Infrastructure as Code: Managing Servers in the Cloud

Posted on by Ben Rothke

Many organizations have entered the world of cloud services, only to find it is not the panacea that they were lead to believe it would be.

For example, while it’s relatively easy to spin up new servers in AWS (Amazon Web Services), managing those servers once they are operational is not such an easy endeavor.

In Infrastructure as Code: Managing Servers in the Cloud (O'Reilly Media ISBN-10: 1491924357), author Kief Morris has written an extremely useful book detailing how to effectively manage and gain control over your cloud infrastructure.


As Morris writes, the ease of which cloud services can be deployed (far too often with lack of design or strategy), leads to the predicament where the mass amount of cloud vendors are simply unmanageable.

As to infrastructure as code (IaC); it is the process of managing and provisioning servers and their configuration via definition files, rather than physical hardware configuration or the use of configuration management tools. The rise of IaaS has led to the widespread use of IaC.

Morris notes that IaC is also an approach to infrastructure automation based on practices from software development. It emphasizes consistent, repeatable routines for provisioning and changing system and their configurations. Changes are made to definitions and then rolled out to systems through unattended processes.

This is a highly technical reference, and in the books 15 chapter Morris details the use of innumerable tools and techniques.

The only lacking in the book is the scant coverage around security, which only is 9 pages in chapter 14.

Aside from that, Infrastructure as Code: Managing Servers in the Cloud is an extraordinary good reference to help any cloud services manager start to gain control over their cloud infrastructure.


Ben Rothke

Senior Information Security Manager, Tapad


cloud security risk management critical infrastructure privacy

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community