Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Declarative vs Programmatic Infrastructure as Code

Declarative vs Programmatic Infrastructure as Code

What is the difference between declarative and programmatic approach for developing your Infrastructure as Code? Why it matters and when you should use each?

Best practices for writing good Infrastructure as Code when using AWS CloudFormation, AWS SAM, AWS CDK, Pulumi, Terraform, SST, Serverless Framework, etc.

Demos: https://github.com/ServerlessNinja/aws-programmatic-iac-demos
LinkedIn: https://www.linkedin.com/in/jakubgaj/
LinkTree: https://linktr.ee/jakubgaj
Blog: https://serverless.ninja

Avatar for Jakub Gaj

Jakub Gaj

May 22, 2025
Tweet

Other Decks in Technology

Transcript

  1. Declarative vs Programmatic
 Infrastructure as Code Jakub Gaj Cloud Solution

    Architect @ Danske Bank
 Copenhagen, Denmark Switzerland Jakub Gaj AWS Community Builder AWS New Voices Speaker
  2. Rapid prototyping of cloud solutions Interactive demos for less technical

    audiences I absolutely 🧡 ClickOps 😎 Experimenting with new AWS services & integrations Hot fixes in pre-production accounts Switzerland
  3. “Infrastructure as Code is the practice of provisioning and managing

    infrastructure using code, as opposed to doing it interactively 
 or with non-code automation tools.” Kief Morris Infrastructure as Code, 2nd Edition
 (O’Reilly Media) ‣ Fundamental differences ‣ Optimal use cases ‣ Framework considerations ‣ Best practices Declarative & programmatic approach:
  4. Evolution of IT infrastructure Iron Age Virtual Age Bare Metal

    in Data Centers Virtualization of Compute, Storage, Networking Cloud Providers (Cloud Services) AI Services Cloud Era AI Era
  5. Milestones of Everything as Code ‣ Bash Shell (BSH) ‣

    Korn Shell (KSH) ‣ Distributed Shell (DSH) ‣ Batch ‣ PowerShell ‣ Perl ‣ Python Shell Scripting ‣ CFEngine ‣ Puppet ‣ Chef ‣ Ansible ‣ Salt (SaltStack)
 
 Configuration as Code ‣ AWS CloudFormation ‣ HashiCorp Terraform ‣ Microsoft Azure
 Resource Manager ‣ Microsoft Bicep ‣ Google Cloud
 Deployment Manager
 Infrastructure as Code
  6. Milestones of Everything as Code ‣ Docker Compose ‣ Kubernetes

    Templating ‣ AWS Serverless
 Application Model ‣ Serverless Framework
 
 
 Containers & FaaS ‣ AWS CDK ‣ AWS PDK ‣ CDK for Terraform ‣ Pulumi IaC Engine ‣ SST Framework
 
 Cloud Development Kits ‣ AWS CodeWhisperer ‣ AWS Q Developer ‣ Pulumi AI & Copilot ‣ GitHub Copilot ‣ Anthropic Claude Code ‣ OpenAI Codex ‣ Cursor AI
 AI-Assisted Development
  7. Core aspects of declarative IaC Domain-specific languages
 (CF, HCL, Bicep)

    Limited built-in
 logic capabilities Code readability
 (WYSIWYG) Can become lengthy for complex infra Focus on infra layer 
 (shared platforms) Better suited for low-level resources definition
  8. Popular declarative frameworks AWS
 CloudFormation AWS Serverless Application Model Serverless

    Framework HashiCorp Terraform CE Linux Foundation OpenTofu Microsoft 
 Bicep (ARM) Google Cloud Deployment Manager AWS Amplify
  9. Core aspects of programmatic IaC Standard programming languages
 (Python, TypeScript)

    Advanced logic:
 conditional statements, loops, etc Custom abstractions:
 patterns, constructs, packages Integrations with existing development workflows Focus on app layer (business logic) Better suited for high-level app-centric deployments
  10. Popular programmatic frameworks Pulumi Engine SST Framework CDK for Terraform

    AWS Cloud Development Kit AWS Project Development Kit
  11. State management: backend & locking AWS CloudFormation Pulumi Engine Google

    DM Microsoft ARM Terraform Terraform
 Cloud / HCP Terraform
 Enterprise Pulumi Cloud Spacelift Remote Storage Cloud Service Enterprise IaC Platforms
  12. Demo time! AWS Cloud Development Kit AWS Cloud Development Kit

    CDK Constructs, 
 Patterns, Solutions CloudFormation
 IaC Generator Compliance scans
 with NagPacks AWS
 CloudFormation
  13. Some best practices Infrastructure, Configuration, Security Policies, Documentation, Diagrams Test

    Driven Development, Unit / Integration Tests (Automated Test Suites) Group components into deployable stacks, separate stateful / stateless resources Define everything as code (apply SDLC processes) Continuously test and deliver all work in progress Build small pieces that can be changed independently
  14. Key takeaways Define lifecycle policies to protect resources from being

    accidentally deleted Resource Protection Use linters & scanners
 to enforce best practices
 (Snyk, Chekov, cdk-nag) Static Code Analysis Use CDK Constructs, Terraform Modules, Pulumi Packages, etc Reusable Patterns Use CI/CD pipelines to deliver any changes to infrastructure Continuous Deployments Implement regular drift detection checks & remediation actions Drift Detection Implement automated rollback mechanisms for failed deployments Automated Rollbacks
  15. 🇬🇧 Thank you! 🇵🇱 Dziękuję! 🇨🇭 Vilen Dank! Let’s connect!

    Social Profiles Tech Blogs GitHub Repos Resources / Slides Jakub Gaj