What is Infrastructure as Code (IaC)?

Infrastructure as Code (IaC) is a process of managing and provisioning the complete IT infrastructure using high level definition files. It is a software engineering approach toward operations. It helps in automating the complete data center by using programming scripts.

The benefits of Infrastructure as Code

Faster and simple

Eliminate the manual process. Instead of waiting for the IT administrator to do the task manually, we can get more things done in less time with a code-based approach. You can quickly and easily deploy and configure infrastructure and network in any required cloud service.

Efficient

Infrastructure as Code increases the developer’s productivity, and the organization that adopts Infrastructure as Code can use continuous integration and continuous deployment techniques with minimized errors. You can include scripts that permit the shutdown or destroy of specific environments where are not in use.

Consistent

Infrastructure as Code minimizes the possibility of errors or deviations. It completely standardizes the setup of infrastructure, allowing your applications to run more smoothly.

Minimized risk

Infrastructure as Code automates the process and is a form of documentation of your infrastructure. Every change to your configuration can be easily tracked down.

Increased ROI

With Infrastructure as Code, your team can spend less time on manual activities and more time on performing higher-value tasks. The automation increases productivity and saves the company costs.

Secure

An Infrastructure as Code model removes the security risks of human error. Your code leads to a secure infrastructure, it can prevent runtime problems and configuration deviations. You can test your code in a test environment, and you can test the security assessment in the sandbox environment.

Terraform

Terraform is an open source Infrastructure as Code software tool that provides a consistent CLI workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files.

Why Terraform:

• Open source: Terraform is backened by large communities of contributors. It’s easy to find plugins, extensions, and support.
• Platform agnostic: you can use Terraform with any cloud service provider.
• Immutable infrastructure: Terraform provisions immutable infrastructure, and with each change to the environment the current configuration is replaced with a new one that accounts for the change, and the infrastructure is reprovisioned.
• Rollback: the previous configuration can be used to enable rollback if necessary.

Terraform workspace

When we create cloud resources using Terraform, the resources are created in the default workspace. The workspace is a way to manage multiple environments that can be created and destroyed on the go. The information about all resources managed by Terraform is stored in a state file. All changes to the Terraform configuration, whether plan or apply, are always validated with the state file which is updated on apply execution.

Workspace helps you to isolate different deployment of the same Terraform code using different terraform state.

A Terraform configuration is a complete document in the Terraform language that tells Terraform how to manage a given collection of resources. A configuration can consist of multiple files and directories.

With the following Terraform lookup we can select the locale value for the workspace that we are delivering:

Using variables.tf we can set up the various ENV configurations with a workspace dependency:

This example describes a simple network infrastructure for AWS. As the Terraform workspace example shows, we can easily manage multiple environments without conflicts between different versions of the same infrastructure.

Git Flow

Git Flow is an alternative Git branching model that involves the use of feature branches and multiple primary branches. It was first published and made popular by Vincent Driessen at nvie.

Compared to trunk-based development, Git Flow has numerous, longer-lived branches and larger commits. Under this model, developers create a feature branch and delay merging it to the main trunk branch until the feature is complete. These long-lived feature branches require more collaboration to merge and have a higher risk of deviating from the trunk branch. They can also introduce conflicting updates.

By using the Git Flow branching model, we can isolate different versions of the same Terraform code and make them available for deployment.

We can combine the Terraform workspace with Git Flow using Jenkins pipelines, we can design a highly automated and reliable deployment strategy to keep development, test, and production environments separate, and we can use pull requests to update the various target infrastructures with the latest changes.

Jenkins

As an extensible automation server, Jenkins can be used as a simple CI server or be transformed into the continuous delivery hub for any project. It is a continuous integration server, written in Java, for orchestrating a chain of actions to achieve the CI process in an automated fashion. Jenkins supports the complete development life cycle of the software from building and testing to documenting the software and deploying amongst other stages of the software development life cycle.

Jenkins Pipelines

With Jenkins Pipelines, you can track down bugs and errors in the development cycle and ensure that all code deployed to production meets the code standards you set for your app.

Here is an example of a Jenkins file:

The four stages of this pipeline permit:

• Setup environment variable on the build workspace
• Validate the Terraform code
• Create the Terrafom plan file
• Apply, after approval, the Terraform plan

All stages of this pipeline are applied to the selected Terraform workspace using the code baseline of the respective Git Flow branch.