Infrastructure as Code Complete Learning Roadmap¶
🎯 Mục tiêu: Master Infrastructure as Code trong 10-12 tháng¶
🔰 GIAI ĐOẠN 1: IAC FOUNDATION (Tháng 1-2)¶
Week 1: Infrastructure as Code Fundamentals¶
Search Keywords để học:
- [ ] "What is Infrastructure as Code IaC"
- [ ] "IaC benefits vs traditional infrastructure"
- [ ] "Declarative vs imperative infrastructure"
- [ ] "IaC tools comparison Terraform Ansible CloudFormation"
- [ ] "Infrastructure automation best practices"
- [ ] "Configuration management vs infrastructure provisioning"
- [ ] "Immutable infrastructure principles"
- [ ] "Infrastructure drift detection prevention"
Core Concepts:
- [ ] Infrastructure versioning
- [ ] Repeatability and consistency
- [ ] Disaster recovery automation
- [ ] Infrastructure testing
- [ ] Configuration drift management
Week 2: Cloud Fundamentals for IaC¶
Search Keywords để học:
- [ ] "AWS services overview for IaC"
- [ ] "Azure services for infrastructure automation"
- [ ] "Google Cloud Platform IaC services"
- [ ] "Multi-cloud infrastructure management"
- [ ] "Cloud provider APIs and SDKs"
- [ ] "Cloud resource naming conventions"
- [ ] "Cloud tagging strategies"
- [ ] "Cloud cost optimization with IaC"
Cloud Provider Setup:
# AWS CLI setup
aws configure
aws sts get-caller-identity
# Azure CLI setup
az login
az account show
# GCP CLI setup
gcloud auth login
gcloud config set project PROJECT_ID
Week 3: Version Control for Infrastructure¶
Search Keywords để học:
- [ ] "Git workflow for infrastructure code"
- [ ] "Infrastructure code repository structure"
- [ ] "Branching strategies for IaC"
- [ ] "Code review process for infrastructure"
- [ ] "Gitignore patterns for IaC tools"
- [ ] "Infrastructure documentation standards"
- [ ] "Secrets management in IaC repositories"
- [ ] "Infrastructure change management"
Repository Structure:
infrastructure/
├── environments/
│ ├── dev/
│ ├── staging/
│ └── prod/
├── modules/
├── policies/
├── scripts/
└── docs/
Week 4: IaC Testing & Validation¶
Search Keywords để học:
- [ ] "Infrastructure testing strategies"
- [ ] "Terraform testing tools Terratest"
- [ ] "Ansible testing with Molecule"
- [ ] "CloudFormation testing and validation"
- [ ] "Infrastructure compliance testing"
- [ ] "Security testing for IaC"
- [ ] "Performance testing infrastructure"
- [ ] "Infrastructure smoke testing"
🏗️ GIAI ĐOẠN 2: TERRAFORM MASTERY (Tháng 3-5)¶
Week 5: Terraform Fundamentals¶
Search Keywords để học:
- [ ] "Terraform installation and setup"
- [ ] "Terraform HCL syntax basics"
- [ ] "Terraform providers and resources"
- [ ] "Terraform state management"
- [ ] "Terraform plan apply destroy workflow"
- [ ] "Terraform variables and outputs"
- [ ] "Terraform data sources"
- [ ] "Terraform workspace management"
Basic Terraform Commands:
# Terraform basics
terraform init
terraform plan
terraform apply
terraform destroy
terraform show
terraform state list
terraform state show
terraform workspace list
First Terraform Configuration:
# main.tf
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}
provider "aws" {
region = var.aws_region
}
resource "aws_instance" "web" {
ami = var.ami_id
instance_type = var.instance_type
tags = {
Name = "Web Server"
}
}
Week 6: Terraform State Management¶
Search Keywords để học:
- [ ] "Terraform state file explained"
- [ ] "Terraform remote state backend"
- [ ] "Terraform state locking mechanisms"
- [ ] "Terraform state import existing resources"
- [ ] "Terraform state file encryption"
- [ ] "Terraform state backup strategies"
- [ ] "Terraform state collaboration"
- [ ] "Terraform state troubleshooting"
State Backend Configuration:
# backend.tf
terraform {
backend "s3" {
bucket = "my-terraform-state"
key = "terraform.tfstate"
region = "us-west-2"
encrypt = true
dynamodb_table = "terraform-locks"
}
}
Week 7: Terraform Modules¶
Search Keywords để học:
- [ ] "Terraform modules creation tutorial"
- [ ] "Terraform module structure best practices"
- [ ] "Terraform module registry usage"
- [ ] "Terraform module versioning"
- [ ] "Terraform module composition"
- [ ] "Terraform module testing"
- [ ] "Terraform module documentation"
- [ ] "Terraform module dependency management"
Module Structure:
modules/
├── vpc/
│ ├── main.tf
│ ├── variables.tf
│ ├── outputs.tf
│ └── README.md
├── ec2/
└── rds/
Module Example:
# modules/vpc/main.tf
resource "aws_vpc" "main" {
cidr_block = var.cidr_block
enable_dns_hostnames = true
enable_dns_support = true
tags = merge(
var.tags,
{
Name = var.name
}
)
}
# Using module
module "vpc" {
source = "./modules/vpc"
name = "my-vpc"
cidr_block = "10.0.0.0/16"
tags = local.common_tags
}
Week 8: Terraform Advanced Features¶
Search Keywords để học:
- [ ] "Terraform functions and expressions"
- [ ] "Terraform conditional expressions"
- [ ] "Terraform loops for_each count"
- [ ] "Terraform dynamic blocks"
- [ ] "Terraform local values"
- [ ] "Terraform data transformation"
- [ ] "Terraform validation rules"
- [ ] "Terraform lifecycle management"
Advanced Terraform Patterns:
# Dynamic blocks
dynamic "ingress" {
for_each = var.ingress_rules
content {
from_port = ingress.value.from_port
to_port = ingress.value.to_port
protocol = ingress.value.protocol
cidr_blocks = ingress.value.cidr_blocks
}
}
# Conditional resources
resource "aws_instance" "web" {
count = var.create_instance ? 1 : 0
# ... other configuration
}
# For each with map
resource "aws_instance" "servers" {
for_each = var.servers
ami = each.value.ami
instance_type = each.value.type
tags = {
Name = each.key
}
}
Week 9: Terraform Enterprise Features¶
Search Keywords để học:
- [ ] "Terraform Cloud workspace management"
- [ ] "Terraform Enterprise features"
- [ ] "Terraform policy as code Sentinel"
- [ ] "Terraform cost estimation"
- [ ] "Terraform VCS integration"
- [ ] "Terraform team collaboration"
- [ ] "Terraform governance and compliance"
- [ ] "Terraform drift detection"
Week 10: Terraform Multi-Cloud¶
Search Keywords để học:
- [ ] "Terraform multi-cloud deployment"
- [ ] "Terraform AWS provider advanced"
- [ ] "Terraform Azure provider tutorial"
- [ ] "Terraform GCP provider examples"
- [ ] "Terraform provider authentication"
- [ ] "Terraform cross-cloud networking"
- [ ] "Terraform cloud-agnostic modules"
- [ ] "Terraform hybrid cloud management"
🤖 GIAI ĐOẠN 3: ANSIBLE MASTERY (Tháng 6-7)¶
Week 11: Ansible Fundamentals¶
Search Keywords để học:
- [ ] "Ansible installation and setup"
- [ ] "Ansible inventory management"
- [ ] "Ansible playbook syntax YAML"
- [ ] "Ansible modules and tasks"
- [ ] "Ansible ad-hoc commands"
- [ ] "Ansible SSH key management"
- [ ] "Ansible facts gathering"
- [ ] "Ansible idempotency principles"
Basic Ansible Setup:
# Ansible installation
pip install ansible
# Inventory file
echo "[webservers]" > inventory
echo "web1.example.com" >> inventory
echo "web2.example.com" >> inventory
# First playbook
ansible-playbook -i inventory playbook.yml
Simple Playbook:
# playbook.yml
---
- name: Configure web servers
hosts: webservers
become: yes
tasks:
- name: Install nginx
package:
name: nginx
state: present
- name: Start nginx service
service:
name: nginx
state: started
enabled: yes
Week 12: Ansible Advanced Playbooks¶
Search Keywords để học:
- [ ] "Ansible playbook variables and facts"
- [ ] "Ansible conditionals and loops"
- [ ] "Ansible handlers and notifications"
- [ ] "Ansible templates with Jinja2"
- [ ] "Ansible vault for secrets"
- [ ] "Ansible error handling strategies"
- [ ] "Ansible debugging techniques"
- [ ] "Ansible performance optimization"
Advanced Playbook Features:
# Advanced playbook example
---
- name: Deploy application
hosts: webservers
vars:
app_name: myapp
app_version: "{{ lookup('env', 'APP_VERSION') | default('latest') }}"
tasks:
- name: Create app directory
file:
path: "/opt/{{ app_name }}"
state: directory
mode: "0755"
- name: Deploy application
template:
src: app.conf.j2
dest: "/opt/{{ app_name }}/app.conf"
backup: yes
notify: restart application
- name: Install dependencies
package:
name: "{{ item }}"
state: present
loop: "{{ app_dependencies }}"
when: app_dependencies is defined
handlers:
- name: restart application
service:
name: "{{ app_name }}"
state: restarted
Week 13: Ansible Roles & Galaxy¶
Search Keywords để học:
- [ ] "Ansible roles structure and creation"
- [ ] "Ansible Galaxy usage and publishing"
- [ ] "Ansible role dependencies"
- [ ] "Ansible role testing with Molecule"
- [ ] "Ansible role best practices"
- [ ] "Ansible role versioning"
- [ ] "Ansible Collections overview"
- [ ] "Custom Ansible modules development"
Role Structure:
roles/
├── webserver/
│ ├── tasks/
│ │ └── main.yml
│ ├── handlers/
│ │ └── main.yml
│ ├── templates/
│ ├── files/
│ ├── vars/
│ │ └── main.yml
│ ├── defaults/
│ │ └── main.yml
│ └── meta/
│ └── main.yml
Week 14: Ansible for Infrastructure¶
Search Keywords để học:
- [ ] "Ansible cloud modules AWS Azure GCP"
- [ ] "Ansible infrastructure provisioning"
- [ ] "Ansible with Terraform integration"
- [ ] "Ansible network automation"
- [ ] "Ansible container management"
- [ ] "Ansible orchestration patterns"
- [ ] "Ansible Tower AWX automation"
- [ ] "Ansible dynamic inventory"
Infrastructure Playbook:
# infrastructure.yml
---
- name: Provision AWS infrastructure
hosts: localhost
gather_facts: no
tasks:
- name: Create VPC
amazon.aws.ec2_vpc_net:
name: "{{ vpc_name }}"
cidr_block: "{{ vpc_cidr }}"
state: present
tags:
Environment: "{{ env }}"
register: vpc
- name: Create security group
amazon.aws.ec2_group:
name: "{{ sg_name }}"
description: Security group for web servers
vpc_id: "{{ vpc.vpc.id }}"
rules:
- proto: tcp
ports:
- 80
- 443
cidr_ip: 0.0.0.0/0
☁️ GIAI ĐOẠN 4: CLOUD-SPECIFIC IAC (Tháng 8-9)¶
Week 15: AWS CloudFormation¶
Search Keywords để học:
- [ ] "AWS CloudFormation tutorial basics"
- [ ] "CloudFormation template syntax JSON YAML"
- [ ] "CloudFormation stacks and nested stacks"
- [ ] "CloudFormation parameters and outputs"
- [ ] "CloudFormation intrinsic functions"
- [ ] "CloudFormation conditions and mappings"
- [ ] "CloudFormation custom resources"
- [ ] "CloudFormation drift detection"
CloudFormation Template:
# template.yml
AWSTemplateFormatVersion: "2010-09-09"
Description: "Web server infrastructure"
Parameters:
InstanceType:
Type: String
Default: t3.micro
AllowedValues: [t3.micro, t3.small, t3.medium]
KeyName:
Type: AWS::EC2::KeyPair::KeyName
Description: EC2 Key Pair
Resources:
WebServerInstance:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-0abcdef1234567890
InstanceType: !Ref InstanceType
KeyName: !Ref KeyName
SecurityGroupIds:
- !Ref WebServerSecurityGroup
UserData:
Fn::Base64: !Sub |
#!/bin/bash
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
WebServerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Security group for web server
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
Outputs:
WebsiteURL:
Description: URL of the website
Value: !Sub "http://${WebServerInstance.PublicDnsName}"
Week 16: Azure Resource Manager (ARM)¶
Search Keywords để học:
- [ ] "Azure Resource Manager ARM templates"
- [ ] "ARM template syntax and functions"
- [ ] "Azure Bicep language tutorial"
- [ ] "ARM template parameters and variables"
- [ ] "ARM template linked templates"
- [ ] "ARM template deployment modes"
- [ ] "Azure Policy with ARM templates"
- [ ] "ARM template best practices"
ARM Template Example:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string",
"defaultValue": "myVM"
},
"adminUsername": {
"type": "string"
},
"adminPassword": {
"type": "securestring"
}
},
"resources": [
{
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "2021-11-01",
"name": "[parameters('vmName')]",
"location": "[resourceGroup().location]",
"properties": {
"hardwareProfile": {
"vmSize": "Standard_B2s"
},
"osProfile": {
"computerName": "[parameters('vmName')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
}
}
}
]
}
Week 17: Google Cloud Deployment Manager¶
Search Keywords để học:
- [ ] "Google Cloud Deployment Manager tutorial"
- [ ] "GCP Deployment Manager YAML templates"
- [ ] "GCP Deployment Manager Python templates"
- [ ] "GCP Deployment Manager Jinja2 templates"
- [ ] "GCP resource configuration management"
- [ ] "GCP Deployment Manager imports"
- [ ] "GCP infrastructure automation"
- [ ] "GCP Deployment Manager vs Terraform"
Week 18: Pulumi Modern IaC¶
Search Keywords để học:
- [ ] "Pulumi infrastructure as code tutorial"
- [ ] "Pulumi vs Terraform comparison"
- [ ] "Pulumi programming languages support"
- [ ] "Pulumi state management"
- [ ] "Pulumi stacks and configuration"
- [ ] "Pulumi secrets management"
- [ ] "Pulumi testing and validation"
- [ ] "Pulumi CI/CD integration"
Pulumi Example:
# __main__.py
import pulumi
import pulumi_aws as aws
# Create a VPC
vpc = aws.ec2.Vpc("my-vpc",
cidr_block="10.0.0.0/16",
enable_dns_hostnames=True,
enable_dns_support=True,
tags={"Name": "my-vpc"}
)
# Create an internet gateway
igw = aws.ec2.InternetGateway("my-igw",
vpc_id=vpc.id,
tags={"Name": "my-igw"}
)
# Export the VPC ID
pulumi.export("vpc_id", vpc.id)
🔧 GIAI ĐOẠN 5: ADVANCED IAC PATTERNS (Tháng 10-12)¶
Week 19: IaC CI/CD Integration¶
Search Keywords để học:
- [ ] "Infrastructure CI/CD pipelines"
- [ ] "Terraform automation GitHub Actions"
- [ ] "Ansible automation GitLab CI"
- [ ] "Infrastructure testing in CI/CD"
- [ ] "IaC security scanning automation"
- [ ] "Infrastructure drift detection CI/CD"
- [ ] "IaC deployment strategies"
- [ ] "Infrastructure rollback procedures"
Terraform CI/CD Pipeline:
# .github/workflows/terraform.yml
name: Terraform CI/CD
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
terraform:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.5.0
- name: Terraform Init
run: terraform init
- name: Terraform Plan
run: terraform plan
- name: Terraform Apply
if: github.ref == 'refs/heads/main'
run: terraform apply -auto-approve
Week 20: IaC Security & Compliance¶
Search Keywords để học:
- [ ] "Infrastructure security scanning tools"
- [ ] "Terraform security best practices"
- [ ] "IaC compliance automation"
- [ ] "Infrastructure policy as code"
- [ ] "IaC secrets management"
- [ ] "Infrastructure vulnerability scanning"
- [ ] "IaC governance frameworks"
- [ ] "Infrastructure security testing"
Security Tools:
# Terraform security scanning
tfsec .
checkov -f main.tf
terrascan scan -t terraform
# Ansible security
ansible-lint playbook.yml
Week 21: Multi-Environment Management¶
Search Keywords để học:
- [ ] "IaC multi-environment strategies"
- [ ] "Environment-specific configurations"
- [ ] "IaC environment promotion"
- [ ] "Infrastructure environment isolation"
- [ ] "IaC configuration management"
- [ ] "Environment drift prevention"
- [ ] "Blue-green infrastructure deployment"
- [ ] "Infrastructure canary deployments"
Week 22: IaC Monitoring & Observability¶
Search Keywords để học:
- [ ] "Infrastructure monitoring automation"
- [ ] "IaC deployment monitoring"
- [ ] "Infrastructure cost monitoring"
- [ ] "IaC performance metrics"
- [ ] "Infrastructure alerting automation"
- [ ] "IaC audit and compliance reporting"
- [ ] "Infrastructure dashboard creation"
- [ ] "IaC troubleshooting strategies"
Week 23: Advanced IaC Patterns¶
Search Keywords để học:
- [ ] "Infrastructure as Code patterns"
- [ ] "Microservices infrastructure automation"
- [ ] "IaC for container orchestration"
- [ ] "Serverless infrastructure automation"
- [ ] "IaC for data infrastructure"
- [ ] "Infrastructure composition patterns"
- [ ] "IaC for disaster recovery"
- [ ] "Infrastructure scaling automation"
Week 24: IaC Leadership & Strategy¶
Search Keywords để học:
- [ ] "IaC adoption strategies"
- [ ] "Infrastructure automation ROI"
- [ ] "IaC team organization"
- [ ] "Infrastructure governance models"
- [ ] "IaC training and education"
- [ ] "Infrastructure automation culture"
- [ ] "IaC vendor evaluation"
- [ ] "Infrastructure transformation strategy"
📚 HANDS-ON PROJECTS BY TOOL¶
🏗️ Terraform Projects¶
-
Multi-Tier Web Application
-
VPC with public/private subnets
- Load balancer and auto-scaling
- RDS database with read replicas
-
Search: "Terraform multi-tier architecture AWS"
-
Kubernetes Cluster Infrastructure
-
EKS cluster with managed node groups
- Networking and security groups
- Monitoring and logging setup
-
Search: "Terraform EKS cluster deployment"
-
Multi-Cloud Infrastructure
- Resources across AWS, Azure, GCP
- Cross-cloud networking
- Unified monitoring and management
- Search: "Terraform multi-cloud deployment"
🤖 Ansible Projects¶
-
Application Deployment Pipeline
-
Multi-stage deployment automation
- Configuration management
- Service discovery and load balancing
-
Search: "Ansible application deployment"
-
Infrastructure Hardening
-
Security baseline implementation
- Compliance automation
- Monitoring and alerting setup
-
Search: "Ansible security hardening"
-
Container Orchestration
- Docker Swarm setup and management
- Service deployment and scaling
- Health checks and monitoring
- Search: "Ansible Docker Swarm automation"
☁️ Cloud-Specific Projects¶
-
AWS CloudFormation Stack
-
Nested stacks architecture
- Cross-stack references
- Custom resources and Lambda functions
-
Search: "CloudFormation nested stacks"
-
Azure ARM Template
-
Resource group management
- Azure Key Vault integration
- Deployment slots and traffic routing
-
Search: "ARM template best practices"
-
GCP Deployment Manager
- Template hierarchy and imports
- Python template development
- Service account management
- Search: "GCP Deployment Manager Python"
📋 SKILL ASSESSMENT CHECKLIST¶
Terraform Mastery¶
- [ ] Write complex Terraform configurations
- [ ] Design reusable modules
- [ ] Implement state management strategies
- [ ] Automate Terraform workflows
- [ ] Troubleshoot Terraform issues
- [ ] Optimize Terraform performance
Ansible Mastery¶
- [ ] Create comprehensive playbooks
- [ ] Develop custom Ansible roles
- [ ] Implement dynamic inventories
- [ ] Integrate with external systems
- [ ] Optimize Ansible performance
- [ ] Troubleshoot Ansible issues
Cloud Platform Expertise¶
- [ ] Master native IaC tools
- [ ] Implement cross-cloud solutions
- [ ] Design scalable architectures
- [ ] Optimize cloud costs
- [ ] Implement security best practices
- [ ] Automate compliance processes
🎓 CERTIFICATIONS & LEARNING¶
Terraform Certifications¶
- [ ] HashiCorp Certified: Terraform Associate
- [ ] HashiCorp Certified: Terraform Professional
Ansible Certifications¶
- [ ] Red Hat Certified Specialist in Ansible Automation
- [ ] Red Hat Certified Engineer (RHCE)
Cloud Certifications¶
- [ ] AWS Certified DevOps Engineer
- [ ] Azure DevOps Engineer Expert
- [ ] Google Cloud Professional DevOps Engineer
Learning Resources¶
- "Terraform: Up & Running" - Yevgeniy Brikman
- "Ansible for DevOps" - Jeff Geerling
- "Infrastructure as Code" - Kief Morris
- "Cloud Native Infrastructure" - Justin Garrison
✅ DAILY PRACTICE ROUTINE¶
Morning Setup (20 mins)¶
- [ ] Review IaC code changes
- [ ] Check infrastructure status
- [ ] Read IaC best practices
- [ ] Plan daily IaC experiments
Active Development (60-90 mins)¶
- [ ] Work on IaC projects
- [ ] Refactor existing code
- [ ] Test new IaC features
- [ ] Contribute to IaC communities
Evening Review (15 mins)¶
- [ ] Document lessons learned
- [ ] Update IaC templates
- [ ] Review infrastructure costs
- [ ] Plan tomorrow's work
🎯 MASTERY MILESTONES¶
Month 2: Foundation¶
- [ ] Understand IaC principles
- [ ] Basic Terraform and Ansible skills
- [ ] Version control for infrastructure
- [ ] Simple automation scripts
Month 5: Intermediate¶
- [ ] Complex Terraform configurations
- [ ] Advanced Ansible playbooks
- [ ] Multi-environment management
- [ ] Infrastructure testing
Month 7: Advanced¶
- [ ] Multi-cloud deployments
- [ ] Custom modules and roles
- [ ] CI/CD integration
- [ ] Security and compliance
Month 9: Expert¶
- [ ] Infrastructure architecture design
- [ ] Performance optimization
- [ ] Disaster recovery automation
- [ ] Team leadership
Month 12: Master¶
- [ ] Strategic planning
- [ ] Tool evaluation and selection
- [ ] Organizational transformation
- [ ] Innovation and research
IaC Philosophy: "Infrastructure should be versioned, tested, and deployed like application code!"
🚀 Quick Start Checklist¶
Day 1: Environment Setup¶
- [ ] Install Terraform, Ansible, cloud CLIs
- [ ] Set up version control repository
- [ ] Configure cloud provider credentials
- [ ] Create first "Hello World" infrastructure
Week 1 Goals¶
- [ ] Deploy first infrastructure with Terraform
- [ ] Configure servers with Ansible
- [ ] Set up basic CI/CD pipeline
- [ ] Join IaC communities
Month 1 Targets¶
- [ ] Build multi-tier application infrastructure
- [ ] Implement infrastructure testing
- [ ] Set up monitoring and alerting
- [ ] Document infrastructure decisions
Remember: Infrastructure as Code mastery requires consistent practice and real-world application. Start with simple projects and gradually increase complexity!