Infrastructure IS Code on AWS • Darko Meszaros • YOW! 2020

Infrastructure as Code (IaC) should be treated like any other application code - version controlled, peer reviewed, and deployed through proper CI/CD pipelines

AWS offers multiple IaC tools with different strengths:

• CloudFormation: The original AWS IaC service using YAML/JSON
• AWS CDK: Enables infrastructure definition using programming languages like TypeScript/Python
• SAM: Specialized for serverless applications
• Terraform: Popular third-party tool with multi-cloud support

Key best practices:

• Start with IaC early in projects
• Layer applications and separate concerns (frontend/backend/storage)
• Never store secrets or credentials in templates
• Use parameters to make templates reusable across environments
• Implement proper testing (unit tests, integration tests)
• Keep infrastructure code simple and maintainable

CDK advantages:

• Leverage existing programming language knowledge
• Built-in testing capabilities
• Higher-level abstractions with sensible defaults
• Generates CloudFormation under the hood

Security considerations:

• Use proper secret management tools (Secrets Manager, Parameter Store, HashiCorp Vault)
• Implement proper access controls
• Run security scanning on infrastructure code
• Monitor for exposed credentials

Development workflow improvements:

• Local testing capabilities for serverless applications
• Live log streaming
• Built-in linting and validation
• Infrastructure testing frameworks

Design patterns and constructs help standardize infrastructure deployment and reduce complexity

Infrastructure changes should be predictable, repeatable, and automated - avoid manual clicks in consoles

Choose tools based on team expertise and specific use cases rather than following trends

Breaking down complex infrastructure into smaller, manageable stacks improves maintainability