If your infrastructure isn't defined in code, it doesn't exist.
ISO 27001 audit on an IoT platform with 500+ messages per second. The auditors asked one question: "How do you prove what changed in your infrastructure, when, and by whom?"
31 CloudFormation stacks. Every Lambda, DynamoDB table, API Gateway. Defined in code. Git was the full audit trail. Every infra change was a reviewed, approved pull request.
In 2026, the AWS console is for debugging, not deploying. IaC isn't a nice-to-have. It's the professional baseline.
Couple IaC with proper IAM policies and you're golden: reproducible infra, auditable changes, least-privilege access. All in code, all in git.
Even 1 single Lambda: 20 lines of Terraform vs. 15 clicks nobody can reproduce.
What's your take ? is there ever a good reason NOT to use IaC for production infrastructure?