---
title: "Making IaC boring · Ruslan Akchurin"
canonical_url: https://ruslanakchurin.dev/blog/making-iac-boring
description: "An IaC codebase takes shape before anyone names the architecture: the first migration, the account layout, the output path someone reaches for, the shared project that feels convenient. This series names those choices early enough for ownership, dependency direction, and tier membership to be reviewed before they become migration work."
series: making-iac-boring
seriesName: "Making IaC boring"
---

# Making IaC boring

An IaC codebase takes shape before anyone names the architecture: the first migration, the account layout, the output path someone reaches for, the shared project that feels convenient. This series names those choices early enough for ownership, dependency direction, and tier membership to be reviewed before they become migration work.

## Parts

- Part 1 — [Start with the shape](https://ruslanakchurin.dev/blog/making-iac-boring/01-shape) — By the time anyone reviews an IaC codebase, its shape is already decided.
- Part 2 — [Resolve by contract](https://ruslanakchurin.dev/blog/making-iac-boring/02-contract) — Cross-stack dependencies make another stack's outputs a public interface. A typed contract on a producer namespace and key is the alternative.
- Part 3 — [Define tier membership](https://ruslanakchurin.dev/blog/making-iac-boring/03-membership) — Environment boundaries blur when workload-specific members (service accounts, IAM bindings, DNS records) accumulate in the shared environment tier.
- Part 4 — [Fail before apply](https://ruslanakchurin.dev/blog/making-iac-boring/04-fail-before-apply) — An IaC contract holds only if the release path enforces it: a resolver checks type and context, then refuses invalid composition before apply.
- Part 5 — [Re-cut the system](https://ruslanakchurin.dev/blog/making-iac-boring/05-re-cut-the-system) — Refactoring a live IaC system toward a new architecture: freeze the old boundary, publish the new contract beside it, delete only after consumers move.
- [Appendix A: The shape, runnable](https://ruslanakchurin.dev/blog/making-iac-boring/appendix-a) — A companion repository makes the series architecture executable: four tiers, typed cross-tier contracts, and resolver probes that refuse bad composition before any provider call.