Infrastructure as Code (IaC)

As with all other services on Google Cloud, Compute Engine is fully controllable through publicly available APIs. The operations to create and manage VMs and their related infrastructure can (and usually should) be codified, a concept generally referred to as IaC. Employment of IaC techniques is critical in order to achieve reliable, repeatable system deployments.

While the simplest form of IaC is to maintain a collection of scripted API calls, this approach tends not to scale well as the complexity of system infrastructure increases. There are a number of ways to make the process of codifying infrastructure more manageable, including both Google-provided solutions and popular third-party solutions.

There are a few core aspects to achieving full IaC in Compute Engine, including orchestration, provisioning, and configuration management. It is often beneficial to leverage multiple tools that address these aspects independently. For example, developers may leverage Google Cloud Deployment Manager, Terraform, or Ansible to create and configure VMs at the cloud provider level, including tasks such as provisioning network configurations, disks, and automating backups. For VM-level configuration management, such as package management, teams may leverage tools including Chef, Puppet, or SaltStack.

In a slightly broader scope, IaC is defined as also including the tools and resources involved in systems monitoring, automating intervention and recovery procedures, and much more. By capturing as much of the operational process of your system as possible, toil, errors, and operational costs can be greatly reduced.