From GitHub's Copilot to a purpose-built product from Pulumi, generative AI is emerging for infrastructure as code, with the same potential benefits and risks it presents for apps.
Generative AI might be coming to an infrastructure-as-code tool near you, as DevOps pros apply general-purpose code-generating AI in this field and vendors build it into products.
The latest such product, rolled out this week, is Pulumi AI, part of a new Pulumi Insights module for the IaC vendor's cloud service. It uses an instance of the ChatGPT large language model (LLM) trained by Pulumi to generate IaC in programming languages such as Python and TypeScript based on natural language prompts. Pulumi Insights uses the vendor's knowledge graph of its users' cloud infrastructure deployment patterns to generate alerts and recommendations through a new dashboard for cloud customers, which they can query using natural language.
Pulumi is the first established IaC vendor to include such a feature within its product, but it was technically beaten to the punch by a startup called Firefly, which launched its Artificial Intelligence Infrastructure-as-Code Generator, AIaC, in December. Firefly's product can generate code based on natural language prompts for HashiCorp's Terraform, AWS CloudFormation, Pulumi, Kubernetes Helm charts and Dockerfiles.
Meanwhile, in just under a year since GitHub's Copilot became available, there are already anecdotal instances of it being used to generate Terraform infrastructure as code. Amazon's CodeWhispererAI coding assistant can also generate IaC resources such as S3 buckets.
Given the way generative AI has taken the software development world by storm, it's unsurprising that it would also lend itself to IaC tools -- but other DevOps trends, such as the tendency to manage applications among multiple clouds, also play a role in this growth, said Andy Thurai, an analyst at Constellation Research.
"The major consensus a lot of people have with cloud automation, particularly if you're multi-cloud, is that deployments are a mess," he said. "The SREs [site reliability engineers] and DevOps engineers who can write infrastructure as code well are very few, so they are very expensive."
Even skilled DevOps engineers might be most experienced with a particular cloud provider, which raises challenges when they must deploy apps to a different cloud infrastructure, Thurai said. Generative AI tools for IaC can help them get started.
Pulumi Insights includes new generative AI features for infrastructure as code.
AI-generated infrastructure as code still requires human expertise to create something suitable for production use, according to Pulumi co-founder Eric Rudder. For example, generative AI trained on a broad set of users' IaC patterns won't necessarily build in the specific syntax or governance policies that individual companies require.
"It's not 100% perfect," Rudder said. "But it's an awesome head start."
Pulumi AI can also help with modifying automatically generated boilerplate code, Rudder said.
"You can say, 'I want to build an AWS VPC,' and it can crank it out, and then you can actually tell it, 'Modify one of the subnets' or 'Remove one of the subnets,'" he said. "Because we understand the whole graph, we can go beyond the simple 'take a text query and dump it.'"
Pulumi offers other guardrail features for infrastructure as code, whether it's AI- or human-generated, such as security scans and resource protection that prevent major errors such as deleting databases.
The bottom line is, yes, it can help speed up your code to automate. But then you also have to have a human in the loop validating the code, which might chew up a lot of those productivity gains.
Andy ThuraiAnalyst, Constellation Research
This type of feature will be key to any AI-driven IaC product as the tech matures, according to Thurai, because LLMs left unsupervised can generate incomplete code or, worse, code that contains security vulnerabilities.
"From what I've heard, [for] people who've generally used AI tools to generate code, the code that's generated is often invalid or contains security vulnerabilities," he said, citing a 2021 Cornell University study of GitHub's Copilot that found that 40% of the code generated contained security vulnerabilities. GitHub has since shored up Copilot with AI-assisted security vulnerability filtering.
Ultimately, the value of AI-generated infrastructure as code will depend on how much time humans must spend correcting its inconsistencies and vulnerabilities, Thurai said.
"The bottom line is, yes, it can help speed up your code to automate," he said. "But then you also have to have a human in the loop validating the code, which might chew up a lot of those productivity gains."
Another industry expert with hands-on experience using ChatGPT to generate Python code said that for him, so far the benefits have outweighed the drawbacks.
"The data science code that I write with open source GPT, I can write 10 times more code or I write it in 10 times less time when I do statistical analysis," said Torsten Volk, an analyst at Enterprise Management Associates. "It gets me 95% of the way there, and then the other 5% I can easily fill in -- before, I had to write it all myself."
Human operators will likely always be needed, even in an AI-driven world, Volk said.
"I could always program, but I couldn't program all the vast applications that I was dreaming up -- and now I can automate basically everything that I'm thinking of," Volk said. "It's the same thing with IT operators."
Beth Pariseau, senior news writer at TechTarget Editorial, is an award-winning veteran of IT journalism. She can be reached at [email protected] or on Twitter @PariseauTT.
