Practice : Infrastructure as Code (IaC)

Purpose and Strategic Importance

Infrastructure as Code (IaC) is the practice of defining and managing infrastructure through version-controlled configuration files. It ensures consistency, repeatability, and traceability across environments while reducing the risks of manual changes and configuration drift.

IaC is foundational to platform engineering, secure-by-default infrastructure, and DevOps automation. It enables rapid provisioning, scalable operations, and peer-reviewed infrastructure changes - aligning infrastructure with the same engineering discipline as application code.

Description of the Practice

  • Infrastructure is declared using code (e.g. Terraform, Pulumi, Bicep, CloudFormation).
  • Changes to infrastructure are made through version-controlled files, not manual console actions.
  • Every change is peer reviewed, tested, and deployed via automated pipelines.
  • Environments are consistent, reproducible, and auditable across dev, test, and production.
  • Infrastructure logic is modularised, reusable, and compliant with organisational policies.

How to Practise It (Playbook)

1. Getting Started

  • Choose an IaC tool suited to your platform and team (e.g. Terraform, Pulumi, ARM/Bicep).
  • Create source-controlled repositories for environment-specific infrastructure.
  • Start by codifying a non-critical environment (e.g. dev or test).
  • Set up CI/CD pipelines to validate, plan, and apply infrastructure changes automatically.

2. Scaling and Maturing

  • Introduce modules and templates to encourage reuse and standardisation.
  • Apply policy as code (e.g. Open Policy Agent, Sentinel) to enforce guardrails.
  • Integrate security scanning and compliance checks into the deployment pipeline.
  • Maintain an audit trail by linking infrastructure changes to tickets or change requests.
  • Promote drift detection and reconciliation as part of your regular workflows.

3. Team Behaviours to Encourage

  • Treat infrastructure like application code - commit, review, and test it the same way.
  • Collaborate on modules and patterns via shared repos and community of practice.
  • Rotate ownership of infrastructure components to grow skills and reduce bottlenecks.
  • Include infrastructure practices in team retros and continuous improvement cycles.

4. Watch Out For…

  • Manual infrastructure changes that bypass IaC - they introduce risk and drift.
  • Untracked dependencies between infrastructure and applications.
  • Poorly documented modules that create confusion or technical debt.
  • Lack of testing or validation in the IaC pipeline, leading to failed or partial deployments.

5. Signals of Success

  • All environments can be provisioned automatically from source code.
  • Teams can confidently deploy and rollback infrastructure changes using pipelines.
  • Infrastructure updates are visible in pull requests and subject to peer review.
  • No unauthorised or undocumented changes occur in production.
  • Teams share and evolve standardised IaC patterns across the organisation.