AWS, Infrastructure as Code

What is infrastructure as code? Why use it?

Let me give a brief definition, Infrastructure as code is the process of provisioning and managing your cloud resources by writing a template file that is both human-readable, and machine consumable. For AWS cloud development the built-in choice for infrastructure as code is AWS CloudFormation.

Using AWS CloudFormation you can write a description of the resources that you want to create on your AWS account, and then ask AWS CloudFormation to make this description into reality. (source:

AWS CloudFormation Diagram

Suppose you have a tech startup and you want AWS as your cloud service provider. For your startup, you need VPC (Amazon VPC enables you to build a virtual network in the AWS cloud — no VPNs, hardware, or physical datacenters required.), S3 bucket, public and private Subnets inside your VPC, Internet Gateway, Application Load Balancer, EC2 Instance, Autoscaling group, NAT Gateway, Routing Table and other resources.

Now you have some options to create and link all those resources needed.

  1. Using the AWS Management Console: Here you have to create and link every resource needed manually. This will take a hell lot of time, and there is a great probability of errors.
  2. Using Cloudformation Template in Management Console:
  3. Using aws CLI: Here you’ll create the template in that list out all the resources needed and link them to each other. The template should be written in JSON or YAML only. After you create a template, AWS CloudFormation takes this template and then assumes the responsibility of creating, updating, and deleting resources on your AWS account according to what is described in the template. If you add a new resource to the file CloudFormation will create that resource on your account. If you update a resource CloudFormation will either update or replace any existing matching resources. And if you remove a resource from the template it will be cleaned up and removed from your AWS account.

You can create the above-mentioned infrastructure template from this source

Description:  This template deploys a VPC, with a pair of public and private subnets spread
across two Availability Zones. It deploys an internet gateway, with a default
route on the public subnets. It deploys a pair of NAT gateways (one in each AZ),
and default routes for them in the private subnets.

To run the above template from your terminal you need an aws CLI tool installed on your terminal and can run this bash script. A helpful source for

Benefits of infrastructure as code

Infrastructure as code brings a lot of benefits:

  • Visibility: An infrastructure as code template serves as a very clear reference of what resources are on your account, and what their settings are. You don’t have to navigate to the web console to check the parameters.
  • Stability: If you accidentally change the wrong setting or delete the wrong resource in the web console you can break things. Infrastructure as code helps solve this, especially when it is combined with version control, such as Git.
  • Scalability: With infrastructure as code you can write it once and then reuse it many times. This means that one well-written template can be used as the basis for multiple services, in multiple regions around the world, making it much easier to horizontally scale.
  • Security: Once again infrastructure as code gives you a unified template for how to deploy your architecture. If you create one well-secured architecture you can reuse it multiple times, and know that each deployed version is following the same settings.
  • Transactional: CloudFormation not only creates resources on your AWS account but also waits for them to stabilize while they start. It verifies that provisioning was successful, and if there is a failure it can gracefully roll the infrastructure back to a last known good state.

Thank you for reading! Let me know in a comment if you felt like this did or didn’t help. I’ve got a few more cloud-related articles that I’m writing and will be posting them very soon. If there are any other questions or anything else you’d like to hear about, please don’t hesitate to put in a request.

I’m an undergrad student at IIIT Ranchi, pursuing my B-Tech in computer science and Engineering. I love to learn and share new technologies.