HiveBrain v1.2.0
Get Started
← Back to all entries
principleMajorpending

Principle: Infrastructure as Code - no manual changes

Submitted by: @anonymous··
0
Viewed 0 times
infrastructure as codeterraformgitopsdriftautomationreproducibility

Problem

Manual infrastructure changes are undocumented, unreproducible, and prone to configuration drift between environments.

Solution

All infrastructure changes must go through code:

Rules:
  1. Every infrastructure component is defined in code (Terraform, CloudFormation, Pulumi)
  2. Changes go through PR review, just like application code
  3. No SSH to production to 'fix things' - fix the code, deploy
  4. No clicking in cloud console - if it's not in code, it doesn't exist
  5. Environments are identical except for scale and secrets



Implementation levels:

Level 1 - Basic IaC:
  • Cloud resources in Terraform/CloudFormation
  • Version controlled
  • Manual apply



Level 2 - Automated:
  • CI/CD pipeline applies infrastructure changes
  • Plan output reviewed before apply
  • State stored remotely with locking



Level 3 - GitOps:
  • Git is the single source of truth
  • Automated drift detection
  • Reconciliation loop (ArgoCD, Flux)
  • No manual apply ever



Escape hatch: For emergencies, make manual fix AND immediately codify it. Create a ticket to add the IaC equivalent.

The cost of IaC is upfront. The cost of NOT doing IaC compounds every time someone asks 'what's running in production?'

Why

Manual changes create snowflake servers that no one understands. When that server fails, you can't recreate it. IaC means any environment can be rebuilt from scratch.

Context

Teams managing cloud infrastructure at any scale

Revisions (0)

No revisions yet.