Infrastructure as code is a key requirement for most cloud adoption efforts. The shift to code-first, automated environment creation can add a learning curve for team members. GFT always adopts an infrastructure as code approach to any landing zone we deploy and any application we migrate.
Before deploying landing zones, it is assumed that centralised controls for identity, security, operations, compliance, and governance are identified and available to use as a set of shared services that all applications in the cloud can access. GFT can help define, implement and integrate this foundation.
All workloads (a collection of technical assets) within each landing zone will be governed by these central controls to establish a consistent baseline across the shared-architectural pillars of security, reliability, performance, cost, and cloud operations.
GFT has delivered a number of different deployments onto Azure for clients using a variety of tools; Terraform, ARM templates and PowerShell can all be used with great success to define the infrastructure as code and will suit any current or future state infrastructure deployment process. Azure DevOps, Jenkins, TeamCity and Octopus Deploy are some of the various CI/CD tools that can be used as the basis of the deployment pipeline.
When deploying infrastructure into a cloud environment, it is crucial that the correct governance is in place to restrict undesirable behaviour. As part of the cloud platform foundation, GFT can implement a number of solutions using policy as code or security posture management tooling.
In Azure, Azure Policies can be used to allow, deny or audit specific actions and attributes of services.
Policy as code is the idea of writing statements in a high-level language to manage and automate these policies. By representing policies as code in text files, proven software development best practices can be adopted such as version control, automated testing, and automated deployment. For multi-cloud and hybrid approaches, Azure Policies can be sent to centralised SIEM systems, or Azure services can be directly integrated with 3rd party security software.