Azure Infrastructure as Code - Part Two
The first thing that we will be covering in this course - Azure Infrastructure as Code - is what is infrastructure as code and why is it important?
Infrastructure as Code (IaC) is about using code to manage the computing infrastructure in the cloud rather than pointing and clicking and using the GUI. This includes things like operating systems, databases, and storage to name a few. Traditionally, we had to spend lots of time setting up and maintaining infrastructure... going through lengthy processes when we wanted to create something new or delete entire environments. With IaC, you can define what you want your infrastructure to look like with code without worrying about all the detailed steps to get there. For instance, you can just say that you want a Debian server with 12gb of ram and 80gb of hard drive space and it figures out everything it needs to do to make that happen.
Benefits of Infrastructure as Code
Automation is a key goal in computing, and IaC is a way to automate infrastructure management.
There are several benefits of using IaC and one of this is easy environment duplication. You can use the same IaC to deploy an environment in one location that you do in another. If a business has IaC describing its entire regional branch's environment, including servers and networking, they can just copy and paste the code then execute it again to set up a new branch location.
Another benefit to using IaC is reduced configuration errors. Manual configurations are error-prone due to human mistakes so having it automated with IaC it reduces the error. It also makes error checking more streamlined. Later in this course we will be using tools to check IaC configurations for issues, but for now, just know you can take the piece of IaC code and evaluate it for misconfigurations before you actually deploy it.
The last benefit I want to cover for IaC is the ability to build and branch on environments easily. For instance, if a new feature like a machine learning module is invented, developers can branch the IaC to deploy and test it without affecting the main application.
How does IaC work?
IaC works by describing a system's architecture and functionality, just like software code describes an application. It uses configuration files treated like source code to manage virtualized resources in the cloud. These configuration files can be maintained under source control and part of the overall codebase.
Immutable vs. Mutable Infrastructure
There are two approaches to IaC: mutable and immutable infrastructure.
In mutable infrastructure, components are changed in production while the service continues to operate normally.
With immutable infrastructure, components and are set and assembled to create a full service or application. If any change is required, the entire set of components has to be deleted and redeployed fully to be updated.
Approaches to IaC
There are two basic approaches to IaC: declarative and imperative.
Declarative describes the desired end state of a system, and the IaC solution creates it accordingly. Its simple to use if the developer knows what components and settings are needed.
Imperative describes all the steps to set up resources to reach the desired running state. It's more complex but necessary for intricate infrastructure deployments where the order of events matter.
Terraform IaC
An open-source tool, Terraform, takes an immutable declarative approach and uses its own language Hashicorp Configuration Language (HCL). HCL is based on Go and is considered one of the easiest languages to pick up for IaC. I have the Terraform Associate certification and it took me all of three days to pick up the language. By the end of these labs, I'd highly suggest you picking up a study guide for the exam since you'll already be 2/3rds of the way there.
With Terraform, you can use the same configuration for multiple cloud providers. And since many organizations today opt for the hybrid cloud model, Terraform can easily be called the most popular IaC tool.
Terraform is capable of both provisioning and configuration management, but it’s inherently a provisioning tool that uses cloud provider APIs to manage required resources. And since it natively and easily handles the orchestration of new infrastructure, it’s more equipped to build immutable infrastructures, where you have to replace components fully to make changes.
Terraform uses state files to manage infrastructure resources and track changes. State files record everything Terraform builds, so you can easily refer to them. We'll get more into this later.
Often considered an obvious choice for an IaC tool, Terraform is what we will be using in this course. So let's get started.
Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and also CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, four online courses, and regularly holds webinars for new cybersecurity talent.
You can connect with him on LinkedIn.
To view my dozens of courses, visit my homepage and watch the trailers!
Become a Black Badge member of Cyber NOW® and enjoy all-access for life.
Check out my latest book, Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success, winner of the 2024 Cybersecurity Excellence Awards.