Chapter 74. Principles, Patterns, and Practices for Effective Infrastructure as Code

Adarsh Shah

Infrastructure as code (IaC) is an approach that takes proven coding techniques used by software systems and extends it to infrastructure.1 It is one of the key DevOps practices that enable teams to deliver infrastructure and the software running on it rapidly and reliably, at scale, especially in the cloud.

Key Principles

Two key IaC principles are idempotency and immutable infrastructure:

  • Idempotency means no matter how many times you run your IaC and what your starting state is, you will end up with the same end state. This simplifies the provisioning of infrastructure and reduces the chances of inconsistent results. Idempotency can be achieved by using a stateful tool with a declarative language, like Terraform, where you define the desired end state and then it is Terraform’s job to get to that end state. If it can’t, it will fail.

  • Immutable infrastructure means instead of changing existing infrastructure, you replace it with new. By provisioning new infrastructure every time, you are making sure the configuration is reproducible and avoiding drift over time.

Principles and Practices

The following are important IaC principles and practices:

Source control
Everything should be in source control—even a script that you run occasionally—and should ...

Get 97 Things Every Cloud Engineer Should Know now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.