Infrastructure as Code Best Practices

  • September 22, 2021

For many years managing your company’s IT infrastructure was a challenging job. IT teams had to manually configure all the software and hardware used to run your applications. Teams would set up physical servers and configure and manage them manually. This effort required large teams of people and dedicated physical space for servers. Luckily this is no longer the case. Today, your IT team can use automation and cloud computing to run your infrastructure. Infrastructure as code is nothing short of a revolution and a massive improvement. 

Infrastructure as code (IaC) is a major component of automated infrastructure. It is when you use configuration files to manage your IT infrastructure. When you automate your infrastructure in the cloud, your organization can reduce costs, improve availability and scalability, monitoring, and visibility. Most importantly, automation and IaC reduce the likelihood of human error. When your infrastructure is automated using IaC, your engineers will have time to focus on tasks that add value to your company.


The Missing Piece: IaC

The cloud has solved many of the challenges facing traditional IT infrastructure. However, manually configuring your cloud infrastructure still results in inconsistencies created by human errors. IaC is the missing piece of this puzzle. When your configuration takes the form of a single code file, it is much easier to manage. It can and should be treated like source code and put under source control. 

There are numerous direct benefits from implementing IaC. They include increased speed, reliability, change management, and improved disaster recovery, and cost optimization. Since IaC is much easier to update, it enables you to easily update your infrastructure to address changing security and compliance standards. 

IaC can take either the imperative approach or the declarative approach. The former gives orders or defines a set of commands for the infrastructure to reach the desired result. The latter declares what the desired result should look like. No matter the approach, there are certain best practices your IaC should follow. 


Best Practices

In order to manage your IaC code, you will need structure, organization, testing, and code deduplication. Taking the following Dos and Don’ts into account will help your IaC be as consistent and reliable as possible. 



1.Use Composable Infrastructure 

Compostable Infrastructure is a pre-cloud concept that can be moved to the cloud. With this strategy, you can combine IaC modules (i.e., Terraform modules) instead of connecting boxes. Each module will manage each one of the components of your infrastructure, including network, databases, clusters, etc. 

2.Use CI/CD 

Infrastructure as code must be managed similarly to application code. You will also need CI/CD pipelines with automated tests and deployments. Apply your code from CI/CD. While you must use CI/CD to test your code, ideally, your environments must be updated from your pipelines.

3.Version Locking 

All your infrastructure and its modules must be versioned. The versions you are applying in different places must be tracked in Git to maintain the reliability of the process.


Documenting is key. But do not over-document. Each module can be understood by reading the code: document what your modules do, the inputs, and outputs. However, you don’t need to document how it works.



5.Do Not Update from Infrastructure Developer Desktops

Avoid applying updates from the Infrastructure Developer desktops. Instead, apply them from a controllable and traceable place.

6.Do Not Hardcode Values 

No hardcoding! Use variables for all the parameters required for your automation. Combined with composable infrastructure, this strategy provides reusability of your code, allowing you to apply it to multiple environments and configurations.

7.Do Not Store Secrets in Your IaC

Information your organization must keep secure should not be stored in your IaC. Use secret management tooling to securely encrypt, share, and manage keys, passwords, and any other confidential information.

If moving your infrastructure to the cloud is the first step to address the many challenges your organization faces, IaC is the second step. It allows your organization to use the cloud to its full potential. It will free your IT team from performing manual tasks and allow them to focus on more meaningful projects. By keeping IaC best practices in mind, you will lower costs and improve efficiency across your organization.


Written by: Mariano Rodriguez Diaz
General corrections and edition: Diego Woitasen