Infrastructure as Code Introduction

Do you want your Amazon Web Services (AWS) cloud infrastructure to be resilient and consistent? Do you want quickly repeatable and automated AWS infrastructure set-up? Tired of messy and time-consuming infrastructure management through AWS Console? Do you use AWS CloudFormation, and find it verbose, clunky to manage?

If you answer yes to one or more of these questions, and want to find a better approach, then this book may be for you!

Understanding Infrastructure as Code

Infrastructure as Code (IaC) is a fundamental practice in modern cloud computing that involves managing and provisioning infrastructure through machine-readable definition files rather than manual processes. It brings several potential key benefits:

  • Version Control: Your infrastructure definitions can be versioned just like application code, providing a complete history of changes and the ability to roll back when needed.
  • Consistency: Infrastructure is deployed the same way every time, eliminating configuration drift and “snowflake” environments.
  • Automation: Changes can be automatically tested and deployed, reducing human error and saving time.
  • Documentation: The code itself serves as documentation of your infrastructure, making it easier to understand and maintain.
  • Scalability: Infrastructure patterns can be easily replicated across different environments and regions.

All of this does not happen automatically when we start on the journey to using infrastructure-as-code. Sufficiently complex infrastructure solutions can just as regular software solution become hard to maintain, and difficult to understand. On top of that, it may be significantly harder to change infrastructure. This is where somne of the key practices can help also.

Key Practices in Infrastructure as Code

  1. Immutable Infrastructure: Rather than modifying existing resources, create new ones with the desired state and replace the old ones. This does not work for everything, but it will help to do that as much as possible.
  2. Idempotency: Running the same infrastructure code multiple times should result in the same end state. We are describing what we want rather than how we do something.
  3. Separation of Concerns: Different components of your infrastructure should be modular and loosely coupled.
  4. Testing: Infrastructure code should be tested just like application code.
  5. Continuous Integration/Deployment: Infrastructure changes should go through proper CI/CD pipelines. Although, it may not look identical to an application software pipeline, since we have other concerns and properties to deal with.

…or at least, these are practices that we strive for. It is a journey and a process, and you will not get there right away.

While we will discuss specific details of using AWS CDK, these practices will also be part of what we do.

Enter AWS CDK

We are going to use one of the newer tools for automating infrastructure management from AWS, the AWS Cloud Development Kit, also known as AWS CDK. It is a way to describe the desired infrastructure state through the use of programming languages, bringing all the benefits of Infrastructure as Code while leveraging familiar development tools and practices.

The AWS CDK represents a significant advancement over traditional infrastructure management approaches: - Instead of writing verbose YAML/JSON templates, you write concise, expressive code - You get the full power of your programming language’s features (loops, conditions, functions) - Built-in best practices and security guardrails help prevent common mistakes - Integration with IDE features like code completion and type checking improves productivity

You can read this book and follow along writing your own infrastructure code. Step by step you will build up a consistent and repeatable infrastructure solution.

Feel free to also just read the areas that you find interesting. I would recommend skimming through each chapter before diving in deep to get an idea of the scope of each chapter.

Also, please read the learning objectives and requirements sections below, so that you see what to expect. I hope you will get good value from these articles!

Learning Objectives

The aim of this book is to get you up to speed with using the Amazon Web Services Cloud Development Kit (AWS CDK). The AWS CDK is a tool to define AWS cloud infrastructure using programming languages.

Thus, you will define, provide, and update multiple types of infrastructure, including virtual machines, containers and service functions.

By the end of this book, you will have: * A good understanding of what infrastructure-as-code is and key practices * Set up virtual machines (EC2) in an existing network infrastructure * Provide secure access to these virtual machines without internet exposure * Set up a container-based services, with load balancer * Include basic monitoring and logging * Defined unit tests for your infrastructure definitions

Even though AWS CDK supports writing reusable components that can be used from multiple languages, we are not going to cover that in this book. Writing components for multi-language support requires to use TypeScript essentially, and also use a specific subset of TypeScript, some specific tooling, and some specific naming conventions to follow. This is not in the scope of this book.

Requirements

For you to get the most of this book, there are a few requirements:

  • You should have some level of programming experience in Python, but do not need to be an expert developer.
  • You need access to an AWS account with administrative privileges. In this AWS account, you should be able to use either temporary (preferred) or permanent AWS programmatic credentials (e.g. Access Key Id, Secret access key, session token (if temporary credentials)).
  • You should be able to install software on the computer you use.
  • An installation of Python and uv. Technically, uv can install Python for you as well, and we will also cover installation of uv, and Python using uv.
  • You also need some basic knowledge of a few common AWS services, like IAM, EC2.

We do not require you to know a lot about AWS CloudFormation, but some basic understanding will be beneficial.

About tooling

The Python ecosystems have a wide variety of tools that can be used to build solutions. This book takes an opinionated stance on what tools to use, and that is uv with Python. If you are already familiar with other tools in the ecosystem, feel free to use whatever tools you prefer. If you are not, the choice of tools here are what I believe are preferable choices.

Let’s begin our journey into infrastructure as code with AWS CDK!