4 min read
.NET C# Cloud IaC Terraform Bicep Azure AWS Automation DevOps Infrastructure Platform Engineering

Infrastructure as Code (Bicep/ARM vs. Terraform/CloudFormation)

Mind Map Summary

  • Infrastructure as Code (IaC)
    • What: Managing and provisioning infrastructure (networks, VMs, databases) using code and automation.
    • Core Benefits:
      • Consistency & Repeatability: Eliminates configuration drift and human error.
      • Version Control: Infrastructure definitions are stored in Git.
      • Automation: Integrates with CI/CD for hands-free deployments.
      • Documentation: The code serves as living documentation of the system.
  • IaC Tools
    • Cloud-Native (Platform-Specific)
      • AWS CloudFormation: JSON/YAML-based, deeply integrated with AWS.
      • Azure ARM Templates: JSON-based, powerful but verbose.
      • Azure Bicep: A Domain-Specific Language (DSL) that simplifies Azure deployments.
    • Cloud-Agnostic (Multi-Cloud)
      • Terraform (HashiCorp): The industry standard for multi-cloud automation. Uses HCL (HashiCorp Configuration Language).

Core Concepts

1. The Problem IaC Solves

Traditionally, infrastructure was provisioned manually through cloud consoles. This led to “snowflakes”—environments that were slightly different from each other, causing “it works on my machine” bugs in production. IaC treats infrastructure like application code. You define your desired state in configuration files, which are then version-controlled. This ensures that every environment (Dev, Test, Prod) is an exact replica.

2. Cloud-Native IaC Tools

  • AWS CloudFormation: AWS’s declarative language for describing your entire AWS infrastructure.
  • Azure ARM Templates: The native deployment language for Azure. While powerful, their JSON syntax can be complex for large deployments.
  • Azure Bicep: A massive improvement over ARM. It’s a human-readable language that compiles directly into ARM JSON, offering better syntax, modularity, and type safety.

3. Cloud-Agnostic IaC Tools

  • Terraform: Allows you to define and provision infrastructure across multiple cloud providers (AWS, Azure, GCP) and even on-premise systems with a single tool. It maintains a “state file” to track real-world resources and intelligently plan changes.

Practice Exercise

Write an IaC template (using Bicep) to deploy a simple web application. The template should provision a compute resource and a database.

Answer (Azure Bicep Infrastructure Implementation)

1. Azure Bicep Template (main.bicep)

This template will deploy an Azure App Service and an Azure SQL Database.

// Parameters for customization
param location string = resourceGroup().location
param webAppName string = 'webapp-${uniqueString(resourceGroup().id)}'
param sqlServerName string = 'sqlserver-${uniqueString(resourceGroup().id)}'

// App Service Plan (Hosting Environment)
resource appServicePlan 'Microsoft.Web/serverfarms@2022-03-01' = {
  name: 'plan-${webAppName}'
  location: location
  sku: { name: 'B1', tier: 'Basic' }
  properties: { reserved: true }
}

// Web App
resource webApp 'Microsoft.Web/sites@2022-03-01' = {
  name: webAppName
  location: location
  properties: {
    serverFarmId: appServicePlan.id
    siteConfig: {
      linuxFxVersion: 'DOTNETCORE|8.0'
    }
  }
}

// SQL Server
resource sqlServer 'Microsoft.Sql/servers@2022-05-01-preview' = {
  name: sqlServerName
  location: location
  properties: {
    administratorLogin: 'sqladmin'
    administratorLoginPassword: 'ComplexPassword123!'
  }
}

// SQL Database
resource sqlDatabase 'Microsoft.Sql/servers/databases@2022-05-01-preview' = {
  parent: sqlServer
  name: 'maindb'
  location: location
  sku: { name: 'Basic', tier: 'Basic' }
}

// Outputs
output webAppUrl string = webApp.properties.defaultHostName

Explanation

  1. Parameters: Allow customization without changing the code (e.g., location).
  2. Resource Declaration: Each block (resource) defines the intended state of an Azure component.
  3. Implicit Dependencies: Bicep automatically detects that the webApp needs the appServicePlan to exist first, ensuring correct deployment order.
  4. Deploying: You can deploy this using the Azure CLI: az deployment group create --resource-group MyRG --template-file main.bicep

This approach ensures that your infrastructure is as maintainable, testable, and versionable as your application code.

Continue Reading

Advanced Authentication & Authorization

Go beyond simple RBAC. Master complex identity scenarios like claims transformation, custom authorization policies with requirements and handlers, and federated identity.

Advanced Graph Algorithms

Master Dijkstra's shortest path, Topological sorting for task dependencies, and Minimum Spanning Trees (Prim & Kruskal) for network optimization.