7 Principles of Infrastructure as Code (on Azure and beyond)

When it comes to cloud automation, there is a lot of choice out there. I want to show some practices that worked well for us over last few years, with Azure as an example cloud platform (but the principles should be applicable to almost all forms of Infrastructure as Code).

To give a context to the discussion, this is (IMHO) the ideal interface of an Infrastructure as Code system:

Principle 1 — imperative orchestration, declarative resource definitions

As an example of imperative infrastructure as code, imagine scripting everything down in a programming language of your choice (e.g. shell script / Powershell / Python / Go) by calling the platform REST API directly (like https://docs.microsoft.com/en-us/rest/api/azure)/. This could get very verbose, too granular and hard to maintain.

Declarative infrastructure would be equivalent to specifying resources in a JSON file and saying to a tool: “go do it however you like, but I want this state at the end”. Example of declarative approach would be using Azure ARM templates or Terraform.

Important feature of declarative approaches is idempotency.

An idempotent operation can be repeated an arbitrary number of times and the result will be the same as if it had been done only once. In arithmetic, adding zero to a number is idempotent.

Important advantage of imperative approach is implementation of control flow logic (like if, while etc.).

First problem is, the line between imperative and declarative has become very very blurred when using tools such as Azure CLI or Python Azure library. Here is an example of creating a virtual network using Python Azure SDK: