What it means to do 'everything as code' in IT operations

What is everything as code?

Everything as code is an approach to IT operations and DevOps that uses code to define and manage resources of all types, including infrastructure.

Everything as code enables teams to use code-based configuration files to define security requirements for applications or to manage CI/CD processes across the software delivery pipeline.

Everything as code doesn't mean the code manages every resource or process. There will always be a need to perform some tasks manually. What this does mean is that a team commits to using code to manage resources and processes wherever possible.

In this sense, everything as code is arguably more of a philosophy than a specific practice -- although it does have roots in specific practices and tools.

In this sense, everything as code is arguably more of a philosophy than a specific practice -- although it does have roots in specific practices and tools, as we'll see below.

Examples of everything as code

Everything as code has existed as a conscious strategy since about 2019. However, some of the practices labeled as everything as code have been around longer under different names.

IaC is the most obvious example. IT operations teams have been using IaC for approximately a decade. In recent years, teams have begun to view IaC as one facet of a broader, code-centric approach to IT operations, rather than a standalone practice.

Cloud security posture management -- which uses code to define security requirements for cloud resources and to detect misconfigurations -- and cloud infrastructure entitlement management -- which does the same for access policies in the cloud -- are examples of operations that fall under the everything-as-code umbrella. These operations also existed before everything as code became a practice. Software test automation is another practice that relies on code-based configurations to define and manage complex processes.

Other examples of everything-as-code practices are more novel. Using a central policy engine to manage access control rules across different types of environments, such as a public cloud and an on-premises environment, for instance, has become a popular everything-as-code strategy.

Benefits of everything as code

There are several reasons why teams have embraced an everything-as-code approach to IT operations.

Consistency

Admins can apply uniform configurations across a large environment. Whether configuring infrastructure, CI/CD tools or cloud access control policies, everything as code helps engineers avoid the risk of inconsistent configurations.

Scalability

Admins can apply a given configuration to as many resources or processes as necessary. This benefits operations that scale up in size over time. If an IT team has code to define configurations for a given type of resource or process, they can add new instances without reconfiguring each one.

Version control

Admins can track how configurations change over time, similar to source code, and ensure they are version-controlled. This makes it easy to determine what changes, if any, were made before a problem occurred or to revert to an earlier configuration version if necessary.

Auditability

Admins can examine configuration resources automatically by auditing the code files. This is more efficient than checking individual resources to validate the configuration.

Portability

IT teams using everything as code will benefit from defining their configurations in vendor-neutral code, as opposed to managing them with various vendors' configuration tools.

For example, a software testing script written in Selenium, the open source test automation framework, is likely to run in any test automation framework. That means admins can move test environments from on premises to the cloud, or from one cloud to another, without having to learn a new set of tools or update the testing configurations for every migration.

Everything-as-code tools

Although a few tools are labeled for everything as code, several tools exist that enable an everything-as-code approach to DevOps or IT operations. To start, use an open source IaC tool that supports other types of automation beyond infrastructure as code.

Puppet and Ansible are good examples. Although these tools are often placed in the infrastructure automation category, they also manage application delivery, workflows and -- to a certain extent -- security operations using code.

Policy engines, such as Open Policy Agent, are also useful resources. Policy engines enable teams to define configurations for different types of systems using a central language and enforcement framework. Compared to tools like Puppet and Ansible, policy engines focus less on environments, applications and infrastructure and more on access control. Policy engines fill in some of the gaps other types of code-based automation tools cannot address.

For now, a universal everything-as-code tool does not exist. Admins must use multiple types of automation tools to implement everything as code across an IT environment.

By improving consistency, scalability and accuracy, everything as code provides benefits once restricted to certain domains, like infrastructure automation, to almost all aspects of IT operations. Although it's likely that DevOps and IT operations teams will always be stuck managing some workflows manually, expect to see more code-based automation as everything as code becomes a mainstream strategy.