such as a module registry or another git repository. Using modules, you can scale infrastructure quickly without having to repeat code.
3 | Cost savings
IaC can be used to automate away a lot of manual tasks resulting in engineers spending more time looking at customer-facing products. The long term result is a more efficient application of DevOps resources.
What are the challenges of adopting IaC?
1 | Complexity
Understanding an IaC configuration is easy if you have just a few resources, but what if you’re managing hundreds, or even thousands? Those with experience in a more traditional IT background and minimal coding experience may find that they need to shift their thinking when adopting IaC. To combat this cultural change, organisations can investigate using visualisation tools such as AWS CloudFormation or ofcourse Codeherent.
2 | Knowledge sharing
IaC experts are extremely valuable in a business but can inadvertently hoard information: sometimes expecting their colleagues to understand the work they are producing. Code may need to be reviewed for a variety of reasons such as to assess the potential impact on other related services or to check for potential security issues. This can be difficult in teams where only one or two individuals are comfortable with the IaC code. To combat these bottlenecks, try not to have single points of failure within teams. Encourage more members of the team to become comfortable with IaC or use tooling to make the review process easier.
3 | Culture
A common assumption people make when you start to talk about IaC is that it will create more risk because it encourages smaller, more frequent changes. In reality, risk is reduced because these smaller changes will be more consumable and understandable. This change in culture and process is often difficult for individuals in large enterprises where a strict change management process is so important. Demonstrating the benefits of the smaller, more frequent changes to these risk averse individuals is key to encouraging greater IaC adoption within these organisations.
What opportunities can IaC unlock?
If businesses do overcome these challenges, which is no small task, then they will unlock a huge range of opportunities and push their progress forward at greater pace.
1 | GitOps
GitOps is the idea that infrastructure configuration should be treated in the same way as application code i.e all changes should be versioned and continuous delivery pipelines used to automatically apply those changes. IaC is a key ingredient required for GitOps because the configuration code can be checked into a Git repository.
Furthermore, with GitOps, the teams creating and maintaining applications or microservices can also be responsible for their own infrastructure. All changes to infrastructure can happen alongside changes to applications – parallelisation leads to increased efficiency and performance.
2 | Increased automation
With infrastructure configurations checked into Git, changes can be automated using pipelines. This encourages small and frequent changes, rather than the large infrequent ones which are likely to cause problems.
3 | Machine learning
When you are using a declarative IaC tool, you define all of your infrastructure using highly structured code and this can be perfect for Machine Learning. Predictive analytics models can be built for a wide range of applications, from identifying potential security vulnerabilities to predicting costs.
Machine learning is a trend that continues to excite the technology landscape. Those who can see into the future, will win. IaC is the the perfect base on which to build machine learning models and this will allows businesses to be proactive in relation to their businesses intelligence data. IaC will no longer be about cloud and applications; it will be the foundation for the foresight on which all sorts of businesses decisions can be more confidently made.