Chapter 6. Infrastructure as Code

Infrastructure as code, or IAC, is a fundamental tool for cloud native environments. It should be the primary way resources are created, updated, and deleted across your estate. This book focuses on bringing a Terraform-first approach to fulfilling your security requirements, as that is how you drive impact at scale.

A common method for the initial management of cloud estates is to do everything through the console. This is inherently unrepeatable and difficult to audit, and it makes ensuring that changes don’t result in insecure infrastructure effectively impossible. In Recipes 7.7 through 7.9, the book explores the options you have to prevent people from misconfiguring resources.

With the rapid pace of change in cloud environments, the previous methods of reviewing architecture diagrams on a regular cadence do not work. As the platform underneath the team matures, they need to be enabled to change their architecture on demand. Especially as teams encroach on serverless or Kubernetes-based architectures, the dynamic and elastic nature of cloud native services necessitates a different approach.

IAC enables you to create patterns that are secure by default. First, by producing infrastructure modules that are secure by default, you simplify the secure adoption of cloud for delivery teams. Second, by deploying your own serverless code, you can automate common tasks and dynamically react to changes in the environment. Third, by using CI/CD pipelines, ...