Infrastructure as Code: why to use it and how to use it

Gijs Zonneveld
Gijs Zonneveld
24 Sep 2021 - 4 min read

Thanks to cloud technology, rolling out new infrastructure is easier than ever. But cloud infrastructure offers so many possibilities and variations, that configuring and managing this infrastructure in a secure, structured and efficient way can be a challenge. Using ‘infrastructure as code (IaC)’, we ensure that all infrastructure conforms to a standard design and needs no manual configuration or maintenance, making it easy to scale infrastructure up or down instantly. 

Maintaining on-premises infrastructure is becoming a burden for many companies. Integrating it with the many SaaS offerings in use and using it to roll out advanced marketing technology like A/B tests and personalization are troublesome. And then there’s the issues of cost and scalability... 

When migrating to the cloud for these and other reasons, you should take care not to migrate your on-premises problems to your cloud infrastructure. To make sure this doesn't happen, you need effective continuous integration and delivery (CI/CD) pipelines that deliver not only the functionality, but an infrastructure that is scalable and always ‘just works’. 

Introducing Infrastructure as Code 

Manual configuration of infrastructure will not keep up with the pace of innovation you need. So, instead of configuring each individual part of your infrastructure, why not write one ‘template’ of how you think a virtual machine, a database, a CDN, a firewall or any other component should be configured? Need another instance? Just tell your deployment pipeline to roll it out. 

The advantages are many: 

  • All environments are the same. Never again will a piece of code work on your development, test and acceptance environments and fail in production because of configuration differences. 
  • Bringing your component down is as easy as deploying it, providing you with endless rapid scaling and unprecedented cost control. 
  • Since you can instantly launch an infinite number of identical test environments, you can test several new functionalities at once and only integrate those that have been accepted. 

Technically, the ‘infrastructure’ you maintain will be a set of deployment and provisioning scripts placed under source control. Running of these scriptwill result in, for example, a server running a standard configuration. Decommissioning this server is just as easy: another script will archive its contents and free its resources, making sure no costs are incurred by unused infrastructure. 

Keeping full track and trace of all deployments ensures you always know what you have up and what it’s being used for. This prevents a situation we see often, where a server is running somewhere that everyone is afraid to take down, because no one knows exactly what it’s for and who the owner is. Most probably, a developer just forgot to kill their test server and the thing has no function whatsoever. But who can be sure? All the while, it just sits their consuming expensive resources... 

WHITEPAPER CLOUD DATA STRATEGIES

Being cloud-agnostic: introducing Terraform 

All major cloud providers now have IaC tooling. Amazon’s CloudFormation and Azure ARM Templates are well-known examples. But here at Triple, we prefer to keep our options open when it comes to cloud providers. Sometimes, a project requires that we integrate multiple clouds or run a hybrid configuration with cloud and on-premises. Or we might want to integrate SaaS services or an external CDN like that offered by Akamai. We want to be able to use one single IaC toolset, regardless of what cloud we are administering. 

Hashicorp’s Terraform is the tool we choose to use. It gives us all the advantages of IaC while not locking us in to one cloud provider’s universe. Terraform’s open source command line interface lets us plan, build, change, version, update and decommission infrastructure in every cloud manually, but also automated. A clever system of API adapters, called ‘providers’ translates the Terraform language to commands the target system understands. 

The code that Terraform uses also supports the creation of modules, snippets of code that can be reused. For example: our Azure security configurations grow and evolve every day. The module system makes sure all our clients benefit from that.  

Keeping track of state 

The core of the Terraform system is providing the answer to the question that has been keeping admins awake for decades: what, exactly, is running on my infra? Terraform checks and reports the state of all infrastructure continuously and compares it to what’s defined in your code. Any deviations can be automatically corrected. And, because this data too is stored in the cloud, all your teams will always see the same up to date state information. 

Use cases for Infrastructure as Code 

Let’s take a deep dive into some of the use cases for IaCThis will hopefully show you that this technology is not a ‘nice to have’, but a core factor in accelerating innovation. 

Managing complex applications 

Apps these days are multi-tier, multi-cloud affairs, combining functionality from different private and public clouds and SaaS. A typical business application will, for example, be built on Microsoft Azure but use a commercial, SaaS CDN. A tool like Terraform lets you configure all those application tiers from one tool. 

OTAP setup and maintenance 

The test, acceptance and deployment processes are often disrupted by configuration deviations between environments. IaC deploys the same thing every time, whether it’s a local test or a full production environment. This makes maintaining stable development and deployment environments much easier.  

Disposable infrastructure for test or demo purposes 

Not all infrastructure needs to be on all the time. IaC makes it possible to spin up a full test environment for every new feature you want to test. And then tear it down again when testing is done. The same applies to software demonstrations. The nightmare of the ‘demo effect’, where everything that worked perfectly on your test server fails miserably when you run it in the demo environment, is a thing of the past. IaC ensures that every environment is exactly on spec. 

 

WHITEPAPER CLOUD DATA STRATEGIES

Central management of security requirements 

Cloud security requires smart policy making and swift and strict enforcement of those policies. Rolling out security configurations from a central point in the organization makes that much easier. With Terraform, you can also aggregate logs and billing data from all your resources for analysis and forensics. 

Centralize cloud resource management to control cost 

Terraform is a central environment that manages all infrastructure. This makes it an ideal place to aggregate usage data, assess cost and efficiency, identify projects or teams that consume the most resources and scale down where possible. 

Infrastructure provisioning through self-service 

Last but not least: many organizations have discovered that IaC automations open the possibility of having users provision their own resources. Within their granted privileges, users can run IaC scripts from a self-service portal and launch the infrastructure they need, without the need to involve IT at all. This saves everybody a lot of time and communication. 

Save time, let a specialist help you

As said above, the advantages of Infrastructure as Code are many and diverse. Implementing it, however, is a serious technical project. It also requires serious organizational change. Going it alone, without enlisting external help, will make this a very hard journey. We’ve been down this path, and we have developed best practices and standard scripts to kickstart a migration and make it successful. We can phase and structure your IaC project and we can help you implement policies and governance that will work at every scale.  

Are you ready to start working on IaC? Or do you need more information, a demo or an analysis of what Terraform and IaC can do for you? Get in touch and we’ll set it up.