All you need to know about Infrastructure as code!!!!

Tram Ho

I. Overview

In the current DevOps era, surely all of us have heard more or less the concept: IaC (infrastructure as code).

So what is IaC? What does IaC have to do with Infrastructure Provisioning, Configurations management? If you are confused about these concepts, then this is the article for you.

So, let’s find out together!

II. What is IAC?

First, we need to understand a few common concepts from an ITer’s perspective:

  • Infrastructure: includes software and hardware components (eg servers, storage, network devices, firewall devices, routes) to create an IT environment.
  • Provisioning: is the process of initializing Infrastructure and providing it to users
  • Configuration: is the configuration of the allocated infrastructure

In the past, when IaC was not present, IT Infrastructure was distributed by rice. Infrastructure administrators will have to build virtual machines, configure networks, install software, … manually, so the allocation requests often take days and weeks to perform.

But with the development of cloud computing, infrastructure allocation has become easier than ever, because most of the complex operations have been abstracted by Cloud service providers using advanced technologies. such as: Virtualization, SDN (software-defined networking). You can be provisioned with VMs, network, storage within minutes.

And the best part, every operation has APIs. Cloud service providers all “show off” APIs that interact with their platforms to allocate infrastructure. With APIs, you can use any language to interact and manage your infrastructure. They all use code.

When you use code to allocate and configure infrastructure, you are applying Infrastructure as code (IaC).

And since it’s the same code, you can completely apply software development workflow to IaC development. More specifically, type version, run unit tests, integration tests, deploy IaC, …

Over time, many tools have been created to simplify IaC, you don’t need to code so much anymore. These tools abstract away complex pieces of code as much as possible using their own “languages”, or DSLs (domain-specific languages). Behind the scenes, they call cloud APIs for resource allocation and management. This helps a lot for SysAdmin, Engineers, because we won’t need too strong coding skills to understand IaC.

III. Some IaC . Tools

Currently, the most popular IaC tools include: Terraform, Pulumi, Ansible, Chef. In addition, there are some tools that Cloud providers provide separately such as: Cloudformation, AWS CDK, …

We can divide these tools into two groups:

  • Infrastructure Provisioning group, including: Terraform, Cloudformation
  • Configurations management group, including: Ansible, Chef, Puppet

Difference between Infrastructure Provisioning and Configurations management?

To clearly illustrate the difference between Infrastructure Provisioning and Configurations management, we can refer to the example below:

Specifically here:

  • Infrastructure provisioning tool is used to initialize and provision servers, network
  • The Configuration management tool is responsible for configuring applications within the allocated server.

It can be seen that in the process of infrastructure management these two tasks always go together. There are tools that can perform both functions, but to optimize, people often use a combination of tools to take advantage of their strengths.

The main goal of IaC tools is to keep infrastructure components in a user-defined state. If your IaC-generated resource is changed by someone, you can completely rerun the code to bring it back to its original state.

Once you perfect the IaC code, you can use it to reproduce, clone the environment whenever you want without a hitch. If customization is needed, just change the parameter passed, and the template code stays the same. Most open source IaC tools can be used both on cloud and on-prem platforms, so you don’t have to worry about integration.

Idempotency Features

The most prominent feature of the IaC engine is “idempotency”. That is, no matter how many times you run the Infrastructure code, if the infrastructure configuration is still there, it will not work.

For example, you create 2 servers with Terraform. If you run the Terraform code again, it won’t affect the current two servers. However, if you delete a server and run it again, it will create a new server and keep the other, and make sure the two servers’ state is always the same as defined in the code.

IV. CI/CD for IaC

As mentioned in the previous section, IaC can be applied to the development workflow like software code, which means that we can apply CI/CD to IaC.

Here is a practical example of a CI/CD pipeline for IaC, which allocates AWS cloud resources:


  • (1) DevOps Engineer develops IaC
  • (2) Commit code to Git
  • (3) CI/CD server recognizes new commit, pulls code to run pipeline
  • (4) Testing infrastructure code
  • (5),(6),(7) This is the process of deploying IaC, or more precisely, allocating and configuring resources.

V. Conclusion

In this article, I have shared with everyone about IaC concept, clarified IaC functions: Infrastructure Provisioning and Configuration Management.

Hope this knowledge is useful. If you find it good, don’t regret 1 vote so that I have more motivation to make the next posts. Thanks for your time!

Share the news now

Source : Viblo