Since its inception over a decade ago, Infrastructure as code or IAC has been transformative in the way IT infrastructure is set up and managed today. Historically, setting up new infrastructure meant stacking physical servers, configuring network cables, and housing hardware in a capable data center. Today, setting up more performance efficient, cost-effective, and secure infrastructure can all be done using software. Furthermore, thanks to the evolution away from legacy change management, by adopting consistent routines for provisioning and changing systems as well as their configuration help teams roll out thoroughly validated, yet fully, unattended new processes in minutes rather than days.
The wealth of cloud services and infrastructure tooling options now certainly make IAC even more appealing for developers. The use of infrastructure as code means IT infrastructure can be fully provisioned from source code rather than manually. IAC opens the door to the complete automation and configuration of infrastructure, with cloud elements such as servers, networks, and databases being treated similarly to software.
By treating infrastructure as software and data, development teams can also adopt a range of DevOps and Agile practices that promote fast, quality workflow down the technology value stream. Teams can exploit best practices such as continuous integration (CI), continuous delivery (CD), and test-driven development (TDD). Organizations can also optimize the use of deployment orchestration, automated testing libraries, and version control systems (VCS) to enhance and strengthen the integrity and fault tolerance of their systems.
Thanks to the fast-paced evolution of the practice, IAC is made more accessible today through a comprehensive range of tools available for automating the entire provisioning process. This article covers a variety of different options for multiple cloud platforms to support even the most demanding business-critical environments.
We really cannot talk about IAC tools without talking about AWS CloudFormation. The integrated AWS service is designed for users working in the AWS Cloud. Since AWS remains one of the most popular cloud environments on the market today, it makes sense that over 350,000 devs use CloudFormation. As of this year, it’s possible to provision 342 AWS resource types too.
CloudFormation allows users to model their infrastructure within a JSON or YAML template file. The service also adds automation features to help with the deployment of resources in a repeatable and manageable way, and you only pay for the resources used—not the service itself. With the template configured to your application specifications, CloudFormation will handle the rest of the tasks for you.
The use of plaintext is particularly handy. As mentioned, YAML or JSON are both supported, and it is easy to establish a secure infrastructure model at any complexity level from the many templates available from CloudFormation.
Get started with AWS CloudFormation here.
Azure Resource Manager
Not to be beaten by Amazon, Microsoft’s IAC tool is available for users in the form of Azure Resource Manager. Using this tool, users can provision infrastructure and handle dependencies in one seamless cycle through Azure Resource Manager templates (ARM templates). The resources your template taps into are declaratively described within JSON and you can declare multiple Azure resources in one ARM template to establish whole project environments.
Since ARM templates are idempotent too, you can reuse the same template an infinite number of times and always get the same results. Use a VSTS dashboard to visually monitor all your builds and releases, and get a quick overview of the overall health of your environments and the quality of your templates. The Resource Manager also supports the grouping of server instances and the unified management of groups.
Get started with Azure Resource Manager here.
Google Cloud Deployment Manager
We also have the automation tool from Google, known as the Google Cloud Deployment Manager. The tool bases its execution on config files (YAML) and templates (JINJA2 or PYTHON) all within the Google Cloud Platform. It also allows you to define your resources and deploy them synchronistically. You get access to both Beta and Alpha features and you can fully script all deployments with autoscaling and load balancing capabilities.
Google CDM also supports previews; which means rather than committing changes directly, you can sneak an advanced overview of the impact deployments and changes will have. The feature allows for human errors to be avoided and to strengthen and stabilize your infrastructure as a whole.
Get started with GCDM here.
The three IAC tools we have covered so far are designed to work with specific cloud environments, but that is not the case with this next one: Terraform. Terraform is not only idempotent, it’s the multi-cloud capable swiss army knife of IAC tools. Developed by HashiCorp—the same company behind Vault and Nomad—Terraform is completely cloud-agnostic and helps you tackle large infrastructure for complex distributed applications, for example, with more ease than working on a cloud-specific platform.
Terraform automation comes in various shapes and is orchestrated in varying degrees with the focus on the core plan/apply cycle. Some teams run Terraform locally but use wrapper scripts to set up a consistent working directory for Terraform to run in. Other development teams run Terraform entirely within an alternate orchestration tool such as Jenkins. It is by far the most adaptable tool on this list but subsequently potentially intimidating, to begin with at least.
Similarly to Google CDM, Terraform also supports change and provisioning previews, plus it has a capable set of features for replicating deployments and individual server instances. Terraform then also takes it a step further with its version control and remote states which provide a centralized source of truth for remote teams working in collaboration.
Get started with Terraform here.
Chef is a particularly popular IAC tool among CI/CD practitioners. The fact that Chef uses Ruby-based DSL is certainly a huge plus too. It supports ‘cookbook’ versioning from the beginning and allows you to maintain a consistent configuration—even when the infrastructure needs to keep up with the rapid growth of the app it hosts.
Chef provides recipes and cookbooks at the heart of its configuration—these are self-styled appellations for templates and collections of templates that you can use out of the box. One cookbook should relate to a single task, but it can deliver a number of different server configurations based on the resources involved (e.g., a web application with a database will have two recipes, one for each part, stored together). Thanks to its support for cloud provisioning APIs, Chef also works really well with other IAC tools including Terraform as well as multiple other cloud environments.
Get started with Chef here.
Chef may be the preferred tool of many, but those in a Red Hat environment certainly appreciate Ansible. It is a tool designed with automation in mind from the start. Ansible focuses on providing “radically simple” configuration language as well as being able to manage cloud instances immediately with no modifications. It is also great for performing arbitrary IT orchestration (e.g., zero downtime rolling updates, hotfixes, etc.) as opposed to being configuration management specific. Rather than managing systems as individual units, you simply describe how components—and the system in general—interact with each other and Ansible will handle the rest.
Ansible is also one of the more flexible IAC tools on the market right now. You are not limited to the features it provides and can instead develop your own modules and routines to meet specific needs. It even has a rather attractive GUI for setup and monitoring.
Get started with Ansible here.
Puppet too takes a more holistic approach to IAC setup and automation. Puppet runs the data centers for several significant companies like Reddit, Dell, and Google and runs on all OS systems. It also has one of the most advanced interfaces on this list. It has been on the market for a long time and uses Ruby-based DSL as the primary language for defining the desired end state of the infrastructure. I said “end state” because that is what you need to define.
Puppet will then figure out the best way to achieve that end state for you. It also monitors the infrastructure for changes that deviate away from the defined end state and automatically corrects those changes too. This is a tool developed specifically for system administrators thanks to considerable enterprise and community support provided.
Choosing the best IAC tool is a matter of finding one that suits your personal preference and specific needs best. Two of the most important things to make an IAC system easy to use for you are consistency in both how you utilize it and environmental awareness. Also, find the programming language that works the best for you and your team. As you will spend a lot of time—at least to begin with—writing content, choose what your team can best communicate in. What makes you most productive?
Get started with Puppet here.
Don’t miss a read of our Security Challenges with IAC and How to Overcome Them to complement your workflow.
Ibexlabs is an experienced DevOps & Managed Services provider and an AWS consulting partner. Our AWS Certified DevOps consultancy team evaluates your infrastructure and make recommendations based on your individual business or personal requirements. Contact us today and set up a free consultation to discuss a custom-built solution tailored just for you.