Iac
Chapter 50: Infrastructure as Code
Section titled “Chapter 50: Infrastructure as Code”Overview
Section titled “Overview”This chapter covers Infrastructure as Code (IaC) concepts and tools.
50.1 IaC Concepts
Section titled “50.1 IaC Concepts”What is IaC
Section titled “What is IaC” Infrastructure as Code+------------------------------------------------------------------+| || Traditional IaC || +-------------------+ +------------------+ || | Click in UI | | Code in Git | || | Manual config | | Automated deploy | || | Hard to reproduce| | Version control | || | No audit trail | | Reproducible | || +-------------------+ +------------------+ || || Benefits: || - Version control || - Automated testing || - Consistent environments || - Faster provisioning || - Self-documenting || |+------------------------------------------------------------------+50.2 Terraform
Section titled “50.2 Terraform”Basics
Section titled “Basics”# Installsudo pacman -S terraform
# Initializeterraform init
# Planterraform plan
# Applyterraform apply
# Destroyterraform destroyConfiguration
Section titled “Configuration”provider "aws" { region = "us-east-1"}
resource "aws_instance" "web" { ami = "ami-0c55b159cbfafe1f0" instance_type = "t2.micro"
tags = { Name = "WebServer" }}
resource "aws_security_group" "web_sg" { name = "web-sg"
ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] }}50.3 CloudFormation
Section titled “50.3 CloudFormation”Template
Section titled “Template”AWSTemplateFormatVersion: '2010-09-09'Description: 'Web Server'
Resources: WebServer: Type: AWS::EC2::Instance Properties: ImageId: ami-0c55b159cbfafe1f0 InstanceType: t2.micro KeyName: my-key SecurityGroups: - !Ref WebServerSG
WebServerSG: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Enable HTTP SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/050.4 Pulumi
Section titled “50.4 Pulumi”Example
Section titled “Example”import pulumiimport pulumi_aws as aws
# Create VPCvpc = aws.ec2.Vpc("web-vpc", cidr_block="10.0.0.0/16", enable_dns_hostnames=True, enable_dns_support=True)
# Create Security Groupsg = aws.ec2.SecurityGroup("web-sg", vpc_id=vpc.id, description="Web server security group", egress=[{ "protocol": "-1", "from_port": 0, "to_port": 0, "cidr_blocks": ["0.0.0.0/0"], }])
# Create Instanceserver = aws.ec2.Instance("web-server", ami="ami-0c55b159cbfafe1f0", instance_type="t2.micro", vpc_security_group_ids=[sg.id])
pulumi.export("public_ip", server.public_ip)50.5 GitOps
Section titled “50.5 GitOps”Workflow
Section titled “Workflow” GitOps Workflow+------------------------------------------------------------------+| || 1. Developer commits IaC to Git || || 2. CI/CD pipeline validates changes || || 3. ArgoCD/Flux syncs to cluster || || 4. Cluster state matches Git state || || 5. Monitoring confirms desired state || |+------------------------------------------------------------------+ArgoCD
Section titled “ArgoCD”apiVersion: argoproj.io/v1alpha1kind: Applicationmetadata: name: myapp namespace: argocdspec: project: default source: repoURL: https://github.com/myrepo/manifests targetRevision: HEAD path: app destination: server: https://kubernetes.default.svc namespace: myapp50.6 CI/CD Integration
Section titled “50.6 CI/CD Integration”GitHub Actions
Section titled “GitHub Actions”name: Terraform
on: push: branches: [main] pull_request: branches: [main]
jobs: terraform: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3
- name: Setup Terraform uses: hashicorp/setup-terraform@v2
- name: Terraform Init run: terraform init
- name: Terraform Plan run: terraform plan
- name: Terraform Apply if: github.ref == 'refs/heads/main' run: terraform apply -auto-approve50.7 Best Practices
Section titled “50.7 Best Practices”IaC Guidelines
Section titled “IaC Guidelines”# 1. Version Control- Store all IaC in Git- Use branches for changes- Code review for all changes
# 2. Modularization- Create reusable modules- Use variables/parameters- Avoid duplication
# 3. State Management- Use remote state- Lock state files- Backup state
# 4. Security- Don't commit secrets- Use secrets management- Scan for vulnerabilities
# 5. Testing- Validate syntax- Plan before apply- Use staging environmentsSummary
Section titled “Summary”In this chapter, you learned:
- ✅ IaC concepts and benefits
- ✅ Terraform basics
- ✅ CloudFormation templates
- ✅ Pulumi programming model
- ✅ GitOps workflow
- ✅ CI/CD integration
- ✅ IaC best practices
Part 10 Summary
Section titled “Part 10 Summary”In this part, you learned:
- ✅ Bash scripting fundamentals
- ✅ Advanced bash techniques
- ✅ Ansible configuration management
- ✅ Puppet and Chef
- ✅ Infrastructure as Code
Next Chapter
Section titled “Next Chapter”Last Updated: February 2026