Cloud Infrastructure – IaC deep dive with Terraform

Homepage Cloud Infrastructure – IaC deep dive with Terraform

Increasingly, connected, smart, and IoT device vendors are relying on cloud infrastructure to add value to their consumer and enterprise offers.

Whether public or private clouds, the advantages of moving data and processing from the device or a vendor’s own servers to an infinitely scalable cloud platform are various and provide a compelling value proposition for many vendors.

The public cloud computing market is largely dominated by four players: Amazon and its AWS, Microsoft and its Azure platform, Alibaba’s cloud platform, and Google’s own GCP.

While each offers a full complement of cloud services, data storage and processing, and cloud computing possibilities to its clients, and while there is a certain level of commodification in the cloud market, there remain significant technical differences between the various cloud platforms.

Deploying your cloud infrastructure, then, often requires the use of the platform’s proprietary console. While this can be rapid where a developer has experience on a platform, it can provide more difficulty where experience is lacking or – in cases where a vendor seeks the most bang for their cloud spending buck – when a vendor moves from one cloud service to another.

What’s more, as companies seek opportunities to automate everything from their testing to their DevOps to their resource creation, they are seeking a solution that enables automation in CI/CD.

Luckily, there is such a solution that is all at once simple, elegant, and that makes for the straightforward deployment of cloud infrastructure right from the command line: Infrastructure as Code, or IaC.

What is IaC?

Red Hat defines IaC as:

Infrastructure as Code (IaC) is the managing and provisioning of infrastructure through code instead of through manual processes. With IaC, configuration files are created that contain your infrastructure specifications, which makes it easier to edit and distribute configurations. It also ensures that you provision the same environment every time. 

IaC helps a developer to avoid the proprietary consoles for each of the cloud providers and instead provision their cloud services effectively and consistently right from the command line.

The configuration files that the developer creates can be versioned, too, making it easier to update cloud configurations and provide services in the right way every time.

What are the benefits of IaC?

There are many advantages for a developer or a vendor who adapts IaC over traditional cloud service provisioning via a cloud service console. Five, though, stand out as especially worthy of mentioning:

  1. Cost savings: Deploying cloud infrastructure via an IaC approach saves time and therefore money as cloud services can be configured once and deployed time and again in the same fashion.
  2. Accelerated deployment: Whether an initial cloud configuration or an update to an existing cloud deployment, IaC helps developers to move faster – and cloud providers encourage the use of IaC solutions to do just that!
  3. Error reduction: By writing the code for the configuration of cloud services once and maintaining a single codebase for that configuration there is a subsequent reduction in errors and the potential for errors.
  4. Improved infrastructure consistency: No matter the preferred cloud platform of the vendor, IaC means that the configuration will be consistent within and across cloud platforms.
  5. Avoidance of configuration drift: IaC helps developers to avoid the configuration drift that occurs when ad-hoc changes are made to cloud service provisioning; instead of ad hoc changes on a single cloud platform, the same configuration is used consistently.

In addition, as the infrastructure exists as code, it has all the benefits of code. For example, it can be versioned, it can be reviewed in the same way as any other code, and it encourages collaboration both for improving the code itself and for building the skill set of other developers on the team.

What approaches are there to IaC?

While multiple IaC solutions are competing for development attention, all can be grouped into two broad types.

Imperative approaches define the specific commands needed to achieve the cloud configuration and require that those commands are executed in the correct order.

Declarative approaches, on the other hand, keep a list of the current state of the system objects which makes the infrastructure easier to manage.

At Witekio we’ve adopted the second approach and, since 2019, have used a tool called Terraform to configure cloud infrastructure for our clients in a variety of domains.

What is Terraform for IaC?

As the Terraform website puts it,

Terraform is an open-source infrastructure as code software tool that provides a consistent CLI workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files. 

This is the main tool that Witekio developers use for IaC. Like Witekio the company, Terraform is cloud agnostic, meaning that it can be used to deploy code and configure cloud services at any of the major public cloud providers mentioned previously as well as other less popular cloud providers like Yandex Cloud, IBM Cloud, Serverspace, DigitalOcean, and Oracle Cloud Infrastructure.

Terraform uses HCL, a language and toolkit for creating structured configurations that are both machine-readable and developer-friendly. While HCL is a separate native syntax and requires some learning on the part of developers, Witekio’s teams report that is relatively rapid to learn and that its similarities to nginx and Go make mastering HCL relatively easy.

Terraform is system agnostic meaning it can be used on Linux, Mac OS, and Windows machines. What’s more, developers can draw on a Terraform Registry that contains libraries to enable the creation of infrastructure configurations rapidly. This is almost like templating for cloud configurations and accelerates the deployment of those configurations to the cloud provider.

What are the drawbacks or disadvantages to Terraform for IaC?

In general terms, there isn’t much not to like with IaC generally, or Terraform specifically.

By configuring the cloud services in declarative files and giving developers the opportunity to review their code, collaborate on cloud provisioning, and draw on the Terraform Registry to quickly configure new cloud services, using IaC and Terraform helps vendors of connected, smart, and other IoT devices to get their services up and running faster and more efficiently than ever.

Witekio helps You Connect Your IoT devices to the Cloud

Summary

We believe in working with the right tools to get the job done.

How to pick an IoT cloud platform based on the needs of your product?

Cloud Security

Security is a major concern of almost every IoT device owner, user, and manufacturer.

So How can you secure an IoT Cloud-connected Device?

Achille Monga - Embedded Software Engineer
12 April 2022