The challenge of legacy infrastructure
In many organizations, cloud environments grow organically through manual “click‑ops”—repeatedly provisioning and tweaking resources via the Azure portal instead of Infrastructure as Code (IaC). This leads to hundreds or thousands of unmanaged resources, high drift risk, and poor visibility into configuration history.
This live test with SGCode—StackGuardian’s AI‑powered IaC generator—targeted an Azure subscription with over 1,000 resources, including virtual machines (VMs), storage accounts, network interfaces, and security groups. The goal was to transform this legacy setup into production‑ready Terraform code without manual effort, enabling better governance, documentation, and maintenance.
Step 1: Connecting and inventorying the environment
Action: SGCode connects to Azure via OIDC or managed identities, then runs a full cloud inventory scan in 5–10 minutes. That scan surfaced 16 resource types across 1,003 resources, far exceeding expectations and exposing “hidden” drift risks.
Key features:
- Filtering and grouping: Tag‑based filters and resource‑type grouping let teams scope boundaries (e.g., by app or environment), similar to how modern IaC tools partition workloads.
- Dependency graphs: Automatic mapping shows relationships, such as storage accounts linked to containers or VMs tied to network interfaces and security groups, helping avoid oversized Terraform state files.
This step provides an instant “infrastructure score”, revealing unmanaged resources and estimating code‑coverage gains—critical for moving away from pure ClickOps and toward governed IaC.
Step 2: Live codification runs
Run 1: Storage account + container
- Action: SGCode selected the storage account and its container via auto‑resolved dependencies, generated Terraform code, and ran a plan with zero‑diff confirmation.
- Results:
- ✅ Zero changes in Terraform plan—no destroys/adds, proving the AI‑generated code faithfully reflects the live state.
- Generated modular code (e.g., main.tf, reusable modules, sg.tfvars) that aligns with Terraform best‑practice patterns for Azure.
- Code passed Infracost cost analysis plus 400+ policy checks and was ready for a Git PR in Azure DevOps.
Learn more about ClickOps vs. IaC and why Terraform is a preferred solution for Azure:
Run 2: VM + network interface + security group
- Action: For a more complex dependency tree (7–8 resources), SGCode codified the VM, NIC, and security group, with shared NSGs excluded to avoid over‑scope.
- Results:
- ✅ 95% match in the plan; only minor tag tweaks were needed, with no infrastructure disruption.
- Produced production‑grade modules with embedded docs for sizing, OS configs, and tagging—ideal for reuse across teams.
- Logs confirmed safe reconciliations (e.g., patch states), mirroring how IaC and policy engines detect and prevent drift.
Key outcomes and enterprise feedback
Tester quote:
“This replaces GUI docs... business teams can now access IT‑prohibited info and build around IaC ownership.”
The healthcare enterprise plans to scale: codify remaining VMs and services, integrate Git workflows, and enable ongoing drift detection via webhooks—aligning with modern GitOps and IaC governance approaches.
Why SGCode wins for legacy modernization
- Non‑experts scale: A solution owner new to IaC achieved pro‑level results on Day 1, demonstrating how AI‑assisted codification lowers the barrier to Terraform adoption.
- Risk‑free adoption: Zero‑touch plans eliminate risky state hacks and manual import errors common in late‑stage migrations.
- ROI acceleration: Quarters of engineering effort are saved; modular Terraform code can be reused globally, reflecting the benefits StackGuardian touts in its positioning.
Read more about StackGuardian and SGCode and how it eliminates ClickOps‑driven technical debt:
