What Is IaC in Cloud Computing?
Also known as: Infrastructure as Code, IaC, Terraform, Ansible
This page mentions older exam versions. See the Current Exam Context and Legacy Exam Context sections below for the updated mapping.
On This Page
Quick Definition
Infrastructure as Code (IaC) is a key DevOps practice that treats infrastructure configuration—servers, networks, storage, and other components—as software. Instead of manually logging into devices and running commands, you write declarative or imperative code in files (e.g., YAML, JSON, HCL) that define the desired state of your infrastructure. Tools like Terraform, Ansible, and CloudFormation then automatically apply that code to create, update, or destroy resources. IaC exists to eliminate configuration drift, reduce human error, enable version control for infrastructure, and allow rapid, repeatable deployments. It is foundational to cloud computing, automation, and modern network management, directly supporting concepts like immutable infrastructure and continuous delivery.
Must Know for Exams
On the CompTIA Network+ exam (N10-008), IaC is tested primarily under Domain 4.0: Network Operations (specifically 4.5: Explain the importance of network automation and orchestration).
Key focus areas include: (1) Understanding that IaC is a method to automate network device configuration using code, contrasting with manual CLI/SNMP configuration. (2) Recognizing IaC as a key component of DevOps and continuous integration/continuous delivery (CI/CD) pipelines. (3) Identifying tools commonly associated with IaC, such as Ansible, Puppet, Chef, and Terraform—you must know they are used for automation, not just monitoring.
(4) Grasping the concept of idempotency: applying the same IaC script multiple times yields the same result, preventing configuration drift. (5) Differentiating between declarative (desired state) and imperative (step-by-step) approaches—declarative is more common in IaC. (6) Understanding that IaC enables version control for infrastructure, allowing rollback to previous known-good configurations.
(7) Knowing that IaC reduces human error and increases consistency, which is a major exam point. The exam may present scenarios where a network team needs to deploy 50 switches identically—the correct answer involves IaC/automation, not manual configuration or scripting that is not idempotent.
Simple Meaning
Imagine you are building a model airplane. The old way is to manually glue each piece, paint it by hand, and hope you remember every step correctly. If you build a second plane, you might forget a step or use a different color.
IaC is like having a detailed, step-by-step instruction sheet that a robot follows exactly every time. You write the instructions once in a file—specifying the exact parts, colors, and assembly order. Then, whenever you need a new plane, you give the robot that file, and it builds an identical plane automatically.
If you need to change the wing shape, you edit the file, and the robot updates all planes to match. This ensures every plane is built consistently, without manual mistakes, and you can track changes to the instructions over time.
Full Technical Definition
Infrastructure as Code (IaC) is the process of managing and provisioning data center resources—including networks, virtual machines, load balancers, and storage—through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. IaC operates at the orchestration and automation layer, typically above OSI Layer 7 (Application), as it interacts with cloud provider APIs (e.g.
, AWS, Azure, GCP) or configuration management agents. It is not tied to a single standard but is implemented via tools like Terraform (HashiCorp Configuration Language), Ansible (YAML playbooks), AWS CloudFormation (JSON/YAML), and Azure Resource Manager templates (JSON). Mechanically, IaC works in two primary models: declarative (you specify the desired end state, and the tool determines the steps) and imperative (you specify the exact steps to achieve the state).
For example, a Terraform configuration file might declare 'I want 3 EC2 instances with security group A and VPC B.' Terraform compares this desired state against the current state of the infrastructure, calculates the necessary changes (create, update, delete), and executes them via API calls. This differs from manual configuration, where an engineer SSHes into each server and runs commands, or from using a configuration management tool like Puppet in a pull-based model.
IaC enables version control (Git), code review, automated testing, and integration with CI/CD pipelines. It directly supports the concept of immutable infrastructure—where servers are never updated in place but replaced entirely with new instances built from a fresh image. Key properties include idempotency (applying the same configuration multiple times results in the same state) and drift detection (the tool can identify and correct manual changes that deviate from the code).
Real-Life Example
A mid-sized e-commerce company, ShopFast, needs to deploy a new web application across three environments: development, staging, and production. Each environment requires a virtual private cloud (VPC) with two public subnets, two private subnets, an internet gateway, a load balancer, and a set of EC2 instances running a web server. Instead of manually configuring each environment via the AWS console—which would take hours and risk inconsistencies—the DevOps team writes a single Terraform configuration file.
This file defines the entire network topology and compute resources. They store this file in a Git repository. For development, they run 'terraform apply' with a variable file that specifies smaller instance sizes.
For staging, they change the variable to medium instances. For production, they use large instances and enable auto-scaling. The entire deployment takes minutes per environment, and every environment is identical in configuration except for size.
When a critical security patch is needed, they update the Terraform file, run 'terraform apply' in production, and all instances are replaced with patched ones in an automated, controlled manner. No manual SSH, no configuration drift.
Why This Term Matters
Understanding IaC is essential for IT professionals because it is the backbone of modern cloud operations and DevOps. It eliminates manual configuration errors, ensures consistency across environments, and dramatically accelerates deployment and recovery times. For network engineers, IaC allows automated provisioning of network devices (routers, switches, firewalls) using tools like Ansible or Terraform, reducing the risk of misconfiguration that can cause outages.
In troubleshooting, IaC enables rapid recreation of environments to test fixes without affecting production. Career-wise, IaC skills are among the most sought-after in cloud and DevOps roles, directly impacting salary and job opportunities. Without IaC, organizations struggle with slow, error-prone manual processes and configuration drift.
How It Appears in Exam Questions
IaC appears in multiple-choice questions in several patterns. Pattern 1: Scenario-based—'A company needs to deploy 100 identical web servers across three data centers with zero configuration drift. Which approach should they use?'
Correct answer: Infrastructure as Code with a tool like Terraform. Wrong answers: Manual configuration, using a golden image without automation, or using a configuration management tool without code (e.g.
, only using a GUI). Pattern 2: Definition—'Which term describes the practice of managing network infrastructure through machine-readable definition files?' Correct: Infrastructure as Code.
Distractors: Software-Defined Networking (SDN), Network Function Virtualization (NFV), or Configuration Management (which is related but broader). Pattern 3: Tool identification—'Which of the following is an IaC tool that uses declarative configuration to provision cloud resources?' Correct: Terraform.
Wrong: Wireshark, Nagios, or SNMP. Pattern 4: Benefit identification—'What is a primary benefit of using IaC for network device configuration?' Correct: It ensures consistent, repeatable deployments and reduces human error.
Wrong: It increases manual oversight, it requires less initial effort, or it eliminates the need for network engineers.
Practise IaC Questions
Test your understanding with exam-style practice questions.
Example Scenario
Step 1: A network administrator writes a Terraform configuration file that defines a virtual network with two subnets, a firewall rule allowing HTTP traffic, and three virtual machines running Ubuntu. Step 2: The file is saved to a Git repository and reviewed by a colleague for errors. Step 3: The admin runs 'terraform init' to initialize the provider (e.
g., AWS). Step 4: They run 'terraform plan' to see what resources will be created—no changes are made yet. Step 5: They run 'terraform apply' and confirm. Terraform calls the AWS API to create the VPC, subnets, firewall, and VMs in the correct order.
Step 6: The entire environment is ready in under 5 minutes, identical to the specification. Step 7: Later, a developer needs to add a second firewall rule. They edit the Terraform file, commit the change, and run 'terraform apply' again.
Terraform detects the change and adds only the new rule without affecting existing resources. Step 8: When the environment is no longer needed, 'terraform destroy' removes all resources cleanly.
Common Mistakes
IaC is the same as scripting (e.g., Bash scripts) to configure servers.
Scripting is imperative and often not idempotent—running a script twice might cause errors or duplicate changes. IaC tools are designed to be idempotent and manage state, whereas scripts typically do not track desired state.
Remember: IaC is about declaring the desired end state, not writing step-by-step commands. Idempotency is the key differentiator.
IaC only applies to cloud virtual machines, not to network devices.
IaC can manage network devices (routers, switches, firewalls) using tools like Ansible with network modules or Terraform with provider plugins. It is not limited to compute resources.
IaC is infrastructure-agnostic—it can manage any resource that has an API, including network hardware.
IaC eliminates the need for network engineers.
IaC automates repetitive tasks but still requires engineers to design the architecture, write the code, review changes, and troubleshoot issues. It shifts the role from manual configurator to automation architect.
IaC changes the job, not eliminates it. Engineers now write and maintain the code that defines infrastructure.
Exam Trap — Don't Get Fooled
{"trap":"The exam trap: A question asks for the best way to ensure consistent configuration across 100 switches. Many candidates choose 'Use a golden image and clone it' instead of 'Use Infrastructure as Code.' The trap is that golden images are for servers, not network devices, and they do not handle ongoing configuration changes or drift."
,"why_learners_choose_it":"Learners often confuse server imaging with network configuration. They think 'golden image' is a universal solution for consistency, but network devices require ongoing configuration management, not just initial setup. The term 'golden image' sounds authoritative and correct."
,"how_to_avoid_it":"Apply the 'idempotency test': Ask yourself, 'Does this method ensure the same result every time, even if applied repeatedly?' Golden images are one-time snapshots; IaC is idempotent and handles changes. If the scenario involves ongoing management or multiple environments, IaC is the answer."
Commonly Confused With
IaC provisions and manages the infrastructure itself (VMs, networks, storage), while Configuration Management focuses on installing and configuring software on existing servers (e.g., packages, services). IaC is about 'what' infrastructure exists; CM is about 'how' that infrastructure behaves.
Use IaC (Terraform) to create a virtual network and three web servers. Then use Configuration Management (Ansible) to install Apache and deploy the web application on those servers.
SDN separates the control plane from the data plane, centralizing network intelligence. IaC is a methodology for automating infrastructure provisioning. SDN is a network architecture; IaC is a practice that can be used to configure SDN controllers. They operate at different layers.
Use IaC (via Ansible) to configure an SDN controller (like OpenDaylight) to define network policies, but the SDN architecture itself is separate from the IaC tool.
Step-by-Step Breakdown
Step 1: Define the desired state in code
Write a configuration file (e.g., Terraform HCL, Ansible YAML) that declares the infrastructure you want—VPCs, subnets, instances, firewall rules. This file is human-readable and stored in version control.
Step 2: Initialize the IaC tool
Run the tool's initialization command (e.g., 'terraform init') to download necessary provider plugins (AWS, Azure) and set up the working directory. This prepares the tool to communicate with the target platform.
Step 3: Preview the changes
Execute a plan command (e.g., 'terraform plan') to see what resources will be created, modified, or destroyed. This step does not make any changes; it provides a safety check before applying.
Step 4: Apply the configuration
Run the apply command (e.g., 'terraform apply') to execute the changes. The tool calls the cloud provider's API to create or update resources in the correct order, respecting dependencies.
Step 5: Verify and manage drift
After deployment, the tool can periodically check the actual state against the desired state. If manual changes cause drift, the tool can alert or automatically revert to the defined configuration, ensuring consistency.
Practical Mini-Lesson
Infrastructure as Code (IaC) is a paradigm shift from treating infrastructure as a static, manually-configured asset to treating it as dynamic, version-controlled software. At its core, IaC allows you to define your entire infrastructure—networks, servers, load balancers, databases—in code files that are stored in a version control system like Git. This code is then executed by an IaC tool to provision and manage the infrastructure.
There are two main approaches: declarative and imperative. Declarative IaC (used by Terraform, CloudFormation) lets you specify the desired end state: 'I want a VPC with CIDR 10.0.0.
0/16 and two subnets.' The tool figures out the steps to achieve that state. Imperative IaC (used by Ansible playbooks, Chef recipes) requires you to specify the exact steps: 'Create VPC, then create subnet A, then create subnet B.'
Declarative is generally preferred because it is idempotent and easier to manage at scale. IaC is often compared to configuration management tools like Puppet and Chef, but the key difference is that IaC focuses on provisioning infrastructure (creating VMs, networks), while configuration management focuses on configuring software on existing servers (installing packages, setting up services). However, many tools blur the line—Ansible can do both.
A critical concept is idempotency: running the same IaC script multiple times should always result in the same state, never causing duplicate resources or errors. This is achieved by the tool tracking the current state and only making necessary changes. Another key concept is drift detection: if someone manually changes a resource outside of IaC, the tool can detect the drift and either alert or automatically revert to the desired state.
To get started, you typically write a configuration file (e.g., main.tf for Terraform), define a provider (e.g., AWS, Azure), and declare resources. You then run 'init', 'plan', and 'apply'.
The takeaway: IaC makes infrastructure reproducible, auditable, and scalable. For the exam, remember that IaC is about automating infrastructure provisioning using code, and its main benefits are consistency, speed, and reduced human error.
Memory Tip
Think 'IaC = Infrastructure as Code = I Always Code my infrastructure.' The key exam property is IDEMPOTENCY: 'I Do Exactly the same thing Every time, Perfectly.' Remember: IaC makes infrastructure reproducible, just like code.
Covered in These Exams
Current Exam Context
Current exam versions that test this topic — use these objectives when studying.
Legacy Exam Context
Older materials may mention these exam versions, but learners should use the current objectives for their target exam.
N10-008N10-009(current version)Related Glossary Terms
AH (Authentication Header) is an IPsec protocol that provides connectionless integrity, data origin authentication, and anti-replay protection for IP packets.
AH (Authentication Header) is an IPsec protocol that provides connectionless integrity, data origin authentication, and anti-replay protection for IP packets.
An AP (Access Point) bridges wireless clients to a wired network, acting as a central transceiver and controller for Wi-Fi communications.
An API is a set of rules that allows software applications to communicate and exchange data with each other.
BCP is a proactive process that creates a framework to ensure critical business functions continue during and after a disruptive event.
BNC (Bayonet Neill-Concelman Connector) is a miniature coaxial connector used for terminating coaxial cables in networking, video, and RF applications.
Frequently Asked Questions
Is IaC only for cloud environments, or can it be used on-premises?
IaC can be used both in cloud and on-premises environments. Tools like Terraform have providers for VMware vSphere, OpenStack, and even physical network devices via APIs. The key requirement is that the infrastructure must have an API that the IaC tool can call.
What is the difference between IaC and configuration management tools like Puppet?
IaC focuses on provisioning infrastructure (creating VMs, networks, storage), while configuration management focuses on configuring software on existing servers (installing packages, managing services). However, some tools like Ansible can do both, blurring the line.
Is IaC the same as automation?
IaC is a specific type of automation focused on infrastructure provisioning. Automation is a broader term that includes any process that reduces manual intervention, such as automated testing, deployment pipelines, or monitoring. IaC is a subset of automation.
Do I need to know programming to use IaC?
Basic scripting or programming knowledge is helpful but not strictly required. IaC tools use declarative languages (HCL, YAML) that are designed to be readable and writable by system administrators. However, understanding concepts like variables, loops, and conditionals becomes important for complex deployments.
Why is idempotency important in IaC?
Idempotency ensures that applying the same IaC configuration multiple times always results in the same state, without creating duplicate resources or causing errors. This is critical for automation because scripts may be run repeatedly (e.g., in CI/CD pipelines) and must be safe to re-run.
Summary
1. Infrastructure as Code (IaC) is the practice of managing and provisioning IT infrastructure through machine-readable definition files, replacing manual configuration. 2. Its key technical property is idempotency—applying the same code multiple times yields the same desired state, preventing configuration drift and ensuring consistency.
3. For the exam, remember that IaC is tested under Network Operations (Domain 4.0) and is the correct answer for scenarios requiring automated, repeatable, and version-controlled infrastructure deployment.
Tools like Terraform and Ansible are prime examples.