Getty Images/iStockphoto
AWS CloudFormation vs. Terraform: How to choose?
AWS users need an IaC tool to automate the deployment and management of their AWS environment. AWS CloudFormation and Terraform can both accomplish this goal, but which is best?
Cloud admins and architects need reliable tools to automate launching and managing cloud-based infrastructure. Automation plays a key role in delivering efficient procedures, like code deployments and regular infrastructure updates, to launch modern software applications. Infrastructure as code has become an essential tool to achieve this capability.
Users who have an AWS environment and want to employ Infrastructure as code (IaC) have two popular options to choose from: AWS CloudFormation and Terraform. CloudFormation is a service native to AWS and Terraform is an open source IaC tool that supports multiple cloud platforms. While they both enable cloud infrastructure deployment automation, they have different approaches to syntax, processes, visibility and resource management.
Let's better understand both IaC tools and see how they compare in key features, such as the following:
- Modularity.
- Template customizations.
- Scalability.
- Failure handling.
- Support.
- DevOps.
Choose the right IaC tool
IaC delivers a code-based approach to launching and configuring infrastructure resources such as compute, storage, networking and security. It requires a text-based template using a standardized syntax for each infrastructure resource. This enables application owners to apply version control and minimize manual intervention in the release process. IaC saves software development teams a significant amount of time and delivers consistency and reliability across application environments. Reusable templates and configurations also help with process efficiency across the organization.
What is AWS CloudFormation?
AWS CloudFormation, launched in 2011, is an IaC service that enables users to model and set up AWS resources using templates. The service provisions and manages these resources repeatably and predictably. The learning curve is simple since most developers are already familiar with JSON and YAML syntax. When using CloudFormation, it is highly recommended to use YAML instead of JSON, given that it's easier to handle. It is less verbose than JSON and enables user comments, which is an essential feature for team members to review existing templates. Four important concepts in using AWS CloudFormation are templates, stacks, change sets and stack sets.
What is Terraform?
HashiCorp Terraform, launched in 2014, enables IT teams to automate infrastructure provisioning with reusable, shareable and human-readable configuration files for both on-premises and cloud environments. Terraform has its own template syntax called HashiCorp Configuration Language, more commonly known as HCL. Because HCL is unfamiliar, developers might require some additional time to learn it.
In 2023, Hashicorp announced it would adopt a Business Source License, a significant move away from its open-source roots. While Terraform currently holds 62% of the IaC market share, only 47% of practitioners plan to continue to use it in the future, according to "The State of IaC 2025" by Firefly. OpenTofu, an open source Terraform fork, is rising as a competitor -- 12% of practitioners currently use it and 27% plan to use it in the future.
Compare key features
AWS CloudFormation and Terraform use the concept of a stack, which is a grouping of cloud components admins manage as a deployment unit. Stacks can arrange applications, environments and any grouping that is relevant to a particular organization. Parameters define cloud resources specific to the type of cloud components that launch. Both tools use dynamic parameters relevant to a launch, for example, launching different Amazon EC2 instance types for a development environment versus a production one.
Let's take a closer look at some of the key capabilities of both tools to discover their use cases. We will focus on the following:
Modularity
Modularity is the ability to create common components for reuse across multiple deployments. AWS CloudFormation offers the modules feature, which are building blocks that complement common registries. Administrators can reuse them across multiple stacks within a single account or across multiple AWS accounts.
Terraform has a similar feature, also called modules. It reuses common configurations and manages them either locally or remotely in custom registries or Git repositories.
Template customizations
Terraform provides a wider range of built-in functions for template customization compared to AWS CloudFormation. In many cases, it's useful to apply dynamic configurations to a stack based on conditions and custom logic. Terraform offers more flexibility given the narrow range of AWS CloudFormation built-in functions. However, AWS CloudFormation offers built-in integration with custom Lambda functions -- built by the stack owner -- that can perform complex logic during stack updates.
Scalability
CloudFormation and Terraform stacks can manage up to 500 resources, which is sufficient for most large cloud infrastructure deployments. If a particular deployment exceeds this limit, one alternative in either platform is to launch multiple stacks. CloudFormation also offers the nested stack feature, with a limit of 2,500 resources.
The amount of time it takes to launch multiple resources can be similar in both tools, but it can vary significantly depending on the type and number of resources users must manage. While some deployments in either platform can take a few seconds to complete, there are situations where they can take several minutes. A key factor in CloudFormation launch time is the interdependency of resources, which results in a sequential launch of these components and potentially a longer launch time.
Failure handling
It's not unusual to face situations where updates aren't applied for various reasons, ranging from incorrect configurations to external failures. AWS CloudFormation delivers a reliable failure handling mechanism that enables developers to either keep, update or roll back resources in an unsuccessful stack creation or update. Terraform doesn't offer a native rollback feature, which means developers must specifically apply the next steps to either remove or update the affected resources.
AWS CloudFormation's change sets provide developers with a high-level visualization of resource updates before application. They can then either continue or cancel the operation. Terraform has a similar command called plan, which reduces the likelihood of applying unwanted, potentially destructive updates to a stack.
Support
One important difference between these two IaC tools is that Terraform supports multiple cloud providers, such as AWS, Azure, Google Cloud, Oracle and Digital Ocean, while CloudFormation only supports AWS. For a multi-cloud approach, consider Terraform. Keep in mind that each cloud provider requires a different set of parameters and configurations that users need to specify in Terraform, which could result in a complex set of templates.
Given that Terraform is not a cloud provider tool, new features in a particular platform are not necessarily available in Terraform. In the case of AWS, CloudFormation has a shorter time frame before new AWS features and services are available for launch using IaC, compared to Terraform. When using CloudFormation, there's the option to engage AWS support for any potential issues. Terraform doesn't offer direct support from cloud providers, just from Hashicorp and online communities.
DevOps
IaC is an essential component in a DevOps strategy. Integrating cloud infrastructure updates into the code management process delivers critical visibility into how infrastructure deploys, as well as launch and test automation, troubleshooting and rollback strategies in case of failure.
Given the potentially disruptive nature of infrastructure updates, it is important to implement manual approval processes for certain infrastructure updates. Terraform's plan command and CloudFormation's change sets are critical components in this process.
Both Terraform and CloudFormation deliver a similar level of integration with CI/CD pipelines and DevOps processes. Users can trigger them from pipelines in common Git repositories, such as GitLab, BitBucket or GitHub, or from AWS services such as CodePipeline or CodeBuild.
How to decide which is right for your organization?
If there are existing CI/CD pipelines, it is critical to evaluate how each tool would integrate with them and identify any potential advantages or issues. One factor to consider is that Terraform offers a more direct way to implement advanced custom logic within a template.
Multi-cloud support vs. AWS-exclusive tech is also a key element to evaluate. In a multi-cloud organization, Terraform will simplify the launch of cloud infrastructure components, while CloudFormation will only support AWS. If an organization's infrastructure launches exclusively in AWS and there are no foreseeable plans to use other cloud platforms, then CloudFormation is likely the best choice. Given that it is a product built by AWS, it will be eligible for AWS Support, and it will likely deliver more useful features for AWS components.
Editor's note: This article was republished to improve the reader experience and updated to reflect HashiCorp's adoption of a Business Source License.
Ernesto Marquez is owner and project director at Concurrency Labs, where he helps startups launch and grow their applications on AWS. He enjoys building serverless architectures, building data analytics solutions, implementing automation and helping customers cut their AWS costs.
