Mar 30, 2022 4 min read devops

0x004 - Infrastructure as Code 🗳️

Hi, y’all! This is the fourth issue of unzip.dev, a newsletter dedicated to developer trends, where we unpack trending dev concepts. My name is Agam More, and I’m a developer generalist. Join the ride and have fun!

Infrastructure as Code (IaC)

Wait! Isn’t this an old trend? I hoped so, but some organizations still don’t use it 😵 Also, I’ll write about GitOps soon, so we need to even the ground.

TL;DR:

Problem: Manually managing and configuring servers is a pain in the butt.
Solution: Manage and provision servers via configuration or code files.
In Sum: IaC is a best practice for many cloud deployments, the pros outweigh the cons in most cases.

How does it work? 💡

Define your infrastructure in a code definition file (YAML is very common).
Preview the changes you are about to apply (see what is going to change).
Deploy the definitions to your cloud.

Use cases ✅

Easily deploy dev, staging, and production environments with a CLI command instead of wasting hours configuring it by hand.
Create local environments that are consistent

Why? 🤔

Consistency and confidence: Having an idempotent environment reduces discrepancies between deployments. You always know what you get when you define everything in code rather than SSHing into machines.
Version controlled: You get the ability to roll back your environment and see differences between deployments.
Cost: Hiring professionals that know how to manage servers manually is very costly and more error-prone.
Speed: Provisioning servers by hand is a slow process, with code we just execute the files.
Monitoring: Finding deployments that deviate from your definition code is a simple task of diffing them (e.g. CloudFormation’s detect-stack-drift).
Security: It is simpler to adhere to security standards when all services are pre-configured.
Accountability: No more playing the blaming game, the files can be tracked and show who made the change.
Documentation: Your infrastructure is now written in easy to reason textual files instead of active instances on the cloud with varying states.
Portability: You can move your infrastructure between cloud providers much more easily (assuming you’re using a cloud-agnostic IaC tool).

Why not? 🙅

Access control: Without pre-defined procedures for handling definition code files, your environment is wide open for any developer to access it - hence reducing security. You also need to ensure deployments are done by authorized entities.
Unwanted mistakes: If you don’t review the deployment before applying it you might cause destructive changes.
Not for every project: If you are already using a deployment platform like vercel or netlify with a small deployment, there is little reason to use IaC. The moment you need complex cloud environments, you might want to look for IaC.
Tweak Speed: Sometimes making small tweaks in the environment is faster to do directly, but then you lose on all the advantages laid out here.
Additional tooling required: You may need a configuration management system (Ansible and such).
Unsupported tools - The IaC tools don’t always support all the features of the cloud provider. Forcing the developer to decide between not using important features, or “hacking it”.

Tools & players 🛠️

Terraform - A cloud-agnostic open-source IaC for all major cloud providers - very popular.
CloudFormation - AWS’s solution for IaC, works deeply & exclusively with the AWS ecosystem it works great with CDK.
Pulumi - Write real code (TS, Python, Go...) to define your infrastructure, ohh, and it is cloud-agnostic.
Serverless Framework - For serverless deployments, cloud-agnostic.
Cloud-provider-specific tools: Azure Resource Manager, Google Cloud Deployment Manager
Machine level tools: You will probably use Docker, Ansible, Chef, or Puppet.

🤠

My opinion: For most projects, I’d probably go with Terraform, as it is very well-known and cloud-agnostic. I am tempted to try Pulumi or CDK soon as they are more developer-first.

Forecast 🧞

X-as-Code: The emergence of Network-as-Code, Policy-as-Code, and the likes makes me believe we will see more use cases for defining states with code. The advantages outweigh the disadvantages. We may even see physical systems declared as code (Supply chain-as-code?).
- Because of this idea spreading to other industries and subjects I think we will see more accompanying tools for each new industry (like security, monitoring, optimization... for X-as-Code).

Extra

IaC pitfalls and mitigations.

Thanks 🙏

I wanted to thank @AndyKatz (tons of insights about technical recruitment) for great collaboration on this issue with his vast past knowledge of IaC deployments (he really loves CDK ❤️).

EOF

(Where I tend to share unrelated things)

I am opening a school which I will personally lead, teaching web development. It is a bootcamp 7 months long, fully remote in English. The neat thing is that students only have to pay after they get a job in tech, above a certain threshold (see ISA). I'm only one of several impressive school leads, so there is a verity of teaching personalities to choose from. You can check Masterschool, the company behind all this. Reply to this email if this interests you or someone you know.

As a developer, it’s really hard to gauge the quality of my writing. It feels like using those old room-sized, punched-card computers where you had to wait all weekend for the results and only then get feedback 😪 So your comments are, truly, most appreciated:

Tweet at me @agammore or simply reply to this e-mail, and I promise to reply! 🤞