Slide 1

Slide 1 text

Switzerland May 22, 2025


Slide 2

Slide 2 text

Declarative vs Programmatic
 Infrastructure as Code Jakub Gaj Cloud Solution Architect @ Danske Bank
 Copenhagen, Denmark Switzerland Jakub Gaj AWS Community Builder AWS New Voices Speaker

Slide 3

Slide 3 text

Rapid prototyping of cloud solutions Interactive demos for less technical audiences I absolutely 🧡 ClickOps 😎 Experimenting with new AWS services & integrations Hot fixes in pre-production accounts Switzerland

Slide 4

Slide 4 text

“Infrastructure as Code is the practice of provisioning and managing infrastructure using code, as opposed to doing it interactively 
 or with non-code automation tools.” Kief Morris Infrastructure as Code, 2nd Edition
 (O’Reilly Media) ‣ Fundamental differences ‣ Optimal use cases ‣ Framework considerations ‣ Best practices Declarative & programmatic approach:

Slide 5

Slide 5 text

Evolution of IT infrastructure Iron Age Virtual Age Bare Metal in Data Centers Virtualization of Compute, Storage, Networking Cloud Providers (Cloud Services) AI Services Cloud Era AI Era

Slide 6

Slide 6 text

Milestones of Everything as Code ‣ Bash Shell (BSH) ‣ Korn Shell (KSH) ‣ Distributed Shell (DSH) ‣ Batch ‣ PowerShell ‣ Perl ‣ Python Shell Scripting ‣ CFEngine ‣ Puppet ‣ Chef ‣ Ansible ‣ Salt (SaltStack)
 
 Configuration as Code ‣ AWS CloudFormation ‣ HashiCorp Terraform ‣ Microsoft Azure
 Resource Manager ‣ Microsoft Bicep ‣ Google Cloud
 Deployment Manager
 Infrastructure as Code

Slide 7

Slide 7 text

Milestones of Everything as Code ‣ Docker Compose ‣ Kubernetes Templating ‣ AWS Serverless
 Application Model ‣ Serverless Framework
 
 
 Containers & FaaS ‣ AWS CDK ‣ AWS PDK ‣ CDK for Terraform ‣ Pulumi IaC Engine ‣ SST Framework
 
 Cloud Development Kits ‣ AWS CodeWhisperer ‣ AWS Q Developer ‣ Pulumi AI & Copilot ‣ GitHub Copilot ‣ Anthropic Claude Code ‣ OpenAI Codex ‣ Cursor AI
 AI-Assisted Development

Slide 8

Slide 8 text

Core aspects of declarative IaC Domain-specific languages
 (CF, HCL, Bicep) Limited built-in
 logic capabilities Code readability
 (WYSIWYG) Can become lengthy for complex infra Focus on infra layer 
 (shared platforms) Better suited for low-level resources definition

Slide 9

Slide 9 text

Popular declarative frameworks AWS
 CloudFormation AWS Serverless Application Model Serverless Framework HashiCorp Terraform CE Linux Foundation OpenTofu Microsoft 
 Bicep (ARM) Google Cloud Deployment Manager AWS Amplify

Slide 10

Slide 10 text

Core aspects of programmatic IaC Standard programming languages
 (Python, TypeScript) Advanced logic:
 conditional statements, loops, etc Custom abstractions:
 patterns, constructs, packages Integrations with existing development workflows Focus on app layer (business logic) Better suited for high-level app-centric deployments

Slide 11

Slide 11 text

Popular programmatic frameworks Pulumi Engine SST Framework CDK for Terraform AWS Cloud Development Kit AWS Project Development Kit

Slide 12

Slide 12 text

State management: backend & locking AWS CloudFormation Pulumi Engine Google DM Microsoft ARM Terraform Terraform
 Cloud / HCP Terraform
 Enterprise Pulumi Cloud Spacelift Remote Storage Cloud Service Enterprise IaC Platforms

Slide 13

Slide 13 text

Demo time! AWS Cloud Development Kit AWS Cloud Development Kit CDK Constructs, 
 Patterns, Solutions CloudFormation
 IaC Generator Compliance scans
 with NagPacks AWS
 CloudFormation

Slide 14

Slide 14 text

Some best practices Infrastructure, Configuration, Security Policies, Documentation, Diagrams Test Driven Development, Unit / Integration Tests (Automated Test Suites) Group components into deployable stacks, separate stateful / stateless resources Define everything as code (apply SDLC processes) Continuously test and deliver all work in progress Build small pieces that can be changed independently

Slide 15

Slide 15 text

Key takeaways Define lifecycle policies to protect resources from being accidentally deleted Resource Protection Use linters & scanners
 to enforce best practices
 (Snyk, Chekov, cdk-nag) Static Code Analysis Use CDK Constructs, Terraform Modules, Pulumi Packages, etc Reusable Patterns Use CI/CD pipelines to deliver any changes to infrastructure Continuous Deployments Implement regular drift detection checks & remediation actions Drift Detection Implement automated rollback mechanisms for failed deployments Automated Rollbacks

Slide 16

Slide 16 text

🇬🇧 Thank you! 🇵🇱 Dziękuję! 🇨🇭 Vilen Dank! Let’s connect! Social Profiles Tech Blogs GitHub Repos Resources / Slides Jakub Gaj