Help Center/ Well-Architected Framework/ Well-Architected Framework and Practices/ Operational Excellence Pillar/ OPS04 Automated Build and Deployment/ OPS04-03 Implementing Infrastructure as Code
Updated on 2025-05-22 GMT+08:00
View PDF
Share

OPS04-03 Implementing Infrastructure as Code

IaC lets you manage infrastructure with code rather than manual interventions. Modern application environments depend on a variety of components, from operating systems and database connection to storage. Traditionally, developers spend significant time setting up, updating, and maintaining these elements regularly to support application development, testing, and deployment. This manual approach not only slows progress but also increases the risk of human errors, particularly when managing large-scale applications.

  • Risk level

    High

  • Key strategies

    Using declarative tools: When deploying and managing IaC, opting for a declarative approach offers significant advantages over an imperative one. Declarative tools let you define the desired final state of your environment using simplified syntax. In contrast, imperative tools require you to detail every step needed to reach that state, which not only complicates your definition files but also increases the risk of accumulating technical debt as code (including deployment script) grows more cumbersome over time.

    Using cloud platforms and integrated, industry-proven tools: Tools built in a cloud platform cover most of your requirements, eliminating the need to develop custom solutions. Moreover, as the platform evolves, providers continually updates these tools to enhance their functionality and performance, simplifying your IaC deployments.

    Standardizing modular solutions: Each module encapsulates complex configurations or resource sets into a repeatable, standardized unit that meets specific objectives. In non-sensitive scenarios, consider integrating open-source modules to facilitate development.

    Standardizing manual steps: Reduce manual interventions during deployment and maintenance. Document all necessary manual tasks in O&M guides and standard operating procedures for secure, consistent execution.

    Reclaiming idle resources: IaC tools and configuration management platforms sometimes do not automatically remove idle resources. For instance, during a migration from a VM to a PaaS service, unused resources can linger and become isolated if not deleted by IaC tools or manually pruned. To prevent such issues, establish a standardized process to routinely scan for idle resources and implement a clear deletion policy.

  • Related cloud services and tools

    Resource Formation Service (RFS)