Declarative vs Programmatic Infrastructure as Code

SLOVAKIA March 26, 2025 

Declarative vs Programmatic  Infrastructure as Code Jakub Gaj Senior Cloud
Architect

Prototyping new cloud solutions Interactive demos for non-developers My name
is Jakub and I 🧡 ClickOps 😎 Jakub Gaj AWS Community Builder AWS New Voices Speaker Experimenting with cloud services Hot fixes in pre-production accounts

“Infrastructure as Code is the practice of provisioning and managing
infrastructure using code, as opposed to doing it interactively   or with non-code automation tools.” Kief Morris Infrastructure as Code, 2nd Edition  (O’Reilly Media) ‣ Fundamental differences ‣ Optimal use cases ‣ Framework considerations ‣ Best practices Declarative & programmatic approach:

Evolution of IT infrastructure Iron Age Virtual Age Bare Metal
in Data Centers Virtualization of Compute, Storage, Networking Cloud Providers / Services AI Services Cloud Era AI Era

Milestones of Everything as Code ‣ Bash Shell (BSH) ‣
Korn Shell (KSH) ‣ Distributed Shell (DSH) ‣ Batch ‣ PowerShell ‣ Perl ‣ Python Shell Scripting ‣ CFEngine ‣ Puppet ‣ Chef ‣ Ansible ‣ Salt (SaltStack)    Configuration as Code ‣ AWS CloudFormation ‣ HashiCorp Terraform ‣ Microsoft Azure  Resource Manager ‣ Microsoft Bicep ‣ Google Cloud  Deployment Manager  Infrastructure as Code

Milestones of Everything as Code ‣ Docker ‣ Kubernetes ‣
AWS Serverless  Application Model ‣ Serverless Framework      Containers & FaaS ‣ AWS CDK ‣ CDK for Terraform ‣ Pulumi Engine ‣ SST Framework      Cloud Development Kits ‣ AWS CodeWhisperer ‣ AWS Q Developer ‣ Pulumi Copilot ‣ GitHub Copilot ‣ Anthropic Claude Code ‣ Cursor    AI-Assisted Development

Core aspects of declarative IaC Domain-specific languages  (CF, HCL, Bicep)
Limited built-in  logic capabilities Code readability  (WYSIWYG) Can become lengthy for complex infra Focus on infra layer   (shared platforms) Better suited for low-level resources definition

Popular declarative frameworks AWS  CloudFormation AWS Serverless Application Model Serverless
Framework HashiCorp Terraform CE Linux Foundation OpenTofu Microsoft   Bicep (ARM) Google Cloud Deployment Manager AWS Amplify

Core aspects of programmatic IaC Standard programming languages  (Python, TypeScript)
Advanced logic:  conditional statements, loops, etc Custom abstractions:  patterns, constructs, packages Integrations with existing development workflows Focus on app layer (business logic) Better suited for high-level app-centric deployments

Popular programmatic frameworks Pulumi Engine SST Framework CDK for Terraform
AWS Cloud Development Kit

State management: backend & locking AWS CloudFormation Pulumi Engine Google
DM Microsoft ARM Terraform Terraform  Cloud / HCP Terraform  Enterprise Pulumi Cloud Spacelift Remote Storage Cloud Service Enterprise IaC Platforms

Demo time! SST Framework AWS Cloud Development Kit AWS Cloud
Development Kit Power of  Constructs Deploy Astro site with SST Migrate your  CF stacks AWS Cloud Development Kit Conditional  resources

Some best practices Infrastructure, Configuration, Security Policies, Documentation, Diagrams Test
Driven Development, Unit / Integration Tests (Automated Test Suites) Group components into deployable stacks, separate stateful / stateless resources Define everything as code (apply SDLC processes) Continuously test and deliver all work in progress Build small pieces that can be changed independently

Key takeaways Define lifecycle policies to protect resources from being
accidentally deleted Resource Protection Use IaC linters & security scanners to enforce best practices Static Code Analysis Use CDK Constructs, Terraform Modules, Pulumi Packages, etc Reusable Patterns Use CI/CD pipelines to deliver any changes to infrastructure Continuous Deployments Implement regular drift detection checks and remediation actions Drift Detection Implement automated rollback mechanisms for failed deployments Automated Rollbacks

🇬🇧 Thank you! 🇵🇱 Dziękuję! 🇸🇰 Ďakujem! 🇨🇿 Děkuju! Let’s
connect! Social Profiles Tech Blogs GitHub Repos Resources / Slides Jakub Gaj

Declarative vs Programmatic Infrastructure as Code

Declarative vs Programmatic Infrastructure as Code

Jakub Gaj

Other Decks in Technology

Featured

Transcript

SLOVAKIA March 26, 2025

Declarative vs Programmatic  Infrastructure as Code Jakub Gaj Senior Cloud

Prototyping new cloud solutions Interactive demos for non-developers My name

“Infrastructure as Code is the practice of provisioning and managing

Evolution of IT infrastructure Iron Age Virtual Age Bare Metal

Milestones of Everything as Code ‣ Bash Shell (BSH) ‣

Milestones of Everything as Code ‣ Docker ‣ Kubernetes ‣

Core aspects of declarative IaC Domain-specific languages  (CF, HCL, Bicep)

Popular declarative frameworks AWS  CloudFormation AWS Serverless Application Model Serverless

Core aspects of programmatic IaC Standard programming languages  (Python, TypeScript)

Popular programmatic frameworks Pulumi Engine SST Framework CDK for Terraform

State management: backend & locking AWS CloudFormation Pulumi Engine Google

Demo time! SST Framework AWS Cloud Development Kit AWS Cloud

Some best practices Infrastructure, Configuration, Security Policies, Documentation, Diagrams Test

Key takeaways Define lifecycle policies to protect resources from being

🇬🇧 Thank you! 🇵🇱 Dziękuję! 🇸🇰 Ďakujem! 🇨🇿 Děkuju! Let’s