* [Blog](https://www.paloaltonetworks.com/blog)
* [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-infrastructure-entitlement-management/)
* What is Infrastructure as...

# What is Infrastructure as Code? The Best Way to Fully Control Your Cloud Configuration

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fwhat-is-infrastructure-as-code-the-best-way-to-fully-control-your-cloud-configuration%2F)  
[](https://twitter.com/share?text=What+is+Infrastructure+as+Code%3F+The+Best+Way+to+Fully+Control+Your+Cloud+Configuration&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fwhat-is-infrastructure-as-code-the-best-way-to-fully-control-your-cloud-configuration%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fwhat-is-infrastructure-as-code-the-best-way-to-fully-control-your-cloud-configuration%2F&title=What+is+Infrastructure+as+Code%3F+The+Best+Way+to+Fully+Control+Your+Cloud+Configuration&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/what-is-infrastructure-as-code-the-best-way-to-fully-control-your-cloud-configuration/&ts=markdown)  
\[\](mailto:?subject=What is Infrastructure as Code? The Best Way to Fully Control Your Cloud Configuration)  
Link copied  
By [Steve Giguere](https://www.paloaltonetworks.com/blog/author/steve-giguere/?ts=markdown "Posts by Steve Giguere") and [Adrian Chan](https://www.paloaltonetworks.com/blog/author/adrian-chan/?ts=markdown "Posts by Adrian Chan")  
Jul 04, 2022  
5 minutes  
[Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-infrastructure-entitlement-management/?ts=markdown)  
[DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)  
[Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)  
[Cloud-Native Security](https://www.paloaltonetworks.com/blog/tag/cloud-native-security/?ts=markdown)  
[IaC](https://www.paloaltonetworks.com/blog/tag/iac/?ts=markdown)  
[Infrastructure as Code](https://www.paloaltonetworks.com/blog/tag/infrastructure-as-code/?ts=markdown)  
[Managing Cloud Infrastructure](https://www.paloaltonetworks.com/blog/tag/managing-cloud-infrastructure/?ts=markdown)

Cloud-first computing has taken the tech world by storm, and for good reason. Cloud native infrastructure gives developers and organizations the tools to create and scale new software more quickly and efficiently than ever before. Unfortunately, increased scalability and availability can result in significant new opportunities for security failures at many stages of the development cycle.

Today, the world's [6.8 million cloud native developers](https://www.cncf.io/wp-content/uploads/2021/12/Q1-2021-State-of-Cloud-Native-development-FINAL.pdf) need to keep their eyes on hundreds--or even thousands--of different APIs, container images, and other critical parts of their new cloud services. This is a daunting task, especially considering the fact that developers don't just need to monitor their assets --- they also need to make sure those assets are up-to-date and compatible with their cloud provider's new features and updates.

Clearly, managing this myriad of assets manually is an untenable concept in today's world of rapid growth, so how can we fully control them and make sure they're secure? The answer lies in Infrastructure as Code (IaC) and its ability to check code at every step of the development process, identifying weaknesses and misconfigurations that could result in security breaches.

## What is Infrastructure as Code?

Before we can understand how IaC represents the future of cloud native security, we need to understand what it is.

[Infrastructure as Code](https://www.paloaltonetworks.com/cyberpedia/what-is-iac?ts=markdown) is a term used to describe the processes and technologies utilized to manage cloud infrastructure with machine-readable languages instead of manual work. IaC lets developers use code to design, create, and manage their cloud assets and infrastructure at scale instead of using a cloud provider's UI or a long list of potentially outdated CLI commands.

IaC predates the cloud native revolution. Early IaC languages primarily followed an **Imperative** operating method, which relied on a list of ordered, logical commands and did not specify the desired result. However, in today's cloud native world, **Declarative** IaC represents the best way to harness and control this rapidly expanding tech ecosystem because of its predictable outcomes and scalability. Declarative IaC is now the norm in cloud computing and is most often referred to simply as IaC. You can learn more about the history and use cases for both forms of IaC in the video below:

## The Benefits of IaC in Cloud Native Infrastructure

Essentially, IaC lets developers configure specific resources by defining the desired outcome and feeding that outcome into frameworks like CloudFormation, Azure Resource Manager (ARM), or Kubernetes. Once the framework receives this set of outcome instructions, it will automatically configure and provision the resource to meet that outcome. If all runs smoothly, running the same code will provide the same result over and over again, a property known as [idempotency](https://paloaltonetworks.github.io/terraform-ansible-intro/comparison/#:~:text=Saying%20that%20an%20operation%20is,will%20not%20change%20the%20result.). If your framework doesn't provide the same result every time, you'll know you've got a problem, making it easier to identify and rectify misconfigurations and weaknesses.

IaC relies on automation to do much of the heavy lifting involved with creating, scaling, and maintaining cloud resources, providing several clear benefits to developers and organizations. These include:

* **Increased Scalability:** Scaling cloud infrastructure with IaC is much easier than using ad hoc commands. All the necessary configurations are stored centrally, allowing them to be easily duplicated, modified, and version controlled.
* **Easier Asset Creation:** With IaC, you can create reusable templates, ensuring all new resources and containers are appropriately configured and follow the same set of rules.
* **Increased Predictability:** IaC's automation eliminates a significant amount of human error by making infrastructure deployment consistent, even across multiple cloud environments or providers.
* **Increased Security:** Since IaC provides stated outcomes in advance, checking for misconfigurations and potential weaknesses can be automated, too.

## Securing Your Cloud Native Infrastructure with IaC and Prisma Cloud

IaC is the key to [securing your cloud configuration](https://www.paloaltonetworks.com/prisma/cloud/infrastructure-as-code-security?ts=markdown) because it works with preset outcomes and predictable results. With IaC, developers can easily apply simple rules and desired outcomes to a logic engine that then scans the code to ensure those outcomes are achieved at any stage of development.

Developers can use tools like [Bridgecrew'](https://bridgecrew.io/)s open-source IaC scanning tool Chekov to further simplify the process of managing cloud infrastructure. [Chekov](https://github.com/bridgecrewio/checkov) scans your IaC templates and assets for misconfigurations, leveraging hundreds of built-in IaC best practices and policies. Developers can even add their own custom rules to Chekov to ensure the logic engine doesn't miss anything.

[Prisma Cloud'](https://www.paloaltonetworks.com/prisma/whyprisma?ts=markdown)s all-in-one cloud native security solution also uses Chekov to analyze cloud infrastructure. With Prisma Cloud, you can check your assets and templates at any point in the development life cycle, automatically fix misconfigurations, and duplicate assets as needed. Even better, you'll be able to monitor the security and consistency of your cloud infrastructure as it grows; whether you're scanning three resources or 3,000, the underlying process of checking outcomes against desired results doesn't change.

Gartner estimates that [85% of businesses](https://www.gartner.com/en/newsroom/press-releases/2021-11-10-gartner-says-cloud-will-be-the-centerpiece-of-new-digital-experiences) worldwide will have pivoted to cloud-first computing by 2025, making the need for cloud native security and embedded DevSecOps practices more imperative than ever. By using IaC and Chekov to continually analyze your cloud infrastructure for misconfigurations and security risks, you'll be able to incorporate core [DevSecOps principles](https://bridgecrew.io/wp-content/uploads/devsecguide-iac-security.pdf) at any stage of an asset's lifecycle and quickly duplicate assets and resources without worrying about potential security flaws.

*** ** * ** ***

## Related Blogs

### [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### How To Prevent the 5 Most Common Software Supply Chain Weaknesses](https://www.paloaltonetworks.com/blog/cloud-security/common-software-supply-chain-weaknesses/)

### [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Top 6 Considerations for Integrating Cloud Security and GitOps](https://www.paloaltonetworks.com/blog/cloud-security/6-considerations-for-integrating-cloud-security-and-gitops/)

### [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Crawl, Walk, Run: Operationalizing Your IaC Security Program](https://www.paloaltonetworks.com/blog/cloud-security/how-to-implement-an-infrastructure-as-code-security-program/)

### [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### How To Prevent the IaC Misconfiguration Snowball Effect](https://www.paloaltonetworks.com/blog/cloud-security/iac-misconfiguration-snowball-effect/)

### [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Infrastructure as Code Security and AppSec: Streamlined DevSecOps From App to Infra](https://www.paloaltonetworks.com/blog/cloud-security/infrastructure-as-code-security-and-appsec-streamlined-devsecops/)

### [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### 6 Key Kubernetes DevSecOps Principles: People, Processes, Technology](https://www.paloaltonetworks.com/blog/cloud-security/kubernetes-devsecops-principles/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language