Infrastructure as Code (IaC)

IaC tools (Terraform, OpenTofu, Pulumi, AWS CDK, CloudFormation, Crossplane) take declarative or imperative definitions and reconcile cloud resources to match. The benefits are repeatability, peer review, rollback, drift detection, and the ability to spin up identical environments on demand.

Production IaC requires more than running `terraform apply`. State management, module organization, secrets handling, policy-as-code (OPA, Sentinel), and pipeline integration are all part of a mature setup. Drift between code and reality is the most common operational issue.

IaC is a foundation for GitOps, SRE, FinOps, and disaster recovery — not a goal in itself. Done badly it adds friction without removing risk; done well it makes every other operational discipline easier.