Years ago, as an ecosystem of automation tools emerged to help provision Infrastructure as Code (IaC), DevOps engineers were able to leverage the resources in their repositories more easily.
Today, as the sheer volume of resources in those repositories has grown, and the nature of the environments they support has become more complex, traditional IaC provisioning tools are holding back productivity for DevOps teams and creating obstacles for teams aiming to leverage a platform ops approach to improving developer experience.
This article will lay out key questions about how modern DevOps and platform engineering teams leverage IaC that have a direct impact on productivity and efficiency, and will show how Quali Torque users address these issues.
Are your teams applying the correct variables to provision IaC successfully?
Even those using IaC automation tools designed to accelerate the provisioning of infrastructure often still need to specify the variables needed to so, such as region and resource name.
For DevOps teams, this creates an added step to provision infrastructure while also creating the risk that a user applies incorrect variables, leading to unmanaged cloud infrastructure.
This can also exacerbate the operational bottlenecks and productivity delays stemming from the DevOps skills gap. All requests to provision infrastructure fall to those who are trusted to set these variables correctly, increasing the amount of routine tasks for some of the most skilled engineers on the team.
For platform engineering teams, this requirement can diminish developer experience and hold back productivity by restricting access just to those with the expertise needed to set variables correctly. This requires out-of-loop requests for infrastructure and environments and makes it more difficult to incorporate access to these environments via the Internal Developer Platform (IDP).
The key question here is not necessarily how many users are up to speed with the technical specifications needed to provision infrastructure, but whether your tools for provisioning IaC require that knowledge in the first place.
How Quali Torque helps:
- Self-service catalog & provisioning: Torque administrators can set default values for all variables so any user who needs to provision an IaC module can do so in just a few clicks. For teams that may need to change variables, Torque administrators can provide a simple pick-list as part of the self-service deployment process. This makes it easy to select the variables needed while also eliminating the risk that any user applies incorrect variables as part of the provisioning process.
How many people can access the security credentials to provision IaC?
Similarly to the variables, security credentials are typically required to provision each resource successfully.
As a result, anyone with access to provision your IaC will also have access to cloud security credentials.
Sharing cloud account credentials increases the risk of security breaches. This results in operational bottlenecks by restricting provisioning to those trusted with security access, resulting in delays for the developers and other engineers who are forced to submit tickets every time they need an environment.
How Quali Torque helps:
- Torque manages cloud security credentials centrally, with native encryption for all secrets. This enables Torque to remove security credentials from the self-service provisioning process. In practice, this enables DevOps teams to further restrict access to cloud security credentials while also democratizing the ability to provision IaC securely.
What happens when your team needs a complex workload that requires multiple services?
When a development or other type of environment requires multiple infrastructure resources, data sources, and application services, engineers are forced to orchestrate these resources manually.
This typically requires manual orchestration as engineers define dependencies among these resources and validate that they’re all configured to work together to deliver the outputs needed. Orchestration becomes more complex when those resources are defined using different IaC tools, configuration management platforms, or Kubernetes services.
In some cases, we’ve seen environments that take days to orchestrate, even for teams with advanced IaC assets.
How Quali Torque helps:
- Torque discovers the resources in the user’s repositories (with support for Terraform, OpenTofu, AWS CloudFormation, Ansible, Kubernetes, Helm, and a variety of Kubernetes services) and normalizes the configurations so they can be coded to work together easily.
- Torque’s Cloud Copilot AI features allow users to submit natural-language AI prompts describing how the resources should be configured and the environment they need. Torque automatically generates an Environment as Code module, which can be provisioned immediately and shared to the self-service catalog where others can launch it on-demand.
How many identical IaC resources are running concurrently?
The ability to collaborate and share resources provisioned via IaC is critical to developer productivity and efficient cloud cost utilization.
In many cases, multiple engineers or developers will need to run the same environment for different tasks. This could result in multiple tickets for identical resources, adding to the workload for engineers responsible for orchestrating and provisioning them. At scale, the concurrent operation of these resources inflates the cloud bill unnecessarily as well.
How Quali Torque helps:
- When provisioning an environment, users can add collaborators who are notified when the environment is live and provided direct access to the outputs. This makes a single environment accessible for every use case that may rely on it.
- Conversely, Torque also enables the sharing of environment outputs—for example, a Kubernetes cluster or Virtual Private Cloud that could be used for various unique environments. This allows users to leverage a single resource to support completely unique environments, thereby eliminating the need for orchestration and provisioning to support each use case that may rely on it.
How can your teams access environment outputs?
As more DevOps and platform engineering teams consider developer experience and productivity, self-service is a critical aspect.
Traditional IaC automation tools focus on the infrastructure itself, which is helpful for coordinating the configuration of the resources. However, this results in an experience that requires users to navigate through infrastructure-related information just to access the output of the environment that they need to get work done.
This typically adds to the burden for the engineer who provisioned the IaC module and perpetuates the ticket-request approach. In other words, when a developer submits a ticket for a dev environment, the DevOps engineer generates the environment and then delivers the outputs to close out the ticket.
How Quali Torque helps:
- Torque allows users to provision environments via the self-service catalog and makes the environment outputs directly accessible via the Torque UI. This enables developers and others to access the environments they need without requiring access to IaC or knowledge about the IaC modules used to deliver them.
Can you see how your IaC resources are being used in real-time?
IaC automation tools were created to make it easier for engineers to provision resources from their repositories, but not as management platforms to track how those resources were being used.
This creates a number of issues. When an error, bug, drift, or other defect occurs that disrupts the operation of infrastructure code, engineering teams lack the context to know which user configured or provisioned it.
Conversely, when an engineer needs to commit an update to infrastructure code, they lack the visibility into the active environments that may rely on that infrastructure. This can result in unexpected disruption to these active environments, which can be time-consuming to diagnose and reconcile.
How Quali Torque helps:
- Torque tracks all environment deployments, including the owner and any collaborators with access to it, and allows users to drill down into the IaC files, logs, and cloud resources for those resources. This also allows Torque to notify users about errors, configuration drift, and updates to infrastructure code, with visibility into the users responsible for any of that activity.
- Torque shows how any IaC module is used in active, inactive, and blueprints for environments managed by the platform—with the ability to filter this view by individual commits, so users can understand how a recent update affects live environments. This provides the context for engineers to understand how updates to infrastructure code will affect environments before committing them.
For an in-depth look at how Torque could support your environments, book a demo with our team today.