A7. Define and Maintain Infrastructure as Code

The practices and tools for version control, orchestration, and automation should be utilized to the greatest extent possible for all cloud hosted workloads. In this manner we are applying the tools and practices of software development to programmable infrastructure accessed via APIs. This has implications for both application design and operations and administration (see “Perform operations as code” and “Automate changes using CI/CD” in the latter section of this document).

From a design standpoint, Infrastructure as Code makes it possible to realize the “Cattle, not Pets” principle by re-imagining our “infrastructure” as a repository of declarative artifacts that describe, and from which we might recreate, our somewhat intangible cloud assets. In this pattern, the abstract definition of our infrastructure becomes the real basis for our IT asset portfolio, far more so than any disposable running instance thereof.

Further, because IAC facilitates both (1) full enumeration and (2) the means of recreation of infrastructure instances via automated means, it protects interests of the university in case of both component failures and even cloud provider exit (see: “Develop a Cloud Provider Exit Strategy”)