Skip to main content
Serverless Architecture
CHAPTER 15 Intermediate

Infrastructure as Code

Updated: May 15, 2026
20 min read

# CHAPTER 15

Infrastructure as Code

1. Introduction

In the previous chapter, we got a taste of defining our API Gateway and Lambda functions in a YAML file. This concept is so powerful that it serves as the absolute foundation of modern cloud engineering. It is called Infrastructure as Code (IaC). If you build a complex architecture by clicking 100 buttons in the AWS Console, and then accidentally delete it, you have to click 100 buttons to rebuild it. In this chapter, we will learn how to write our servers, databases, and networks as lines of code, ensuring our infrastructure is version-controlled, auditable, and instantly reproducible.

2. Learning Objectives

By the end of this chapter, you will be able to:
  • Define Infrastructure as Code (IaC).
  • Differentiate between Imperative (scripts) and Declarative (IaC) paradigms.
  • Identify major IaC tools: CloudFormation, Terraform, and AWS CDK.
  • Understand the concept of "State" in infrastructure management.
  • Conceptualize deploying an architecture using Terraform.

3. Beginner-Friendly Explanation

Imagine building a Lego castle.
  • Manual Provisioning (Clicking the Console): You build the castle by hand, block by block. If your little brother knocks it over, you have to remember exactly how you built it and spend 3 hours rebuilding it by hand.
  • Infrastructure as Code (IaC): You write an instruction manual (Code) that says: "Place a red block here, place a blue block there." You feed the manual into a 3D printer. The printer instantly builds the castle. If it gets knocked over, you just press "Print" again, and you get the exact same castle in seconds. You can also upload the manual to GitHub to share with friends!

4. Declarative vs. Imperative

  • Imperative (Bash Scripts): You tell the computer *how* to do it. (e.g., aws lambda create-function..., aws s3 make-bucket...). If the bucket already exists, the script crashes.
  • Declarative (Terraform/CloudFormation): You tell the computer *what* you want the final result to be. (e.g., I want an S3 bucket named X). The IaC engine figures out how to make it happen. If the bucket already exists, it does nothing. If it doesn't exist, it creates it.

5. The Giants of IaC

There are three main tools you must know:
  1. 1. AWS CloudFormation: Amazon's native tool. You write massive JSON or YAML files. It is powerful but extremely verbose and difficult to read.
  1. 2. HashiCorp Terraform: The industry standard. It is cloud-agnostic. You use a beautiful, readable language called HCL. You can use Terraform to deploy to AWS, Google Cloud, and Azure using the exact same workflow.
  1. 3. AWS CDK (Cloud Development Kit): Instead of writing YAML or HCL, CDK lets you write infrastructure using actual programming languages like TypeScript or Python!

6. The Concept of "State"

How does Terraform know what is already deployed in your AWS account? It uses a State File (terraform.tfstate). When Terraform deploys a database, it writes the ID of that database into the state file. The next time you run Terraform, it compares your Code to the State File.
  • If your code has 2 databases, but the state file only has 1, Terraform knows it must create 1 new database.
*Crucial Rule:* In enterprise environments, the State file is stored centrally (like in an S3 bucket), so the entire engineering team shares a single source of truth.

7. Mini Project: Conceptual Terraform Deployment

Let's see what Terraform code looks like to deploy a DynamoDB table.

Step-by-Step Overview:

  1. 1. Create a file named main.tf.
  1. 2. Define the provider (AWS) and the resource (DynamoDB):

hcl
1234567891011121314 
provider "aws" {
  region = "us-east-1"
}

resource "aws_dynamodb_table" "users_table" {
  name           = "ProductionUsers"
  billing_mode   = "PAY_PER_REQUEST"
  hash_key       = "UserId"

  attribute {
    name = "UserId"
    type = "S"
  }
}
  1. 3. Open your terminal. Run terraform init (downloads the AWS plugins).
  1. 4. Run terraform plan (A dry-run. It tells you exactly what it *will* do before it actually does it: + create awsdynamodbtable).
  1. 5. Run terraform apply (Executes the code. The table is created in AWS).
  1. 6. *The Magic:* If you change the code to name = "StagingUsers" and run apply again, Terraform automatically detects the change, deletes the old table, and creates the new one!

8. Real-World Scenarios

A company operates in AWS us-east-1 (Virginia). A massive hurricane knocks the entire region offline. If they provisioned their architecture manually, they are bankrupt; it would take weeks to click through the console and rebuild 50 microservices in Europe. Because they use Terraform, their entire architecture is defined in code. A Cloud Engineer simply changes one line of code (region = "eu-west-1"), types terraform apply, and the entire company's infrastructure flawlessly rebuilds itself in Ireland in 15 minutes. Disaster Recovery is solved.

9. Best Practices

  • Modularize: Do not write a single 5,000-line Terraform file. Create "Modules". Build a standard secure-s3-bucket module, and have your developers call that module whenever they need a bucket. This ensures every bucket created in your company has encryption and logging enabled by default.

10. Cost Optimization Tips

  • Infracost: There are free tools like Infracost that integrate directly into your CI/CD pipeline. When a developer submits a Terraform change, Infracost analyzes it and automatically comments on the Pull Request: *"Warning: This change will increase our monthly AWS bill by $450."* This catches expensive architectural mistakes before they are deployed.

11. Exercises

  1. 1. Explain the fundamental difference between an Imperative script (like a bash file) and a Declarative IaC tool (like Terraform).
  1. 2. What is the purpose of the Terraform "State" file?

12. FAQs

Q: What is the difference between Serverless Framework (Chapter 14) and Terraform? A: Serverless Framework is highly specialized for deploying FaaS (Lambda + API Gateway). It is amazing for developers building APIs. Terraform is a massive infrastructure tool used to deploy *everything* (VPCs, Kubernetes clusters, massive databases). Often, companies use Terraform to build the network and databases, and Serverless Framework to deploy the application code on top.

13. Interview Questions

  • Q: Describe the architectural imperative of Infrastructure as Code (IaC) in a Disaster Recovery scenario.
  • Q: Explain the role of the Terraform State file. Contrast the operational risk of storing a state file locally on a developer's laptop versus utilizing a remote backend like Amazon S3 with DynamoDB state locking.

14. Summary

In Chapter 15, we elevated our operational maturity from manual clicking to robust engineering. We defined Infrastructure as Code (IaC), embracing the Declarative paradigm to define our desired state in text files. We explored industry-standard tools like Terraform and AWS CloudFormation, understanding how State management tracks infrastructure drift. By treating our servers and databases as version-controlled code, we achieved absolute reproducibility, auditability, and catastrophic disaster recovery capabilities.

15. Next Chapter Recommendation

Our infrastructure is automated and deployed. Now, we must ensure it operates blindingly fast under heavy load. Proceed to Chapter 16: Scaling and Performance Optimization.

Finish this Chapter

Save your progress on your learning path and prepare for coding interview challenges.

Previous Chapter CI/CD for Serverless Applications
Next Chapter Scaling and Performance Optimization

Discussion

Join the discussion

Log in or create a free account to participate.

Sort: ·

Explore More

📖 Related Tutorials 5

Related Quizzes 6