The landscape of Infrastructure as Code (IaC) is undergoing a profound transformation, driven by the rapid advancements in Artificial Intelligence. Marcin Wyszynski, the technical co-founder of Spacelift and a co-founder of the open-source project OpenTofu, recently shared his insights into this paradigm shift during an episode of The New Stack Agents. Wyszynski, whose background includes significant SRE experience at tech giants like Google and Facebook, detailed how AI is not merely augmenting IaC practices but fundamentally reshaping the way teams provision and manage cloud infrastructure, presenting both unprecedented opportunities and novel challenges.
Wyszynski’s journey into the IaC space began with the realization that existing tools, while effective for individual practitioners, struggled to scale within collaborative team environments. This led to the development of Spacelift, a platform designed to address the complexities of IaC in a team setting. Following the contentious licensing changes to Terraform by HashiCorp in 2023, Wyszynski became a key figure in the creation of OpenTofu, a community-driven fork now backed by the Linux Foundation. However, his current focus has shifted from licensing debates to the more immediate and impactful influence of AI on the future of IaC and platform engineering.
The Evolution of IaC: From Manual Crafting to AI Assistance
Historically, IaC tools operated under the assumption that the individual writing the code possessed a deep understanding of the underlying infrastructure and its intended functionality. This model, while robust, often created bottlenecks as organizations scaled and infrastructure complexity grew. The emergence of sophisticated AI coding assistants, such as GitHub Copilot and others, has begun to erode this assumption.
Wyszynski shared an anecdote from a recent customer discovery tour that vividly illustrated this change. The feedback was remarkably consistent: developers and engineers were no longer manually writing the HashiCorp Configuration Language (HCL), the declarative language at the heart of Terraform and OpenTofu. Instead, AI coding tools were generating this code, significantly lowering the barrier to entry and accelerating the initial configuration process. This has led to a perceived collapse in the learning curve associated with infrastructure setup.
However, Wyszynski cautioned that this newfound ease of generation comes with a critical caveat, which he likened to the experience of using a Portuguese phrasebook during a trip to Portugal. "He understood our question, but we have no way of understanding his answer," he explained, drawing a parallel to the potential disconnect between AI-generated code and a human’s comprehension of its implications. In the realm of infrastructure, this comprehension gap can have severe consequences. While application-level errors can often be mitigated through rollbacks, misconfigurations in critical infrastructure can lead to catastrophic data loss or system outages, potentially impacting production databases.
The increasing demand for democratized access to infrastructure provisioning, fueled by the accelerated pace of software development, further exacerbates this risk. Organizations are striving to empower teams like data scientists to provision their own resources without the delays associated with traditional ticket-based workflows and lengthy DevOps approvals. Yet, without a deep understanding of the generated code, these empowered users could inadvertently introduce significant vulnerabilities.
Bridging the Gap: From "Stupid" to "Ceremonial" and Beyond
Wyszynski outlined the traditional dichotomy faced by infrastructure teams prior to the widespread adoption of AI. On one end of the spectrum lay what he termed the "stupid" approach: manual interactions with cloud provider consoles, devoid of any auditable record or version control. This method was prone to errors and lacked reproducibility. On the other end was the "ceremonial" IaC workflow. This involved a rigorous process of writing code, submitting pull requests, undergoing peer reviews, passing policy checks, and finally deploying. While robust and secure, this iterative process was time-consuming and often hindered agility.
"If all you have is a choice between stupid and ceremonial, if all you have is a hammer, everything looks like a ceremonial problem," Wyszynski observed. This often resulted in infrastructure teams becoming a bottleneck, lagging significantly behind the faster-paced application development teams and accumulating a substantial backlog of pending requests.
Spacelift’s response to this challenge is its product, Intent. Unlike traditional approaches where an LLM generates configuration code that then navigates a predefined pipeline, Intent takes a fundamentally different approach. It empowers the LLM to directly query cloud provider schemas and execute create, update, or delete operations on infrastructure resources in near real-time. This allows for rapid iteration and prototyping. Crucially, when a resource is deemed ready for production, Intent provides a streamlined, one-click pathway to generate the complete, production-ready IaC code.
A key differentiator of Spacelift’s approach lies in its commitment to deterministic guardrails. Rather than relying on further LLM calls, which can introduce their own unpredictability, Spacelift integrates Open Policy Agent (OPA) policies as middleware. These OPA policies act as vigilant overseers, ensuring that the LLM’s provisioning actions remain within defined organizational boundaries. Building upon this foundation, Spacelift Intelligence, launched in March, provides an essential context layer. This feature imbues the LLM with an understanding of an organization’s existing projects, reusable modules, and enforced policies, enabling more informed and compliant decision-making.
The Balancing Act: Speed, Control, and Trust in the Age of AI
The central dilemma confronting platform engineering teams today, according to Wyszynski, is the perpetual quest to balance the imperative for speed with the necessity of control. Organizations are exploring various strategies to navigate this tension. Some advocate for allowing engineers to freely experiment with infrastructure in ephemeral AWS accounts, later importing the validated configurations into production IaC. Others maintain that every change must rigorously adhere to the established code review process. Wyszynski views both approaches as valid, recognizing them as distinct responses to the inherent challenges of modern cloud management.
Spacelift itself practices what it preaches. While the company’s internal teams utilize OpenTofu for defining their infrastructure, they opt for AWS CloudFormation for deploying their applications. This choice is driven by CloudFormation’s atomic rollback capabilities, which can swiftly revert a deployment if, for instance, newly launched containers begin failing. This pragmatic approach underscores the importance of selecting the right tool for the specific task, especially when dealing with the complexities of production environments.
Wyszynski directly addressed the common enterprise apprehension regarding the trustworthiness of LLMs for production infrastructure, citing their perceived lack of determinism. He countered this by pointing out the inherent non-determinism of human behavior. "Humans are non-deterministic as well," he stated. For decades, organizations have successfully implemented guardrails and oversight mechanisms for human operators, and Wyszynski argues that the same principle applies to LLMs. "We got used to the fact that humans need guardrails. There’s nothing new conceptually in having LLMs require guardrails as well." This perspective shifts the conversation from whether LLMs can be trusted to how they can be effectively governed and integrated into secure workflows.
The implications of AI in IaC extend beyond mere code generation. They point towards a future where infrastructure management becomes more intuitive, accessible, and potentially more efficient. However, this future is contingent on the development and adoption of robust governance frameworks, comprehensive understanding of AI outputs, and a continued emphasis on security and compliance. As organizations increasingly leverage AI to accelerate their cloud adoption and streamline operations, the lessons learned from pioneers like Wyszynski and platforms like Spacelift will be critical in ensuring that this technological leap leads to enhanced agility without compromising the stability and security of critical infrastructure. The journey of AI in IaC is still in its nascent stages, but its trajectory suggests a fundamental reimagining of how we build and manage the digital foundations of our organizations.