Infrastructure management is a critical and complex task of software development. Today most software companies use cloud-based solutions to tackle this issue. Allocating new and reconfiguring existing cloud resources is a daily task for these companies. These procedures can be complex, and scales up with the size of the managed infrastructure quickly. Major mistakes in configuration or allocation can lead to partial or sometimes full service outages.
There are multiple techniques to deal with cloud-based resource management. One of these techniques is `Infrastructure as Code` or IaC for short. IaC solutions provide a declarative, automatized way of provisioning cloud resources.
However, with an automatized cloud resource provisioning system that has large-scale impact on the company infrastructure and therefore the costs and quality of operations, the demand for verifying the provisioning steps grows higher.
In this thesis, we are focusing on IaC solutions and automated verification of IaC resource provisioning. To this date, IaC solutions require engineers to go through and verify the steps of the IaC tool. We provide a solution supporting these engineers, thus helping to decrease the number of human errors during the verification process.
In this thesis, we introduce basic concepts of cloud based resources and their management, and the tools we used during our project. We assume that the reader has basic knowledge of webservice infrastructure resources, but we discuss the cloud architecture and IaC based cloud management in detail.
We will also discuss some existing services currently supporting engineers in safer cloud reconfiguration.
Then we propose our new verification algorithm and implementation developed for verifying IaC reconfiguration of a specific set of cloud resources used in webservice development, and then we will evaluate its capabilities during a case study when we inject a small error into the IaC description that is easy to overlook but impacts the availability of the webservice.
After the case study we will elaborate our future plans for getting our proof-of concept verification tool ready for everyday use for infrastructure engineers and the long therm goals and possibilities of improving our algorithm further.