Skip to content

Infrastructure as Code Testing

Infrastructure as Code (IaC) testing validates the quality of IaC scripts and the desired state of infrastructure deployments. IaC security tests are also used to identify known vulnerabilities and security misconfigurations in the IaC files. Automated testing of infrastructure code allows teams to efficiently validate IaC scripts before deploying to production.

Characteristics

Module Tests

Module tests validate individual components in IaC scripts. These tests are used to analyze module configurations and dependencies before execution to ensure that the module code creates the expected resources successfully. Module tests deploy the module resources; validate the deployed resources and configurations; and then tear down any deployed resources.

End-to-End Tests

End-to-end (E2E) tests are used to verify the interactions between components of the IaC scripts.

E2E tests validate:

  • The desired state of the environment can be achieved
  • The full system of deployed resources works collectively as expected before starting to direct traffic to it

IaC Template Validation and Linting

When writing IaC, code can have valid syntax, but lack consistency with standards, conventions or organizational practices. Template validation ensures templates pass established standards. For example, the following uses illustrate when a template validation would not pass:

  • Parameters that are not available during deployment or blending different code styles
  • Different naming conventions, indentation and whitespace
  • Hard-coded values

Linting and validation tools are used to perform static code analysis on IaC templates to identify these types of errors in the code.

Examples

Automated Infrastructure as Code Testing