I'm coming from a Microsoft Azure perspective here, and looking to move from manually created/partially scripted infra-setup with VM's to full IaC using Azure DevOps as a single repo for code, infra and pipelines.
In my current infrastructure we have a lot of Windows Server VM's that after provisioning still require additional OS configuration and app installations.
Am I correct in thinking that IaC only really 'works' as intended if you only provision Azure managed services (like storage, containers, app services etc), and not use IAAS like VM's? Ofcourse I can still 'code' the Virtual Machines themselves, but that still leaves the configuration of the VM uncoded? So can IaC be fully used for 'legacy' IAAS scenarios?
Think of it as a layering process - you may use terraform or something to build your assets, then something like salt/chef/ansible/puppet to do configuration management. You would build and then trigger something to apply configuration as you see fit.
IaC works just fine for virtual machines and really any cloud infrastructure. But your not talking about IaC, you're talking about Configuration as Code, which is the next layer up. You'd want your IaC tool to hand off to you CaC tool, which might be something as simple as just running a PowerShell script with the custom script extension, or it might be a full blown Configuration as Code tool like Puppet, Chef, Ansible etc.