grafana

Infrastructure as Code (IaC) for DevOps Engineers and SREs:

Infrastructure as Code ( IaC ) has revolutionized how DevOps engineers and SREs provision, manage, and scale infrastructure. By treating infrastructure definitions as versioned, testable code, IaC enables automation, consistency, and rapid iteration—key requirements for modern operations teams.…

Opsgenie

3 min read
Infrastructure as Code (IaC) for DevOps Engineers and SREs:

Infrastructure as Code (IaC) for DevOps Engineers and SREs: Best Practices and Practical Examples

Infrastructure as Code (IaC) has revolutionized how DevOps engineers and SREs provision, manage, and scale infrastructure. By treating infrastructure definitions as versioned, testable code, IaC enables automation, consistency, and rapid iteration—key requirements for modern operations teams. In this post, we’ll explore the core principles of IaC, actionable best practices, and hands-on examples using Terraform and Ansible. Whether you’re just starting or looking to level up your automation, this guide provides practical insights and code snippets you can use right away.

Why Infrastructure as Code Matters for DevOps and SREs

Manual infrastructure management is error-prone and slow, especially in dynamic cloud environments. IaC allows you to:

  • Automate provisioning of cloud resources, reducing manual toil and accelerating deployments.
  • Version control infrastructure changes, enabling collaboration, reproducibility, and auditable change history.
  • Promote consistency across environments (dev, staging, production) and teams.
  • Enable testing and validation of infrastructure before deployment, reducing risks of outages.

Core Principles of Effective IaC

  • Declarative configuration: Define what you want (desired state), not how to achieve it.
  • Idempotency: Running the same code multiple times produces the same result, ensuring safe re-application.
  • Modularity: Break infrastructure into reusable components for scalability and maintainability.
  • Versioning: Store infrastructure code in Git or similar systems for history, rollback, and collaboration.
  • Validation: Use automated checks, linting, and tests to catch errors early.

Getting Started: A Terraform Example for Cloud Infrastructure

Let’s walk through a concrete example: provisioning an AWS EC2 instance using Terraform. Terraform is a popular open-source IaC tool that enables declarative resource management across cloud providers.

1. Define Your Infrastructure in Code


provider "aws" {
  region = "us-east-1"
}

resource "aws_instance" "example" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"

  tags = {
    Name = "example-instance"
  }
}

This configuration declares an EC2 instance with a specific AMI and instance type. It is declarative: you describe the desired state, and Terraform figures out how to achieve it.

2. Version Control Your Terraform Files

Store all .tf files in a Git repository. Commit changes regularly:


git init
git add main.tf
git commit -m "Initial commit: AWS EC2 instance"

Version control lets your team collaborate, track changes, and roll back if needed.

3. Validate, Plan, and Apply

Apply: Deploy infrastructure changes.

terraform apply

Plan: Preview actions Terraform will take.

terraform plan

Validate: Check for syntax or logical errors.

terraform validate

4. Modularize for Scalability

For larger infrastructures, split your code into modules for reuse. Example: move your EC2 logic to modules/ec2-instance/main.tf and call it from your root configuration:


module "web_server" {
  source = "./modules/ec2-instance"
  ami    = "ami-0c55b159cbfafe1f0"
  instance_type = "t3.medium"
}

Configuration Management with Ansible: Practical Example

While Terraform is ideal for provisioning infrastructure, configuration management tools like Ansible excel at managing server state and application deployment.

1. Ansible Playbook to Install NGINX


---
- name: Install and start NGINX on Ubuntu
  hosts: webservers
  become: yes
  tasks:
    - name: Ensure NGINX is installed
      apt:
        name: nginx
        state: present

    - name: Ensure NGINX is running
      service:
        name: nginx
        state: started
        enabled: yes

Run the playbook:


ansible-playbook -i inventory.ini nginx.yml

2. Inventory Example


[webservers]
192.168.100.10
192.168.100.11

This ensures every server in [webservers] has NGINX installed and running—repeatable and consistent across environments.

Best Practices for IaC in Production

  • Separate environments: Use workspaces or branch-based workflows to isolate dev, staging, and prod.
  • Automate with CI/CD: Integrate Terraform or Ansible runs into your CI/CD pipeline for automated testing and deployment.
  • Use state management: For Terraform, use remote state backends (S3, GCS) with locking (DynamoDB, etcd) to avoid conflicts.
  • Implement policy as code: Tools like Open Policy Agent (OPA) and Sentinel can enforce compliance and security standards.
  • Monitor drift: Regularly check for configuration drift between code and deployed resources using tools like Terraform’s terraform plan or drift detection plugins.

Common IaC Anti-Patterns to Avoid

  • Mixing infrastructure code with application code in the same repo (unless tightly coupled).
  • Hardcoding secrets or sensitive values—always use secret managers or environment variables.
  • Manual changes to cloud resources outside of IaC tools (leads to drift and surprises).
  • Ignoring code reviews for IaC—treat infra code as production code.

Real-World Workflow: IaC in a DevOps CI/CD Pipeline

Here’s a typical workflow for IaC adoption in modern teams:

  1. Engineer proposes changes via Git pull request (e.g., add a new subnet or VM).
  2. Automated CI runs terraform validate and terraform plan, posting results for review.
  3. Peer review ensures changes align with standards and security policies.
  4. Once approved, pipeline runs terraform apply to deploy changes automatically to the target environment.
  5. Monitoring tools (e.g., Prometheus, Datadog, Grafana) alert on infrastructure state and performance.

Conclusion: Start Small, Iterate, and Automate

Infrastructure as Code is fundamental for any team practicing DevOps or SRE. By embracing IaC, you reduce risk, accelerate delivery, and create resilient systems. Start with small, well-defined resources, use version control, and build out modular, reusable components. Automate everything through your CI/CD pipeline and validate every change. With these practices, you’ll set the foundation for scalable, reliable infrastructure management.

Take action: Choose a small piece of your current infrastructure to codify today. Try out the Terraform and Ansible examples above, and integrate your process with version control and CI/CD. Your future self—and your uptime—will thank you.

Read more