Today's Queue
Pod
📖 Business
Infrastructure as Code
Infrastructure as Code (IaC) is the practice of treating infrastructure — servers, networks, firewalls, load balancers, databases, and environment configurations — with the same rigor as application code: version-controlled, tested, reviewed, and automated. Every server setup, network config, and firewall rule should be reproducible from scripts in a repository. No SSH-and-fix. No snowflake servers. No undocumented manual changes. If you cannot rebuild your production environment from version control in under an hour, your IaC is not done yet. Humble and Farley position this as the natural extension of configuration management into the infrastructure layer.
2
Minutes
2
Concepts
+45
XP
1
How It Works

Core principles:

  1. Declarative over imperative — describe the desired end state, let the tool figure out how to get there. "There should be 3 web servers behind a load balancer" not "SSH into server, install nginx, edit config..."
  2. Idempotent — running the same script twice produces the same result. No side effects from re-runs.
  3. Version-controlled — infrastructure changes go through the same PR, review, and merge process as application code.
  4. Tested — validate infrastructure code before applying. Linting, dry runs, plan outputs, integration tests.
  5. Immutable where possible — instead of updating servers in place, build new ones from scratch and swap traffic. Eliminates configuration drift.

The tool landscape:

  • Provisioning: Terraform, Pulumi, CloudFormation, CDK
  • Configuration management: Ansible, Chef, Puppet, SaltStack
  • Containers: Docker, Podman (encapsulate environment as code)
  • Orchestration: Kubernetes, Docker Compose, Nomad

Benefits:

  • Consistency — "works on my machine" disappears when every environment is built from the same scripts
  • Fast recovery — rebuild from scratch instead of debugging a corrupted server
  • Auditability — git log shows who changed what infrastructure, when, and why
  • Scalability — adding capacity is changing a number in a config file, not a week of manual setup
  • Knowledge sharing — infrastructure knowledge lives in code, not in one person's head
Go Deeper
🗂
Module — Continuous Delivery and DevOps
12 chapters