Infrastructure-as-code Architecture Decision Compliance

Infrastructure-as-code (IaC) is a software engineering method that helps practitioners in computer science to automatically provision and manage IT infrastructures at scale. If provisioning and management are done manually, they are costly and error prone. The promise of IaC is easy, rapid, secure, reliable, and repeatable IT infrastructure provisioning and management. Unfortunately, IAC techniques and methods used today are highly complex. This leads to low quality, high risks, and high costs in IaC design and development. The project has the objective to develop foundational concepts and methods to address this problem. The project aims to develop new computer science models and methods as foundations for tackling the complexity of large-scale IaC architectures. It further aims to improve quality through rigorous specifications which enable compliance to architectural design decisions, derived from established patterns. Design decision and patterns are established computer science methods to describe and specify established practices. So far, in the scientific literature no effort to define compliance to IaC patterns using architectural design decisions has been attempted. Although IaC has been used as a tool for continuous improvement of a software system, e.g. in cloud applications, the development of the IaC architecture itself has not been sufficiently investigated in the literature. Given the wide use of IaC in practice and the enormous complexity of existing IaC architectures in large implementations, it is likely that often suboptimal decisions are made, leading to serious design problems. This problem has not yet been addressed by major research efforts and requires new basic research.

The IaC2 research project aimed to improve the management of IT infrastructures by focusing on Infrastructure-as-Code (IaC), a modern method that uses code to automate the setup and operation of IT systems. This approach eliminates manual processes and ensures faster, more secure, and more standardized deployments. However, as IaC systems grow in size and complexity, hidden design issues often arise, leading to higher costs, risks, and maintenance issues. The IaC2 project aimed to overcome these challenges by developing tools and methods to improve the quality, maintainability, and security of IaC systems. A key achievement of the project is the development of novel techniques for identifying and fixing common design problems in IaC systems. These issues in the system structure often do not cause immediate problems but can lead to serious problems over time. The researchers also worked to identify best practices (or patterns) to help developers build better systems from the start. By automating these processes, the project is helping to reduce the manual effort required to maintain complex IT infrastructures, making them easier, of higher quality, and cheaper to manage. Improving security in IaC-based systems was a key focus of the research. For example, the team has developed automated methods to ensure that best security practices are followed when setting up infrastructures and deployment systems, such as protecting sensitive data, managing user identities, and ensuring secure communication between IaC system components. These advances help organizations avoid vulnerabilities in IaC systems and keep these systems secure. The project also explored ways to manage the complexity of IaC systems. The complex target systems used included microservice systems, which consist of independent services and are often managed with IaC today. By studying real systems and developing automated tools, the researchers have created novel methods to automatically measure and improve the alignment of infrastructure design with intended goals to ensure that systems are as high quality, well-structured, and secure as possible. The results of IaC2 were validated through case studies, experiments, and collaboration with technical experts. The resulting data sets and the necessary code were made openly available to ensure the reproducibility of the results. These innovations pave the way for higher quality, more secure, and easier-to-maintain IT systems and infrastructures, enabling organizations to save time, reduce costs, and focus on innovation. For those who manage large IT infrastructures, the results of this research provide novel concepts, tools, and methods to manage the complexity of modern IaC technologies safely.