Sync: update nexus knowledgebase content

wiki/concepts/Infrastructure-as-Code.md

@@ -1,51 +1,37 @@
-# Infrastructure as Code (IaC)
+---
+title: "Infrastructure as Code"
+type: concept
+tags: [DevOps, 自动化, 配置管理]
+sources: [ctp-topic-70-eks-deployment-using-iac, learning-sessions-ecs-deployment-using-iac-20230808-183322-meeting-recording, ctp-topic-16-cross-account-terraform-modules, ctp-topic-12-using-ses-smtp-service-terraform-module, learning-sessions-cloud-transformation-programme-deploying-rds-via-terraform]
+last_updated: 2026-04-24
+---
 
-## Definition
-Infrastructure as Code is the practice of managing and provisioning infrastructure through machine-readable configuration files rather than manual processes.
+# Infrastructure as Code
 
-## Key Principles
-- **Version Control**: All infrastructure configurations are stored in version control
-- **Idempotency**: Running the same configuration produces the same result
-- **Automation**: Infrastructure provisioning is automated and repeatable
-- **Documentation**: Code serves as documentation
+## Overview
+Infrastructure as Code (IaC) 是一种通过代码定义和管理基础设施的方法，实现基础设施的标准化、可审计和可重复部署。
 
-## Tools
-- **Terraform**: Multi-cloud IaC tool using HCL
-- **Ansible**: Configuration management and orchestration
-- **CloudFormation**: AWS-native infrastructure provisioning
-- **CloudFormation StackSets**: AWS-native cross-account/cross-region deployment extension for CloudFormation
-- **Pulumi**: IaC using general-purpose programming languages
-- **Terragrunt**: Wrapper for Terraform providing organization
+## Core Principles
+- **声明式配置**：定义期望的状态，而非执行的具体步骤
+- **版本控制**：所有基础设施配置纳入 Git 版本控制
+- **自动化部署**：通过 CI/CD 流水线自动化执行部署
+- **幂等性**：重复执行相同配置不产生副作用
 
-## Best Practices
-1. Use modules for reusable components
-2. Separate state management (remote state with locking)
-3. Implement proper access controls
-4. Use workspaces for environment separation
-5. Enable drift detection
-6. Implement automated testing for IaC
+## Key Tools
+- **Terraform**：HashiCorp 的基础设施编排工具，支持多云
+- **AWS CloudFormation**：AWS 原生的 IaC 服务
+- **AWS Service Catalog**：AWS 的服务目录，封装标准化产品组合
+- **Pulumi**：使用编程语言（Python, TypeScript 等）定义基础设施
 
-## IaC Across DevOps Maturity Levels
-
-| Maturity | IaC Maturity |
-|----------|-------------|
-| Phase 1 | Manual infrastructure management, servers managed individually, error-prone and slow |
-| Phase 2 | Version control used for environments and configurations, but provisioning still manual |
-| Phase 3 | Most infrastructure automated, provisioning repeatable and reliable |
-| Phase 4 | Immutable infrastructure — old servers replaced rather than updated, managed through CI/CD pipelines |
-| Phase 5 | Full automation, zero human intervention, infrastructure changes flow through automated pipelines |
-
-## Sources
-- [[sources/cloud-devop-maturity-guideline.md]]
-- [[sources/devops-maturity-model-from-traditional-it-to-advanced-devops.md]]
+## Key Concepts
+- **HCL (HashiCorp Configuration Language)**：Terraform 的配置语言
+- **State Management**：Terraform 使用 state 文件追踪资源
+- **Modules**：可重用的基础设施组件
+- **Remote State**：远程状态存储，支持团队协作
 
 ## Related Concepts
-- [[concepts/DevOps-Maturity]]
-- [[concepts/CI-CD-Pipeline]]
-- [[concepts/GitOps]]
-- [[concepts/Scalability]]
-- [[concepts/Cloud-Native]]
-
-## Ingested
-- Date: 2026-04-21
-- Date: 2026-04-24 (updated with maturity level progression)
+- [[Terraform]]：最流行的 IaC 工具之一
+- [[AWS Service Catalog]]：AWS IaC 产品目录
+- [[GitOps]]：基于 Git 的运维方法论
+- [[CI/CD Pipeline]]：自动化部署流水线
+- [[DevOps Culture]]：IaC 是 DevOps 实践的核心组成