ishenwei/nexus

Files

weishen de096f2f88 Auto-sync: 2026-04-22 04:02

2026-04-22 04:03:04 +08:00

2.1 KiB

Raw Blame History

Infrastructure as Code (IaC)

Definition

Infrastructure as Code is the practice of managing and provisioning infrastructure through machine-readable configuration files rather than manual processes.

Key Principles

Version Control: All infrastructure configurations are stored in version control
Idempotency: Running the same configuration produces the same result
Automation: Infrastructure provisioning is automated and repeatable
Documentation: Code serves as documentation

Tools

Terraform: Multi-cloud IaC tool using HCL
Ansible: Configuration management and orchestration
CloudFormation: AWS-native infrastructure provisioning
CloudFormation StackSets: AWS-native cross-account/cross-region deployment extension for CloudFormation
Pulumi: IaC using general-purpose programming languages
Terragrunt: Wrapper for Terraform providing organization

Best Practices

Use modules for reusable components
Separate state management (remote state with locking)
Implement proper access controls
Use workspaces for environment separation
Enable drift detection
Implement automated testing for IaC

IaC Across DevOps Maturity Levels

Maturity	IaC Maturity
Phase 1	Manual infrastructure management, servers managed individually, error-prone and slow
Phase 2	Version control used for environments and configurations, but provisioning still manual
Phase 3	Most infrastructure automated, provisioning repeatable and reliable
Phase 4	Immutable infrastructure — old servers replaced rather than updated, managed through CI/CD pipelines
Phase 5	Full automation, zero human intervention, infrastructure changes flow through automated pipelines

Sources

Ingested

Date: 2026-04-21
Date: 2026-04-24 (updated with maturity level progression)