IaC evolved to help solve the problem of “environment drift”. Cloud applications usually have separate deployment environments for the stages of their release lifecycle. It’s common to have development, staging, and production environments. These environments are composed of networked resources like application servers, load balancers, and databases. Environment drift occurs when the infrastructure between these different environments falls out of sync.
Without IaC, infrastructure management can be a disorganized and fragile process. System administrators manually connect to remote cloud providers and use API or web dashboards to provision new hardware and resources. This manual workflow does not give a holistic view of the application infrastructure. Administrators may manually make changes to one environment and forget to follow through on the other. This is how environment drift happens.
Environment drift becomes an expensive business waste. Bugs and failures happen because teams build against a staging or development environment and then find upon deployment that the production environment is out of sync, which leads to a time-consuming investigation of why and what is missing.
Without IaC, manual infrastructure management is a slow process. If a required infrastructure change is identified due to environment drift, spikes in traffic, or some other issue, it can take an unknown amount of time for a systems administrator to react and adapt. This leads to outages and customer frustration. With IaC in place, infrastructure can automatically adapt to changes in configuration and react to spikes in traffic with auto-scaling features.
Infrastructure as code brings more oversight and visibility to manual systems administration. With the infrastructure configuration files committed to a central version control repository, all team members can view and edit infrastructure data. This enables powerful auditing capabilities. For example, if your team undergoes a PCI compliance audit, you'll need to know if a specific part of your infrastructure is using SSL encryption. With IaC you can quickly see how SSL is configured and execute the code to make sure the live infrastructure matches the configuration files, which identifies if SSL is enabled. The version control commit history also acts as a log to review when it was added or removed.