infrastructure

Practices and tooling to provision, configure and operate compute, network and storage resources at scale using IaC and automation; doing infrastructure work involves authoring Terraform/CloudFormation/Ansible scripts, managing Kubernetes clusters, CI/CD pipelines, secrets management, observability and capacity planning for resilient production systems.

infrastructure

12-Month Skill Trend

Momentum and market value over time
Trending
Score
+20 in 12 mo
96
12 mo agoNow
Career
Value
+$12K in 12 mo
$42K/year
12 mo agoNow

Recommended Survey Paper

Quick overview of the field
View more

Must-Read Papers

Most classic and influential ideas
View more

Cloud Infrastructure Management in the Age of AI Agents

Jun 13, 2025
ZY
Zhenning Yang
🏛️ University of Michigan | UC Berkeley | Andreessen Horowitz

This study addresses the high manual overhead faced by DevOps teams in managing multi-interface cloud infrastructures. We propose and systematically evaluate an LLM-driven AI agent framework for automation. Methodologically, the agent unifies heterogeneous interfaces—including SDKs, CLIs, Infrastructure-as-Code (IaC) tools, and web portals—to support core tasks such as configuration deployment, monitoring/alerting, and incident remediation. Key contributions include: (1) the first evaluation framework specifically designed for AI agents in cloud infrastructure management; (2) identification and systematic mitigation of three critical bottlenecks—interface semantic gaps, action execution reliability, and security constraint compliance; and (3) domain-specific optimization strategies validated in real-world deployments, demonstrating both task feasibility and cross-scenario generalizability. Our work establishes a reusable methodology and empirical benchmark for AI-native cloud operations.

Automating cloud infrastructure management using AI agentsEvaluating AI agents across diverse cloud interfacesIdentifying challenges in AI-driven cloud management solutions

Automated Cloud Infrastructure-as-Code Reconciliation with AI Agents

Oct 23, 2025
ZY
Zhenning Yang
🏛️ University of Michigan | Amazon Web Services

Infrastructure-as-Code (IaC) environments suffer from configuration drift when IaC tools are used alongside cloud consoles, CLIs, or SDKs, leading to state inconsistency and operational risks. To address this, we propose NSync—a novel AI agent system that unifies API log tracing, large language model (LLM)-based intent inference, and a self-evolving knowledge base to automatically detect non-IaC configuration changes and perform semantic-level remediation. NSync identifies configuration deviations by analyzing cloud API call logs, infers high-level operational intent via LLMs, and incrementally refines repair strategies in an iterative knowledge base. It further integrates IaC code generation with automated evaluation pipelines to ensure synchronization accuracy and efficiency. Evaluated on five real-world Terraform projects, NSync achieves a pass@3 accuracy of 0.97—up from 0.71—and reduces token consumption by 47%, significantly enhancing IaC environment consistency and maintainability.

Automating Infrastructure-as-Code reconciliation to resolve infrastructure driftDetecting non-IaC cloud changes via API traces and updating configurationsEmploying AI agents to infer intents and synthesize IaC updates

DevOps Automation Pipeline Deployment with IaC (Infrastructure as Code)

Nov 15, 2024
AS
Adarsh Saxena
🏛️ University of Allahabad | University of South Wales | Cardiff Metropolitan University

This paper addresses the conceptual ambiguity, ill-defined boundaries, and lack of implementation standards between Infrastructure-as-Code (IaC) and Pipeline-as-Code in DevOps practice. To resolve these issues, we systematically delineate their respective roles and synergistic mechanisms within the DevOps ecosystem and propose a reusable, standardized IaC-driven CI/CD implementation framework. Our approach integrates Terraform for infrastructure provisioning, Ansible for configuration management, GitLab CI for pipeline orchestration, and Docker/Kubernetes for containerized deployment—enabling an end-to-end automated delivery pipeline. Empirical evaluation demonstrates 99.8% configuration change accuracy, reduces environment provisioning time from hours to minutes, and significantly improves deployment consistency and delivery efficiency.

Clarify DevOps implementation in CI/CD pipelinesDemonstrate Infrastructure as Code (IaC) strategyStreamline software development and deployment processes

Enterprise cloud environments are frequently exposed to security threats due to misconfigurations, excessive permissions, and fragmented security tooling, compounded by the absence of unified, coordinated protection across Kubernetes, OpenStack, and Infrastructure-as-Code (IaC) platforms. This work proposes the first open-source microservices-based security framework that uniquely integrates identity governance, multi-platform configuration auditing, runtime threat detection, and automated IaC remediation into a single closed-loop system. Designed with standardized REST/gRPC interfaces and scalable for medium-to-large deployments, the framework synergistically combines Falco, ELK, Terraform, Checkov, and OPA. In enterprise evaluations, it reduced vulnerability assessment time from 120 to 18 minutes, achieved a false positive rate below 5%, decreased security incidents by 62%, and lowered operational costs by approximately 40%, all while being released under the Apache 2.0 license.

cloud securitycloud-nativemisconfiguration

From"Worse is Better"to Better: Lessons from a Mixed Methods Study of Ansible's Challenges

Apr 11, 2025
CC
Caroline Carreira
🏛️ Carnegie Mellon University | INESC-ID | IST | University of Lisbon | INESC TEC | University of Porto

This study identifies four core challenges in Ansible’s Infrastructure-as-Code (IaC) practice: performance bottlenecks, flawed abstraction design, weak debugging and error diagnosis capabilities, and insufficient documentation and learning resources. Employing a mixed-methods empirical approach—quantitative text mining of 59,157 community forum posts and qualitative analysis of 16 in-depth practitioner interviews—it provides the first evidence-based characterization of the real-world engineering costs incurred by the “Worse is Better” philosophy in IaC tooling. The work proposes a four-dimensional improvement framework targeting maintainability, understandability, debuggability, and evolvability, yielding four actionable design recommendations—several of which have been adopted by the Ansible Core Team. These findings establish a critical empirical benchmark for advancing IaC tool design, DevOps education, and open-source community support.

Identifying pain points from 59,157 forum posts and interviewsInvestigating challenges in Ansible for Infrastructure as CodeProposing improvements for performance, debugging, and documentation

Latest Papers

What's happening recently
View more

IaC Generation with LLMs: An Error Taxonomy and A Study on Configuration Knowledge Injection

Dec 16, 2025
RN
Roman Nekrasov
🏛️ Jheronimus Academy of Data Science | Tilburg University | Eindhoven University of Technology | University of Sannio

Large language models (LLMs) exhibit low correctness and intent alignment when generating Terraform infrastructure-as-code (IaC), hindering reliable automation. Method: We propose a structured knowledge-enhanced approach: (1) establishing the first LLM error taxonomy specifically for IaC, revealing the “correctness–consistency gap”; (2) designing Semantic-Enhanced Graph RAG (SE-Graph RAG) that explicitly models resource dependencies and integrates graph neural networks for graph-structured retrieval-augmented generation; and (3) validating via a cloud-based simulation environment with automated, closed-loop error analysis. Results: Our method increases generation success rate from 27.1% to 75.3%, achieving an overall task success rate of 62.6%. This work provides the first systematic characterization of IaC generation failure modes and empirically demonstrates that architectural-level semantic understanding—not merely syntactic or lexical fidelity—constitutes the fundamental bottleneck in LLM-assisted IaC.

Addresses the gap between technical validation and intent alignmentImproves LLM-based Infrastructure as Code generation for TerraformInjects structured configuration knowledge to enhance correctness

This study addresses the growing inadequacy of conventional AI sovereignty frameworks, which focus narrowly on data and algorithms while overlooking the critical role of physical infrastructure. The work proposes a novel paradigm—“AI infrastructure sovereignty”—that extends sovereign capabilities from the software layer down to the physical layer, explicitly accounting for constraints imposed by energy, networking, and environmental factors. It introduces a reference architecture enabling real-time closed-loop control by integrating high-density data centers, advanced cooling systems, localized energy coupling, optimized optical networking, and telemetry-driven agents with digital twin technologies. Crucially, the framework treats sustainability metrics—such as carbon intensity and water usage—as hard deployment boundaries, thereby offering a theoretical foundation and technical pathway for regions or nations to achieve autonomous, resource-constrained control over their AI systems.

AI infrastructureAI sovereigntyoperational control

This study addresses how cloud infrastructure failures distort performance metrics, thereby misleading autoscaling systems and leading to resource misallocation, increased costs, or degraded service reliability. Through controlled simulations, the authors systematically evaluate the impact of four common failure types—including storage and network routing issues—on both vertical and horizontal scaling strategies across varying instance configurations and SLO thresholds. The work presents the first quantitative analysis of how such failures bias scaling decisions, revealing that horizontal scaling is particularly sensitive to transient anomalies. It further proposes design principles to distinguish genuine workload changes from failure-induced artifacts. Experimental results demonstrate that storage failures can incur up to $258 in additional monthly costs under horizontal scaling, while routing anomalies consistently cause resource under-provisioning, offering empirical foundations for building fault-tolerant autoscaling mechanisms.

autoscalingcloud infrastructure faultsperformance metrics

This study addresses the widespread adoption of cloud computing by small and medium-sized enterprises (SMEs) in critical infrastructure, where deployment models and associated security and reliability risks remain poorly understood. Focusing specifically on multi-cloud strategies in this context, the research employs a systematic review of academic, industry, governmental, and online sources, complemented by content analysis, to holistically assess current deployment practices and risk characteristics. Findings reveal that while SMEs exhibit high levels of cloud adoption, their risk management practices significantly lag behind, highlighting an urgent need for targeted policy guidance and practical frameworks. The results provide empirical evidence and actionable insights for both regulatory bodies and enterprise decision-makers to better navigate the complexities of secure and resilient cloud deployment in critical sectors.

Cloud computingCritical infrastructureCybersecurity risks

This work addresses the physical constraints—such as energy availability, cooling capacity, and network bandwidth—that challenge the sustainable operation of AI infrastructure, which traditional software-level optimizations alone cannot resolve. The authors propose a joint compute-network optimization framework that explicitly incorporates carbon intensity, water usage, and power capacity as hard constraints within a closed-loop system to co-schedule computing and optical networking resources. A key innovation is the introduction of the “Feasible Sovereign Operating Region” (FSOR), which transforms infeasible solutions into precise decision signals for infrastructure expansion or load curtailment. By integrating task scheduling with optical circuit routing through a scenario-driven approach and embedding multidimensional sustainability constraints, the framework significantly reduces environmental impact, demonstrating its effectiveness in enhancing the sustainability of AI infrastructure under real-world physical limitations.

Compute-Network OptimizationEnvironmental ConstraintsSovereign AI

Hot Scholars

TM

Tommaso Melodia

Institute for the Wireless Internet of Things at Northeastern University
Open RANSpectrum Sharing5G/6GAI/ML
HD

Hans D. Schotten

Univ. of Kaiserslautern, RPTU Kaiserslautern, DFKI GmbH
Mobile and wireless communicationsindustrial radioindustrial internetsecurity
JG

Javier Gozalvez

Professor, UWICORE Lab. Director, Universidad Miguel Hernandez de Elche (Spain)
V2Xvehicular networksIndustry 4.0ITS
MR

Milena Radenkovic

University of Nottingham UK, Microsoft Research Ltd, Cambridge, UK
Complex networksComplex GraphsAI and ML and AnalyticsSecurity and Privacy