What is Infrastructure as Code (IaC)?
As the name implies IaC means that computing infrastructure is also managed and deployed from code with some specialized software or through APIs. This code is then often put under version control like any other application code.
This code usually consists of configuration files, scripts and other declaration files.
Declarative vs. Imperative approaches
Imperative code is for example when we say things like “Let’s create an Ubuntu server with this configuration and connect it to that network”. If we issue this command 5 times we will end up with 5 servers. This approach is mostly not idempotent.
With a declarative approach we describe what our infrastructure looks like. E.g. “In my infrastructure there is one Ubuntu server with this configuration connected to that network”. If we now deploy this infrastructure 5 times we will still only have just one server. During the first deployment the server gets created and in the subsequent updates it will not be changed or recreated because the provisioning tool sees the machine and determines that there is nothing to do or change.
Reproducibility
Reproduciblity means that if we can create an infrastructure once we can then create or recreate it as many times as we wish.
Let’s see some examples when reproducibility comes handy:
- Do you need a server farm to train some advanced machine learning algorithm? No problem. Deploy the infrastructure from code, do the training and then clean up all the resources (machines, network components, etc.). Do you need to repeat the training? No problem. Spin up the infrastructure again… You don’t have to fear destroying your computing infrastructure because you know you can recreate it any time you want. When the infrastructure is torn down you also don’t have to pay for it.
- There is a power outage in one datacenter location? You can still recreate the infrastructure in a different location and maybe with a simple DNS update you mitigated the problem relatively quickly.
- Your business grows and opens an office on a different continent? You want to be as close as possible to your users to reduce latency? No problem. You can create a copy of your existing infrastructure on the new continent. You can be sure that both infrastructures are identical. If you want to change something in both locations you only have to change the code once and re-deploy it in both locations.
Automation
With reproducibility comes the possibility for automation. If one can spin up the infrastructure on demand then also computers can do that. It can be as simple as a cron job or more complex such as reacting on events.
Examples:
- Many businesses need complex reports at the beginning of every month about the previous month. With a cron trigger we can bring up the computing infrastructure, run the data analysis software and tear down the whole infrastructure when the reports are generated.
- Should every customer get their own isolated environment (server, database, etc.)? Your CRM system can generate an event when a new customer is registered. In response to this event some code can be run which then creates the clean and isolated infrastructure for the customer.
Tools
-
AWS CloudFormation
- templates are defined in
yaml
orjson
format - command line tool for deployment and updates (
aws cloudformation deploy --stack-name my-stack
) - catching errors in template files is sometimes not easy
- templates are defined in
-
AWS CDK
- infrastructure is defined code written in programming languages (JavaScript, TypeScript, Python, Java, etc.)
- easier to catch errors due to type checks and validations in code
-
AWS SAM
- it is based on CloudFormation
- provides a way to write simpler templates for (Lambda functions, DynamoDB tables and some other resources)
-
Cloud Deployment Manager for Google Cloud
- templates can be written in
yaml
and python code - not all resources can be deployed
- templates can be written in
-
gcloud command-line tool for Google Cloud
-
Serverless framework
- only supports serverless resource types (cloud functions, databases, etc.)
- supports multiple cloud providers with the same templates and CLI tool
-
Terraform
-
CI/CD tools