What is Infrastructure as Code?

Countless cartoons and memes proclaim, “it works on my machine,” illustrating the frustration that occurs when developers deploy to production only to discover critical differences between the two environments. Infrastructure as code (IaC) empowers development teams to provision their development and sandbox environments that mirror their production environments, reducing the chance of errors being introduced during deployment. Standardizing and automating what the desired infrastructure looks like helps teams scale development faster and frees up system administrators, database administrators, and support teams’ time to focus on production environments. There are two main approaches to Infrastructure as Code: imperative and declarative. In an imperative approach, every provisioning step must be explicitly defined. When using an imperative approach, an entire build may be halted if an error is found in one step. This approach gives development teams the most control but requires higher programming skills and can be more cumbersome to maintain over time. In a declarative approach, the developer defines what the end state looks like then the IaC tool figures out how to get there. It requires less programming skill and is better able to adapt to a configuration change than imperative approaches. Declarative approaches are more scalable because they do not require as much programming knowledge or maintenance when configurations change or exact steps fail and block the rest of the build.

 

What is Policy as Code?

Policy as code manages policy compliance by defining and enforcing policies through code. Policies are IT governance rules and instructions. In most organizations, the business and Compliance teams define policies. Then it is a manual process for the Compliance team to review and approve a release. While policy as code often goes hand in hand with Infrastructure as Code, it can be used for additional use cases such as enforcing software development best practices, data retention, compliance for highly regulated industries, and more.

 

Adopt both IaC and policy as code for stronger outcomes

Infrastructure as code is used by development and IT teams to provision development, sandbox, and production environments. Policy as code is used by development, security, and data teams to ensure compliance across a wide range of areas. Both require some level of programming or scripting skills to define the desired outcomes. By adopting both, organizations can reduce human error and scale faster than by adopting just one or the other.