Sunday, June 16, 2024

Infrastructure-as-Code (IaC) Management in the Cloud

One of the most critical and vital components today, in the Cloud era, is the Infrastructure as Code (IaC). In this post, I decided to write my paper to explain how infrastructure management as Code in the Cloud in general.

Not long ago, the job of a system administrator was not easy. All the hardware and software had to be maintained and configured so that an application could work properly. If a server broke down and had to be reassembled, you had to pull documentation, which turned out to be rarely entirely up to date. When you reassembled the server, you never knew if it was exactly as before, leaving the new server in an unknown and untested state.

With Infrastructure-as-Code, all these processes are improved, and it avoids numerous risks and potential technical disasters that can occur due to manual or poorly documented operations.

What exactly is Infrastructure as Code (IaC)?

Simplifying its definition, IaC means maintaining the infrastructure programmatically, thus eliminating the need for manual configuration.

Advantages of infrastructure management as code in the Cloud

IaC and DevOps

By turning our infrastructure into code, we can apply all the advantages that DevOps offers us. We can add our code to a Git repository and version our infrastructure to work with a team to maintain it. In addition, we can apply continuous improvement and integration so that approved changes are automatically deployed.


Another advantage is the speed with which we can get an infrastructure up and running. In a short time, we can create a fully operational infrastructure. This speed means that even backup policies need to be reviewed. Because why would we want to have a backup of everything if we can recreate the infrastructure in a matter of minutes using our IaC?

No risk

By automating the creation of resources, the risk of making a mistake in any configuration is reduced to practically zero, making deployments much safer reducing risk to a minimum.

Lower costs

Logically, the automation of infrastructure creation reduces costs since engineers do not need to configure and maintain the infrastructure manually. Also, the ability to reuse code drastically minimizes the design of new infrastructures.

Mutable or immutable?

With all these changes and ways of thinking, concepts such as “mutable” and “immutable” have been introduced. But what do these concepts mean?

Mutable means that the server that is set up changes over time. Maybe you started with a server running Linux and Tomcat 4.2 but then decided to use Nginx. For this, you had to uninstall Tomcat and install Nginx and all this on the same server. What’s wrong with this? Well, maybe on one server, nothing happens, but imagine that we have to apply it to 100 servers in a farm where all of them are used for the same application. There is a high probability that something is not configured the same as the other servers, and there can be a situation where we do not know what state each server is in. It is also called “Configuration Drift.” It means that the application can start generating errors randomly, and we have to find out which server is causing the problem.

Immutable means that the servers, once mounted, are not changed. If we currently have a Linux server with Tomcat 4.2 and want to go to an environment with a Linux server with Nginx, we mount this new environment on an entirely new server. Once the new server is tested and verified, we replace it with the old one and pass all the traffic to the new server.

With the introduction of IaC, we are slowly moving to a world where all or much of the infrastructure is immutable, as setting up an infrastructure with IaC is very fast.

Pets or cattle?

An excellent example of looking at it is to think of infrastructure as “Pets or Cattle.” In the past, we used to think of our servers or infrastructure as pets to which we gave familiar names and took good care of them so that they could stay with us as long as possible.

Today, however, with the introduction of IaC and the immutable concept, we have to start thinking of our servers or infrastructure as livestock. In livestock, animals have no name, at most a number, and if an animal gets sick or is no longer helpful to us, we cull it and replace it with a new animal.

Disadvantages of managing Infrastructure as code

Not all are advantages when applying IaC, as disadvantages, I would highlight that there is no regulation by anybody to standardize the way to create resources in Cloud. I also believe that it would be currently impossible given the diversification of the different Clouds. Thus, a design made for a Cloud provider would not be valid in another provider without making the necessary changes.


Currently, several tools on the market allow us to generate IaC code. Some of them are specific to the Cloud provider, such as:

– CloudFormation (AWS)

– Azure Resource Manager (Azure)

– Google Cloud Deployment Manager (Google)

Then there are the multi-cloud tools. They are those that serve to create infrastructures in different providers from the same device.

– Terraform

– Ansible

– Chef Puppet

– Pulami

The disadvantage of most of these tools is that they use their Domain Specific Language (DSL), which means that we have to learn a new language before using the device. It generates a learning curve when starting a project.

However, it is the first one that has decoupled itself from the DSL and allows to generate the infrastructure in the language that best suits the team. It currently supports Javascript, TypeScript, Python, GO, and C#. it has even attracted the attention of Terraform, which has created a CDK to generate infrastructure stacks in programming languages.


Infrastructure as Code is already an essential concept within the Cloud world and is part of the DevOps cycle in many organizations. Thanks to IaC, our idea of deploying and even designing infrastructures has changed radically, giving us multiple advantages as we have just seen.


Jana Rooheart is a blogger with extensive expertise in creative writing, psychology, and digital learning tools. Jana shares her expertise on the blog, specifically sharing tricks in the field of academic writing. Jana gives practical tips that help a large number of students when attending college or university.


Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles