Infrastructure
as code

Our client’s processes were decently well-documented, had some automation scripts, but was mostly manual. Servers, databases, caches, DNS, and so on, were provisioned and managed with the AWS Management Console and remote shell access to servers.

When our client was small and agile, manual infrastructure management was the right decision and worked great. Then the disadvantages started piling up.

Our client deployed separate production and non-production environments. Each of them was stood up separately and manually. The local development environments used by their product engineers didn’t resemble their deployment environments. Subtle, difficult to find, differences lead to variance in product behaviour and performance.

They couldn’t make any strong guarantees about disaster recovery. When a resource went down an engineer would attempt to remotely access the host to triage the issue. If the engineer couldn’t recover a resource or deleted it in error, they had to add it manually.

There was no redundancy because they hosted their SaaS in a single geographical region. This also extended the time to recover from data loss or regional network outages.

Like any SaaS, a sudden traffic spike puts pressure on the database and application servers. Reacting to it was complicated. First, an engineer needed to notice it quickly enough. If that happened, the engineer responded by manually provisioning extra resources. The final step was to keep an eye on the spike until it ended then decommissioned the unneeded resources.

Our client had no transparency on the state of the infrastructure, the interaction of its parts, and its management. After making a change, it was difficult, sometimes impossible, to know the impact. This increased risk when planning because they couldn’t confidently observe the consequences. And it prevented simple checks to minimize human error. How could they know if a database was provisioned correctly or an extra zero wasn’t fat-fingered somewhere to allocate 1000 GB instead of 100?

Our client created ad-hoc scripts with the only intention of reducing the pain of manual provisioning and configuration. Major parts, like databases, were self-hosted. These reinvented wheels were costly to maintain and prevented our client from adopting more powerful practices and tools. Examples:

After concluding our discovery and analysis, Avante IO recommended some solutions. The first is the paradigm known as Infrastructure as Code (IAC).

Instead of constantly, manually filling various forms in a web browser and logging into remote servers, IAC lets a development team declare the desired IT infrastructure in files. We chose to use Terraform, a proven open source IAC tool.

Terraform by itself already brings advantages:

From Terraform, we could then implement the rest of our solutions:

Containers give our client a distributable, scalable, and repeatable copy of their product that can run on the cloud, on-premises, or even on the laptops of their software engineering and QA team members with no manual setup.

And we can add redundancy easily, with multi-regional deployments that let our client recover quickly from data loss and network outages.

Containerization and orchestration solved the scaling problem. Scaling is now responsive, cost-effective, and reliable. When Kubernetes detects increasing load, it provisions more containers. When the load returns to normal, Kubernetes responds accordingly, saving cloud fees.

Productivity has improved because engineers aren’t slowed down by their reinvented wheels. And they have more confidence in their infrastructure because it’s simpler to examine, reconfigure, and verify. Changing the infrastructure’s topology and configuration are subject to a code review, like any other code in the SaaS.

Our client can continue to focus on product development without worrying about infrastructure maintenance. Changing anything in the SaaS, from upgrading a Python package to adding an entirely new feature, is faster. With Docker, a feature engineering team develop the change on their laptops. Then the QA team builds and tests the same Docker container on a variety of platforms in an automated fashion through CI/CD. Both teams can develop, build, and test the change without waiting for architects and devops to provision new environments.

There are two ways to get radical transparency into the system.

First, anyone can refer to the configuration files to know precisely how the infrastructure is organized, configured, and managed.

Second, with CloudTrail, we had an easily-configurable log of the infrastructure’s operation.
Leadership or an external auditor can view a log of anything that changes in the infrastructure.

Hiring and training engineers is simpler now that our client uses industry-recognized tools and practices. Candidates are more likely to already know a lot about their SaaS infrastructure before they’re even hired. For example, our client now has access to a larger talent pool of engineers with experience in Terraform and AWS certification.

Avante IO leaves the teams it works with better off than when they found them. As we worked with our client’s staff, we trained them to use these new technologies and practices. On-boarding new hires is no longer a challenge because infrastructure isn’t limited to the minds of a few engineers.

Migrating to IAC is an on-going success. Our client is enormously satisfied with the improvements to the infrastructure’s reliability, automation, and transparency, not to mention to the business’s ability to hire and train more effectively.

The future of their infrastructure is bright: