Infrastructure as

Code in:

15 minutes
Agenda
• Traditional infrastructure deployment
• What is Infrastructure as Code (a.k.a IaC)
• Benefits of IaC
• Imperative vs Declarative
• IaC with Terraform
• IaC in DevOps Pipelines
• Sample Setup
• Q&A
Traditional infrastructure
deployment
• Graphical user interface
• Scripts (platform specific)

Limitations
• Manual and time-consuming process
• Error-prone
• Inconsistency
• Configuration drift
• Difficulty to keep multiple environments in lockstep
• Scalability
• Difficult to document
What is Infrastructure
as Code?
• Managing and provisioning of infrastructure
through code:

• Allows for automation of the creation and

modification of infrastructure
• Can be imperative or declarative (more on
this later)
Benefits of IaC
• Automation in one and across multi-cloud
• Speed and efficiency
• Repeatable and consistent (Dev, SIT, UAT, Prod)
• Source control and versioning Dev Variables Dev Environment

• Team collaboration (CI)

SIT Variables SIT Environment

• CI/CD Pipelines
• Simplify, standardize, and scale at ease Infrastructure as
Code

• Static Application Security Testing (SAST)

UAT Variables UAT Environment

Prod Variables Prod Environment

Imperative vs Declarative
What to do. What is wanted.

• Forward 1 mile
• Turn right • Go to the pizza restaurant
• Forward 2 miles
• Turn left
• Forward 3 miles
• Arrive at pizza restaurant
Imperative
What to do.
• Starting point matters
• Difficult to audit
• Difficult to detect drift
• No version control
• Not repeatable
• Requires complex logic
• Changes to destination
requires significant
modifications
vs Declarative
What is wanted.
• Starting point does not matter
• Engine determines how to get to
destination
• Idempotent property
• Repeatable in a pipeline
• Easy to validate and detect drift
• Can be version controlled
• Changes to destination automatically
handled
IaC with Terraform
main.tf

• Declarative language provider.tf

• Cloud agnostic / Multi-cloud support

• Large list of providers available
• Source control with Git or Terraform Cloud
terraform.tfstate
variables.tf

• RBAC workspaces
• Policy as code (approve and reject
automation) terraform.tfvars

output.tf
IaC with DevOps
Pipelines
• Leverage DevOps methodology with CI/CD VM

pipelines to deploy infrastructure Network SQL

Storage

• Seamless integration of software Check the code into GitHub Run the build pipeline Resources get deployed

development and IT operations teams

Terraform Code

• Integrate as a component of a pipeline for 1. git clone

software development
2. Install terraform on the build agent
3. Initialize Terraform
4. Select Environment
5. Validate Terraform Code
6. Terraform Dry Run

• Full automation through build, test, and

7. Create deployment artifact
8. Deploy to cloud

deploy stages
• Support for multiple release strategies such
as blue/green, canary or rolling releases
Sample Setup
Prerequisites
• Jenkins installed
• Install Jenkins Terraform Plugin terraform.tfstate

• GitHub Repo with Terraform deployment code

• Service Principal (IAM) for Jenkins
Configure Jenkins VM

Network SQL

• Create Jenkins pipeline Storage

• Parameterize the Jenkins pipeline main.tf main.tf

Run the build pipeline Resources get deployed

provider.tf provider.tf

• Add the pipeline code variables.tf

terraform.tfvars
variables.tf
terraform.tfvars
output.tf
output.tf 1. git clone
2. Install terraform on the build agent

• Build pipeline 3. Initialize Terraform

4. Terraform Plan
5. Create deployment artifact
6. Deploy to Azure cloud
Prerequisites
• Jenkins installed
• Install Jenkins Terraform Plugin
• GitHub Repo with Terraform deployment
code
• Service Principal (IAM) for Jenkins
Create Jenkins pipeline
• Configure stage to obtain Terraform deployment code
• Configure stage to initialize Terraform
• Configure stage to apply Terraform
Parameterize the Jenkins pipeline
• Create a choice parameter named “action”
• Configure the choices for “apply” and
“destroy”
• Configure a description for the action:
“Choose the action you would like to perform
– Terraform Apply or Destroy?”
Add the pipeline code
• Add the pipeline code to Jenkins pipeline
pipeline {
agent any

stages {
stage('Checkout') {
steps {
checkout([$class: 'GitSCM', branches: [[name: '*/main']], extensions: [], userRemoteConfigs: [[url: 'https://github.com/terenceluk/tf-
iac-az-repo']]])
}
}
stage ("terraform init") {
steps {
sh ('terraform init')
}
}
stage ("terraform plan") {
steps {
sh ('terraform plan')
}
}
stage ("terraform Action") {
steps {
echo "Terraform action is --> ${action}"
sh ('terraform ${action} --auto-approve')
}
}
}
}
Build Pipeline
• Navigate to Build with Parameters and
initiate build of infrastructure
Thank you for your time!

Questions and Comments?