AWS CloudFormation vs. Terraform: How to choose?

Choose the right IaC tool

IaC delivers a code-based approach to launch and configure infrastructure resources such as compute, storage, networking and security. IaC requires a text-based template using a standardized syntax for each infrastructure resource. This enables application owners to apply version control and minimize manual intervention in the release process. IaC saves software development teams a significant amount of time and delivers consistency and reliability across application environments. It also helps with process efficiency with the reusability of templates and configurations across an organization.

What is AWS CloudFormation?

AWS CloudFormation, launched in 2011, is an IaC service that enables users to model and set up AWS resources using templates. The service provisions and manages these resources in an orderly repeatable and predictable way. The learning curve is pretty simple since most developers are already familiar with JSON and YAML syntax. When using CloudFormation, it is highly recommended to use YAML instead of JSON, given that it's an easier syntax to handle. It is less verbose than JSON and it allows adding comments, which is an essential feature for team members to review existing templates. Four important concepts in using AWS CloudFormation are templates, stacks, change sets and stack sets.

What is Terraform?

HashiCorp Terraform, launched in 2014, is an open source software tool that enables IT teams to automate infrastructure provisioning with reusable, shareable and human-readable configuration files for both on-premises and cloud environments. Terraform has its own template syntax called HashiCorp Configuration Language, more commonly known as HCL. HCL might require some additional time for developers to learn because it might be unfamiliar.

Compare key features

AWS CloudFormation and Terraform use the concept of a stack, which is a grouping of cloud components managed as a deployment unit. Stacks can arrange applications, environments and any grouping that is relevant to a particular organization. Parameters define cloud resources specific to the type of cloud components that launch. Both tools use dynamic parameters relevant to a launch, for example, launching different Amazon EC2 instance types for a development environment versus a production one.

We will take a closer look at these four areas:

• Modularity.
• Template customizations.
• Failure handling.
• Support.

Modularity

Modularity is the ability to create common components that can be reused across multiple deployments. AWS CloudFormation offers the modules feature, which are building blocks that are added to a common registry and reused across multiple stacks within a single account or across multiple AWS accounts.

Terraform has a similar feature, also called modules, that reuses common configurations and manages them either locally or remotely in custom registries or Git repositories.

Template customizations

Regarding template customizations, Terraform provides a wider range of built-in functions compared to AWS CloudFormation. In many cases, it's extremely useful to apply dynamic configurations to a stack based on conditions and custom logic. In this area, Terraform offers more flexibility given the narrow range of AWS CloudFormation built-in functions. However, AWS CloudFormation offers built-in integration with custom Lambda functions -- built by the stack owner -- that can perform complex logic during stack updates.

Failure handling

It's not unusual to face situations where updates aren't applied for various reasons ranging from incorrect configurations to external failures. AWS CloudFormation delivers a reliable failure handling mechanism that enables developers to either keep, update or roll back resources associated with an unsuccessful stack creation or update. Terraform doesn't offer a native rollback feature, which means developers must specifically apply the next steps to either remove or update the affected resources.

AWS CloudFormation's change sets provide developers with a high-level visualization of resource updates before they get applied to a stack and either continue or cancel the operation. Terraform has a similar feature called plan which reduces the likelihood of applying unwanted, potentially destructive updates to a stack.

Support

One important difference between the two IaC tools is that Terraform supports multiple cloud providers, such as AWS, Azure, Google Cloud, Oracle and Digital Ocean, while CloudFormation only supports AWS. For a multi-cloud approach, Terraform is definitely an option to consider. Keep in mind that each cloud provider requires a different set of parameters and configurations that users need to specify in Terraform, which could result in a complex set of templates.

Given that Terraform is not a tool released by a cloud provider, new features in a particular platform are not necessarily available in Terraform. In the case of AWS, CloudFormation has a shorter timeframe before new AWS features and services are available for launch using IaC, compared to Terraform. When using CloudFormation, there's the option to engage AWS support for any potential issues. Terraform doesn't offer direct support from cloud providers, just from Hashicorp and online communities.

Ernesto Marquez is the owner and project director at Concurrency Labs, where he helps startups launch and grow their applications on AWS. He particularly enjoys building serverless architectures, automating everything and helping customers cut their AWS costs.