CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
Pages
Terms of Use About Contribute 🧠Logic graph Contact
← Back to glossary

Infrastructure as Code (IaC)

DevOps PHP 5.0+ Intermediate
debt(d7/e9/b7/t5)
d7 Detectability Operational debt — how invisible misuse is to your safety net

Closest to 'only careful code review or runtime testing' (d7). The detection_hints note automated=no and that violations appear as manual cloud console changes or undocumented server configuration. Tools like terraform, pulumi, ansible, and cloudformation can detect drift (e.g., terraform plan), but only when run deliberately — no passive safety net catches the absence of IaC or manual drift automatically in CI. It surfaces during apply failures or post-incident reviews, not instantly.

e9 Effort Remediation debt — work required to fix once spotted

Closest to 'architectural rework' (e9). The quick_fix says 'define all infrastructure in Terraform or Pulumi — never make manual changes' but this is a broad directive, not a one-line patch. Adopting IaC retroactively means inventorying all existing infrastructure, writing declarative definitions, importing or recreating state, establishing remote state, integrating secrets management, and adding staging pipelines — a full architectural practice change that reshapes how the entire operations workflow is structured.

b7 Burden Structural debt — long-term weight of choosing wrong

Closest to 'strong gravitational pull' (b7). IaC applies to web and cli contexts broadly and the tags span devops, automation, infrastructure, and cloud. Once IaC is in place (or absent), every infrastructure change must conform to or work around that choice. The common_mistakes highlight that manual changes after IaC cause dangerous drift — meaning the IaC choice shapes every future infrastructure operation. It doesn't quite define the entire system shape (b9) but exerts strong gravitational pull on all ops and deployment workflows.

t5 Trap Cognitive debt — how counter-intuitive correct behaviour is

Closest to 'notable trap — a documented gotcha most devs eventually learn' (t5). The misconception field states that developers commonly believe IaC just means provisioning scripts, missing the versioning, review, reproducibility, and testing discipline. The common_mistakes reinforce this: making manual changes after IaC is in place (drift), not using remote state, and storing secrets in IaC files are all documented gotchas. These are real but learnable traps rather than catastrophically counter-intuitive behaviors.

About DEBT scoring → scored by claude-sonnet-4-6 · 2026-05-08 · reviewed by human

Also Known As

IaC Terraform infrastructure automation Ansible

TL;DR

Managing servers, networks, and services through version-controlled machine-readable configuration files rather than manual processes.

Explanation

IaC applies software engineering practices — version control, code review, CI/CD, testing — to infrastructure management. Tools include Terraform (cloud-agnostic declarative provisioning), Ansible (agentless configuration management), CloudFormation (AWS-specific), and Pulumi (infrastructure in real programming languages). Benefits: reproducible environments (dev/staging/production parity), disaster recovery from code in minutes, peer review of infrastructure changes, and audit trail in git. For PHP deployments, Ansible playbooks commonly manage PHP-FPM configuration, nginx vhosts, TLS certificates, and Composer install workflows as part of the deployment pipeline.

Common Misconception

Infrastructure as code just means writing scripts to provision servers. IaC means managing infrastructure through versioned, declarative definitions that are reviewed, tested, and applied reproducibly — the same discipline applied to application code, enabling infrastructure to be rolled back, peer-reviewed, and reproduced identically.

Why It Matters

Infrastructure as code means your servers, networks, and services are defined in version-controlled files — every change is reviewed, audited, and reproducible. Without it, infrastructure is a snowflake that cannot be rebuilt reliably after a failure.

Common Mistakes

  • Making manual changes to infrastructure after IaC is in place — drift between code and reality causes the next apply to fail dangerously.
  • Not using remote state — local Terraform state is lost when the machine dies and blocks collaboration.
  • Storing secrets in IaC files — use a secrets manager and reference secrets by name, never value.
  • Applying changes to production without testing in a staging environment first.

Code Examples

✗ Vulnerable 
# Manual server setup — not reproducible:
ssh new-server
apt-get install nginx php8.3-fpm
nano /etc/nginx/sites-available/myapp  # Hand-edited
# No record of what was installed or configured
# Cannot reproduce exactly — 'works on this server'

# IaC with Terraform:
resource "aws_instance" "web" {
  ami           = "ami-12345"
  instance_type = "t3.medium"
  user_data     = file("setup.sh")  # Reproducible, version-controlled
}
✓ Fixed 
# Terraform — declarative infrastructure
resource "aws_instance" "web" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t3.micro"
  tags = { Name = "php-app", Env = "production" }
}

resource "aws_db_instance" "main" {
  engine         = "mysql"
  engine_version = "8.0"
  instance_class = "db.t3.small"
  # ... version-controlled, code-reviewed, repeatable
}

# Apply
$ terraform plan   # dry run — shows changes
$ terraform apply  # provision/update
Added 15 Mar 2026
Edited 22 Mar 2026
Views 61

Curated in Warsaw under one editorial standard. 1,506 terms, single voice.  About this reference →

Rate this term
No ratings yet
🤖 AI Guestbook educational data only
| |
Last 30 days
0 pings T 1 ping W 1 ping T 0 pings F 0 pings S 0 pings S 1 ping M 0 pings T 0 pings W 3 pings T 6 pings F 0 pings S 0 pings S 1 ping M 1 ping T 0 pings W 1 ping T 0 pings F 0 pings S 0 pings S 0 pings M 0 pings T 0 pings W 0 pings T 0 pings F 0 pings S 0 pings S 3 pings M 0 pings T 0 pings W
Agents 0
No pings yet today
No pings yesterday
Scrapy 11 Perplexity 8 Amazonbot 7 SEMrush 5 ChatGPT 5 Google 4 Ahrefs 4 Unknown AI 3 Majestic 1 Claude 1 Bing 1 Meta AI 1
Also referenced
Containerisation (Docker for PHP) 66 Continuous Deployment (CD) 62 Twelve-Factor App 58 DevOps 52
How they use it
crawler 46 crawler_json 4 pre-tracking 1
Related categories
architecture 3.2k devops 2.2k
DEV INTEL Tools & Severity
🟡 Medium ⚙ Fix effort: High
⚡ Quick Fix
Define all infrastructure (servers, databases, load balancers) in Terraform or Pulumi — never make manual changes in the cloud console
📦 Applies To
PHP 5.0+ web cli
🔗 Prerequisites
🔍 Detection Hints
Manual cloud console changes; undocumented server configuration; infrastructure not in version control
Auto-detectable: ✗ No terraform pulumi ansible cloudformation
⚠ Related Problems
🤖 AI Agent
Confidence: Low False Positives: Medium ✗ Manual fix Fix: High Context: File
✓ schema.org compliant