Infrastructure as Code adoption has matured from initial enthusiasm to production operations. The lessons from running IaC at scale in production are clearer in 2020 than they were in 2017.
State management is the hard part
Terraform state files contain the mapping between your configuration and real-world resources. State corruption, concurrent applies without locking, and drift between state and reality are the operational failure modes. The state management disciplines that prevent these: always use remote state with locking (not local files in source control), never edit state files manually (use terraform state mv, rm commands), and run regular terraform plan runs to detect drift.
Immutable infrastructure over configuration management
The 2020 consensus: immutable infrastructure (build a new AMI or container image for every change, replace old instances with new) is more reliable than mutable configuration management (Chef, Puppet, Ansible modifying running instances). Mutable systems accumulate configuration drift; immutable systems are consistent by construction. The tooling that supports immutable infrastructure: Packer for image building, blue/green deployment for rollout.
Testing IaC
IaC code has the same testing requirements as application code. Terratest (Go-based) and kitchen-terraform support integration testing of Terraform modules: deploy real infrastructure, run assertions against it, tear it down. Unit testing frameworks (Checkov, tfsec) test Terraform for security misconfigurations without deploying. The testing discipline for IaC is less mature than for application code but the pattern is clear.
The sprawl problem
Without governance, IaC enables infrastructure sprawl: hundreds of environments created for development purposes that are never cleaned up, redundant modules with slight variations maintained by different teams, and configuration drift between nominally identical environments. IaC governance requires: tagging standards (team, environment, cost centre, expiry), automated cost reporting per tag, and regular environment cleanup processes. The same organisational discipline required for cloud cost management applies to IaC governance.