What is Infrastructure from Code?

6 min read

The landscape of infrastructure management is evolving, and for those familiar with Infrastructure as Code (IaC), the concept of Infrastructure from Code (IfC) might seem both intriguing and confusing. Here we aim to explain the relationship between IaC and IfC, highlighting the key differences and addressing common questions or misconceptions.

Understanding Infrastructure as Code (IaC)

Infrastructure as Code is the practice of managing and provisioning infrastructure through code, allowing for version control, repeatability, and automation. Tools like Terraform, CloudFormation, Pulumi and Ansible have made IaC a standard practice in many organizations.

Key Benefits of IaC

  • Consistency and Repeatability: Ensures that infrastructure can be consistently reproduced across different environments.
  • Version Control: Infrastructure configurations can be tracked, audited, and rolled back if necessary.
  • Automation: Reduces manual intervention, minimizing human error and speeding up deployments.

Introducing Infrastructure from Code (IfC)

Infrastructure from Code takes a different approach by generating the necessary infrastructure directly from the application code. Instead of writing separate configuration files, IfC tools integrate with or analyze the code to determine and provision the required infrastructure automatically. In many cases the generation can be customized, ensuring verified infrastructure is produced and maintaining fine-grained control.

IfC is a broad concept, different tools implement it in various ways. Some tools attempt static code analysis to infer infrastructure needs, others leverage annotations, SDKs or special constructs within the codebase. Consider the specific implementation when evaluating IfC tools and whether they provide the benefits listed below.

The details in this article are true for Nitric, which provides IfC to either directly deploy infrastructure or generate Infrastructure as Code, such as Terraform HCL, from the application code using SDKs.

Key Benefits of IfC

  • Dynamic Adaptation: Infrastructure is tailored to the application's current state and needs, making it more flexible and scalable.
  • Simplified Development: Reduces the learning curve for developers by reducing the need for separate infrastructure configuration languages.
  • Speed and Efficiency: Accelerates the development process by integrating infrastructure provisioning directly into the codebase.
  • Decoupled Infrastructure: Application code avoids direct dependencies on infrastructure configurations, enhancing modularity, portability and maintainability.

Key Differences Between IaC and IfC

Explicit vs. Implicit Configuration

  • IaC: Infrastructure configurations are explicitly defined in separate files using languages like YAML, JSON, HCL or standard programming languages. These files describe the desired state of the infrastructure, with references to specific resources, cloud services and configurations.
  • IfC: Infrastructure is implicitly defined through the application code, determined by analyzing code constructs or annotations. Explicit references to specific cloud services or resources are not required, as the infrastructure is generated based on the application's needs.

Source of Truth

  • IaC: The source of truth for an application is split between the version-controlled configuration files and the application code itself. Understanding the complete state of the application requires examining both.
  • IfC: The source of truth is the application code, with infrastructure configurations derived from it.

Flexibility and Control

  • IaC: Offers granular control over infrastructure configurations, allowing for fine-tuned adjustments. However, knowledge of the underlying infrastructure is required to make these changes.
  • IfC: Provides a more abstracted approach, simplifying overall management. With Nitric, this is achieved without sacrificing control, as developers can still customize infrastructure configurations as needed using the IaC tools of their choice. This isn't the case for all IfC tools.

Common Questions or Misconceptions About IfC

Is IfC a Replacement for IaC?

While IfC offers a novel approach to infrastructure provisioning, most IfC tools are not intended to replace IaC. Tools like Nitric build on IaC by providing an additional method for managing infrastructure. In many cases, IfC can complement existing IaC practices.

Is IfC Less Secure?

It may be easy to think that IfC's implicit configuration would lead to security vulnerabilities due to less explicit control. However, the opposite is typically true. IfC tools often incorporate best practices for security and compliance directly into the code analysis process, ensuring that generated infrastructure meets necessary standards. IfC typically provides strong defaults, reducing the risk of misconfigurations in the early stages of a project.

Is IfC a Black Box?

The abstraction in IfC might be perceived as hiding the details, making debugging and customization harder. For some IfC tools, this might be true, particularly if they're closed-source or related to a proprietary hosting platform. However, tools like Nitric provide visibility into the generated infrastructure, allowing developers to review and customize the configurations as needed.

Here are some examples of how to customize the Terraform generated by Nitric:

Is IfC Mature?

Being a newer approach, IfC might be seen as less reliable or mature compared to established IaC practices. While IfC is relatively new, most solutions build on the stable foundation and principles of IaC and enhance them by automating infrastructure provisioning in a more integrated manner. Plus, early adopters and industry leaders are actively developing and refining IfC tools, making them increasingly robust.

When to Use IfC Over IaC

Dynamic and Serverless Environments

IfC is particularly well-suited for serverless applications and environments where infrastructure needs are closely tied to the application logic and can change frequently.

Teams with Limited Access to DevOps

IfC reduces the barrier to entry for teams that might not have extensive DevOps expertise or available bandwidth, allowing developers to focus more on application logic without worrying about the intricacies of infrastructure configuration. They can also offer a protocol for specifying application infrastructure that can then be implemented by DevOps teams, reducing communication overhead between teams.

New Projects

For new projects where the application and infrastructure can be designed simultaneously, IfC can offer significant efficiencies and streamline the development process.

Conclusion

Infrastructure from Code represents a significant evolution in how we think about infrastructure management. For those accustomed to Infrastructure as Code, understanding the differences and benefits of IfC can open up new possibilities for more integrated and efficient development workflows. By addressing common misconceptions and recognizing the unique strengths of IfC, IaC users can appreciate this new approach and consider where it might fit into their own practices.

We recommend starting with a proof-of-concept to better understand how IfC can be applied.

Previous Post
Terraform Teams: Automate Infrastructure Requirement Gathering
Next Post
Enabling Developer Autonomy with Terraform Platform Engineering