t cht lk below , some IaC workflows create more problems than they solve .
t cht lk below , some IaC workflows create more problems than they solve .
Deciding when not to use IaC
But what , exactly , are the 1 % of processes that teams should not manage through IaC ? The answer will vary from one organization to the next depending on factors like how frequently the processes happen and how they are conducted , of course .
But in general , there are three types of processes that are not good fits for IaC .
1 . Operations that happen infrequently
The first is processes that take place on an infrequent basis – by which I mean once or twice a year at most .
There is an obvious and a less obvious reason why infrequent processes are poor candidates for IaC . The obvious one is that the less often you perform a process , the less value you get out of managing it using code-based automation .
Less obvious , but just as important , is the fact that the IaC templates you set up for infrequent processes may break over time due to changes in resources that the processes address . It is common for IaC to need maintenance due to shifting technology or enterprise policy . As a result , engineers may have to rework their code every time they use it – with the result that the total time and effort spent maintaining the IaC workflow outweigh the time and effort it saves .
For example , consider SSL certificate renewals . Most organizations maintain a relatively small number of SSL certificates , and those certificates usually expire once every year or two . It ' s not hard to write IaC code that will automatically set up new certificates . But it ' s also not particularly difficult or time-consuming to renew them manually – and if you write code to renew SSL certificates , there ' s a fairly good chance that it won ' t work a year or two from now because your certificate authority will have made changes to its renewal process .
2 . Processes that depend on third-party resources
The second category of DevOps processes that most teams should not manage using IaC are ones that require deployment of third-party resources . These are poor candidates for IaC because you can ' t fully
76 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com