Originally published on the appCD blog by Asif Awan
You’ve been working on a new application for your company. It is going to address business requirements needed to delight customers. But while you are ready to ship your code, you now need to set up your infrastructure. The good news is that Infrastructure as Code (IaC) exists and promises to make it easier for you to codify all the components needed for your application to run smoothly: the compute cluster, network setup, and platform resources such as databases and storage buckets required to name a few. The idea is the development team spends less time on infrastructure and more time actually building and shipping cool stuff that helps drive sales.
IaC promised to help all of us avoid mistakes through automation that can be easily tweaked and adjusted. The problem is that IaC is a huge list of all the parts of your infrastructure to be provisioned; you can’t technically see it so you have to keep all the separate components and how they relate to one another in your brain. Which means that you need to expand your expertise beyond development and into all facets of infrastructure so that you can code your infrastructure without making errors like over-permissioning or over-provisioning resources.
Infrastructure as Code Challenges
Infrastructure as Code does speed up deployment, it’s definitely faster than manual provisioning. Users can more easily get an application or feature shipped using IaC. But it isn’t perfect and can still be a slow process to truly get the cloud infrastructure needed.
Most developers I know turn to templates that the platform eng or DevOps teams provide. These “golden templates” are a point-in-time representation of how the infrastructure team wants infrastructure provisioned. But because we are all moving quickly, that template has been copied and pasted several times and modified by developers. It might be missing the latest update. It certainly doesn’t cover the new security requirements so the dev team is either:
- Pushing IaC that is insecure, over provisioned or non-compliant OR
- Asking the infra team to serve as a helpdesk so apps can be shipped.
Devs are hired for their expertise in development. And while many have experience in infrastructure or have had to work with it, we are asking devs to also be infrastructure, security and compliance experts when we ask them to write IaC. What happens is a lot of guesswork, internet research and copy-paste from other sources that wastes every person’s time.
This guesswork is because once again we can’t see or touch our cloud infrastructure. Instead we have to write IaC and test and test and test…
An Architecture Deployment Visualization Could Help
A visualization of your IaC could help, but why would you want to add another step to deploy your application? Now you have to draw a topology to show what infrastructure you are provisioning. Or you could use Infrastructure from Code.
Infrastructure from Code uses your application code as the source of truth for the infrastructure that your application requires and needs to be secure, reliable and efficient. With Infrastructure from Code, you can save many hours, days or even weeks to deploy your application.
With Infrastructure from Code you can actually view the IaC for your applications. Simply by connecting a repo, selecting your target compute service and policies (AWS well architected framework for example), you can create a visualization of your IaC.
From there, you can enhance it with a drag and drop interface and actually validate that it is going to work. Say, for example, you are attempting to connect a resource with excessive permissions or a database that isn’t allowed, you won’t be allowed to make that connection. Infrastructure from Code won’t allow any IaC export if there are any validation or verification errors.
But Why Do all That?
But why would you want to cheat yourself out of the delays in shipping your application? Why would you want to remove the guesswork from the infrastructure part of your job (that you dislike). A drag and drop interface might be robbing you of that tedious coding experience you really want.
Why would you want to avoid all that? Because if you can skip that pain and get the IaC generated from your application code, you can do the job you were hired to do. That means you are more valuable to your organization because you can draw a direct line between what you are coding to how your organization is servicing customers.
Plus, when you generate IaC that is correct, secure and compliant. You’ll look smart to those infrastructure peeps and that just feels good.
Try infrastructure from code. Connect a repo, get your deployment architecture for free. You can get IaC generated in minutes without using Reddit, Hacker News or Google to help!