Infrastructure as Code: An Alternative to Standard Configuration Management

18 Jul 2016

The software development field is in a constant state of flux as new technologies replace older methods. Responding directly to the needs of the market at any given time, these new technologies may improve upon older technologies, or they may offer a completely different approach to the development process. Infrastructure as Code (IAC) is a new approach to infrastructure automation that is more extensive and thorough than the more common, server-based method.

In terms of infrastructure automation, companies typically migrate their bare metal environments to cloud providers like AWS, GCP, and Azure instead of investing in the system’s hardware. They employ modern development tools like Chef, Terraform, Ansible, or Salt to make changes to the system. In contrast, IAC allows developers and operations teams to focus on software behaviors, app development, and efficient and predictable delivery at each stage while adhering to the core DevOps values of Culture, Automation, Measurement, and Sharing.

IAC is based on software development practices. Developers create a set of definitions, deploy them unattended, and update the entire infrastructure. Almost all components can be managed via code: networks, servers, databases, users, apps, logs, microservices, tests, docs, cloud provider settings, and many others. IAC also employs other best practices such as continuous integration, continuous delivery, and test-driven development.

Companies that use IAC deploy more frequently and recover faster than those that use the traditional, server-based system. Code is very powerful, and IAC offers many benefits related to best engineering practices:

  • Routines and repetitive tasks related to system/server changes can be extensively and thoroughly automated.
  • Members of different teams are able to define and manage their own resources, allowing them to work at their own pace and speeding up the entire development process.
  • Improvements are continuously integrated into the infrastructure.
  • The deployment process is automated, so individual teams can fire their own deployments at any time.
  • The deployment process is safer and faster.
  • IAC source(s) can be stored in version control systems.
  • Every change in the infrastructure state can be validated.
  • The infrastructure can be divided into separate, reusable modules for testing and/or modification purposes.

Tips for Using IAC

The following points provide detail on IAC’s basic principles, explain how to use IAC to its full advantage, and note the differences between this method and the traditional, server-based method.

Simplify Configuration Data

Rebuilding any element of the infrastructure should be relatively easy and consistent. The team should agree to adhere to this basic concept. All configuration data such as domain names, instance sizes, routing, storage, apps, versions, etc. should be self-explanatory and gathered from scripts and provisioning instrumentation to lessen or negate the risks associated with making changes to the system.

Assume Infrastructure Is Always Changing

A central benefit of having a dynamic infrastructure is that resources can be easily created, updated, replaced, and relocated. Applications should continue running during all these processes. As a result, developers can easily improve and/or correct running infrastructure on demand. This capability is especially valuable when working on large-scale, hybrid environments.

Maintain Data Consistency

By ensuring all data is consistent, development teams can build multiple identical environments for testing and/or modification purposes. When some elements, like database or storage size, need to be changed, consistency can be maintained by changing the definition or adding another role. The ability to build and rebuild a consistent infrastructure helps teams avoid configuration drift.

Ensure All Actions and Modifications Are Repeatable

To achieve repeatability, developers should use various scripts and DevOps tools rather than making changes manually. If a task can be scripted, it should be scripted.

Use Definitions as Input Sources for Different Tools

A core practice of IAC is the use of definitions that indicate infrastructure elements and how they are configured. Typically, such definition files are used as input sources for different tools that carry out the task of provisioning/configuring the instances of those elements. An element could be a server, database instance, user, application, inbound firewall rule, etc. Definition files are managed as text files in standard formats like JSON, YAML, XML or other specific DSL.

Use VCS (Version Control System)

The VCS is a core component of the infrastructure and is managed as code. It keeps the desired infrastructure state intact and transparent. It also allows the team to track changes, tag, debug, perform rollbacks in case code has been broken, integrate triggers, and many other useful and vital tasks.

Use Automated Testing


Especially important for high performance and extreme development teams, continuously running automated tests throughout the entire process results in nearly instantaneous feedback on any changes made, giving team members the confidence to make improvements and alterations quickly and more often.

Maintain Service Availability

The service must be able to handle all requests without fail, despite any changes made to the infrastructure. When designing a cloud-based system, definitions need to be consistently and persistently extended, including those related to application configuration, logs, etc.

Divide System Modifications Into Low-Risk, Low-Impact Changes

Highly effective teams can handle changes and new requirements relatively easily by breaking down requirements into small pieces and piping them through the system in a rapid stream. This method allows each infrastructure element to be quickly rebuilt while the overall system remains consistent. Service requests can also be done quickly, and there are almost no maintenance windows because changes take place during working hours.

Choose the Best Definition Tools

Infrastructure definition tools like AWS Cloud Formation and Terraform allow developers to specify what infrastructure resources to allocate and how they should be configured. They use the dynamic infrastructure platform to implement specifications, thereby taking full advantage of all IAC’s benefits. They are repeatable, testable, reusable, and self-documenting.

The best definition tools have the following capabilities:

  • Scriptable interface: CLI tools, APIs and open source code allow teams to get under the hood of their infrastructure. They are essential for fixing bugs and integrating different services.
  • Silent mode for CLI tools: In general, silent mode indicates flexibility in terms of manipulating options, input, output, variables, etc. Different pipelines can be constructed to handle data in almost in all cases.
  • Reliable unattended runs: The best tool(s) assumes and includes several key characteristics for scripts: parameterization, pre-execution checking, post-execution checking, errors logging, and idempotency.
  • External configuration storage: This allows developers to more easily manage and share data.

Infrastructure as Code is a relatively new technology that offers many advantages over the server-based method. Perhaps the most significant benefit is that development teams have more overall control of the system because it is no longer migrated to a cloud provider. IAC eliminates the middleman, so to speak. Developers can modify, update, and test any and all aspects of the infrastructure themselves, which leads to more reliable, error-free applications and faster delivery times. It is an exciting new approach to software development. That being said, each specific team should determine how exactly they will use this approach before implementing it. If a team decides to adopt IAC principles, they should also completely abandon manual system interactions.