Chapter 3 checkpoint
You can now define cloud infrastructure as version-controlled, reviewable code. Recall the spine, then take the quiz, then trace one more plan.
The throughline
- IaC = infrastructure as version-controlled text → repeatable, reviewable, versioned, self-documenting, automatable. It kills drift and ClickOps.
- Modern IaC is declarative + idempotent: declare desired state, the tool computes and applies the difference, converging no matter how often you run it.
- Terraform = HCL files with providers (per-cloud plugin) and resources (declared infrastructure), plus variables and outputs; resources reference each other so order is inferred. Workflow: init → plan → apply, and always read the plan.
- State is Terraform's memory (code ↔ real resource IDs). It's powerful and dangerous: don't lose it, don't commit it, don't hand-edit it. Teams use remote state + locking.
- Drift = reality changed outside the code (usually a console tweak);
plandetects it; discipline (all changes through code) fixes it. - Modules bring DRY to infrastructure; compose them to build identical staging/prod from shared building blocks.
- IaC tools split into config-language (Terraform/OpenTofu) vs programming-language (Pulumi/CDK); Terraform is the default to learn.
- In CI/CD: run plan on PR (the plan is a review artifact) and apply on merge (never from a laptop), authenticate with short-lived OIDC instead of stored keys, and gate every change with
validate, plan-checks, and policy-as-code (OPA/Sentinel). IaC's push-on-merge loop differs from app GitOps's pull-reconcile — which is why drift can hide between merges.
Quiz
Chapter 3 — Infrastructure as Code
Pass to unlock the Next button belowYou can now provision any of the five primitives as reviewed, repeatable code. The next question is operational: once you're running containers (the modern compute default from Chapter 2), how do you run hundreds of them reliably? That's Kubernetes.