// Infrastructure as Code for Data Platforms

Terraform (or Pulumi, CloudFormation) gives you repeatable, versioned infrastructure for clusters, buckets, and pipelines. The same code can provision dev, staging, and prod so environments stay in sync and drift is visible in diffs.

Secrets and credentials should live in a vault or your CI secrets store; never hardcode. Use Terraform data sources or external systems to inject them at apply time, and restrict who can run apply on prod.

Drift happens when someone changes resources in the console. Use regular plan/apply cycles and, where possible, restrict manual changes so Terraform remains the source of truth. Tag everything so you can trace cost and ownership.

→ Key takeaway: IaC reduces drift and makes environments reproducible. Keep secrets out of code and run plan regularly to catch manual changes.