Sergey Nivens - Fotolia


Compare IaC tools for hybrid, multi-cloud environments

Infrastructure-as-code tools come in two flavors: third-party and those native to a certain cloud provider. Keep these factors in mind to choose the right one.

The goal of infrastructure as code is to create a modular infrastructure -- an abstraction of server resources -- that enterprises can deploy repeatedly to ensure a consistent application platform.

With IaC tools, developers and operations teams can use templates to consistently deploy virtual resources based on their needs. Teams can also perform version control on the deployment and configuration scripts they use.

IaC tools are divided into two primary groups:

  1. Third-party tools applicable to nearly any IaC mission
  2. Cloud provider's native tools to help users optimize their application deployments

Providers' native IaC tools aren't optimal for multi-cloud deployments. And while enterprises can make most third-party tools work on any cloud platform or data center, those tools may not mesh with all cloud platforms. These tradeoffs make it important to carefully choose an IaC tool both for current and future requirements.

Third-party IaC tools

HashiCorp's Terraform, an open source product, is one of the best-known third-party IaC tools that supports a range of cloud vendors. Like all IaC tools, it creates models, or templates, that describe a configuration with a domain-specific language (DSL), which makes it easy for developers to author and reuse templates. The DSL is generally compatible syntactically with JSON, but some developers find DSL less verbose and easier to understand.

Developers author and maintain Terraform templates the same as they would actual code. Teams can withdraw templates from version repositories to provision and configure infrastructure or to help develop other templates. This ability to reuse templates is beneficial for hybrid and multi-cloud users because it standardizes infrastructure configuration across multiple providers.

Terraform also has a plan-execute division, or phases, in the templates, so users can analyze the steps they define and double-check them before they apply them. Hybrid and multi-cloud users like this approach because it facilitates the transfer of configurations between environments.

Cloud providers' native IaC tools

The most popular cloud-native IaC tools are AWS CloudFormation and Microsoft Azure Resource Manager (ARM) templates. Both tools provide similar capabilities to Terraform at the basic level, but neither goes as far in its support for the full modularity of the IaC template code. This lack of support limits how quickly developers can adopt these tools, as well as the ability to reuse templates.

Terraform will likely become the Kubernetes of IaC for hybrid and multi-cloud users.

While AWS CloudFormation and ARM both focus on a specific provider, Amazon and Microsoft have slightly different approaches to IaC -- and these differences are critical to users.

Microsoft's Azure Terraform Resource Provider enables Azure users to employ Terraform providers -- a service that establishes the link between Terraform templates and cloud and data center infrastructure resources -- just as they would native Azure resource providers. This tightly integrates Terraform with ARM and lets Terraform elements do some of the detailed work. With this integration, enterprises can use Terraform with virtually all Azure services.

AWS provides some information on how to use Terraform with AWS. While HashiCorp is a major DevOps partner with AWS, the companies have yet to develop product-line features for Terraform integration. There are still some AWS features outside Terraform's scope of operation -- features that CloudFormation can handle easily. For now, AWS users should assume that CloudFormation is necessary for IaC, but they can still take steps to integrate Terraform and extend its scope.

Which is best?

Amazon and Microsoft recognize Terraform's value as an extension to their own IaC tools. And, as hybrid and multi-cloud models flourish, neither provider is prepared to incorporate the necessary features into its own IaC tools. These cloud providers' tools will largely focus on single-cloud or simple hybrid deployments.

If you plan to deploy complex applications in hybrid or multi-cloud with a large AWS focus, expect to use both CloudFormation and Terraform. Your Azure cloud IaC can rely on Azure Terraform Resource Provider.

For now, it seems Terraform will likely become the Kubernetes of IaC for hybrid and multi-cloud users.

Next Steps

What it means to do 'everything as code' in IT operations

Compare Azure Blueprints vs. Terraform

Dig Deeper on Cloud infrastructure design and management

Data Center