What news from AWS re:Invent last week will have the most impact on you?
Amazon Q, an AI chatbot for explaining how AWS works.
Super-fast S3 Express storage.
New Graviton 4 processor instances.
Emily Freeman leaving AWS.
I don't use AWS, so none of this will affect me.
CI/CD / Cloud Services / Infrastructure as Code

Terraform vs. CloudFormation: Which Is Better for You?

A dive into a Terraform vs. CloudFormation comparison to find out which one is better to manage AWS resources: A generalist tool or an expert tool?
Aug 26th, 2022 6:55am by
Featued image for: Terraform vs. CloudFormation: Which Is Better for You?
Feature image via Unsplash.

Sean O'Dell
Sean is the head of developer relations at Spacelift. Sean believes every IT organization can and should develop and practice the DevOps way of life. Sean is a reformed infrastructure administrator and architect with a passion for enabling developers and application teams to succeed in a multicloud world. Sean has 20 years of experience in a variety of roles from enterprise architect to systems engineer and developer advocate.

IaC (Infrastructure-as-Code), as the name implies, is a process of creating and managing infrastructure using code. The coded infrastructure is easy to scale, maintain, document and replicate. IaC has some challenges, but automated provisioning and configuration are faster and better than manual deployments.

Cloud providers often maintain an IaC tool that exclusively supports the resource deployment on their cloud platform, for example, AWS CloudFormation to deploy AWS resources. However, there are other tools independent of any cloud provider. One such IaC tool is Terraform.

When managing AWS resources, you might find it difficult to decide between Terraform and CloudFormation. Hopefully this article will bring clarity to the Terraform vs. CloudFormation discourse.

What Is AWS CloudFormation?

AWS CloudFormation is a native AWS service that enables users to create, provision and manage Amazon resources, making it easier to manage, monitor and test the infrastructure built on AWS.

What Is Terraform?

Terraform is a popular open source cloud-agnostic IaC tool maintained and developed by HashiCorp. It allows infrastructure creation, updating and provisioning by connecting multiple cloud providers.

Difference between Terraform and CloudFormation

Let’s compare Terraform and CloudFormation based on the following criteria:

  1. Modularity
  2. Functionality
  3. Code Syntax
  4. Cloud Compatibility
  5. State Management
  6. Rollbacks
  7. Enterprise Support

No. 1: Modularity

One use case of IaC is the modularity that allows repeatability and quick provisioning.

Terraform modules are groups of resources assigned to perform one task and that can be reused for similar infrastructure components. You can create your custom modules and use the ones developed by the community.

CloudFormation’s stack is similar to modules but is less flexible. You can import and export the AWS configurations as stacks, but automatic provisioning and nested stacks hide the configuration’s details.

No. 2: Functionality

Terraform brings many inbuilt functions to IaC that can be used to manipulate the data and provide the possibilities to combine, transform or operate on provided values. Terraform’s function list is extensive and includes numeric, string manipulation and filesystem. However, you cannot create custom functions.

CloudFormation provides fewer than 15 functions, which are insufficient to manage large-scale infrastructure. The lack of inbuilt functions leads to additional work — you have to create custom resources within the template and call a lambda function to fetch them.

No. 3: Code Syntax

CloudFormation uses JSON and YAML, which are popular among developers. Hence, there is no (or less of a) learning curve. Terraform’s HashiCorp Configuration Language (HCL) syntax is readable and easy to learn, yet it’s still one “new thing.”

No. 4: Cloud Compatibility

One significant difference between Terraform and CloudFormation is that Terraform supports multiple clouds and providers, including Google, AWS and Azure, while CloudFormation is confined to AWS resources.

Terraform supports all AWS resources, but we shouldn’t be surprised that new AWS resources types are supported in CloudFormation first.

No. 5: State Management

Terraform has a state file that stores the information of infrastructure and works as a map for all the Terraform resources. By default, state is stored on a virtual machine or a remote computer, so collaboration is nearly impossible. Many organizations adopt a GitOps approach by using a version control provider, an Amazon S3 bucket or Spacelift’s managed state feature.

With CloudFormation, you do not have to worry about it. AWS consistently governs the infrastructure and shows a detailed message if there is any change in state.

No. 6: Rollbacks

Both Terraform and CloudFormation ensure that you do not accidentally delete the resources used in other applications.

CloudFormation backs up the infrastructure state before deleting it. If an update or modification breaks the infrastructure, it will automatically roll back to the last working state.

In Terraform, you must manually deploy the fixes and roll them to the previous configuration. But you can run tests to check the output after applying the update. You can commit the changes once you find the output is satisfactory.

No. 7: Enterprise Support

If you are new and using AWS for the entire infrastructure, the knowledge base and AWS expert support would fill your team’s skill gap. You will sleep peacefully knowing the AWS team is available to help you with any issue.

There is a large and active community behind Terraform that provides best effort support, but it comes with lots of misinformation and context-based solutions. Hashicorp offers native support for HCL via managed service offerings.

Automating Infrastructure-as-Code

AWS CloudFormation and Terraform are the most popular but are not the only IaC tools in the market. There is Azure Resource Manager and Bicep from Microsoft, while Google provides Deployment Manager and first-class support for Terraform. Pulumi takes a unique approach by supporting various programming languages to deploy infrastructure resources. The traditional IT automation solutions like Ansible, Chef and Puppet also provide some IaC capabilities. But every tool has its own set of benefits and complications.

Many organizations build custom tools and later discover these custom IaC languages are difficult to scale, have compliance issues and have high maintenance costs.

Spacelift is a sophisticated CI/CD tool for Infrastructure-as-Code and was purpose-built to support complex organizational and infrastructure requirements. Spacelift supports multiple IaC languages and frameworks, including CloudFormation and Terraform, which allows you to standardize your deployment processes and compliance requirements across all of your IaC languages.

Conclusion: Terraform vs. CloudFormation

CloudFormation is a better option if your entire infrastructure is on AWS and there are no plans to go multicloud. If you are new to AWS services, native support would be beneficial. It is built by AWS and has faster AWS-related updates. It also uses JSON and YAML, so there is no learning curve as opposed to HCL.

Terraform is the best option if you are using or planning to use multicloud resources and would like faster processing. The modular approach allows you to create reusable templates, which speed up the configuration. Moreover, Terraform comes with an extensive set of functions that CloudFormation lacks, which is helpful in faster provisioning.

But what is best for you depends on your requirements. I recommend selecting the IaC tools after evaluating your application’s infrastructure strategy.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: Pragma, Spacelift, Docker.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.