What is IaC all about?

IaC is a term that emanated from the organizations’ need to manage and scale their IT infrastructure setup in an automated and coordinated fashion.

Infrastructure provisioning with IaC
Infrastructure provisioning with IaC

IaC is the approach toward writing the infrastructure as a textual and readable set of configuration files instead of provisioning resources via graphical interfaces or other interactive software applications/web interfaces.

IaC abstracts away management overhead and the complexity that comes with manually manipulating hardware configurations.

Benefits of IaC

Managing IT infrastructure using manual means is more costly, prone to errors, and time-consuming. The advantages of IaC are as follows:

  • Efficiency
  • Consistency
  • Openness
  • Reduced cost and fewer errors
  • Promptness

IaC tools

Managing infrastructure gets easier with the help of different public cloud solutions provided by technology giants like AWS, Microsoft Azure, and the Google Cloud Platform. However, there are still a lot of inconsistencies that can arise by manually interacting with the different tools available via both on-premises and cloud environments.

This is where IaC tools help organizations maximize their approach to automating their infrastructure setup.

IaC tools are categorized into:

  • Orchestration tools
  • Configuration management tools
IaC tools
IaC tools

Some of the most popular tools available for IaC include the following:

Orchestration tools

Orchestration tools are used for provisioning as well as managing infrastructure. Some of the tools in this category are:

  • CloudFormation
  • Terraform
  • ARM templates
  • Google Cloud Deployment Manager

Configuration management tools

Configuration management tools are used to manage the running configurations/software of running infrastructures. There are other tools used for infrastructure automation, especially where container workloads and virtual machines are concerned. The table below highlights configuration management tools as well as other tools.

Configuration Management Tools

Configuration Management Tools

Other Tools

Ansible

Docker

Salt/Saltstack

Packer

Chef

Vagrant

-

Puppet

Ways to approach IaC

There are two approaches for defining configuration files used in IaC:

  • Imperative approach
  • Declarative approach

Imperative approach

This is where specific steps for automation are defined in a series of actions or steps. Tools in this category include Chef and AWS CLI.

Declarative approach

With this approach, we only need to define the desired state of our infrastructure and leave the automation platform to help figure out how to provision this state. Tools in this category include Puppet and Terraform.

Some other tools like Ansible and Saltstack offer support for both the imperative and declarative approaches.

Playground for provisioning the S3 bucket

Let’s take a closer look at how to define configuration declaratively using Terraform or imperatively using the AWS CLI.

The code snippet below shows how we can provision an S3 bucket using Terraform using the declarative syntax. Follow the steps below to achieve this:

  1. Notice that on lines 1–10, we define the Terraform block that specifies the version of Terraform we’re using and the version of AWS provider we want to use.

  2. Also notice that on line 12, we instruct Terraform to authenticate with the AWS provider using the combination of our access_key, secret_key, and AWS region we specified.

  3. In order to create an S3 bucket, we first need to create a unique ID that’s randomly generated and will be attached to the end of our bucket name. Copy the code snippet below and add it to the end of main.tf

resource "random_id" "sample" {
byte_length = 4
}
Defining a random hexadecimal for the bucket name
  1. To create a bucket, please copy the snippet below and add it to the end of main.tf. Note that we’re calling the aws_s3_bucket resource named my_bucket and defining the needed parameters below:

    • The bucket name with the value of my-first-bucket joined with the random hexadecimal that we generate

    • The name tag with the value of My first bucket

    • The environment tag with the value Staging

resource "aws_s3_bucket" "my_bucket" {
bucket = "my-first-bucket-${random_id.sample.hex}"
tags = {
Name = "My first bucket"
Environment = "Staging"
}
}
Defining the S3 bucket resource
  1. Run the terraform init command in the terminal to initiate the Terraform backend.

  2. Run the terraform plan command to show the execution plan.

  3. Provision the S3 bucket on AWS using the command terraform apply and then type yes at the prompt.

If we’re to provision the same resource using the AWS CLI, we only need to use the command below:

aws s3 mb s3://<bucket-name> --region <region-name>
Provision S3 bucket using AWS CLI

Note: Remember to set a unique bucket name by adding a hexadecimal value, for example: my-sample-1a3468. This command will return the value make_bucket: my-sample-1a3468 if it’s successful.

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.16"
    }
  }

  required_version = ">= 1.2.0"
}

provider "aws" {
  access_key="{{AWS_ACCESS_KEY_ID}}"
  secret_key="{{AWS_SECRET_ACCESS_KEY}}"
  region="{{AWS_REGION}}"
}
Declaratively or imperatively defining resources

Observe that we’re simply supplying the bucket name that we want and the region where we want to create the bucket. Using the AWS CLI is an imperative approach because AWS CLI figures out the creation process for us, unlike in Terraform where we define all we want explicitly and declaratively.