Infrastructure as Code (IaC) What problem does it solve?
Simply put, Infrastructure as Code is the answer to managing cloud environments at scale in a repeatable manner. Gone are the days of server builds and manual configuration through the night, only to find that human error causes your application deployment to be delayed. With IaC we can now define environments in a declarative way to guarantee consistency and efficiency.
Here are the key benefits;
- Change tracking
- Faster deployments
- Compliant self-provisioning
- Documentation in code
Let’s have a look at some practical uses.
Single Deployments
At a small scale, it may be that you require a resource to contain a specific configuration. An example might be a Function app that requires connectivity to on-premises resources via the hybrid connections feature. Using Infrastructure as Code you can create a template to guarantee this functionality is always included at each deployment.
Look out for the ‘Download a template for automation’ or Automation options option when deploying a new resource. This gives you the base template to which you can modify and then add to the template library if you wish.
Repeatable Environments
A big challenge with application deployments is ensuring the environment used in development matches production. If this isn’t the case, configuration and dependency problems usually arise.
In this scenario the developers know what they want, but the Ops team also want to check that security and governance best practices are being adhered to. By creating a predefined environment, IaC lets you combine these disciplines and ensure that whenever the environment is deployed, everyone is happy.
Keeping a source of truth is also critical. An ideal tool for this is Terraform, which has been picking up a lot of traction recently due to it’s easy to read syntax and dry run feature. As well as ARM templates, Azure also offers a solution called Azure Blueprints, allowing you to incorporate ARM templates, RBAC, polices and resource groups into a single repeatable package.
Network Security – Change Management
A common cause of friction between developers and security teams can be the change process surrounding network security. This process can often take days or even weeks to complete holding back the applications speed to market. With IaC we can automate this process using DevOps pipelines and approvals.
Consider a scenario where multiple network security rules or user defined routes need updating before an application goes live. A CI/CD pipeline could be created to only update those elements when required.
The request is made by modifying the IaC within source control. The change is then is automatically pushed to the CI/CD pipeline where an approval request is submitted to the security team. This request can then be ether approved or rejected.
