DevOps practices are adopted in order to increase the velocity that code is delivered through making it simple and automated to deploy your applications/systems, regardless if enhancements to those systems require new infrastructure pieces to be added.
While individual cloud providers such as AWS and Azure have tools like Cloudformation and Azure Resource Manager respectively, the preference should be to to use cloud agnostic tools such as Hashicorp Terraform.
Benefits of Infrastructure as Code
Before Infrastructure as Code tools, managing IT infrastructure in the cloud was very similar to managing on premise infrastructure: very manual and unwieldy.
For companies who have very large workloads on AWS or other public cloud providers the number of resources in their cloud becomes very difficult to manage manually. Using Infrastructure as Code like Terraform provides a number of benefits to software organizations:
- Consistency across environments: Since you are defining all of your infrastructure in terraform modules or templates, it is easy to reapply this same template with slightly different variables. This is ideal for a proper DevOps environment and following 12 factor app best practices which call for consistency across development/staging/production environments.
- Configuration Consistency: Since modules are versioned and reused, you can continually improve these modules over time. Terraform modules can be used to define typical architecture for an organization’s preferred application stacks. For example if they commonly use AWS and write code in Django or NodeJS they can have a module which defines an RDS DB, a load balancer, launch configuration, etc. Improving these modules as you continue to work with them provides great efficiency
- Self Documenting Infrastructure: As organizations grow, it can become difficult to spread the knowledge of the architecture in use. Often times this information is in the minds of a few key engineers on the team. When using an Infrastructure as Code tool like Hashicorp Terraform, the code itself can serve as a clear description of the desired state of the architecture/infrastructure. This can make it easier to bring new engineers into an organization and quickly understand how things are managed and deployed
- Developer Efficiency: With an Infrastructure as Code tool, common tasks are easily repeatable and making changes can be completed, tested, and deployed very quickly. Tasks such as adding an Elasticache instance or making a change to a VPC network can be done with just a quick code update.
How Can ITM Help You?
iTM covers all aspects of Cyber Security including but limited to Home cyber security managed solutions to automated, manage threat intelligence, forensic investigations, Cloud security best practice and cyber security training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. Contact Us for more information.