IaC (Infrastructure as Code)
Definition
IaC is the practice of managing and provisioning infrastructure through machine-readable definition files rather than physical hardware configuration or interactive tools. Infrastructure is defined in code, version-controlled, reviewed, and deployed automatically.
IaC Approaches
| Approach |
Tool |
Paradigm |
| Declarative |
Terraform, CloudFormation |
Define desired state; tool figures out how to reach it |
| Declarative |
Ansible, Pulumi |
Define desired state; tool ensures compliance |
| Imperative |
Shell scripts, Chef |
Define step-by-step instructions |
Key Concepts
- Declarative vs Imperative: Declarative = “what” (desired state); Imperative = “how” (steps)
- State File: Tracks current infrastructure state (Terraform state, Ansible facts)
- Drift Detection: Comparing actual infrastructure against declared state
- Modularity: Reusable components (Terraform modules, Ansible roles)
- Plan/Apply: Preview changes before applying (Terraform plan)
- Idempotency: Running the same code multiple times produces the same result
| Tool |
Language |
Cloud Support |
Type |
| Terraform |
HCL |
Multi-cloud |
Declarative |
| Pulumi |
TypeScript/Python/Go |
Multi-cloud |
Declarative |
| CloudFormation |
JSON/YAML |
AWS only |
Declarative |
| Ansible |
YAML |
Multi-platform |
Declarative |
| AWS CDK |
TypeScript/Python/Java |
AWS only |
Declarative |
| Crossplane |
YAML (CRDs) |
Multi-cloud |
Declarative |
IaC Benefits
- Reproducibility: Same infrastructure deployed identically every time
- Version control: Track infrastructure changes with Git
- Collaboration: Code review for infrastructure changes
- Disaster recovery: Rebuild infrastructure from code
- Cost tracking: Infrastructure as code in Git history
