As the name suggests, Infrastructure as Code(IaC) is related to the codification of a given infrastructure. So in this blog, we will be going through what IaC is, what is the need for IaC, and when it comes to Azure, what we have in store to achieve the IaC process.
Infrastructure as Code is a provisioning & managing infrastructure like VM/EC2 VPC with code/configuration files. It allows us to treat infrastructure configuration and provisioning just like we handle application code, enabling us to easily version code in any popular SCM to take advantage of CI/CD pipelines.
What is the need for Azure IaC?
Previously, infrastructure management & configuration was done manually. Each environment has its unique configuration, which was configured manually, and that led to several problems:
- Cost as you have to hire many professionals to manage and maintain infrastructure.
- Scaling as a manual configuration of infrastructure tasks is time-consuming, making you struggle to meet spikes on request.
- Inconsistency because the manual configuration of infrastructure is error-prone. When several people do manual configurations, errors are unavoidable.
Whereas IaC is idempotent, ensuring the same deployment results in a given environment.
Why Infrastructure as code on Azure?
Globally, 90% of fortune 500 have shown their belief in Azure to drive their business. It has various services to resolve business problems, from storage to AI/ML to IAM, over a single platform. With IaC, Azure resources management gets way easier through configuration files with consistency, which ensures fewer errors & provides preciseness. The two important methods to implement IaC on Azure are:
- ARM Templates
What are ARM Templates?
ARM templates are a type of infrastructure as code, a concept in which you define the infrastructure that needs to be deployed. To deploy a storage account, you no longer need to navigate the portal, create virtual machines or write scripts. Instead, the template defines the resources, and the Azure ARM management layer is in charge of building the infrastructure.
The declarative syntax is the term for this concept. The declarative syntax states what resources you want to create without writing the command sequence. For example, you can easily create a script to create a virtual machine using the Azure CLI or Azure PowerShell. To handle any scenario, you must include a lot of logic and error checking.
Making a declarative template defines the end state of the environment, and Azure uses the template as input to create the environment for you. If the template is different, the ARM management layer will create a new resource or modify an existing resource.
How does Azure Resource Manager work?
To implement IaC on Azure, use Azure Resource Manager templates (ARM templates). It is a file written in json based on declarative syntax, which lets you define the state of the infrastructure you want to deploy without writing a sequence of commands to achieve that state.
In the azure resource manager templates, resources & their properties are specified for deployment. It is a native option for Azure.
What are the Features of Azure Resource Manager(ARM)
ARM is compact with various features, making it an ideal choice for the IaC tool. Here are a few of them.
- Declarative syntax - It allows you to define the state of the infrastructure you want to deploy without mentioning steps/commands to achieve that state.
- Consistent Results - Every time you deploy, resources get deployed consistently with the same result over a given environment as Templates are idempotent.
- Orchestration - Resource managers ensure the deployment of interdependent resources so they may get deployed in the correct order, which makes work easier without getting into the complexity of ordering operations.
- Modular files - It allows you to break your desired infrastructure into smaller reusable components, which can also be nested in other templates.
- Extensibility - You may add PowerShell/Bash script in a template. It ensures that the users get extended ability to set up the required resources.& many more features like built-in validation to ensure the success of deployment & tracked deployments to get information about deployment history & other information related to deployments.
How does the Azure Resource Manager(ARM) work?
Azure Resource Manager service (ARM) centralizes resource management, security & deployment via tags to enable users to create, modify & delete resources.
All requests from APIs, Azure tools or SDKs, and Resource Manager firstly get authenticated & authorized, then these requests are sent to the Azure service, which performs the requested action. All requests are handled via the same API, so you get consistent results.
What are the benefits of IaC on Azure Resource Manager(ARM)?
Choosing ARM for IaC on Azure enables you with:
- Managing infrastructure through declarative azure resource manager templates rather than scripts.
- It allows you to manage, monitor & deploy all your solutions' resources as a group, rather than handling resources individually.
- It assures you of the consistent state over a given environment throughout the development lifecycle.
- You can define dependencies between resources for getting deployed in the correct order & for faster deployment, and ARM runs independent jobs parallelly.
- Allows you to implement access control to all services as Azure RBAC is integrated into the management platform.
- Attach tags to resources to logically organize resources in subscription & get clarity on the organization's billing by viewing costs for a group of resources of the same tag
Limit the size of your template to 4 MB. This applies to the template's final state after expansion with iterative resources & values for variables & parameters. Also, each parameter file should be limited to 64 KB.
With further limitations:
- 256 parameters
- 256 variables
- 800 resources (including copy count)
- 64 output values
- 24,576 characters in a template expression
- Some of the limits can be exceeded using a nested template.
Create a resource group in the same region as resources as it contains metadata of resources. If the resource group deployed in another region is temporarily unavailable, you won't be able to update resources in the resource group as metadata is unavailable.
Set the hard-coded value of the API version property for the resource type. While creating a new template, we recommend using the latest API version for a resource type to determine available values. When your template works as expected, the recommendation is to use the same API version so you don't worry about the changes.
Use test toolkit
It's a script that ensures best practices are followed in a given template. If the template isn't compatible with the best practices, it returns a list of warnings and suggested changes.
How to use Terraform for Azure?
After arazure resource manager templates, the second most popular method to implement and use IaC principles on Azure is Terraform. It is the most popular and open-source tool provided by HashiCorp for infrastructure automation. It creates IaC for cloud providers like Azure, AWS, GCP with the same workflow. It helps in configuring, provisioning, and managing the infrastructure as code as it allows codification of infrastructure like VM, storage & other Azure resources through its configuration files. It enables developers to manage infrastructure with consistent tooling across various cloud platforms.
Benefits of using IaC on Azure using Terraform
- Automation of Infrastructure management - Terraform allows to create, provision, and alter your resources using template-based configuration files.
- Automation across several clouds that is platform agnostic - Terraform is likely the only full-featured automation solution that is platform agnostic and can be used to automate on-premises systems. Most organizations use cloud services from multiple providers and this could be great benefit.
- Before implementing changes to infrastructure, be sure you understand what's going on - Terraform plans may be used for both configuration and documentation. This ensures that your team understands how your infrastructure is configured and how changes might influence it.
IaC is a process of representation and management of the infrastructure in the form of code that tends to be consistent & efficient. Additionally, Azure is one of the leading & reliable public CSP for IaC implementation due to its native service ARM template & its compatibility with open source tools like terraform.
- Learn more about GCP for Infrastructure As Code - Tools | Benefits | Features
- How AWS supports Infrastructure as Code ?- AWS CloudFormation