Chapter 74. Principles, Patterns, and Practices for Effective Infrastructure as Code
Infrastructure as code (IaC) is an approach that takes proven coding techniques used by software systems and extends it to infrastructure.1 It is one of the key DevOps practices that enable teams to deliver infrastructure and the software running on it rapidly and reliably, at scale, especially in the cloud.
Two key IaC principles are idempotency and immutable infrastructure:
Idempotency means no matter how many times you run your IaC and what your starting state is, you will end up with the same end state. This simplifies the provisioning of infrastructure and reduces the chances of inconsistent results. Idempotency can be achieved by using a stateful tool with a declarative language, like Terraform, where you define the desired end state and then it is Terraform’s job to get to that end state. If it can’t, it will fail.
Immutable infrastructure means instead of changing existing infrastructure, you replace it with new. By provisioning new infrastructure every time, you are making sure the configuration is reproducible and avoiding drift over time.
Principles and Practices
The following are important IaC principles and practices:
- Source control
- Everything should be in source control—even a script that you run occasionally—and should ...