zagandesign - Fotolia

Tip

Break down CloudFormation vs. Terraform for AWS deployments

CloudFormation is AWS' native infrastructure-as-code tool but many devs -- especially those working in multi-cloud environments -- prefer Terraform. Learn the differences between the two.

Automation is at the core of most enterprises' cloud infrastructure, both to configure and deploy resources. Though there are many infrastructure-as-code tools available, two of the most popular are AWS CloudFormation and HashiCorp's Terraform.

Between these two choices, let's explore which tool makes the most sense to use with AWS, and in what scenarios.

AWS infrastructure-as-code options at a glance

CloudFormation

AWS CloudFormation was released in 2011 as a free service to use on Amazon's cloud. CloudFormation configurations are written in either JSON or YAML formats. These formats can be simple to understand and write, but don't offer built-in logic capabilities. Although the formats can be easy to read, CloudFormation configurations tend to be verbose and the service can have a steep learning curve.

AWS CDK

To enable more advanced scenarios, Amazon added the AWS Cloud Development Kit (CDK). Built on CloudFormation, this software development toolkit enables developers to define their cloud resources in popular languages such as TypeScript, JavaScript and Python. Access to these languages means that developers can extend CloudFormation templates with logic capabilities to create templates better suited to unique environments.

Terraform

Initially released in 2014, Terraform has seen rapid adoption across many environments. Similar to CloudFormation, it's configured with a JSON-compatible language called Hashicorp Configuration Language (HCL). However, Terraform is not solely an AWS-targeted tool. It can configure many different resource types -- on premises or on other public clouds.

AWS CloudFormation vs. Terraform

Both tools can configure AWS as needed. Let's look at how they differ in functionality and ease of use.

State management

An IT team needs to know the state of its environment in order to keep resources synchronized and to avoid conflicts and misconfigurations. Terraform keeps a local state file that can import or configure past resources, but state management is not centralized.

CloudFormation handles state within its cloud-based engine. Therefore, all conflict management is dealt with centrally, making it generally easier to deal with than Terraform when it comes to state management.

Resource coverage

CloudFormation and Terraform are comparable in their ability to provision Amazon cloud services. However, one significant benefit that Terraform has over CloudFormation is cloud independence. If you have a hybrid cloud environment, Terraform could configure multiple clouds as needed. Ultimately, this would cut down on the number of tools you would need to manage all your environments.

Change management

Before you apply any configuration changes, it's prudent to verify what's about to happen. CloudFormation offers Change Sets to validate and test your changes. Similarly, Terraform provides the output of a detailed execution plan that outlines everything about to change. Both tools offer similar functionality for change management.

Staged/Rolling updates

CloudFormation, as a native AWS tool, integrates with AWS Auto-Scaling Groups, which enables you to roll your changes to your EC2 instances as needed. Terraform does not have this integration and applies to all targeted instances equally.

You could use Terraform to manually target instances to get the same rolling effect, but Terraform lacks the ease and flexibility of CloudFormation in this case.

Terraform and CloudFormation together

Terraform and CloudFormation can absolutely work together. Whether you would want to, though, depends on what you want to accomplish. For example, if you have a multi-cloud architecture, you could manage Microsoft Azure resources with Terraform and manage AWS resources with CloudFormation. Or, as another example, you could work with both tools in AWS -- Terraform for local and smaller cloud development environments and CloudFormation for production environments.

But, since the tools don't share state, it would be a challenge to synchronize configurations, management and other aspects. It might ultimately result in more problems than solutions.

AWS CloudFormation vs. Terraform examples

Below are two examples to demonstrate both the similarities and differences in the template languages. Please note that these are simplified and don't contain all the potentially necessary authentication information. We've stripped down these examples to compare the configuration differences between the languages.

Deploy an EC2 resource

Our first example uses CloudFormation to deploy a simple EC2 instance in the YAML format.

Resources:
  CustomEC2Instance:
    Type: "AWS::EC2::Instance"
    Properties:
      InstanceType: t2.small
      ImageId: ami-011b6930a81cd6aaf

Next, we'll deploy the same EC2 instance with Terraform HCL.

resource "aws_instance" "CustomEC2Instance" {
  ami           = "ami-011b6930a81cd6aaf"
  instance_type = "t2.small"
}

Configure a security group

Like the above examples, we'll first demonstrate how to create an AWS security group using the CloudFormation YAML format.

Type: AWS::EC2::SecurityGroup
Properties:
  GroupName: allow_tls
  SecurityGroupIngress: 
        - IpProtocol: tcp
      FromPort: 443
      ToPort: 443
  Tags: 
    - allow_all

Similarly, below is the same example but with HCL for Terraform.

resource "aws_security_group" "allow_tls" {
  name        = "allow_tls"

  ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
  }

    tags = {
    Name = "allow_all"
    }
}

What's next for Terraform and CloudFormation

Both tools benefit from active, continued development. CloudFormation is focused on the coverage of existing and upcoming Amazon cloud services to make sure it can configure and deploy everything as needed. AWS released a public roadmap for CloudFormation following issues with service coverage, but users still want to see further improvements.

On the other hand, Terraform is focused on refining HCL and introducing limited logic and loop support. Terraform offers several loop types but does not have proper conditional language support.

Since CloudFormation templates are unlikely to add logic capabilities that increase the flexibility of your deployments, this is where AWS CDK comes in. As the development of the CDK continues, ideally, AWS could offer the best of both worlds -- configuration as code and the native language abilities needed to extend those templates.

Ultimately, Terraform and CloudFormation offer robust tools for configuration and provisioning of your AWS environment. Terraform is the obvious option for hybrid or multi-cloud deployments. But the addition of the AWS CDK -- and its ability to use the logic control and language capabilities of JavaScript and Python -- may sway users to consider CloudFormation as their go-to option on AWS.

Next Steps

Steps to launch an EC2 instance using AWS CloudFormation

AWS CloudFormation vs Terraform: How to choose?

Dig Deeper on AWS cloud development

App Architecture
Cloud Computing
Software Quality
ITOperations
Close