upgrade
upgrade

🔄DevOps and Continuous Integration

Key Concepts of Infrastructure as Code Platforms

Study smarter with Fiveable

Get study guides, practice questions, and cheatsheets for all your subjects. Join 500,000+ students with a 96% pass rate.

Get Started

Why This Matters

Infrastructure as Code (IaC) isn't just a convenience—it's the foundation of modern DevOps practices that you'll be tested on throughout this course. When exam questions ask about automation, repeatability, version control, and scalability, they're really asking whether you understand how teams move from manually clicking through cloud consoles to treating infrastructure like software. These platforms demonstrate core principles like declarative vs. imperative approaches, idempotency, state management, and configuration drift prevention.

Don't fall into the trap of memorizing tool names and syntax details. Instead, focus on understanding what problem each category of tool solves and when you'd choose one approach over another. If an FRQ asks you to design a CI/CD pipeline or explain how to ensure consistent environments across development and production, you need to know which tools handle provisioning versus configuration—and why that distinction matters.

Declarative Provisioning Tools

These tools focus on defining the desired end state of your infrastructure rather than the steps to get there. The underlying principle: you describe what you want, and the tool figures out how to make it happen.

Terraform

  • Multi-cloud provisioning—HashiCorp's open-source tool works across AWS, Azure, GCP, and dozens of other providers through a plugin architecture
  • HCL (HashiCorp Configuration Language) provides human-readable declarative syntax that's easier to learn than JSON or raw YAML
  • State file management tracks what resources exist, enabling the tool to calculate diffs and handle dependencies automatically

AWS CloudFormation

  • Native AWS integration—Amazon's first-party IaC service with deep hooks into all AWS services and features
  • Stack-based management groups related resources together, enabling atomic updates and one-click rollbacks
  • JSON or YAML templates define resources declaratively, with built-in support for parameters, mappings, and cross-stack references

Azure Resource Manager (ARM) Templates

  • Azure-native provisioning—Microsoft's tool for deploying and managing Azure resources as a single unit
  • Resource grouping organizes infrastructure logically, simplifying access control and cost tracking
  • Built-in RBAC integration enforces security policies at the template level, ensuring compliance from the start

Google Cloud Deployment Manager

  • GCP-native IaC—Google's service for defining infrastructure using configuration files with full API access
  • Template reusability through Jinja2 or Python templates enables modular, maintainable configurations
  • Dependency resolution automatically determines resource creation order based on declared relationships

Compare: Terraform vs. CloudFormation—both are declarative provisioning tools, but Terraform offers multi-cloud portability while CloudFormation provides deeper AWS-native integration. If an FRQ asks about vendor lock-in versus ecosystem depth, this is your go-to comparison.

Configuration Management Tools

These tools handle what happens after infrastructure exists—installing software, managing files, and ensuring systems stay in their desired state. The key principle: idempotency, meaning running the same configuration multiple times produces identical results.

Ansible

  • Agentless architecture—connects via SSH without requiring software installation on managed nodes, reducing operational overhead
  • YAML playbooks define tasks in human-readable format, lowering the barrier to entry for teams new to automation
  • Push-based execution runs configurations on-demand from a control machine, ideal for CI/CD pipeline integration

Puppet

  • Agent-based model—nodes pull configurations from a central Puppet server on a scheduled interval
  • Declarative DSL describes desired system state using Puppet's custom language, enforcing consistency across environments
  • Compliance reporting provides audit trails and drift detection, critical for regulated industries

Chef

  • Ruby-based recipes—uses a full programming language DSL, offering maximum flexibility for complex logic
  • Test Kitchen integration enables test-driven infrastructure development, validating configurations before deployment
  • Client-server architecture with a central Chef server storing cookbooks and managing node convergence

SaltStack

  • Event-driven automation—responds to system events in real-time, not just scheduled intervals
  • Master-minion architecture scales to thousands of nodes with high-speed ZeroMQ communication
  • Remote execution runs ad-hoc commands across infrastructure instantly, useful for incident response

Compare: Ansible vs. Puppet—both ensure configuration consistency, but Ansible's agentless, push-based approach suits ad-hoc tasks and CI/CD pipelines, while Puppet's agent-based, pull model excels at continuous enforcement in large, stable environments.

Container Orchestration Configuration

These tools define how containerized applications run and scale. The principle here: declarative container management that handles scheduling, networking, and self-healing automatically.

Kubernetes YAML

  • Resource manifests define Deployments, Services, ConfigMaps, and other Kubernetes objects declaratively
  • Desired state reconciliation—the Kubernetes control plane continuously works to match actual state to your YAML definitions
  • Rolling updates and rollbacks are built into the deployment model, enabling zero-downtime releases

Docker Compose

  • Multi-container orchestration—defines entire application stacks (services, networks, volumes) in a single YAML file
  • Local development parity lets developers run production-like environments on their machines with docker-compose up
  • Service dependency management controls startup order and networking between containers automatically

Compare: Kubernetes YAML vs. Docker Compose—both use declarative YAML, but Docker Compose targets local development and simple deployments, while Kubernetes handles production-grade orchestration with scaling, self-healing, and distributed workloads. Know when to recommend each.

Quick Reference Table

ConceptBest Examples
Multi-cloud provisioningTerraform
Cloud-native IaC (vendor-specific)CloudFormation, ARM Templates, Deployment Manager
Agentless configuration managementAnsible
Agent-based configuration managementPuppet, Chef, SaltStack
Declarative syntax (HCL/YAML)Terraform, Ansible, Kubernetes YAML, Docker Compose
Imperative/programmatic approachChef (Ruby DSL)
Container orchestrationKubernetes YAML, Docker Compose
State file managementTerraform, CloudFormation (stacks)

Self-Check Questions

  1. Provisioning vs. Configuration: If you need to create a new EC2 instance, which category of tool would you use? If you need to install and configure Nginx on that instance, which category applies?

  2. Compare and Contrast: Both Terraform and AWS CloudFormation are declarative provisioning tools. What's the key trade-off when choosing between them for a new project?

  3. Architecture Differences: Ansible and Puppet both manage configuration, but one is push-based and agentless while the other is pull-based with agents. Which is which, and when would you prefer each approach?

  4. Idempotency in Practice: Why is idempotency critical for configuration management tools? What problems would occur if running a playbook twice produced different results?

  5. FRQ Scenario: Your team needs to set up identical development, staging, and production environments across AWS and Azure. Which IaC tools would you recommend for provisioning, and how would you ensure configuration consistency after the infrastructure is created?