Understanding IaC Tools: CloudFormation vs. Terraform
CloudFormation and Terraform are IaC tools that automate infrastructure setup. CloudFormation is AWS-specific, while Terraform supports multiple clouds.
Join the DZone community and get the full member experience.
Join For FreeAWS CloudFormation and Terraform — not sure which to choose? This article will help you reach an intelligent decision.
Cloud computing has revolutionized the world of DevOps. It is not just a buzzword anymore; it is here to change the way we develop and maintain our applications. While there are countless reasons why you should use cloud computing for all scales of businesses, there is a slight limitation: You have to provision your infrastructure manually.
You have to go to the consoles of your cloud providers and tell them exactly what you want. This works well for small use cases, but what if you have different people making configuration changes in the console? You could end up with a super complicated infrastructure that will only become harder and harder to maintain. There is no efficient way to collaborate or keep track of changes to the cloud infrastructure. Well, there is Infrastructure as a Code.
Infrastructure as a Code (IaC) is a trendy term in cloud computing. It is the process of managing your IT IaC. Yes, that is right. Instead of going to the console and doing everything manually, IaC allows you to write configuration files to provision your cloud infrastructure. IaC gives us benefits like consistency, easy and fast maintenance, and no room for human errors.
Using IaC With Amazon Web Services
AWS is the leading cloud computing service in the world, with double the market share of the next cloud provider. It offers over 200 services that can cater to hundreds and thousands of use cases.
When starting to use IaC with AWS, you will often narrow down your choices to AWS CloudFormation and the open-source tool Terraform. If you want to choose between the two, understanding the multitude of features both tools offer can be overwhelming. In this article, we will examine the differences between AWS CloudFormation and Terraform to help you decide which tool is better suited to your needs.
Terraform vs. AWS CloudFormation: Differences
Modularity
When using IaC in big organizations, modularity can be a significant factor in choosing the right tool.
CloudFormation
CloudFormation does not have native support for modules. Instead, it allows you to use something called nested stacks as modules.
For example, you can create a standard CloudFormation template for provisioning an S3 bucket in your organization. When end-users wish to create an S3 bucket, they can use this CloudFormation template as a nested stack to provision the standard S3 bucket.
There is also an AWS service, the AWS Service Catalog, which can assist with modularity for CloudFormation. The AWS Service Catalog is designed for organizations that need to limit the scope of AWS services to meet compliance, security, cost, or performance requirements. It uses CloudFormation templates on the backend.
Let us quickly understand this with an example. If not used properly, S3 buckets can soon be catastrophic for your confidential data. Let us take the same example. You want to have a standard way of using S3 in your organization. The first option is to create the nested stack template, which can be used within other CloudFormation stacks and is equally good.
Alternatively, you can use the AWS Service Catalog, which allows users to use this standard template from the console UI and specify some parameters for slight customizations. This will allow you to control how infrastructure is provisioned in your AWS Accounts and prevent any unwanted scenarios.
CloudFormation's use of nested stacks and AWS Service Catalog can also support standard configurations in large organizations, though it may require more manual configuration.
Terraform
Terraform has native support for modules. It allows you to create standard configurations similar to the AWS CloudFormation and use them in other Terraform configurations.
Since Terraform is an open-source tool, you can also find and use some pre-made open-source modules in the Terraform Registry. You can also create your own modules with your own configurations and host them on a private module registry.
Terraform’s native support for modules provides a straightforward approach to modularity. However, managing modules across a large team might require additional governance to ensure proper usage.
Using a nested stack in CloudFormation is not as easy as using modules in Terraform. The primary factor is that passing data from a CFN template to the nested stack can be complicated.
CloudFormation does not have a centralized repository for sharing templates. The AWS Service Catalog allows you to manage this process but primarily enforces rules via the console. While CloudFormation templates can encapsulate complex tasks, users would still have to specify parameters when creating resources.
On the other hand, Terraform has a set method for creating, maintaining, and sharing modules. You can see the exact requirements of the modules in the Terraform Module Registry and easily use them in your Terraform files.
Control and Governance Over Infrastructure
If you want to limit what resources your people can create in your AWS Accounts, AWS CloudFormation, and Terraform provide you with the means to do so.
CloudFormation
CloudFormation provides control via IAM policies, allowing you to manage user access to resources. However, this control is AWS-specific, which can be ideal if your infrastructure is fully AWS-centered.
In our S3 bucket example, you might want to limit all "S3 Create" permissions for users and only allow them to create S3 buckets from AWS Service Catalog or Nested Stacks.
Terraform
Terraform allows you to control which resources your users can create using a policy as a code tool, Sentinel. Sentinel will enable you to enforce fine-grained, logic-based policies to allow or deny user actions via Terraform. For example, you can deny all resources that create S3 buckets and only allow users to create S3 buckets from a standard module.
State Management
AWS CloudFormation and Terraform need to keep track of the resources they maintain.
Terraform
Terraform stores the state of your infrastructure in a state file. This file is stored locally by default; however, you can store it on remote backends like S3 and have multiple users make changes to the same set of infrastructure.
CloudFormation
CloudFormation does state maintenance internally in the background, so users don’t need to worry about manually managing a state file. This is good for those who want a fully managed service.
Both AWS CloudFormation and Terraform allow you to check what changes will be made to your infrastructure. In Terraform, you can run the command "terraform plan" to see how Terraform plans to apply your configuration changes. In CloudFormation, users can see this information via Change Sets.
Language
Terraform
Terraform uses the HashiCorp Configuration Language, HCL, a language created by HashiCorp. It is very similar to JSON, with additional built-in features and capabilities.
CloudFormation
CloudFormation templates are written in YAML or JSON formats.
Logging and Rollbacks
Both AWS CloudFormation and Terraform have good logging capabilities. In my experience, the errors and issues have been straightforward (for the most part).
CloudFormation
By default, CloudFormation rolls back all your changes in case of a failed stack change. This is a good feature, but it can be disabled for debugging purposes.
Terraform
Terraform will not automatically roll back your changes if it fails. This is not an issue, as you can always run the Terraform destroy command to delete the half-provisioned configuration and restart a Terraform run again.
Scope
Terraform
Terraform's multi-cloud support allows you to deploy infrastructure across AWS, Azure, Google Cloud, and other platforms and provides flexibility if you're working in a multi-cloud environment.
CloudFormation
CloudFormation is tightly integrated with AWS, making it a good option for AWS-only infrastructures but limited for multi-cloud setups.
Feature Support
CloudFormation
AWS CloudFormation typically receives updates first for new services and features, given its close integration with AWS.
Terraform
In cases where Terraform lacks certain AWS features, you can integrate CloudFormation stacks directly into your Terraform code as a workaround.
Technical Support
CloudFormation
The paid AWS technical support plan also covers CloudFormation support.
Terraform
HashiCorp has paid plans for technical support on Terraform as well.
Conclusion
Both AWS CloudFormation and Terraform are robust and fully developed tools, each with its own advantages. The differences above can help you determine which tool best suits your needs. If you plan to use multiple cloud platforms, Terraform offers multi-cloud support, while AWS CloudFormation is an excellent choice for AWS-specific environments. Ultimately, both tools are fair game and can effectively manage IaC. The right choice depends on your requirements, whether you're focusing on AWS alone or working with multiple cloud providers.
Opinions expressed by DZone contributors are their own.
Comments