Previously we covered CI/CD topics related to building, testing, packaging, and deploying applications. In this chapter, we will learn how to provision and configure the destination where deployment will be taking place using automation, the benefits of such a process, and a few tips and tricks while we’re at it. You will understand why this is important, and even required, in these times when we need to deliver fast and with quality.

In this chapter, we will dive into this by covering the following topics:

• Understanding Infrastructure as Code (IaC)
• Working with Azure Resource Manager (ARM) templates
• Working with AWS CloudFormation
• Working with Terraform

Let’s take care of the technical requirements first.

Depending on which section you are interested in completing in this chapter, you will need the following software installed on your workstation. You will find the code for this chapter in the GitHub repository at https://github.com/PacktPublishing/Implementing-CI-CD-Using-Azure-Pipelines/tree/main/ch08.

Installing Azure tools

The Azure CLI is a cross-platform command-line tool to connect to Microsoft Azure and execute commands to create, update, or destroy resources. Depending on the operating system (OS) of your workstation, you can choose the appropriate installation method at https://learn.microsoft.com/en-us/cli/azure/install-azure-cli. Since the instructions for each OS are different, it’s up to you to complete the installation.

Once installed, run the az version command and you’ll see a response like this:

PS C:\Users\user> az version
{
  "azure-cli": "2.48.1",
  "azure-cli-core"...

In the past, infrastructure was typically provisioned and configured manually with manually documented steps and/or a combination of scripts. This made the whole process error-prone and slow.

In the same way that you use a rigorous process for your application code, you should practice that for your infrastructure. The purpose of this approach is to make deployments repeatable and immutable, reduce the chances of error, and accelerate the deployment process by avoiding/eliminating any human interaction whenever possible.

IaC is the practice of codifying and storing in source control a descriptive model that defines and deploys all the infrastructure needed to run your applications and any supporting dependencies. It can encompass network configuration, load balancers, virtual machines, and any other application or data services your application architecture requires to operate and is applicable to on-premises data centers and cloud provider platforms.

The...

ARM templates are one of the IaC options available to deploy infrastructure in Azure, Microsoft’s cloud platform available in many regions around the world.

Microsoft also provides other tools such as the Azure CLI, Azure PowerShell, and a newer, domain-specific language called Bicep that uses a declarative syntax to deploy resources. You can also use the Azure portal, a web-based UI that provides access to all your resources in Azure and the ability to create, update, and delete resources.

ARM templates are JSON files with the following structure:

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "",
  "apiProfile": "",
  "parameters": {  },
  "variables": {  },
  "functions": [  ],
  ...

AWS Cloud Formation is a service that allows you to define a template that describes a set of resources to be deployed together using JSON or YAML syntax. The templates follow this structure in the JSON format:

{
  "AWSTemplateFormatVersion" : "version date",
  "Description" : "JSON string",
  "Metadata" : { template metadata },
  "Parameters" : { set of parameters },
  "Rules" : { set of rules },
  "Mappings" : { set of mappings },
  "Conditions" : { set of conditions },
  "Transform" : { set of transforms },
  "Resources" : { set of resources },
  "Outputs" : { set of outputs }
}

Deploying with AWS CloudFormation comes down to the following steps:

1. Creating an IAM user with the AWS CLI
2. Creating a service connection to...

Let’s first learn about how Terraform works and then we will walk through using it within Azure Pipelines.

How does Terraform work?

Terraform is a tool that allows you to write IaC and define resources for both cloud and on-premises resources using a domain-specific language. It uses providers as a means to encapsulate the resource definition for supported targets.

The following diagram depicts the high-level architecture of Terraform:

Figure 8.16 – Terraform architecture

It works by way of the following three steps:

1. Write: You define the resources in templates to deploy all the resources you need, across the targets required. There could be more than one.
2. Plan: Terraform creates an execution plan to determine the changes that need to be made to match the definition, calculating the sequential order of operations and understanding any resource dependencies. This could mean creating resources, updating...

In this chapter, we learned about different tools available to create, update, and delete resources on the Microsoft Azure and AWS cloud platforms.

We learned how to create, validate, and deploy ARM templates, the role of service principals in Azure, and the security considerations of deploying with automation.

We also learned about AWS CloudFormation templates and stacks, and how to create them and update them from Azure Pipelines. At the same time, we learned how AWS has a similar security model to Azure and about the security implications of credentials.

Finally, we learned about Terraform as an abstraction language to define IaC for on-premises and cloud platforms such as Azure and AWS, and how to validate templates in Azure Pipelines and deploy resources with it.

Regardless of which IaC tool you choose to use, they are important because they will allow you to do the following:

• Have a repeatable and immutable process for deployments
• Accelerate deployments...