Infrastructure as Code in DevOps

Key driving force of efficient application delivery
Table of contents
reading time: 10 min

Navigate through the article!

Find the topic you are interested in and proceed to it directly from the table of contents!
Active digitalization (especially after COVID-19 outbreak) forced almost all organizations into going online. Once an organization becomes digital, the pressure increases and companies have to produce more and to make it faster. In reality, this pressure is caused by the constantly growing size of the app infrastructure, its complexity, number of stuff to manage.

Usually siloed teams don't manage with such load and, therefore, the infrastructure is treated badly and the IT capabilities are utilized not at full capacity.
microservices architecture development
Meanwhile, organizations that have implemented DevOps culture, use automated infrastructure to get rid of maximum regular handwork and focus more on product delivery and frequent deployments. Automated infrastructure eliminates the threat of chaos firmly rooted in the workflow.

Infrastructure as Code & DevOps
DevOps is all about vanishing walls, frictions, shifting guilt and blaming culture between organisational parts - dev teams, ops, management, stakeholders. It's a typical DevOps anti-pattern to think that DevOps concerns only devs and ops.

So while proper culture is being established, teams implement technology stack that represents workflow and business processes. This technology stack literally have the most powerful impact on flow and efficiency, i.e. without good tech solution it would be impossible to establish a proper culture, oddly enough.

Infrastructure as a Code becomes a key enabler of DevOps culture establishment, since it helps automate the routine tasks and infrastructure management, allowing teams focus on frequent updates and features release.

In this article we will uncover such topics like

  • The question of IaC in DevOps, main terms in simple words;
  • Infrastructure as Code benefits;
  • Best practices and Infrastructure as Code implementation tips;
  • Overview of the Infrastructure as Code tools;
  • Prognosis for industry.
Let's get it started!

What is Infrastructure as Code?

Quickly about main terms definitions.

Infrastructure as Code is an approach to IT infrastructure management, provisioning, and maintenance in an automated manner.

Kief Morris in his book "Infrastructure as Code, 2d edition" defines IaC as follows:

"an approach to infrastructure automation based on practices from software development. It emphasizes consistent, repeatable routines for provisioning and changing systems and their configuration".

So thanks to IaC method, you can automate repeatable routine tasks within system maintenance, infrastructure provisioning etc. Thus, roughly it works like "you change the code or update it, the system sends updates to the test and, if no bugs and misconfigurations are found, automatically applies changes to the production environment.

How does Infrastructure as Code work?

Infrastructure automation becomes possible thanks to template files that are human and machine readable. These YAML/JSON template files contain instructions for underlying tool on how to manage and provision cloud or server (or both) resources.
Infrastructure as Code example
Under this link you will find the example of template file for Infrastructure automation.
So what might you define as a code?

  • The full stack of technologies within the infrastructure of the cloud platform;
  • Components of the server config files (different files, packages, accounts etc);
  • Server instances;
  • Container Images;
  • Code delivery pipelines and deployments;
  • Monitoring and log management;
  • Compliance and validation tests.

Everything as a Code would be a perfect definition. As you can see, it's easier to name what you can't automate.

Infrastructure as Code benefits

Ok, we understood what is infrastructure as code and what you can define with code. Obvious benefits are automation and elimination of routine work, but other organizations specify their own advantages.

Our clients (to whom we provided infrastructure as code consulting services and implementation) reported such IaC benefits:

- Faster modernization and ability to build pretty much exemplary infrastructure
Infrastructure automation enables the creation of reliable, safe and low cost systems.

- Measurable metrics
Once the IaC is adopted, you can measure the results and make the "figures"-driven decisions.

- One-size-fits-all solution
Yep, you really can apply infrastructure as code to any system (cloud, VMs, servers).

- Decreased time on infrastructure maintenance
Again, automation offloads devs, so they spend more time on updates and features release.

- Reduced risks and downtimes
Making changes to the infrastructure is not the constraint anymore, because the manual changes are eliminated.

- Any time available resources
Users can get the needed resources they need, when they need.

- Full control
You have the entire visible control over security, governance, user roles.

- Faster troubleshooting
Thanks to infrastructure automation, many bottlenecks are eliminated on the step of implementation and testing stage will uncover where the bug popped up.

- Documented infrastructure description
Documentation is always a good idea, but in case with IaC in DevOps, it serves to describe the desired state of the infrastructure. Thus, any user can read the JSON / YAML file and easily understand how the system must work.

- Version control
Any change is recorded, so you will know who and when did it and rollback, if the action was undesired. Besides, the team members can make an audit and suggest improvements.

- System consistency
Automation is always about the code built the same way all the time. This enables predictions on how the system will behave and make testing even more efficient.
DevOps team

Infrastructure as Code disadvantages

Each medal has its reverse and IaC is not the exclusion. The main downsides are:

- Challenging implementation
No matter if you are an experienced player or a startup, infrastructure as code implementation will be quite painful staff for both at the beginning:

  • if you have an already existing system, you will need to check the infrastructure readiness for refactoring and, if needed, rebuild some business processes and educate the staff.
  • if you have a startup, you will have to decide what to automate and why. Since the infrastructure is newly built, it will be pretty much difficult to cope with.
- Resistance from the side of other teams
Yes, you have to prepare to objections like "We don't make changes so often, so it would be better and cheaper to go to AWS console and click a few buttons than to write the templates or code". In reality, IaC is more about global changes in the company culture and development principles, not on the local level with 2 buttons.

- Additional tooling
You will need to implement configuration management systems like Ansible, Puppet, CHEF, Salt (however, Ansible is used in 90% cases).

But the main problem that you'd need to solve, even though it may sound obvious - don't try to automate the parts that you don't understand how they work at all at the moment. You need to gather the current state of operations and understand what parts you can automate at all.You can always try to provision instances with Ansible, or create services in some cloud, but without knowing all the pain that happens in your sysadmin scripts or cronjobs - you will lose lots of weeks trying to make it working.

Infrastructure as Code tools

In this table you will find TOP Infrastructure as Code tools and its short characteristics:
Infrastructure as Code tools
Among these 8 infrastructure as code tools, Ansible, Terraform and Pulumi are the most trending in 2020. Let's take a closer look at them.


    Ansible is an IT automation engine created by Red Hat. It enables cloud provisioning, config management, apps multi-tier deployments, service orchestration, security automation, CD pipelines design etc.

    Ansible benefits:

    • It is possible to describe the desired state of the infrastructure and how its components relate to each other, not just its independent management.
    • Ansible is an agentless system. So, there is no need for any other software utilities or packages . Thus, very low uptime - the time to get your network up and running is shortened.
    • Easy to learn as a first IaC tool.
    • You can customize the engine by writing your own modules and plugins.
    • Being an open source project, Ansible becomes free and it is steadily updated by contributors.
    • Ansible playbooks are developed in a very simple language - YAML. So you describe the automation jobs as easily as write "hello, world" :)
    • Ansible tower ensures infrastructure centralization. Tower is a command center, with the help of which you can control your infrastructure, see the visual efficiency dashboard, perform inventory management etc.

    So you see, Ansible as a solution to automate IT infrastructure can manage configs over complex systems and work processes. Utilizing it inside company's IT infrastructure will improve its effectiveness and dev teams will spend more time on feature release and less time on managing configs and deployments. In addition, it enables tracking applications throughout development-production cycle.


    Terraform is another infrastructure as code tool by Hashicorp. It is mainly focused on creating services/resources that you will need and known for many integrations with 3rd party services. Usually it is used as a base tool and Ansible can be added to the stack in case we need additional provisioning of the servers after they are being created by terraform.

    Terraform benefits:

    • Execution plans work literally as dry runs - you always know what will happen when you run the code or apply any changes to it. It helps avoid unexpected or even undesired system behaviour.
    • Open source product: 25k commits by 1500 contributors.
    • VCS integrations.
    • Easy integrations with third party tools and services through full HTTP API.
    • Web interface to run and review Terraform runs.
    • Reproducible infrastructure (prod, staging, test, dev environments).
    • Cloud provider agnostic - i.e. it is compatible with any cloud (AWS, GCP, Azure, DigitalOcean etc) and can be used across multiple clouds.
    • One tool with a single language to describe infrastructure as code.
    • Open source


    Pulumi is relatively a new tool for infrastructure automation and precisely became a breakthrough in DevOps world. It is a venture backend startup established in Seattle.

    But what makes Pulumi looking so promising?

    • Pulumi appears to be one of the first real infrastructure as code tool, not "infrastructure as template".
    • As opposed to Terraform,it uses real and already well-known programming languages like C#, Python, Go, JS, etc.
    • You can deploy Pulumi in any cloud - AWS, GCP, Azure.
    • Easier CD deploy from the CLI or any other CI/CD provider.
    • Simple import of the infrastructure for any cloud regardless the way how it is provisioned.
    • Coexisting concept, i.e. you can provision a new infrastructure in addition to the already existing one.
    pulumi coexisting concept
    Despite the fact that Pulumi is a kinda new Infrastructure as Code tool, it gains popularity with incredible speed month over month. At Alpacked we have already tested it (case study is coming soon), so we can confidently claim Pulumi as the first well-thought-out IaC tool, allowing describe infrastructure with real programming code, not with template or scripts.

    Infrastructure as Code best practices

    You already know how important Infrastructure as code in DevOps methodology. So if you want to adopt proper culture within your organization and start a "Cloud Age" - you have to take care of automation.

    Infrastructure automation implementation will require numerous changes and refactoring, thus making this process pretty much painful. If you want to avoid most of constraints and make it less severe - follow infrastructure as code best practices below!

    1. If you are a startup and a platform or application is not developed yet, don't try to automate everything at the outset. The reason for this is a high pace of changes. Once the platform becomes more or less stable, you will be able to automate its provisioning and maintenance.

    2. Apply version control and peer reviews with Pull Requests in the same way as you would do for developers. This will allow you to fully utilize benefits of infrastructure code being shared with other team members and you always may need second pair of eyes on your infrastructure.

    3. Utilize CICD and quality control for repository with your IaC - this will help you to maintain good quality of the code and get fast feedback loops from your DevOps teammates or developers ( after the changes were applied ). Luckily, there are test frameworks that allow us to write the actual tests , the earlier you try to cover everything with it - the more you benefit from it and less unexpected problems will happen with infrastructure. For sure you can't cover the application errors here, but at least you can be more confident in your infrastructure.

    4. Idempotency. Roughly speaking - maintain your IaC code in such a way that if you applied something and then run it a couple of times again - it will produce the same results again and again. Usually this means that you would need to remove some "one-or-nothing" bash scripts written by your sysadmins and try to replace it with more reliable parts of your IaC ecosystem.

    5. Use modules - almost every modern Infrastructure as Code tool allows you to write modules, roles or any other abstraction that gathers blocks of code into one logical piece. By trying to modularize this code you will get the same benefits as you would do from writing mature program in any language according to best practices such as DRY.

    Prognosis for Infrastructure as Code

    As the industry grows - the IaC tools evolve as well. In the recent past we were focused more on provisioning the instances or virtual machines, rather than managing cloud services. Tools like Ansible, Chef, Puppet and SaltStack were the top.

    Current situation is a bit different, due to the popularity of docker containers IT industry moves into Kubernetes and other orchestrators. And there are not so many tools that can allow us to have smooth deployments inside Kubernetes, tools like Kustomize or Helm can deploy workloads into Kubernetes, but 1st one just allows you to customize manifests, and you still do everything with kubectl apply, and the 2nd tool - doesn't care much about results of deployment.

    Another problem that exists at the moment - is that most of the Infrastructure as Code tools don't have the code itself, they are written in some configuration language (YAML, JSON, HCL) so you still miss the key features - such as any programming language has, like OOP abstractions, for/while loops, if/else statements and others. There are relatively new tools that emerged to solve this problem, like AWS CDK and Pulumi, they pretty much can be compared to Cloudformation and Terraform with the main difference being that these new tools allow you to write the actual code.

    We believe that main changes will happen to these two areas in the nearest future and hoping it will make dev teams live easier because you won't longer need to dive deep into the troubleshooting or into the documentation if you want to learn new IaC tool to manage your infrastructure.

    Final thoughts

    Infrastructure as code or simply IaC becomes popular by leaps and bound in the IT world. It serves as a starting point for DevOps adoption and loads off teams, allowing them release new features more frequently and produce less bugs and . Despite quite complicated implementation, IaC has unarguable advantages like -
    - opportunity to modernize application faster;
    - measure the impact (track KPIs and other efficiency metrics);
    - comprehensive solution for every taste;
    - reduced time for infrastructure maintenance and provisioning;
    - less bugs and almost 0-downtime;
    - version control.

    Have questions? Contact us for more details!
    Related services
    Recommended articles
    // CONTACT US:
    Made on