terraform

Managing infrastructure as code with Terraform involves authoring HCL configurations and modules to provision cloud resources across providers (AWS, GCP, Azure), using state files and locking, running terraform plan/apply, and integrating with CI/CD and remote backends for repeatable, auditable deployments.

terraform

12-Month Skill Trend

Momentum and market value over time
Trending
Score
+20 in 12 mo
96
12 mo agoNow
Career
Value
+$12K in 12 mo
$42K/year
12 mo agoNow

Recommended Survey Paper

Quick overview of the field
View more

Must-Read Papers

Most classic and influential ideas
View more

Cloud Infrastructure Management in the Age of AI Agents

Jun 13, 2025
ZY
Zhenning Yang
🏛️ University of Michigan | UC Berkeley | Andreessen Horowitz

This study addresses the high manual overhead faced by DevOps teams in managing multi-interface cloud infrastructures. We propose and systematically evaluate an LLM-driven AI agent framework for automation. Methodologically, the agent unifies heterogeneous interfaces—including SDKs, CLIs, Infrastructure-as-Code (IaC) tools, and web portals—to support core tasks such as configuration deployment, monitoring/alerting, and incident remediation. Key contributions include: (1) the first evaluation framework specifically designed for AI agents in cloud infrastructure management; (2) identification and systematic mitigation of three critical bottlenecks—interface semantic gaps, action execution reliability, and security constraint compliance; and (3) domain-specific optimization strategies validated in real-world deployments, demonstrating both task feasibility and cross-scenario generalizability. Our work establishes a reusable methodology and empirical benchmark for AI-native cloud operations.

Automating cloud infrastructure management using AI agentsEvaluating AI agents across diverse cloud interfacesIdentifying challenges in AI-driven cloud management solutions

Multi-Agent Code-Orchestrated Generation for Reliable Infrastructure-as-Code

Oct 04, 2025
RN
Rana Nameer Hussain Khan
🏛️ Virginia Tech

Large language models (LLMs) often generate syntactically invalid, policy-violating, or non-scalable Infrastructure-as-Code (IaC) configurations in a single-shot manner, especially for cloud-native Terraform deployments. Method: We propose MACOG, a multi-agent collaborative framework that enables reliable, policy-compliant Terraform code generation. MACOG employs a modular agent architecture coordinated via a shared blackboard and finite-state machine, integrating deployment feedback, constrained decoding, retrieval-augmented generation (RAG), and Open Policy Agent (OPA)-based policy validation into a closed-loop optimization pipeline. Contribution/Results: On the IaC-Eval benchmark, MACOG significantly outperforms single-agent baselines (74.02 points with GPT-5; 60.13 points with Gemini-2.5 Pro). Ablation studies confirm the critical roles of multi-agent collaboration, constrained decoding, and policy-driven feedback in achieving robust, compliant IaC generation.

Addresses unreliable Infrastructure-as-Code generation from natural languageEnsures scalable, compliant Terraform configurations via multi-agent collaborationSolves syntactic errors and policy violations in monolithic LLM approaches

Automated Cloud Infrastructure-as-Code Reconciliation with AI Agents

Oct 23, 2025
ZY
Zhenning Yang
🏛️ University of Michigan | Amazon Web Services

Infrastructure-as-Code (IaC) environments suffer from configuration drift when IaC tools are used alongside cloud consoles, CLIs, or SDKs, leading to state inconsistency and operational risks. To address this, we propose NSync—a novel AI agent system that unifies API log tracing, large language model (LLM)-based intent inference, and a self-evolving knowledge base to automatically detect non-IaC configuration changes and perform semantic-level remediation. NSync identifies configuration deviations by analyzing cloud API call logs, infers high-level operational intent via LLMs, and incrementally refines repair strategies in an iterative knowledge base. It further integrates IaC code generation with automated evaluation pipelines to ensure synchronization accuracy and efficiency. Evaluated on five real-world Terraform projects, NSync achieves a pass@3 accuracy of 0.97—up from 0.71—and reduces token consumption by 47%, significantly enhancing IaC environment consistency and maintainability.

Automating Infrastructure-as-Code reconciliation to resolve infrastructure driftDetecting non-IaC cloud changes via API traces and updating configurationsEmploying AI agents to infer intents and synthesize IaC updates

Smells-sus: Sustainability Smells in IaC

Jan 13, 2025
SA
Seif Ashraf
🏛️ Polytechnique Montréal

Infrastructure-as-Code (IaC) practices—particularly Terraform configurations—frequently induce resource waste and environmental unsustainability due to poor design choices. Method: This study systematically identifies and defines seven “sustainability code smells” in IaC through expert interviews, qualitative code analysis, and a large-scale empirical study of 28,327 open-source Terraform scripts. Contribution/Results: We reveal that smell causes are inherently multi-factorial and interdependent; all seven smells occur pervasively, with “Monolithic Infrastructure” being the most prevalent (9.67% occurrence rate), confirming widespread sustainability challenges in IaC development. Our work establishes the first taxonomy of IaC sustainability smells and provides an empirically grounded, detectable, and actionable foundation for green cloud operations and sustainable infrastructure engineering.

Cloud ComputingResource EfficiencySustainability

This work addresses the challenge of large language models (LLMs) generating Infrastructure-as-Code (IaC) that is syntactically incorrect, non-deployable, or policy-violating. The authors propose TerraFormer, the first neurosymbolic framework that integrates policy-guided formal verification feedback into LLM fine-tuning. TerraFormer combines supervised fine-tuning with verifier-guided reinforcement learning and introduces a multi-stage self-correction mechanism. The study also contributes two high-quality natural-language-to-IaC datasets, TF-Gen and TF-Mutn. Evaluated on IaC-Eval, TF-Gen, and TF-Mutn, TerraFormer achieves accuracy improvements of 15.94%, 11.65%, and 19.60% respectively, significantly outperforming 17 baselines—including GPT-4.1—and demonstrating superior compliance with security policies and infrastructure best practices.

Configuration CorrectnessInfrastructure-as-CodeLarge Language Models

Latest Papers

What's happening recently
View more

This work addresses the prevalence of “deceptive fixes” in large language model (LLM)-assisted repair of Terraform security configurations—patches that appear successful under static analysis yet fail to eliminate vulnerabilities or inadvertently compromise infrastructure semantics. To tackle this, the authors propose TerraProbe, the first five-tier oracle framework for evaluating Terraform repairs, integrating static scanning, plan validation, behavioral consistency, security intent alignment, and human adjudication. They also introduce a four-dimensional taxonomy to characterize deceptive fixes. Evaluating 288 samples, they find that while 83.3% pass the target checker, only 10.4% satisfy comprehensive scanning, 39.6% yield valid execution plans, and 71.4% are classified as deceptive. Notably, three leading LLMs show no significant performance differences, underscoring the pervasiveness of the issue. The study provides a reproducible evaluation methodology and an open-source toolkit.

deceptive fixesInfrastructure-as-CodeLLM-assisted repair

This study addresses the interoperability and migration challenges enterprises face when deploying workloads across AWS and Alibaba Cloud. Through a systematic comparison of architectural designs, service offerings, and operational policies between the two platforms, the research conducts an exploratory case study on migrating IoT workloads using both native and open-source Infrastructure-as-Code (IaC) tools. It reveals critical technical trade-offs inherent in cross-cloud co-deployment for the first time, distills best practices for secure, resilient, and vendor-lock-in-mitigated multicloud deployments, and proposes a multicloud interoperability framework tailored for global enterprises. The findings offer methodological support for empirically grounded multicloud strategies.

Alibaba CloudAWSinteroperability

This work addresses critical challenges in configuration management for large language model (LLM)-based coding agents, including configuration reuse ambiguities, unclear permission boundaries, and inadequate versioning. To tackle these issues, the authors propose Rel(AI)Build—the first deterministic, tool-agnostic configuration governance framework specifically designed for LLM coding agents. Treating agent definitions as managed supply chains, Rel(AI)Build enforces configuration integrity through SHA-256 content addressing, HMAC-signed lockfiles, hash-chain audit logs, hierarchical access controls, and a state-machine-driven development workflow. The framework also supports multi-IDE target compilation. Empirical evaluation demonstrates that Rel(AI)Build effectively preserves configuration immutability under adversarial compliance tests, thereby validating its reliability and security guarantees.

agent configurationconfiguration managementLLM coding agents

This study addresses the security challenges institutions face in governing the admission, oversight, and revocation of high-privilege external software and AI artifacts—such as dependency packages, container images, and model artifacts. The authors propose the “Custodial Envelope Threshold” framework, which for the first time links privilege scope to the custodial closure of artifacts. It enforces tiered admission control based on execution privileges, permitting infrastructure access only when artifacts satisfy closure conditions regarding identity, provenance path, and revocability. Integrating reference monitors, the principle of least privilege, and transaction cost economics, the framework yields an actionable four-condition sequential assessment tool. Empirical validation via a reference monitor model and a deterministic prediction function demonstrates that high-scrutiny organizations exhibit a pronounced preference for stronger custodial closure when managing high-privilege artifacts across diverse contexts, including package dependencies, GitHub Actions, container images, Terraform modules, and open-source models.

artifact admissioncustody envelopeexternal dependencies

This study addresses the evaluation of large language models’ capability to perform incremental modifications in Infrastructure-as-Code (IaC) development within cloud environments, specifically focusing on enterprise scenarios that require editing existing AWS CDK code based on natural language instructions. To this end, we introduce the first benchmark tailored for imperative IaC tools, leveraging real-world code repositories and natural-language-driven incremental editing tasks, with correctness validated through automated testing. Experimental results reveal that even state-of-the-art models exhibit limited performance—e.g., Sonnet 3.7 achieves only a 34% success rate—highlighting the significant challenges posed by reasoning over complex cloud resource dependencies and implementation patterns. This work fills a critical gap in existing benchmarks, which lack support for incremental editing in imperative IaC contexts.

AWS CDKCloud InfrastructureCode Generation

Hot Scholars

BB

Benedikt Blumenstiel

Research Software Engineer, IBM Research
Computer VisionFoundation ModelsEarth Observation
DI

Daniel I. Goldman

Professor of Physics, Georgia Tech
biomechanicsneuromechanicsgranular mediarobotics
GC

Gabriele Cavallaro

Forschungszentrum Jülich and University of Iceland
Remote SensingMachine LearningHigh Performance ComputingQuantum Computing