1 of 16

Infrastructure as Code in:��15 minutes

2 of 16

Agenda

Traditional infrastructure deployment
What is Infrastructure as Code (a.k.a IaC)
Benefits of IaC
Imperative vs Declarative
IaC with Terraform
IaC in DevOps Pipelines
Sample Setup
Q&A

3 of 16

Traditional infrastructure deployment

Graphical user interface
Scripts (platform specific)

Limitations

Manual and time-consuming process
Error-prone
Inconsistency
Configuration drift
Difficulty to keep multiple environments in lockstep
Scalability
Difficult to document

Traditional infrastructure deployment

The tools for infrastructure deployment has traditionally been through the use of a graphical user interface and scripts. As user friendly GUIs are, the obvious challenges is that it is very much a manual and time-consuming process and prone to the errors that the administrators performing the configuration can make. Attempting to maintain consistency is very difficult thus leading to configuration drift and trying to keep multiple environments that are meant to mirror one another in lockstep is challenging. Trying to scale the environment is cumbersome (e.g. deploy more instances of VMs or add new subnets). Lastly, there isn’t an easy way to easily document the environment other than screenshots and spreadsheets containing configuration values.

Scripting adds a bit of automation but often difficult to maintain through time.

4 of 16

What is Infrastructure as Code?

Managing and provisioning of infrastructure through code:

Allows for automation of the creation and modification of infrastructure
Can be imperative or declarative (more on this later)

5 of 16

Benefits of IaC

Automation in one and across multi-cloud
Speed and efficiency
Repeatable and consistent (Dev, SIT, UAT, Prod)
Source control and versioning
Team collaboration (CI)
CI/CD Pipelines
Simplify, standardize, and scale at ease
Static Application Security Testing (SAST)

Benefits of IaC

To further elaborate on the benefits of IaC, it is now possible to not only automate the deployment in one cloud but across multiple clouds such as GCP, Azure and AWS. The speed and efficiency of deployment can be greatly increased as the process eliminates the manual points and clicks of the administrator, the process is also repeatable and consistent allowing multiple environments to be deployed in lockstep. The code can easily be source controlled with versioning which will give way to team collaboration through Continuous Integration. CI/CD pipelines can be used to develop and deploy the infrastructure leveraging all the benefits of DevOps. Infrastructure management can simplified and standardized through policies and scale at ease – so think about tweaking a variable to scale from 1 to 100 rather than going into a GUI and deploying or cloning resources multiple times. Static application security testing, which is the process of reviewing source code and detecting vulnerabilities can now be performed rather than trying to comb through the deployment configuration documentation or GUI post deployment of the infrastructure. Manual labour is significantly reduced.

6 of 16

Imperative vs Declarative

Forward 1 mile
Turn right
Forward 2 miles
Turn left
Forward 3 miles
Arrive at pizza restaurant

Go to the pizza restaurant

What to do.

What is wanted.

7 of 16

Imperative vs Declarative

Starting point matters
Difficult to audit
Difficult to detect drift
No version control
Not repeatable
Requires complex logic
Changes to destination requires significant modifications

Starting point does not matter
Engine determines how to get to destination
Idempotent property
Repeatable in a pipeline
Easy to validate and detect drift
Can be version controlled
Changes to destination automatically handled

What to do.

What is wanted.

Let’s dissect the differences and outline them.

With imperative, the starting point matters because we are explicitly calling out each action to get to the end state. This leads to difficulty in auditing the steps and trying to detect drift when changes are made. Version control is challenging if even possible, if the steps execute half way and stop due to error, you cannot repeat the steps without ending in a completely different state. The logic can get very complex as ordering matters and trying to change the destination state requires modifications to the steps.

Declarative, on the other hand, allows the starting point to be anywhere because the engine delivering or carrying you to the end state will handle the directions. Declarative is idempotent in nature so you can run it as many times as you want without affecting the state. The code can also be repeatedly ran in a pipeline to create multiple environments in lockstep. Having removed the detailed imperative steps, we can easily validate and detect any drift and introduce version control. Lastly, we can change the destination without worrying about changing the steps.

8 of 16

IaC with Terraform

Declarative language
Cloud agnostic / Multi-cloud support
Large list of providers available
Source control with Git or Terraform Cloud
RBAC workspaces
Policy as code (approve and reject automation)

9 of 16

IaC with DevOps Pipelines

Leverage DevOps methodology with CI/CD pipelines to deploy infrastructure
Seamless integration of software development and IT operations teams
Integrate as a component of a pipeline for software development
Full automation through build, test, and deploy stages
Support for multiple release strategies such as blue/green, canary or rolling releases

10 of 16

Sample Setup

Prerequisites

Jenkins installed
Install Jenkins Terraform Plugin
GitHub Repo with Terraform deployment code
Service Principal (IAM) for Jenkins

Configure Jenkins

Create Jenkins pipeline
Parameterize the Jenkins pipeline
Add the pipeline code
Build pipeline

11 of 16

Prerequisites

Jenkins installed
Install Jenkins Terraform Plugin
GitHub Repo with Terraform deployment code
Service Principal (IAM) for Jenkins

12 of 16

Create Jenkins pipeline

Configure stage to obtain Terraform deployment code
Configure stage to initialize Terraform
Configure stage to apply Terraform

13 of 16

Parameterize the Jenkins pipeline

Create a choice parameter named “action”
Configure the choices for “apply” and “destroy”
Configure a description for the action:

“Choose the action you would like to perform – Terraform Apply or Destroy?”

14 of 16

Add the pipeline code

Add the pipeline code to Jenkins pipeline

pipeline {

agent any

� stages {

stage('Checkout') {

steps {

checkout([$class: 'GitSCM', branches: [[name: '*/main']], extensions: [], userRemoteConfigs: [[url: 'https://github.com/terenceluk/tf-iac-az-repo']]])

}

stage ("terraform init") {

steps {

sh ('terraform init')

}

stage ("terraform plan") {

steps {

sh ('terraform plan')

}

stage ("terraform Action") {

steps {

echo "Terraform action is --> ${action}"

sh ('terraform ${action} --auto-approve')

}

15 of 16

Build Pipeline

Navigate to Build with Parameters and initiate build of infrastructure

16 of 16

Questions and Comments?

Thank you for your time!