Select Page

The ReleaseTEAM Blog: Here's what you need to know...

Understanding Infrastructure as Code and Policy as Code

What is Infrastructure as Code?

Countless cartoons and memes proclaim, “it works on my machine,” illustrating the frustration that occurs when developers deploy to production only to discover critical differences between the two environments. Infrastructure as code (IaC) empowers development teams to provision their development and sandbox environments that mirror their production environments, reducing the chance of errors being introduced during deployment. Standardizing and automating what the desired infrastructure looks like helps teams scale development faster and frees up system administrators, database administrators, and support teams’ time to focus on production environments. There are two main approaches to Infrastructure as Code: imperative and declarative. In an imperative approach, every provisioning step must be explicitly defined. When using an imperative approach, an entire build may be halted if an error is found in one step. This approach gives development teams the most control but requires higher programming skills and can be more cumbersome to maintain over time. In a declarative approach, the developer defines what the end state looks like then the IaC tool figures out how to get there. It requires less programming skill and is better able to adapt to a configuration change than imperative approaches. Declarative approaches are more scalable because they do not require as much programming knowledge or maintenance when configurations change or exact steps fail and block the rest of the build.

IaC provides productivity, cost savings, and reliability benefits such as:

  • Auditable infrastructure changes
  • Integrated with version control
  • Predictable, consistent configurations
  • Provision faster, keeping pace with DevOps demands
  • Developers can provision the environments they need without waiting on IT tickets
  • Suitable for both cloud-based and on-premises environments
  • Cost-savings by avoiding time savings (and corrections) of manually provisioning dev and production environments

Examples of Infrastructure as Code Tools:

  • Chef (imperative)
  • Puppet (declarative)
  • Ansible (hybrid)
  • Pulumi (declarative) – can use any programming language

What is Policy as Code?

Policy as code manages policy compliance by defining and enforcing policies through code. Policies are IT governance rules and instructions. In most organizations, the business and Compliance teams define policies. Then it is a manual process for the Compliance team to review and approve a release. While policy as code often goes hand in hand with Infrastructure as Code, it can be used for additional use cases such as enforcing software development best practices, data retention, compliance for highly regulated industries, and more.

Types of Policies enforceable through policy as code:

  • Security policies
  • Compliance with data retention and regulatory standards like GDPR and HIPAA
  • Operational policies

Benefits of policy as code:

Similarly to IaC, policy as code reduces the chances for human errors and helps speed up development and deployment because approvals and enforcement can be automated.
  • Increased visibility into how policies are defined and how teams should enforce them
  • Automated approvals and enforcement
  • Faster deployment
  • Accuracy
  • Ability to revert to previous policy definitions if required

Examples of policy as code tools:

  • Open Policy Agent, an open-source project created by the Cloud Native Computing Foundation.
  • Some IaC tools, like Pulumi, also enforce policies.

Adopt both IaC and policy as code for stronger outcomes

Infrastructure as code is used by development and IT teams to provision development, sandbox, and production environments. Policy as code is used by development, security, and data teams to ensure compliance across a wide range of areas. Both require some level of programming or scripting skills to define the desired outcomes. By adopting both, organizations can reduce human error and scale faster than by adopting just one or the other.

Join Our Mailing List

Please enable JavaScript in your browser to complete this form.

Corporate HQ

1499 W. 120th Ave
Suite 110
Westminster, CO 80234


1257 Worcester Rd.
Suite 108
Framingham, MA 01701


PMB# 604
1-110 Cumberland St.
Toronto, ON M5R 3V5