Cloud Infrastructure Golden Rules

A screenshot of one of my personal cloud projects.

Introduction

I have been working in various cloud infrastructure projects using AWS, Azure, and GCP implementing infrastructure with native tools and with Terraform and Pulumi. I have seen that there are a few success factors how to make infrastructure in software development projects. I have also seen some tar pits to avoid. In this short blog post, I write about my experiences regarding how to do infrastructure as code — and how not to do it.

Two Golden Rules Above All

If you don’t remember anything else after reading this blog post, remember these two golden rules:

  1. The infrastructure solution must be so simple that any developer in the software project is able to do both applications and infrastructure.

Golden Rule 1: All Infrastructure Must Be Created Fully Automatically by the Infrastructure Code

It is so common how often this rule is violated and practically always violating this rule ends up with a fragile infrastructure.

Golden Rule 2: The Infrastructure Solution Must Be Simple

The infrastructure solution must be so simple that any developer in the software project is able to do both applications and infrastructure.

How Well Does Your Infrastructure Score?

If I audit some cloud infrastructure I could be using e.g. these simple scores from zero to five.

Default tags that make it easy to look for resources by tags in AWS.

You Are Allowed To Use the Portal, But…

So, does this mean that I’m not allowed to use the portal or cloud cli tools at all and I only should use infrastructure code? Of course not. I use the portal and cli tools all the time. But: I don’t create production systems using the portal or the cli tool. This is the way you should use them.

Feeling Is Important

Infrastructure should not be something intimidating, a magical black box that you should be afraid of, only allowed to be touched by those magicians in the infra team. Every developer in the software project should understand the infrastructure and feel a sense of ownership regarding the infrastructure. You should also feel a sense of proudness regarding your work — no-one should be proud of infrastructure that barely holds together and re-creating a new environment is a hideous and fragile endeavor applying various tricks and following cryptic instructions. The more points in our infrastructure scale from zero to five you have the more resilient and maintainable the infrastructure also tends to be.

Conclusions

Cloud infrastructure programming is hard. But it is not rocket science. I have found out that the hardest part is not the technology itself but how to be stringent with some basic rules — no infrastructure creation bypassing the IaC tool and infrastructure solution must be simple. If you follow those two rules you already are on a good path in your software project.

I’m a Software architect and developer. Currently implementing systems on AWS / GCP / Azure / Docker / Kubernetes using Java, Python, Go and Clojure.