Skip to Content
Tech PrinciplesTechnical ResourcesInfrastructureInfrastructure as Code

Infrastructure as Code

Benefits

Defining infrastructure as code (e.g. Terraform) provides many benefits:

  • Version Control - Infrastructure is tracked in Git like application code
  • Peer Review - Changes are reviewed to improve quality and security
  • Repeatable - Infrastructure can be reapplied and rolled back

Overall, it brings control, visibility and collaboration.

Environments

Infrastructure Environments

These contain shared resources like IAM roles, buckets, ingresses, or a nonprod database used across applications for cost-saving purposes. Infrastructure environments have their own lifecycle separated from any particular application deployment.

All applications depend on these infrastructure environments - often named nonprod, prod.

Application Environments

These contain application-specific resources like data stores. Application environments align to the application release pipeline.

Application environments evolve rapidly. Each application environment is isolated from other applications. For example, consuming and producing from/to Kafka topics per application per environment.

Never Modify Manually

Never change infrastructure directly - only through code:

  • Manual changes lead to hidden knowledge and tech debt
  • Investigate any configuration drift, examples:
    • A resource change always being detected, is it a teammate or a company policy overriding my IAM role?
    • An IAM policy with more actions than it’s supposed to have or suddenly using a wildcard?

Manual changes accumulate drag on reliability and productivity.

Store State Securely

Infrastructure state (secrets, keys) must be stored securely:

  • Encrypt state files and tightly restrict access
  • State not checked into source control
  • Only accessed briefly during deployment

Tag Resources

Consistent tagging improves discovery and management:

  • Encode metadata like environments, owners
  • Group resources (e.g. by app, cost center)
  • Ease troubleshooting and auditing

Use Least Privilege

Always restrict access with least privilege:

  • Limit IAM roles permissions to minimum required
  • Revoke unused user credentials quickly
  • Rotate access keys/secrets periodically
Last updated on
E2E Load TestingInfrastructure History