Everything Everywhere All as Code
“Everything as Code” Definition
Everything as Code is a philosophy for managing IT infrastructure where all components of infrastructure are created, managed, and deleted using code. This applies to container definitions, cloud infrastructure, on-premise server configuration and really anything else that is configurable.
Key Benefits of Everything as Code
When everything is controlled by code, and that code is managed within a version control system, the following benefits are unlocked:
- Readable configuration: An infrastructure asset’s configuration can be read in a single file, instead of needing to log into a web application and click through multiple views, or parsing CLI print outs.
- Repeatable environments: Modern infrastructure management tools allow you to bundle resources and control behavior with input variables. This makes spinning up identically behaving environments between development, staging, and production safer and quicker than trying to replicate a series of cloud console clicks.
- Worry-free roll-backs: When infrastructure assets are managed in version control, if a new release breaks something, we can simply roll back our environment to the previous commit without worry. The alternative is scrambling to determine what the previous configuration was and manually reverting.
- Static scanning of code for potential configuration issues: With many infrastructure configuration tools, potential issues can be identified prior to infrastructure deployment using testing strategies within a continuous integration (CI) pipeline. This includes mission-critical problems like security checks and cost estimation.
Steps to enable Everything as Code
The devil is always in the details. The “gold standard” approach is to bring a new infrastructure configuration tool into your organization, enforce that infrastructure lifecycle management occurs exclusively through the new tool, and then ride off into the sunset. 😄 The problem is, of course, that several significant hurdles exist to achieving this golden state:
- Legacy infrastructure outside of the infrastructure tool. Even if all new infrastructure is managed through a configuration language, chances are nearly 100% that your organization has legacy infrastructure. Migrating legacy assets can be challenging and a major barrier to managing everything as code.
- Legacy development and operational practices. Engineers, like everyone else, prefer using the tools with which they are already comfortable. For example, configuring servers using the CLI, or clicking through the cloud-console UI to manage an S3 bucket. Adjusting to a new paradigm, no matter how beneficial, requires intention and buy-in.
- Hot fixes will happen. Things break in production, and engineers, even those most behind keeping everything as code, make hot fixes using legacy tools instead of deploying changes through a configuration language. When this happens, your org’s IT asset code does not reflect what is in a production environment.
Enabling strategies and tools
While books and many articles have been written about strategies and selecting the ideal tool to use, here is a high-level recomendation for adopting Everything as Code and available tooling for your use case.
- Get buy-in on your “Everything as Code” tool set. Select the tools that are best for your use cases and being implementing.
- Provide education and support for transitioning to the new tool. New tooling will often have a learning curve, work to minimize this barrier to adoption within your organization.
- Have a plan for migrating legacy assets. Don’t leave half of your IT assets unmanaged, everything as code means everything as code.
- Enforce use of the new tool set gowing forward. Somewhat insidiously, making a half-effort to control everything as code leads to wasted effort, and even more uncertainty about what is actually controlling your IT infrastructure.
Tools (* indicates Source Available or OSS)
- Infrastructure as Code: Terraform*, Pulumi*, AWS CloudFormation, AWS CDK, Azure ARM/Bicep templates
- Configuration as Code: Ansible*, Docker*, Packer* (golden image definition)
- Policy as Code: Rego*
- Continuous Integration and Deployment: GitHub Actions, GitLab CI/CD, CircleCI
- Migration to and Maintenance of “Everything as Code’: cloud-concierge*
“Everything as Code” is an approach to IT infrastructure management that yields significant dividends through infrastructure scalability, stability, and reproducibility. In this article we discussed the benefits of this approach, potential problems that can arise, and reviewed strategies for a successful implementation of “Everything as Code” within your organization.
dragondrop.cloud’s mission is to automate developer best practices while working with Infrastructure as Code. Our flagship OSS product, cloud-concierge, allows developers to codify their cloud, detect drift, estimate cloud costs and security risks, and more — while delivering the results via a Pull Request. For enterprises running cloud-concierge at scale, we provide a management platform. To learn more, schedule a demo or get started today!
Learn More About Terraform
What is driftctl? driftctl is an OSS CLI tool that enables users to identify Terraform drift as well as unmanaged resources within a cloud environment. It is a quite popular tool and has collected over two thousand stars on GitHub. Why Would We Want a Replacement?...
Background On August 10, HashiCorp changed the license to their previously “Open Source” projects to a Business Source License (BSL), making them now “source available” for all future releases. We discusssed in detail reasons and motivations for this change here. On...
What is Terraform Drift? What problems does it cause? And how can we fix it? So you’re using an Infrastructure as Code (IAC) solution like HashiCorp’s Terraform. You have at least some cloud resources deployed via Terraform. You’ve noticed that sometimes when you go...