Score
Practices and tooling to provision, configure and operate compute, network and storage resources at scale using IaC and automation; doing infrastructure work involves authoring Terraform/CloudFormation/Ansible scripts, managing Kubernetes clusters, CI/CD pipelines, secrets management, observability and capacity planning for resilient production systems.
This study addresses the high manual overhead faced by DevOps teams in managing multi-interface cloud infrastructures. We propose and systematically evaluate an LLM-driven AI agent framework for automation. Methodologically, the agent unifies heterogeneous interfaces—including SDKs, CLIs, Infrastructure-as-Code (IaC) tools, and web portals—to support core tasks such as configuration deployment, monitoring/alerting, and incident remediation. Key contributions include: (1) the first evaluation framework specifically designed for AI agents in cloud infrastructure management; (2) identification and systematic mitigation of three critical bottlenecks—interface semantic gaps, action execution reliability, and security constraint compliance; and (3) domain-specific optimization strategies validated in real-world deployments, demonstrating both task feasibility and cross-scenario generalizability. Our work establishes a reusable methodology and empirical benchmark for AI-native cloud operations.
Infrastructure-as-Code (IaC) environments suffer from configuration drift when IaC tools are used alongside cloud consoles, CLIs, or SDKs, leading to state inconsistency and operational risks. To address this, we propose NSync—a novel AI agent system that unifies API log tracing, large language model (LLM)-based intent inference, and a self-evolving knowledge base to automatically detect non-IaC configuration changes and perform semantic-level remediation. NSync identifies configuration deviations by analyzing cloud API call logs, infers high-level operational intent via LLMs, and incrementally refines repair strategies in an iterative knowledge base. It further integrates IaC code generation with automated evaluation pipelines to ensure synchronization accuracy and efficiency. Evaluated on five real-world Terraform projects, NSync achieves a pass@3 accuracy of 0.97—up from 0.71—and reduces token consumption by 47%, significantly enhancing IaC environment consistency and maintainability.
This paper addresses the conceptual ambiguity, ill-defined boundaries, and lack of implementation standards between Infrastructure-as-Code (IaC) and Pipeline-as-Code in DevOps practice. To resolve these issues, we systematically delineate their respective roles and synergistic mechanisms within the DevOps ecosystem and propose a reusable, standardized IaC-driven CI/CD implementation framework. Our approach integrates Terraform for infrastructure provisioning, Ansible for configuration management, GitLab CI for pipeline orchestration, and Docker/Kubernetes for containerized deployment—enabling an end-to-end automated delivery pipeline. Empirical evaluation demonstrates 99.8% configuration change accuracy, reduces environment provisioning time from hours to minutes, and significantly improves deployment consistency and delivery efficiency.
Enterprise cloud environments are frequently exposed to security threats due to misconfigurations, excessive permissions, and fragmented security tooling, compounded by the absence of unified, coordinated protection across Kubernetes, OpenStack, and Infrastructure-as-Code (IaC) platforms. This work proposes the first open-source microservices-based security framework that uniquely integrates identity governance, multi-platform configuration auditing, runtime threat detection, and automated IaC remediation into a single closed-loop system. Designed with standardized REST/gRPC interfaces and scalable for medium-to-large deployments, the framework synergistically combines Falco, ELK, Terraform, Checkov, and OPA. In enterprise evaluations, it reduced vulnerability assessment time from 120 to 18 minutes, achieved a false positive rate below 5%, decreased security incidents by 62%, and lowered operational costs by approximately 40%, all while being released under the Apache 2.0 license.
This study identifies four core challenges in Ansible’s Infrastructure-as-Code (IaC) practice: performance bottlenecks, flawed abstraction design, weak debugging and error diagnosis capabilities, and insufficient documentation and learning resources. Employing a mixed-methods empirical approach—quantitative text mining of 59,157 community forum posts and qualitative analysis of 16 in-depth practitioner interviews—it provides the first evidence-based characterization of the real-world engineering costs incurred by the “Worse is Better” philosophy in IaC tooling. The work proposes a four-dimensional improvement framework targeting maintainability, understandability, debuggability, and evolvability, yielding four actionable design recommendations—several of which have been adopted by the Ansible Core Team. These findings establish a critical empirical benchmark for advancing IaC tool design, DevOps education, and open-source community support.
Large language models (LLMs) exhibit low correctness and intent alignment when generating Terraform infrastructure-as-code (IaC), hindering reliable automation. Method: We propose a structured knowledge-enhanced approach: (1) establishing the first LLM error taxonomy specifically for IaC, revealing the “correctness–consistency gap”; (2) designing Semantic-Enhanced Graph RAG (SE-Graph RAG) that explicitly models resource dependencies and integrates graph neural networks for graph-structured retrieval-augmented generation; and (3) validating via a cloud-based simulation environment with automated, closed-loop error analysis. Results: Our method increases generation success rate from 27.1% to 75.3%, achieving an overall task success rate of 62.6%. This work provides the first systematic characterization of IaC generation failure modes and empirically demonstrates that architectural-level semantic understanding—not merely syntactic or lexical fidelity—constitutes the fundamental bottleneck in LLM-assisted IaC.
This study addresses the growing inadequacy of conventional AI sovereignty frameworks, which focus narrowly on data and algorithms while overlooking the critical role of physical infrastructure. The work proposes a novel paradigm—“AI infrastructure sovereignty”—that extends sovereign capabilities from the software layer down to the physical layer, explicitly accounting for constraints imposed by energy, networking, and environmental factors. It introduces a reference architecture enabling real-time closed-loop control by integrating high-density data centers, advanced cooling systems, localized energy coupling, optimized optical networking, and telemetry-driven agents with digital twin technologies. Crucially, the framework treats sustainability metrics—such as carbon intensity and water usage—as hard deployment boundaries, thereby offering a theoretical foundation and technical pathway for regions or nations to achieve autonomous, resource-constrained control over their AI systems.
This study addresses how cloud infrastructure failures distort performance metrics, thereby misleading autoscaling systems and leading to resource misallocation, increased costs, or degraded service reliability. Through controlled simulations, the authors systematically evaluate the impact of four common failure types—including storage and network routing issues—on both vertical and horizontal scaling strategies across varying instance configurations and SLO thresholds. The work presents the first quantitative analysis of how such failures bias scaling decisions, revealing that horizontal scaling is particularly sensitive to transient anomalies. It further proposes design principles to distinguish genuine workload changes from failure-induced artifacts. Experimental results demonstrate that storage failures can incur up to $258 in additional monthly costs under horizontal scaling, while routing anomalies consistently cause resource under-provisioning, offering empirical foundations for building fault-tolerant autoscaling mechanisms.
This study addresses the widespread adoption of cloud computing by small and medium-sized enterprises (SMEs) in critical infrastructure, where deployment models and associated security and reliability risks remain poorly understood. Focusing specifically on multi-cloud strategies in this context, the research employs a systematic review of academic, industry, governmental, and online sources, complemented by content analysis, to holistically assess current deployment practices and risk characteristics. Findings reveal that while SMEs exhibit high levels of cloud adoption, their risk management practices significantly lag behind, highlighting an urgent need for targeted policy guidance and practical frameworks. The results provide empirical evidence and actionable insights for both regulatory bodies and enterprise decision-makers to better navigate the complexities of secure and resilient cloud deployment in critical sectors.
This work addresses the physical constraints—such as energy availability, cooling capacity, and network bandwidth—that challenge the sustainable operation of AI infrastructure, which traditional software-level optimizations alone cannot resolve. The authors propose a joint compute-network optimization framework that explicitly incorporates carbon intensity, water usage, and power capacity as hard constraints within a closed-loop system to co-schedule computing and optical networking resources. A key innovation is the introduction of the “Feasible Sovereign Operating Region” (FSOR), which transforms infeasible solutions into precise decision signals for infrastructure expansion or load curtailment. By integrating task scheduling with optical circuit routing through a scenario-driven approach and embedding multidimensional sustainability constraints, the framework significantly reduces environmental impact, demonstrating its effectiveness in enhancing the sustainability of AI infrastructure under real-world physical limitations.