Calculate the percentage of infrastructure managed as code versus manually provisioned. Track IaC adoption progress.
Infrastructure as Code (IaC) coverage measures what percentage of your infrastructure is defined, deployed, and managed through code (Terraform, CloudFormation, Pulumi, etc.) versus manually provisioned through consoles or CLI commands. High IaC coverage means reproducible, auditable, and consistent infrastructure.
This calculator helps track IaC adoption by comparing the number of resources managed through code against the total infrastructure inventory. It surfaces the gap between current state and target coverage, and estimates the effort needed to close it.
Organizations with high IaC coverage experience fewer configuration drifts, faster disaster recovery, easier compliance auditing, and more reliable deployments. The journey from manual infrastructure to full IaC typically takes 6–18 months for medium-sized organizations.
Understanding this metric in precise terms allows technology leaders to make evidence-based decisions about scaling, architecture, and infrastructure investment priorities for their organizations. Tracking this metric consistently enables technology teams to identify system performance trends and address potential issues before they impact end users or business operations.
IaC coverage is a key DevOps maturity metric. This calculator quantifies your progress and helps plan the effort needed to bring remaining manual infrastructure under code management. Regular monitoring of this value helps DevOps teams detect anomalies early and maintain the system reliability and performance that users and business stakeholders expect.
IaC Coverage = (iac_resources / total_resources) × 100 Conversion Effort = (total_resources − iac_resources) × hours_per_resource Gap = total_resources − iac_resources
Result: 70% IaC coverage, 240 hours to full coverage
IaC coverage: 140 / 200 = 70%. Remaining gap: 60 resources. Conversion effort: 60 × 4 hours = 240 hours. At one engineer's capacity, that's about 6 weeks of focused work.
Manually provisioned infrastructure is a liability: it's not reproducible, not auditable, and prone to configuration drift. Each manual resource is a potential incident waiting to happen because it exists outside your version-controlled, peer-reviewed workflow.
Most teams follow a three-phase journey: (1) Green-field IaC for new infrastructure, (2) Import existing critical resources, (3) Convert remaining manual resources. Phase 1 is easiest and shows immediate value. Phase 2 requires careful planning. Phase 3 is a long tail.
Coverage percentage is the starting metric, but mature IaC practices also include: modules for reusability, automated testing (terratest), CI/CD pipelines for infrastructure changes, policy-as-code (OPA, Sentinel), and automated drift remediation.
Elite teams target 95%+. A realistic target for most organizations is 80–90%. Below 70%, the benefits of IaC are significantly diluted because manual resources create inconsistency and drift. Some resources (temporary debug instances) may not warrant IaC.
Count discrete cloud resources: VMs, databases, load balancers, DNS records, IAM roles, storage buckets, VPCs, subnets, security groups, etc. Cloud provider resource inventories or tools like AWS Config provide this count.
Prioritize: (1) security resources (IAM, firewall rules), (2) networking (VPCs, subnets, DNS), (3) compute (VMs, containers), (4) data services (databases, caches). Security and networking are most impactful because they're shared and rarely change.
Simple resources (storage buckets, DNS records) take 1–2 hours. Complex resources (databases with replication, load balancers with rules) take 4–8 hours. Highly interconnected resources (VPCs with many dependencies) may take 8–16 hours.
Even IaC-managed resources can drift if manual changes are made. Use drift detection to compare actual state against declared state. Tools like Terraform Cloud, Spacelift, and AWS Config can continuously monitor for drift and alert.
Using one tool (e.g., Terraform) for most resources simplifies operations. However, some resources are better managed by specialized tools: Kubernetes manifests for cluster resources, Ansible for OS configuration. A heterogeneous but standardized approach works well.