Terraform Plan Time Estimator
Estimate Terraform plan and apply execution time based on resource count, provider API latency, and state size.
IaC Coverage Calculator
Calculate the percentage of infrastructure managed as code versus manually provisioned. Track IaC adoption progress.
IaC Coverage Calculator
hrs
$
hrs
IaC Coverage⧉
70.00%
140 of 200 resources managed
Effective Coverage⧉
65.00%
Excluding 10 drifted resources (7.10% drift rate)
Unmanaged Gap⧉
60 resources
Still manually provisioned
Migration Effort⧉
240 hours
6 engineer-weeks at 4 hrs/resource
Migration Cost⧉
$18,000
240 hrs × $75/hr
ROI Payback⧉
80.0 months
Saves ~$2,700/yr in incident costs
IaC Maturity: Intermediate
70.00%
Core resources managed, some manual driftMonthly Incident Cost⧉
$450
3 incidents × 2 hrs × $75/hr
Annual Incident Cost⧉
$5,400
Projected yearly cost from manual config incidents
| Target Coverage | Resources to Convert | Hours | Est. Cost |
|---|---|---|---|
| 25% | 0 | 0 | $0 |
| 50% | 0 | 0 | $0 |
| 75% | 10 | 40 | $3,000 |
| 90% | 40 | 160 | $12,000 |
| 95% | 50 | 200 | $15,000 |
| 100% | 60 | 240 | $18,000 |
IaC Maturity Model Reference
| Level | Coverage | Characteristics |
|---|---|---|
| Elite | 95%+ | Fully automated, self-healing infrastructure |
| Advanced | 80%+ | Strong coverage with CI/CD pipelines for infra |
| Intermediate | 60%+ | Core resources managed, some manual drift |
| Beginning | 30%+ | Isolated adoption — high drift risk |
| Ad Hoc | 0%+ | Manual provisioning dominates |
Planning notes, formulas, and examples
About the IaC Coverage Calculator
Infrastructure as Code (IaC) coverage measures what percentage of your infrastructure is defined, deployed, and managed through code (Terraform, CloudFormation, Pulumi, etc.) versus manually provisioned through consoles or CLI commands. High IaC coverage means reproducible, auditable, and consistent infrastructure.
This calculator helps track IaC adoption by comparing the number of resources managed through code against the total infrastructure inventory. It surfaces the gap between current state and target coverage, and estimates the effort needed to close it.
Organizations with high IaC coverage experience fewer configuration drifts, faster disaster recovery, easier compliance auditing, and more reliable deployments. The journey from manual infrastructure to full IaC typically takes 6–18 months for medium-sized organizations.
When This Page Helps
IaC coverage is a key DevOps maturity metric. This calculator quantifies your progress and helps plan the effort needed to bring remaining manual infrastructure under code management.
How to Use the Inputs
- Enter the total number of infrastructure resources (VMs, databases, load balancers, etc.).
- Enter the number of resources managed by IaC.
- Enter the estimated hours to convert one manual resource to IaC.
- Review the IaC coverage percentage and conversion effort estimate.
Formula used
IaC Coverage = (iac_resources / total_resources) × 100
Conversion Effort = (total_resources − iac_resources) × hours_per_resource
Gap = total_resources − iac_resourcesExample Calculation
Result: 70% IaC coverage, 240 hours to full coverage
IaC coverage: 140 / 200 = 70%. Remaining gap: 60 resources. Conversion effort: 60 × 4 hours = 240 hours. At one engineer's capacity, that's about 6 weeks of focused work.
Tips & Best Practices
- Start with high-churn resources (environments created/destroyed frequently).
- Import existing resources into Terraform/Pulumi before writing new code.
- Track IaC coverage by category: compute, networking, storage, security.
- Set a target of 90%+ coverage — some resources (one-off configs) may not justify IaC.
- Use drift detection tools to catch manual changes to IaC-managed resources.
- Prioritize security-sensitive resources (IAM, firewalls) for early IaC adoption.
Why IaC Coverage Matters
Manually provisioned infrastructure is a liability: it's not reproducible, not auditable, and prone to configuration drift. Each manual resource is a potential incident waiting to happen because it exists outside your version-controlled, peer-reviewed workflow.
The IaC Adoption Journey
Most teams follow a three-phase journey: (1) Green-field IaC for new infrastructure, (2) Import existing critical resources, (3) Convert remaining manual resources. Phase 1 is easiest and shows immediate value. Phase 2 requires careful planning. Phase 3 is a long tail.
Measuring IaC Maturity
Coverage percentage is the starting metric, but mature IaC practices also include: modules for reusability, automated testing (terratest), CI/CD pipelines for infrastructure changes, policy-as-code (OPA, Sentinel), and automated drift remediation.
Sources & Methodology
Last updated:
Frequently Asked Questions
Elite teams target 95%+. A realistic target for most organizations is 80–90%. Below 70%, the benefits of IaC are significantly diluted because manual resources create inconsistency and drift. Some resources (temporary debug instances) may not warrant IaC.
Count discrete cloud resources: VMs, databases, load balancers, DNS records, IAM roles, storage buckets, VPCs, subnets, security groups, etc. Cloud provider resource inventories or tools like AWS Config provide this count.
Prioritize: (1) security resources (IAM, firewall rules), (2) networking (VPCs, subnets, DNS), (3) compute (VMs, containers), (4) data services (databases, caches). Security and networking are most impactful because they're shared and rarely change.
Simple resources (storage buckets, DNS records) take 1–2 hours. Complex resources (databases with replication, load balancers with rules) take 4–8 hours. Highly interconnected resources (VPCs with many dependencies) may take 8–16 hours.
Even IaC-managed resources can drift if manual changes are made. Use drift detection to compare actual state against declared state. Tools like Terraform Cloud, Spacelift, and AWS Config can continuously monitor for drift and alert.
Using one tool (e.g., Terraform) for most resources simplifies operations. However, some resources are better managed by specialized tools: Kubernetes manifests for cluster resources, Ansible for OS configuration. A heterogeneous but standardized approach works well.
More in this topic
Ansible Playbook Time Estimator
Estimate Ansible playbook execution time based on number of hosts, tasks, SSH connection overhead, and parallelism.
Cost per Deploy Calculator
Calculate the true cost of each deployment including CI/CD compute, engineer time, rollback risk, and opportunity cost.