4 min lecture • Guide 409 of 877
How to Manage Infrastructure as Code (IaC) Tasks?
How to manage Infrastructure as Code (IaC) tasks?
Manage IaC tasks by treating infrastructure changes like code: version controlled, code reviewed, tested in staging, and deployed with rollback plans. Create tasks with clear change scope, require plan review before apply, document in NoteVault, and use labels to identify infrastructure-affecting work.
IaC labels
| Label | Purpose |
|---|---|
| infra | Infrastructure task |
| iac:terraform | Terraform change |
| iac:pulumi | Pulumi change |
| iac:cloudformation | CloudFormation change |
| risk:high | High-risk change |
| risk:low | Low-risk change |
| needs-plan-review | Plan output needs review |
| deployed:staging | Tested in staging |
IaC board columns
| Column | Purpose |
|---|---|
| Backlog | Planned infra work |
| Development | Writing IaC code |
| Plan Review | terraform plan reviewed |
| Staging | Deployed to staging |
| Production | Deployed to production |
| Verified | Monitoring confirmed |
IaC task template
## Infra: [Change Description]
### Resources Affected
- [ ] AWS RDS instance (resize)
- [ ] Security group rules (update)
- [ ] IAM roles (no change)
### Blast Radius
- Database: 5 second failover
- Application: Brief connection reset
- Users: Minimal impact during off-hours
### Terraform Plan
Resources to change
~ awsdbinstance.main instance_class: "db.t3.medium" -> "db.t3.large"
Plan: 0 to add, 1 to change, 0 to destroy
### Deployment Steps
1. [ ] Run plan, verify output
2. [ ] Deploy to staging
3. [ ] Verify staging healthy
4. [ ] Schedule production window
5. [ ] Deploy to production
6. [ ] Verify production healthy
7. [ ] Update documentation
### Rollback Plan
1. Run `terraform apply -target=aws_db_instance.main`
2. Revert instance_class to "db.t3.medium"
3. Apply and verify
### Monitoring
- [ ] Database connections normal
- [ ] Application latency normal
- [ ] No error rate increase
IaC workflow:
- Create task - Document change scope
- Write code - Terraform/Pulumi changes
- Run plan - Generate change preview
- Code review - Review IaC + plan output
- Deploy staging - Test in non-prod
- Verify staging - Confirm working
- Schedule production - Maintenance window if needed
- Deploy production - Apply changes
- Monitor - Watch for issues
- Document - Update NoteVault
Risk assessment matrix
| Change Type | Risk | Approach |
|---|---|---|
| New resource | Low | Standard deploy |
| Resource modification | Medium | Plan review required |
| Resource deletion | High | Maintenance window |
| Network changes | High | Maintenance window |
| IAM changes | Medium | Security review |
| Database changes | High | Backup first |
NoteVault infrastructure documentation
# Infrastructure Documentation
## Architecture
[Diagram or description]
## Environments
| Environment | Account | Region |
|-------------|---------|--------|
| Development | dev-123 | us-east-1 |
| Staging | stg-456 | us-east-1 |
| Production | prd-789 | us-east-1, eu-west-1 |
## Terraform Workspaces
| Workspace | Environment | State |
|-----------|-------------|-------|
| dev | Development | S3 |
| stg | Staging | S3 |
| prd | Production | S3 |
## Change Log
### 2025-01-27 - RDS Resize
- Changed db.t3.medium → db.t3.large
- Reason: CPU constraints
- Impact: 5s failover during change