Let's talk about Infrastructure as Code, or IaC.

Imagine you want to create a Lambda function, set up permissions, connect it to API Gateway, and deploy it. You could do all of that through the AWS Console. But what happens if you need to do it again, recreate it in another region, or automate it in a CI/CD pipeline?

Infrastructure as Code lets you define your cloud resources in code so you can version, reuse, and automate them just like you would with application code. Deploying the same infrastructure over and over again manually is tedious and error-prone.

Why IaC Matters

Without infrastructure as code, infrastructure becomes fragile. Teams click around in the console, forgetting what they did, which leads to loss of reproducibility between production and staging environments.

With infrastructure as code, you can:

• Track infrastructure changes in Git;
• Deploy automatically;
• Reduce human error.

IaC is one of the most powerful concepts in modern DevOps, and AWS supports it with several tools.

Declarative vs Programmatic IaC

There are two main styles of infrastructure as code:

• Declarative: You describe what you want, and AWS figures out how to make it happen.
  • Tools: CloudFormation, AWS SAM.
• Programmatic: You write code that builds your infrastructure.
  • Tool: AWS Cloud Development Kit (CDK).

Declarative tools use configuration files (YAML or JSON), while programmatic tools use real programming languages (like Python or JavaScript) that allow for logic, loops, and reuse.

IaC Tools in AWS

As a developer, you'll often choose based on familiarity:

• CloudFormation: declarative. Uses YAML or JSON;
• AWS SAM (Serverless Application Model): declarative. Built on CloudFormation, adds a CLI;
• AWS CDK (Cloud Development Kit): programmatic. Uses languages like Python, JavaScript, or TypeScript.

All three allow you to define and deploy AWS infrastructure using repeatable, versioned methods.

Deploying a Lambda Function with SAM

Let's walk through deploying a simple Lambda using AWS SAM.

Step 1: Initialize the Project

sam init

This sets up a project with:

• template.yaml: defines your infrastructure;
• hello_world/: contains your Lambda function code.

Step 2: Create the Lambda Function

Inside hello_world/app.py, define the function:

def lambda_handler(event, context):
    return {
        "statusCode": 200,
        "body": "Hello from Lambda!"
    }

Step 3: Define Infrastructure in template.yaml

Resources:
  HelloWorldFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: hello_world/
      Handler: app.lambda_handler
      Runtime: python3.9

• CodeUri: Points to the function code;
• Handler: Specifies which file and function to run;
• Runtime: Defines the language runtime.

Step 4: Build the Project

sam build

This packages the application and prepares it for deployment.

Step 5: Deploy the Lambda

sam deploy --guided

The --guided flag walks you through:

• Stack Name – e.g., HelloWorldStack;
• AWS Region – e.g., us-east-1;
• Confirm changes before deploy? – Yes;
• Allow SAM CLI IAM role creation? – Yes;
• Preserve the state? – No;
• Save arguments to a samconfig.toml file? – Yes.

Once confirmed, SAM deploys:

• The Lambda function;
• The IAM role;
• API Gateway endpoint;
• Other associated resources.

Deployment Output

During deployment, you'll see updates:

• IAM Role Created;
• REST API Created;
• Lambda Permission Created;
• Gateway Deployment Created.

Deployment finishes successfully in a few minutes.

Recap

With infrastructure as code:

• You can consistently reproduce environments across regions or stages;
• You eliminate manual provisioning;
• You version and track infrastructure like application code.

That's the power of infrastructure as code!