Infrastructure as Code Cheat Sheet

Updated 2026-03-01

Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure through machine-readable definition files rather than physical hardware configuration or interactive configuration tools. IaC enables teams to version, test, and deploy infrastructure with the same rigor applied to application code, transforming infrastructure management from a manual, error-prone process into an automated, repeatable one. A key distinction in IaC is between declarative approaches (defining desired end state) and imperative approaches (defining step-by-step procedures)—understanding when to use each fundamentally shapes how infrastructure is designed, validated, and evolved over time.

What This Cheat Sheet Covers

This topic spans 13 focused tables and 108 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.

Table 1: Core IaC ConceptsTable 2: Leading IaC ToolsTable 3: IaC Syntax and Language FeaturesTable 4: State Management and BackendsTable 5: Deployment Patterns and StrategiesTable 6: Testing and ValidationTable 7: Security and ComplianceTable 8: CI/CD IntegrationTable 9: Dependency ManagementTable 10: Advanced PatternsTable 11: Configuration Management ToolsTable 12: Monitoring and ObservabilityTable 13: Best Practices

Table 1: Core IaC Concepts

Concept	Example	Description
Declarative	`resource "aws_instance" "web" {` `ami = "ami-12345"` `instance_type = "t2.micro"` `}`	• Specify desired end state • the IaC tool determines how to achieve it, handling resource creation, updates, and dependencies automatically.
Imperative	`- name: Install nginx` `apt:` `name: nginx` `state: present`	• Define step-by-step instructions • the tool executes commands in sequence, giving precise control but requiring explicit dependency management.
Idempotency	`terraform apply`	• Running the same configuration multiple times produces the same result • prevents duplicate resources and ensures consistent infrastructure state.
Immutable Infrastructure	`ami_id = data.aws_ami.latest.id`	• Servers are never modified after deployment • updates create entirely new instances, eliminating configuration drift and ensuring reproducibility.
State Management	`terraform {` `backend "s3" {` `bucket = "tfstate"` `}` `}`	• Tracks the current state of infrastructure • essential for detecting drift, planning changes, and enabling team collaboration.
Drift Detection	`terraform plan -refresh-only`	• Identifies discrepancies between actual infrastructure and code-defined state • crucial for maintaining compliance and catching manual changes.

Table 1: Core IaC Concepts

Concept	Example	Description
Declarative	`resource "aws_instance" "web" {` `ami = "ami-12345"` `instance_type = "t2.micro"` `}`	• Specify desired end state • the IaC tool determines how to achieve it, handling resource creation, updates, and dependencies automatically.
Imperative	`- name: Install nginx` `apt:` `name: nginx` `state: present`	• Define step-by-step instructions • the tool executes commands in sequence, giving precise control but requiring explicit dependency management.
Idempotency	`terraform apply`	• Running the same configuration multiple times produces the same result • prevents duplicate resources and ensures consistent infrastructure state.
Immutable Infrastructure	`ami_id = data.aws_ami.latest.id`	• Servers are never modified after deployment • updates create entirely new instances, eliminating configuration drift and ensuring reproducibility.
State Management	`terraform {` `backend "s3" {` `bucket = "tfstate"` `}` `}`	• Tracks the current state of infrastructure • essential for detecting drift, planning changes, and enabling team collaboration.
Drift Detection	`terraform plan -refresh-only`	• Identifies discrepancies between actual infrastructure and code-defined state • crucial for maintaining compliance and catching manual changes.