What is Infrastructure as Code?

Infrastructure as Code (IaC) is the practice of managing and provisioning computing infrastructure through machine-readable configuration files rather than through manual processes or interactive tools. Instead of clicking through a web console to create servers, databases, and networks, you write code that describes exactly what you want, and an automation tool builds it for you.

---

Why Infrastructure as Code Matters

Before IaC, teams provisioned infrastructure manually. A system administrator would log into a console, click through menus, fill out forms, and hope they remembered every setting. This approach suffered from several critical problems:

• Configuration drift — servers that were set up months apart would have subtle differences, even if they were supposed to be identical
• No audit trail — there was no reliable record of who changed what, or when
• Slow and error-prone — manual steps are difficult to repeat consistently, especially under pressure
• Knowledge silos — only the person who set it up knew how everything was configured
• Difficult disaster recovery — rebuilding an environment from scratch after an outage took days or weeks

IaC solves all of these problems by treating infrastructure the same way we treat application code: it is versioned, reviewed, tested, and automated.

---

Key Principles of Infrastructure as Code

1. Declarative vs Imperative

There are two fundamental approaches to IaC:

Approach	Description	Example Tools
Declarative	You describe the desired state and the tool figures out how to achieve it	CloudFormation, Terraform, Pulumi
Imperative	You describe the exact steps to execute in order	Bash scripts, AWS CLI scripts, Ansible playbooks

Declarative example — you say "I want a VPC with two subnets and an EC2 instance" and the tool creates whatever is missing.

Imperative example — you say "First create the VPC, then create subnet A, then create subnet B, then launch an instance."

Most modern IaC tools use the declarative approach because it is simpler, safer, and easier to maintain over time.

2. Idempotency

An idempotent operation produces the same result whether you run it once or a hundred times. If your template says "create a VPC with CIDR 10.0.0.0/16" and that VPC already exists, the tool should recognise it and make no changes. This property is essential for safe, repeatable deployments.

3. Version Control

IaC templates are plain text files that belong in a version control system such as Git. This gives you:

• History — every change is recorded with a timestamp and author
• Code review — team members can review infrastructure changes before they are applied
• Branching — you can experiment with changes on a branch without affecting production
• Rollback — you can revert to a previous version of your infrastructure definition

4. Reproducibility

The same template should produce the same infrastructure every time it is applied, regardless of who runs it or when. This makes it trivial to:

• Spin up identical development, staging, and production environments
• Rebuild after a disaster
• Onboard new team members who can read the code and understand the architecture

---

Benefits of Infrastructure as Code

Benefit	Description
Speed	Provision entire environments in minutes instead of days
Consistency	Every environment built from the same template is identical
Safety	Changes can be reviewed, tested, and approved before deployment
Documentation	The code itself documents your infrastructure
Cost control	Tear down environments you no longer need with a single command
Collaboration	Multiple team members can contribute to infrastructure definitions

---

IaC in the AWS Ecosystem

AWS provides several tools for practising IaC:

AWS CloudFormation

CloudFormation is the native AWS IaC service. You define your infrastructure in JSON or YAML templates and submit them to CloudFormation, which creates and manages the resources for you. CloudFormation is deeply integrated with all AWS services.

AWS Cloud Development Kit (CDK)

The CDK lets you define infrastructure using familiar programming languages such as TypeScript, Python, Java, C#, and Go. Under the hood, the CDK generates CloudFormation templates, so you get the best of both worlds — the expressiveness of a programming language and the reliability of CloudFormation.

AWS SAM (Serverless Application Model)

SAM is an extension of CloudFormation specifically designed for serverless applications. It provides shorthand syntax for Lambda functions, API Gateways, and DynamoDB tables.

Third-Party Tools

Tools such as Terraform (by HashiCorp), Pulumi, and Ansible also support AWS and are widely used in the industry. Each has its own strengths, but they all share the core IaC principles described above.

---

A Simple Example

Here is a minimal CloudFormation YAML template that creates an S3 bucket:

AWSTemplateFormatVersion: '2010-09-09'
Description: A simple S3 bucket

Resources:
  MyBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: my-example-bucket-12345

This template is:

• Declarative — it says "I want an S3 bucket" without specifying the API calls to make
• Idempotent — if the bucket already exists, CloudFormation will not try to create a duplicate
• Versionable — it is plain text that can be committed to Git
• Reproducible — anyone with the right permissions can run it and get the same result

---

The IaC Workflow

A typical IaC workflow follows these steps:

1. Write — create or update your template in a text editor or IDE
2. Review — submit a pull request for your team to review the changes
3. Test — validate the template and optionally deploy to a test environment
4. Deploy — apply the template to create or update real infrastructure
5. Monitor — verify that the deployed resources are healthy
6. Iterate — make changes to the template and repeat the cycle

This workflow mirrors the software development lifecycle, which is exactly the point — infrastructure changes should be as disciplined and well-tested as application changes.

---

Summary

Infrastructure as Code transforms infrastructure management from a manual, error-prone process into a disciplined, automated practice. By treating infrastructure definitions as code, teams gain speed, consistency, safety, and collaboration. AWS CloudFormation is the native IaC service for AWS, and in the next lesson we will dive deep into how it works.