top of page
Search

Azure Cybersecurity Labs - Part Two

  • Jul 14, 2024
  • 3 min read

Updated: 19 minutes ago

Azure Cybersecurity Labs
A circle with gears in it with a shield in front of it with a gear inside another circle with the title "Azure Cybersecurity Labs"

Azure Cybersecurity Labs - Part Two

The first thing that we will be covering in this course, Azure Infrastructure as Code, is what infrastructure as code is and why it is important.


This is Azure Cybersecurity Labs - Part Two.


Infrastructure as Code (IaC) is about using code to manage the computing infrastructure in the cloud rather than pointing and clicking and using the GUI. This includes things like operating systems, databases, and storage, to name a few. Traditionally, we had to spend lots of time setting up and maintaining infrastructure... going through lengthy processes when we wanted to create something new or delete entire environments. With IaC, you can define what you want your infrastructure to look like with code without worrying about all the detailed steps to get there. For instance, you can just say that you want a Debian server with 12gb of ram and 80gb of hard drive space and it figures out everything it needs to do to make that happen.


Benefits of Infrastructure as Code

Automation is a key goal in computing, and IaC is a way to automate infrastructure management.


There are several benefits of using IaC, one of which is easy environment duplication. You can use the same IaC to deploy an environment in one location that you do in another. Suppose a business has IaC describing its entire regional branch's environment, including servers and networking. In that case, they can copy and paste the code, then execute it again to set up a new branch location.


Another benefit of using IaC is that it reduces configuration errors. Manual configurations are error-prone due to human mistakes, so having them automated with IaC minimizes the error. It also makes error checking more streamlined. Later in this course, we will be using tools to check IaC configurations for issues, but for now, you can just take a piece of IaC code and evaluate it for misconfigurations before you deploy it.


The last benefit I want to cover for IaC is the ability to build and branch on environments easily. For instance, if a new feature like a machine learning module is invented, developers can branch the IaC to deploy and test it without affecting the main application.


How does IaC work?

IaC describes a system's architecture and functionality, just like software code describes an application. It uses configuration files treated like source code to manage virtualized resources in the cloud. These configuration files can be maintained under source control and part of the overall codebase.


Immutable vs. Mutable Infrastructure

There are two approaches to IaC: mutable and immutable infrastructure.


In a mutable infrastructure, components are changed in production while the service usually operates.


With immutable infrastructure, components are set and assembled to create a full service or application. If any change is required, the entire set of components has to be deleted and redeployed wholly to be updated.


Approaches to IaC

There are two basic approaches to IaC: declarative and imperative.


Declarative describes the desired end state of a system, and the IaC solution creates it accordingly. It's simple to use if the developer knows what components and settings are needed.


An imperative describes all the steps to set up resources to reach the desired running state. It's more complex but necessary for intricate infrastructure deployments where the order of events matters.


Terraform IaC

An open-source tool, Terraform, takes an immutable declarative approach and uses its language, Hashicorp Configuration Language (HCL). HCL is based on Go and is considered one of the easiest languages for IaC to pick up.  I have the Terraform Associate certification, and it took me three days to pick up the language. By the end of these labs, I'd highly suggest you pick up a study guide for the exam since you'll already be 2/3rds of the way there.


With Terraform, you can use the same configuration for multiple cloud providers. And since many organizations today opt for the hybrid cloud model, Terraform can easily be called the most popular IaC tool.


Terraform is capable of provisioning and configuration management, but it’s inherently a provisioning tool that uses cloud provider APIs to manage required resources. And since it natively and effortlessly handles the orchestration of new infrastructure, it’s more equipped to build immutable infrastructures, where you must replace components fully to make changes.


Terraform uses state files to manage infrastructure resources and track changes. State files record everything Terraform builds, so you can easily refer to them. We'll get more into this later.


Often considered an obvious choice for an IaC tool, Terraform is what we will be using in this course.  So let's get started.





Tyler Wall Founder Cyber NOW Education



Get Your Dream Cybersecurity Job

Courses  :  Certifications  :  Cyber Range  :  Job Boards  :  Knowledge Base  :  Webinars  :  WhatsApp Community

soc analyst

Get the new book, Jump-start Your SOC Analyst Career, authored by Tyler Wall.  

 

Winner of the 2024 Cybersecurity Excellence Awards in the category of Best Cybersecurity Book!

  • LinkedIn
  • Facebook

Contact us

bottom of page