Infrastructure as Code (IaC)

Rédigé par David Brulin, co-fondateur de Quai des Balises

Infrastructure as Code (IaC) is the practice of provisioning and managing IT infrastructure (servers, networks, databases, load balancers) through machine-readable configuration files rather than manual setup. The code is stored in version control, reviewed, and applied automatically, making environments reproducible, auditable, and consistent across development, staging, and production.

How Infrastructure as Code Works

Instead of clicking through a cloud console or running ad hoc commands on a server, teams describe the desired infrastructure in code files. A provisioning engine reads those files and reconciles the real environment to match the declared state. Because the definition lives in a Git repository, every change is reviewed, versioned, and reversible.

Two main approaches exist:

Declarative: you describe the end state ("two web servers, one database, one load balancer") and the tool figures out the steps to reach it. Terraform and CloudFormation work this way.
Imperative: you specify the sequence of commands to execute to reach the state. Traditional scripts and parts of Ansible follow this model.

A related concept is idempotency: applying the same configuration multiple times produces the same result, so re-running a deployment never creates duplicate resources or drift.

Benefits and Common Tools

For a B2B software project, IaC turns infrastructure into an asset that is documented, testable, and shared by the whole team rather than locked in one administrator's memory. The main benefits are:

Reproducibility: spin up identical staging and production environments from the same code.
Version control and auditability: every infrastructure change has an author, a diff, and a history.
Faster recovery: rebuild a compromised or failed environment from the repository instead of from manual notes.
Reduced configuration drift: the code remains the single source of truth.

The tooling landscape splits broadly into provisioning (creating resources) and configuration management (setting up what runs on them):

Tool	Primary role	Approach	Typical use
Terraform	Provisioning	Declarative	Create cloud resources (VMs, networks, managed services) across multiple providers
Ansible	Configuration management	Mostly imperative, agentless	Install software, configure servers, orchestrate deployments over SSH
AWS CloudFormation	Provisioning	Declarative	Manage resources within the AWS ecosystem
Pulumi	Provisioning	Declarative	Define infrastructure using general-purpose languages (TypeScript, Python, Go)

Terraform and Ansible are frequently combined: Terraform creates the infrastructure, then Ansible configures the software running on it.

Questions fréquentes

Terraform is a provisioning tool used to create and manage infrastructure resources such as virtual machines, networks, and managed cloud services, using a declarative approach. Ansible is primarily a configuration management tool that installs software and configures servers, often imperatively and agentless over SSH. Many teams use them together: Terraform builds the infrastructure, Ansible configures what runs on it.

No. While IaC is most associated with cloud platforms like AWS, Azure, and Google Cloud, the practice also applies to on-premises servers, virtual machines, and hybrid environments. Tools such as Ansible can configure physical and virtual servers regardless of where they are hosted. The core idea, managing infrastructure through versioned code, is independent of the hosting model.

Idempotency means that applying the same configuration multiple times yields the same final state without unintended side effects. If the infrastructure already matches the declared state, re-running the code changes nothing. This property prevents duplicate resources and configuration drift, and it makes deployments safe to repeat after a failure or interruption.

In the declarative approach, you describe the desired end state and the tool determines how to reach it; Terraform and CloudFormation work this way. In the imperative approach, you write the exact sequence of steps to execute. Declarative tooling is generally easier to maintain at scale because it handles reconciliation and drift automatically.

Building a custom software project? We design bespoke software aligned with your roadmap.

See our custom software expertise

Définitions liées

← Retour au glossaire