Slide 1

Slide 1 text

Principles, Patterns, and Practices for Effective Infrastructure as Code Deliver Infrastructure and Software running on it Rapidly and Reliably at Scale Adarsh Sha h Engineering Leader, Coach, Hands-on Architec t Independent Consultan t @shahadarsh Deck:

Slide 2

Slide 2 text @shahadarsh Deck: Infrastructure as Code Infrastructure as Code (IaC) is an approach that takes proven coding techniques used by software systems and extends it to infrastructure. It is one of the key DevOps practices that enable teams to deliver infrastructure, and the software running on it, rapidly and reliably, at scale.

Slide 3

Slide 3 text @shahadarsh Deck: Key Principles

Slide 4

Slide 4 text @shahadarsh Deck: Idempotency Idempotency means no matter how many times you run your IaC and, what your starting state is, you will end up with the same end state. This simpli f i es the provisioning of Infrastructure and reduces the chances of inconsistent results.

Slide 5

Slide 5 text @shahadarsh Deck: Non-Idempotent Provision VM VM VM { } IaC 3 VMs End State
 Expected = 3 Actual = 6 Idempotent End State
 Expected = 3 Actual = 3 Reapply VM VM VM Provision VM VM VM Reapply No change { } IaC 3 VMs

Slide 6

Slide 6 text @shahadarsh Deck: Immutability Immutable infrastructure means instead of changing an existing infrastructure you replace it with new. By provisioning new infrastructure every time, you are making sure it is reproducible and doesn’t allow for con f i guration drift over time.

Slide 7

Slide 7 text @shahadarsh Deck: Provision v1 v1 v1 User Mutable Infrastructure { } IaC Apply changes v2 v2 v2 Change { } IaC v1 v1 v1 Provision User Provision v2 v2 v2 User Immutable Infrastructure { } IaC Change { } IaC Deploys v2 to same Infrastructure Provisions new Infrastructure with v2

Slide 8

Slide 8 text @shahadarsh Deck: Patterns and Practices

Slide 9

Slide 9 text @shahadarsh Deck: Source Control Everything in Source Control Accessible t o Everyone

Slide 10

Slide 10 text @shahadarsh Deck: Modularize and Version Maintenance Readability Ownership

Slide 11

Slide 11 text

Application Owner: 
 Application Team App Deploy Platform Owner: 
 Platform Engg. Team Network Owner: 
 Networking Team Account Owner: 
 Security/Platform Engg. Team Bootstrap Owner: 
 Platform Engg. Team Common Storage Account Settings VPC/ Subnet Common Network Database Cluster EKS App Database App Storage All Application Infrastructure gets provisioned along with Application Deployment in this Layer Application Platform Layer for provisioning anything needed to run applications on All Networking including connections to other networks gets provisioned in this Layer All AWS Account Level resources get provisioned in this Layer Any Bootstrapping needed for running above Layers like Service Account with permissions to run IaC & IaC State Bucket Infrastructure Layers Example State S3 Bucket Service Account

Slide 12

Slide 12 text @shahadarsh Deck: Documentation Easily available Closer to the code Keep it updated

Slide 13

Slide 13 text @shahadarsh Deck: Static Analysis terraform validate, TFLint, puppet parser validate Cost and Duration Unit Tests Bats, chefspec Integration Tests InSpec, goss Smoke Tests w/ dummy app Selenium, JMeter Brittleness and Maintenance IaC Testing

Slide 14

Slide 14 text @shahadarsh Deck: Security and Compliance Identity & Access Management Secrets Management Security Scanning Compliance

Slide 15

Slide 15 text @shahadarsh Deck: Automate Execution from a Shared Environment

Slide 16

Slide 16 text @shahadarsh Deck: VM VM VM Static Analysis Unit Tests Continuous Integration Compliance Integration Tests Security VM VM VM Testing & Validation Ephemeral Environment Provision Smoke Tests Smoke Tests Note: This example is for Platform Layer but similar pipeline should be added for other layers (account, network & application) IaC Pipeline

Slide 17

Slide 17 text @shahadarsh Deck: GitOps GitOps = IaC + (Work f l ow + Control Loop)

Slide 18

Slide 18 text @shahadarsh Deck: Create Pull Request , Plan & Tests Terraform Apply VM VM VM Terraform Plan & Tests Approve & 
 Merge PR Control Loop Verify Desired & Actual State Sync (if different) Provision GitOps

Slide 19

Slide 19 text @shahadarsh Deck: Talk based On Article on my website: Contributed to the new O’Reilly book

Slide 20

Slide 20 text @shahadarsh Deck: Adarsh Sha h Engineering Leader, Coach, Hands-on Architec t Independent Consultan t @shahadarsh