Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

What Is Infrastructure as Code?

Infrastructure as code (IaC) is the method of defining and provisioning infrastructure using definition files containing code.

IaC enables IT and development teams to automate and scale the provisioning and management of IT resources aligned with application source-code releases in a descriptive manner.

What business challenges drive IaC adoption?

Key drivers of IaC adoption include the following:

  • Modern applications need to be updated often, requiring infrastructure to repeatedly be reconfigured. This can become hard to maintain over time, ultimately slowing down innovation and increasing the risk due to manual, error-prone processes. 
  • Expansion of application landscape. As many enterprises embark on digital transformation, they realize that applications need to reside in multiple locations, within and beyond the company firewall. Without a platform-agnostic approach to infrastructure management, the complexity is beyond human scale.

How can IaC meet these challenges?

IaC offers a way to unify previously separate processes and automate infrastructure provisioning. This makes the process simpler, faster, and more reliable when aligning infrastructure requirements and application deployment.

With IaC, IT resources across data centers, edge locations, and public clouds are configured through a simple file that contains code, instructing software to carry out the tasks necessary to provision infrastructure on any location. 

The configuration file can be shared across multiple teams—such as infrastructure and development teams—to collaborate and help to unify previously disparate processes. The result is that both infrastructure and applications are deployed together.

In addition, IaC configuration tools act as a single source of truth throughout the application development process. This allows straightforward version control and eliminates the need for unnecessary documentation. 

Sandbox environments can be easily set up by developers, and all teams can perform tests using exact replicas of the production environment with a few clicks.

How does IaC work?

IaC configuration files are read by software that uses the file's instructions to define and configure infrastructure. 

IaC has popularized the concept of immutable infrastructure. In other words, rather than continuously updating and modifying existing infrastructure, the infrastructure is not reconfigured or updated every time there is a change in the application. Instead, it is replaced with a new one, built from a common image with the necessary changes in place.

IaC configuration files are usually written in repeatable code configuration and compiled and stored in central repositories. The files can be stored either locally or in public platforms such as GitHub, where members of IT operations and application development teams can access them.

This repeatable framework also opens up the possibility for further process automation, which can allow enterprises to see significant improvements in speed, efficiency, and cost savings.

Benefits of IaC

Faster development time

Since repeatable, reusable code enables advanced automation, engineering teams can set up infrastructure simply by running a script. This can be done at all stages of the application development process—including design, testing, and production—resulting in more efficiency and better alignment between application and infrastructure. Ultimately, this results in faster development timelines.


Reliability and consistency

Immutable infrastructure gives application development teams more confidence to test and run their applications, since the new versions of the infrastructure are always deployed as brand-new, purposely built deployments.

In addition, reusable code can help reduce human error. Since all team members are working with the same file, which provides a single source of truth, versioning errors and configuration drift are all but eliminated.

Finally, this practice also eliminates another source of errors: the inconsistencies in documentation that typically accompany deployments. With IaC, the configuration file serves as its own documentation, eliminating the need for an external version.


Churn protection

With IaC, the infrastructure provisioning expertise resides in code that everyone can share, as opposed to silos of knowledge across IT and operations teams.


Cost savings

IaC reduces the expertise, time, and staff required for infrastructure deployments, freeing up budget for higher-value tasks. IaC can also allow enterprises to benefit from the cloud's flexibility and use-based cost structure, as it is a platform-agnostic approach.

Choosing an IaC tool

Numerous IaC tools are available, with some overlap and differences among them. Understanding the choices available can help DevOps and IT teams assess and select the best IaC tool for the organization.

Tools by type

Configuration management tools are used to install and manage deployments on existing server instances. These tools assign roles to instances without the user needing to specify exact instructions manually.

Orchestration tools allow IT teams to provision server instances and leave configuration to other tools. Orchestration tools are better suited to complex deployments across multiple environments and clusters.


Tools by programming logic type 

IaC tools use one of two programming logic types: declarative or imperative.

With the declarative approach, the end state of the infrastructure is specified, and the tool assembles it automatically, aiming to always maintain the desired state. This is the most common method used by enterprises.

With the imperative approach, the tool helps prepare automation scripts that are then used to assemble infrastructure one step at a time. While this approach requires more work, it has the advantage of requiring less expertise, and can reuse existing automation scripts from previous deployments.


Infrastructure type

Using IaC, IT teams can establish provision either mutable or immutable infrastructure.

Mutable infrastructure can be modified or updated after deployment. While this approach allows for flexibility, it also undermines the main benefit of IaC, specifically, the consistency its versioning protections provide, ensuring the application will always run as designed.

Immutable infrastructure is replaced in full when changes are needed, ensuring that a consistent process is used for every deployment. With the flexibility and quick availability of cloud infrastructure, and the speed and reliability of IaC development, repeatedly replacing immutable infrastructure is no longer impractical.

Steps in the IaC journey

Below are some initial steps to take when beginning the IaC adoption process.

Step 1: Version control

Most configuration processes are documented somewhere within an organization. Gather these instructions and place them in version or source control systems where code can be managed and tracked. This way, whenever team members change code, the changes are documented and in one place.


Step 2: Pick a task to automate

Look for simple, well-defined tasks that can be automated using basic steps, such as server policies and profiles, or Kubernetes cluster deployments.


Step 3: Standardize on language and tools

There are many IaC tools available, but the IT industry has converged around top tool vendors such as HashiCorp with Terraform and Red Hat with Ansible.


Step 4: Change to CI/CD pipelines

Continuous integration/continuous delivery (CI/CD) is a set of processes that help software development teams deliver code changes more frequently and reliably. CI/CD can help shorten software development times, adding agility to the IaC process.


Step 5: Adopt GitOps

GitOps is an extension of DevOps, and uses the Git version control system as the source of truth for infrastructure. The value of using GitOps is that with this single source of truth, development teams can help ensure that infrastructure is always in sync with the code itself.