Top IaC Challenges

There are many reasons why teams struggle with adopting Infrastructure as Code (IaC). In this five-part series, env0 CEO Ohad Maislish and Developer Advocate Tim Davis discuss the top five reasons we see most frequently.

Ohad is the CEO of env0, and he’s also a geek at heart. At 17, he was the youngest person ever hired at Microsoft in Israel, and he has played a critical role in the building of our product and business.

There’s more to it, though. env0’s staff is comprised of IaC experts. We’ve lived and breathed Terraform for years now, in many companies, and many different roles. It’s this experience that drives us.

In this video, Ohad and Tim will discuss why env0, and then discuss the top 5 reasons we hear for teams struggling with IaC adoption at scale.

Why IaC management?

IaC management is to IaC as GitLab is to git
IaC at scale introduces unique problems that, when left unsolved, cause tremendous problems
IaC provisioning requires a novel approach different from traditional application deployment pipelines
Organizations often use more than just Terraform; they need to manage CloudFormation, Kubernetes, Pulumi, etc. as well

Access control and compliance

Scaling IaC across teams and entire organizations is difficult. Once you move past a single dev on a laptop, all sorts of access questions arise. For instance:

Who should have access to what?
Who can deploy into which cloud services?
What are the different levels of access controls needed?
How can you prevent manual changes to infrastructure to prevent drift?
Why are approvals important?
How do we introduce guardrails that are developer friendly?

Security

Security in SaaS environments means many things. There is the security from the SaaS provider (in this case env0) to the customer environment, and there is security in how users work with, deploy, and manage IaC itself. Keep watching to learn more about:

Why self-hosted agents solve many common security issues.
How effective security practices can still be efficient.
How a hybrid methodology is both flexible and secure.
Where your secrets should be stored.
Why a Kubernetes-based agent provides maximum flexibility.

Workflow management issues

IaC isn’t just infrastructure, and isn’t just code. It’s the marrying of both. Development methodologies drive many technology decisions in organizations, and in order to properly integrate IaC into an organization, certain capabilities have to be present. Important organizational capabilities include:

Continuous deployment.
Plan and apply on pull request.
Automation to ensure continued confidence and safety while still enabling velocity.
Infrastructure provisioning vs. application deployment

Extensibility and integrations

No two workflows are the same, just like no two organizations are identical. Ensuring your IaC management can integrate with any part of your software development lifecycle (SDLC) ensures your team can deploy with confidence each and every time. Important functionality includes using:

Tools like Checkov or TFSec after the Terraform Plan to check your code for issues.
Open Policy Agent on your deployments to ensure that they fit within your security parameters and compliance requirements.
Configuration management tools like Ansible, Chef, or Puppet to install applications or make point configuration changes.