Getting Started with Infrastructure as Code
What is IaC?
When you are new to the cloud, your early interactions are via the web portals such portal.azure.com for Microsoft Azure or aws.amazon.com for Amazon Web Services. This is ideal for at the start, because it’s interactive and follows a step-wise approach to resource creation which is great for learning.
However, when scale, automation and repetition is required, using a portal is inefficient because it is slow, manual and prone to error. This is where infrastructure as code comes in.
Infrastructure as code (IaC) in the cloud is the process of managing and provisioning cloud resources through machine-readable definition files, rather than interactive configuration tools. These files contain your infrastructure specifications, which simplifies how you make changes to your environment but also allows you to share these files for repeatable deployments.
IaC facilitates automation, an essential requirement for successful cloud operations.
IaC come in 2 flavours and that’s classed by the syntax: Imperative and Declarative. Imperative IaC is when you codify the process of provisioning the resources, the steps and in what order to follow but declarative IaC is when you define the desired end state of your resource(s) without detailing the steps as part of the code.
IaC languages or tools can be natively provided by cloud providers such as ARM templates, AWS cloudFormation etc. and there are others that are cloud platform agnostic i.e. can be used to deploy across multiple cloud platforms, for example, Terraform.
For the main cloud providers, you can find more information below:
Google Cloud : Google Cloud Deployment Manager
Amazon Web Services : CloudFormation
Microsoft Azure: ARM templates
Why should You learn IaC?
Build to scale
Imagine you have just landed a new gig as a cloud engineer and you’ve been tasked to spin up a virtual machine(VM), enable boot diagnostics and ensure that the diagnostic logs are stored in blob storage. Using the web portal, you can do this in 5mins, which is not a bad start.
The boss is impressed and gets on you on a big cloud project, where you are now required to spin up 100 VMs, distribute them across multiple availability zones within your primary region, enable boot diagnostics and store for each VM in a separate blob. If you plan to use the portal for the tasks, it’ll take you a considerably long time to finish and it’s guaranteed that you’ll make a mistake somewhere as you click across hundreds of web pages.
This is where infrastructure as code shines because it allows for automation and repeatability. You can define a template, deploy as many times as you want and most importantly, you deploy consistently.
IaC helps with a deeper understanding of how cloud objects/resources are stacked together to provide a service.
I have seen this happen a number of times where an engineer will need to delete a VM in Azure portal and will delete just the VM instance, forgetting to delete network interface cards, public IP address, disks etc associated with that instance because during the process of creation using the portal, they didn’t have to create these objects individually. So there’s always an assumption that once the VM is deleted, all these other services will go because it is seen as part of the VM instance when in reality, these are separate resources.
Using IaC enhances the understanding of your cloud resources and how they are pieced together to deliver a service.
“DevOps as a set of practices that combines software development and IT operations. It aims to shorten the systems development life cycle and provide continuous delivery with high software quality.”
One of the best definitions I’ve seen for DevOps is on AWS blog which defines it as a combination of philosophies, practices and tools that increase an organisations ability to deliver applications and services at HIGH VELOCITY.
Teams adopt Continuous integration/Continuous Delivery (CI/CD) practices and tools to achieve this high velocity and automation is right at the centre of it. No one wants to wait for the cloud guy to click his way through the portal when resource creation or modification is required. You need to be able to function in such an environment and learning IaC is the key.
If you want to land a cloud role, you need to learn IaC. Go to your favourite job site and check out the skills required for your dream cloud role, I can assure you that IaC is going to be listed in there. Every hiring manager wants to hire for value and you need that edge.
How to get started
Learn data structures and algorithms
If you do not know any general purpose language like python or c#, you should learn the basics of data structures and algorithms.
It is essential that you know how data objects are stored in memory and what operations can be performed on them. Understanding structures such as lists, arrays, integers, strings etc. and algorithms such as for-loops before getting into infrastructure as code will make your learning journey easier.
Start by deploying small scale services to gain familiarity with your chosen IaC constructs, syntax etc.
As with learning anything new, if you don’t use it regularly, you’ll forget. So practise.
When I first learnt ARM templates for Azure, I stopped using the web portal for resource creation until it became second nature to code up resources.
Once you’ve gained a mastery of the native IaC language for your primary cloud platform, go agnostic if you plan to be skilled for multi-cloud architectures.
Learn languages like Terraform, Pulumi etc. This will help with switching between clouds, jump on new projects and use new platforms without having to start from scratch.