2nd Edition

Tracking the trends and news for IT and IT Security

Paul

Infrastructure-as-Code Concepts

AWS_Amazon_Detective_blog.jpgInfrastructure-as-Code Concepts>
Checkpoint Blog – Yaffa Finkelstein
So what is Infrastructure-as-Code (IaC) anyway. IaC is a process that automates the provisioning and management of cloud resources. IaC software takes some input scripts describing a desired state and then communicates with the cloud vendor(s), typically through APIs, to make the reality match that desired state.

This article will cover the important aspects of IaC, starting with how it came to life (i.e., which problems it solved), followed by its benefits, and finally how to integrate IaC into your organization.

The IaC scripts can be saved in a git repository, giving you a history of your infrastructure. As an added bonus, since the scripts are just text, it is possible to compare versions to see what has been added, changed, or removed.

Another benefit is that IaC allows a junior sysadmin or non-technical person to create an entire workload without technical knowledge. Besides exact repeatability, one of the best advantages of IaC over manual operations is that it is scalable. Typically, you would want to automate some operations you are currently performing manually. So the first step is for you to document the manual steps required to build the infrastructure needed for your workload. These are the steps you will automate through IaC.

You then need to choose an IaC software. This should not be a difficult choice, as there are only a few, and all three major cloud providers have their own: Amazon Web Services offers CloudFormation, Microsoft Azure offers Azure Resource Manager, and Google Cloud Platform offers Google Cloud Deployment Manager. The most well-known option that is vendorindependent is Terraform, which not only supports the three cloud vendors mentioned above but many more.

In addition, the topic of Shift Left continues to trend. This essentially means you start testing as early as possible and focusing on preventing problems (as opposed to detecting and solving them after they occur). The idea is that overall quality and security will improve as a result.

Ideally, this Shift Left should leverage automation as much as possible. In order to properly use IaC, the person writing the IaC scripts must have a deep knowledge of the cloud platform being used. Therefore, it is advisable to ensure that the most critical parts of your IaC work are done by senior DevOps engineers.

If tight security is important and it most likely is this team can be responsible for vetting publicly available modules and software as well. Additionally, it would be a good idea for your SecOps team to work alongside your DevOps team.
Link: https://blog.checkpoint.com/2021/01/21/infrastructure-as-code-concepts/

Categories:

Tags: