Author avatar
Romana Shevchenko
Staff Writer

Managing infrastructure manually has always been a tough and strenuous battle, requiring lots of effort to get the servers, networks, and other infrastructure components up and running smoothly. As software systems became more sophisticated and complex, the need for automation in this area has grown. This led to the rise of new and more efficient approaches, such as Infrastructure as Code (IaC).

picture


In this interview, we talk with Stepan Slyshov, our skilled DevOps engineer, to delve deeper into what IaC is and how it works, and explore its benefits, challenges, and robust tools for effective implementation.

What is Infrastructure as Code?

“Infrastructure as Code (IaC) refers to a way of provisioning and managing your IT infrastructure and resources using configuration files readable by machines and humans. By eliminating the need for manual interaction with dashboards and UI consoles, this approach allows developers to automate infrastructure setup and management, treating it as code. I’d say that it is one of the best practices to follow if you implement DevOps in your organization.”

How does Infrastructure as Code work?

“Implementing the IaC approach for your project involves the following steps:

  1. Defining infrastructure. In this initial stage, you need to create one or more configuration files to define all your infrastructure elements and resources, including new resources, changes to existing configurations, rollbacks, deletions, etc.

  2. Storage in the version control system. Then, these files are pushed to some shared solution, which can be a Git repository, a master server, or a cloud-based storage solution.

  3. IaC tool execution. Once the code is in the repository, the IaC tool (of your choice) interprets and evaluates it. The tool performs actions specified in the code to automate the process of provisioning, configuring, and managing resources to bring the infrastructure to the desired state.

  4. Recap of actions and outcomes. Once the code execution is completed, the IaC tool provides you with a recap of the operations performed and their outcomes. This recap makes it easier to track changes and quickly identify any errors and issues encountered during the process.

As you can see, IaC is implemented through the use of IaC tools. Based on the specifics of their work, all these tools are divided into two main types – imperative and declarative. The imperative tools “give orders” to define a set of steps and commands to be executed in order to achieve the desired state. In contrast, declarative tools focus on the eventual desired state itself, and “declare” what the final result should be.”

What are the key benefits of adopting IaC in software development and infrastructure management?

“Infrastructure as Code comes with a variety of benefits that transform the way your infrastructure is managed and deployed. Based on my own experience, I’d list the top three advantages:

  • Quick Configuration and Cost Efficiency. By automating the wide range of processes associated with infrastructure provisioning, IaC allows for parallel execution of tasks and reduces the overall time required for deployments. Consequently, this lowers labor costs, ensuring that your staff can allocate their time to more strategic and value-added tasks.

  • Reduced Human Errors and Improved Consistency. IaC promotes the use of a standardized approach to code, reviews, and validation checks. This consistency significantly decreases the likelihood of human errors and enhances quality and reliability.

  • Simplified Scalability and Recovery. Both can be done with a single action since you already have the whole infrastructure defined, so you can create full-scale copies or re-create it with a press of a button.”

What IaC tools do you prefer? What factors influence your choice of tools?

“If we are talking about provisioning tools, my pick is Terraform. It supports a vast range of providers and modules due to its popularity and maturity. Although its HCL language provides many options beyond simple formats like JSON or YAML, its syntax is still relatively easy to learn, even if you don’t have a coding background. Plus, its declarative style is also better for reusability. With Terraform, you don’t need masters and agents, you can perform everything anywhere you want. Thanks to Terraform’s long-standing presence on the market, you can extend its functionality with things like Terragrunt, TFLint, various IDE plugins, Sentinel, Infracost, and many more.

In terms of configuration management, I prefer Ansible. Due to its extensible nature, you can find thousands of collections, modules, plugins, and roles to work with all kinds of resources and software. It also comes with great out-of-the-box debugging options and its source is written in the relatively friendly Python language. Since it doesn’t require agents, it requires less maintenance. In addition, Ansible’s playbooks are based on YAML, thus they are easy to read and support comments and references.

However, choosing a tool is a matter of taste and the specific needs of your organization. Therefore, it is always somewhat subjective. If you’re comfortable with general-purpose programming languages, you might prefer Pulumi, or if your workloads are AWS-only, CloudFormation might be your best bet.”

What challenges have you faced when implementing IaC?

“Even though IaC comes with many conveniences, it has its fair share of challenges as well. Here are some common challenges associated with implementing Infrastructure as Code (IaC):

  • Complex standards and logic. Implementing this approach often requires learning and a deep understanding of the specific syntax, logic, and standards of IaC tools. It can be challenging, especially for those unfamiliar with the chosen tools who transition from different systems with distinct models and languages.

  • Dependency on tool updates. IaC tools may not immediately support the latest cloud features, new infrastructure capabilities, and resources introduced by cloud providers or infrastructure platforms. As a result, you might need to wait for updates and new releases of your IaC tools to take advantage of the new functionality.

  • Managing access permissions. More people and departments may require access to Git repositories, leading to a broader user base who have access to sensitive configurations. It is important to strike a balance between maintaining security and providing access for collaboration.”

For developers new to IaC, what advice would you give to get started and avoid common pitfalls?

“One important piece of advice to keep in mind is to stick to the rules and practices that you have agreed upon with your team when adopting IaC. Although it may be tempting to make a small and quick change via the UI in your browser or to manually create a new resource, rather than going through all the necessary steps like commits, syntax checks, approvals, software executions, etc., doing so would completely destroy the main idea of using IaC and remove all of its benefits.

Remember, the goal is to save time in the long run by investing time in the beginning, rather than making quick changes that can cause more harm than good. Even if you do make manual changes for one reason or another - make sure you properly integrate/import them into your IaC, so that they are accounted for.”

Final thoughts

As modern infrastructure continues to advance, IaC becomes the industry standard, completely replacing manual infrastructure setups and configurations. It lowers costs, saves time, and improves efficiency at all stages of the development cycle by automating a bunch of time-consuming infrastructure-related tasks. If you think that adopting DevOps is a good starting point for your company, implementing IaC should be your next logical step.