Infrastructure as Code (IaC) #
IaC replaces manual infrastructure changes with version-controlled, repeatable definitions.
Why IaC matters #
- reproducibility across environments
- safer reviews and change tracking
- faster provisioning and recovery
- reduced configuration drift
Tooling landscape #
- Terraform/OpenTofu: multi-cloud declarative provisioning
- CloudFormation/Bicep: cloud-native IaC options
- Pulumi: general-purpose language approach
IaC design practices #
- structure reusable modules by domain (network, compute, data)
- keep environment-specific values in separate overlays
- use remote state with locking and encryption
- include automated
planchecks in pull requests
Governance and security #
- policy-as-code to enforce tags, encryption, and network guardrails
- static checks for misconfiguration and secrets exposure
- least-privilege credentials for automation runners