CloudFormation vs Terraform
What are the differences between CloudFormation and Terraform? This blog looks at their respective modularity, management, support, etc.
7 min read
Infrastructure as Code (IaC) enables teams to deploy their applications to any environment in a reliable and repeatable fashion. But when it comes to the cloud, there are multiple ways to implement it. In this article, we'll look at two popular options, CloudFormation and Terraform, and weigh the pros and cons of each.
What is CloudFormation?
AWS CloudFormation is the technology for implementing IaC on Amazon Web Services (AWS). Using CloudFormation, teams can create templates that they can use to deploy their application to production. If written correctly, they can use the same templates to create an application stack for any stage of their DevOps pipeline.
CloudFormation architecture basics
CloudFormation is a declarative language. This is different from imperative programming languages, such as Java. In an imperative language, you specify the control flow of a program explicitly. In a declarative language, you specify the resources you want to create and leave the execution to the underlying system.
AWS also provides various programming language APIs that you can use to implement IaC. However, many teams end up using a tool like CloudFormation because it means writing less code.
CloudFormation templates are text files written in either JSON or YAML. Once a template is written, you instantiate it to create a stack. Your CloudFormation stack represents all of the elements of your application - all of the compute, storage, analytics, monitoring, and other infrastructure required to support it.
If you try and create a stack and one element of the stack fails, the stack automatically rolls back. (Example: you try and create an Amazon S3 bucket with the same name as another bucket.) CloudFormation automatically cleans up all of the resources it created for your stack up until that point.
Once created, you can operate on stacks as a unit. You can deploy an update to your CloudFormation template to update the running stack. If you want to take an environment down - maybe it's a temporary test environment, for example - you can delete the stack. Deleting a stack is a simple way to remove all of the stack's cloud resources easily and with minimal coding.
Pros and cons of CloudFormation
CloudFormation's biggest pro is that it simplifies IaC. Because it's a declarative language, it can implement operations such as update, rollback, and delete automatically. If you used an imperative language, implementing these features would be up to you.
Another pro is that CloudFormation is well-supported across the AWS ecosystem. You can use CloudFormation templates in AWS' DevOps tools such as CodeBuild and CodePipeline.
Finally, CloudFormation has been around for a long time. It's highly utilized and well-tested. Plus, there's a ton of sample code for new practitioners to build off of.
As for cons? CloudFormation's biggest con is that it's single-platform. If you're only deploying to AWS, you're golden. But if you also manage workloads on Google Cloud Platform, Microsoft Azure, or other cloud providers, then you'll have to learn the IaC platform for each of them. Plus, each will require a different set of tooling.
Another drawback is CloudFormation's declarative nature, which limits the error handling you perform. Say that you deploy a stack to a region in AWS, such as us-east-1, that contains a database. If there are no databases of the requested capacity in that region, the entire stack will roll back.
You can request that the stack not roll back so that you can investigate the failure and retry later. However, this will be a manual operation. If you want to manage retry in a DevOps automation fashion, you'll need to write code to manage that.
What is Terraform?
Terraform by Hashicorp is a multi-cloud IaC tool. With Terraform, you can create infrastructure and application deployments much as you can with AWS CloudFormation. But Terraform's extensible and flexible architecture means you can deploy to a number of hosts, including AWS, Azure, GCP, Oracle, Alibaba, and more.
Terraform architecture basics
Fundamentally, Terraform works along the same lines as CloudFormation. You define a template file (a .tf file) using a custom JSON format defined by Terraform. You can optionally specify a separate file that defines parameters as well.
When you define a template, you define a provider. Providers are sets of plugins that define the resource types and data sources a Terraform template can use.
Every Terraform project exists in its own directory. Once ready, you can use the
terraform command line tool to take action on a Terraform template. For example, the
terraform apply command uses the data source you specify to run API calls against your target platform and create your infrastructure. You can use
terraform destroy to tear it back down.
Because of the provider architecture, users of Terraform can customize Terraform deployments to fit their exact needs. You could create a provider that deploys infrastructure to your on-premises architecture or onto a previously unsupported host.
If you don't want to go the full nine yards of creating a provider, Terraform also supports a Run Task feature. You can use Run Task to supply a payload to a third party tool or API of your choice as part of your deployment process. This can be useful, for example, if you want to fire off a load/scale test after your deployment finishes.
Pros and cons of Terraform
The biggest pro of Terraform is its out of the box support for multi-cloud deployments. With Terraform, you can manage deployments onto a number of clouds with a single toolset.
The next best feature is its extensibility. Terraform has essentially opened its own extensibility model to its customers. You can support any number of cloud, Software as a Service (SaaS), Platform as a Service (PaaS), or on-premise deployments using its extensibility model.
On the down side, only the most basic of Terraform features are free. If you want some of its more advanced features - including drift detection, running tasks, and team management - you'll need to pay around USD $20 per user.
Additionally, Terraform's multi-cloud support is only multi-cloud in the sense that you can use the same set of tooling for every deployment. You'll still need to create separate template files for every cloud platform you wish to support.
CloudFormation vs. Terraform: Major differences
How do CloudFormation and Terraform stack up against each other on a feature by feature basis? Let's look at some key areas.
As I've discussed, both CloudFormation and Terraform use a declarative syntax. Terraform only supports a JSON syntax. CloudFormation supports both JSON and YAML formats. Many developers find YAML easier when it comes to finding and resolving syntactical errors.
Modularization allows developers to leverage useful functionality without duplicating code. This is critical to adhering to the DRY (Don't Repeat Yourself) principle. Code duplication can result in costly site errors and security exploits.
In my module on AWS CDK vs CloudFormation, I discussed CloudFormation's support for modules. You can factor code out into snippets that you publish into a CloudFormation registry. Other team members can then use these modules in their own IaC code.
Terraform also supports factoring reusable code into modules. Using tools like Terragrunt, you can gain even more flexible modularization to create and maintain a DRY IaC codebase.
I've discussed Terraform's comprehensive extensibility model in detail. CloudFormation also enables custom resource providers and hooks via the CloudFormation Registry.
CloudFormation contains a limited ability perform validation and testing on CloudFormation resources. Terraform contains direct support for a variety of test types, including unit, contract, and integration tests.
Both CloudFormation and Terraform can integrate with a variety of third-party tools and custom frameworks via their extensibility models.
Companies can enforce governance with CloudFormation through use of other AWS features, such as IAM, AWS Organizations, and AWS Control Tower. Likewise, Terraform (paying) customers can leverage Terraform Sentinel via the company's Team & Governance package.
Both CloudFormation and Terraform come with a complete suite of command line tools, visual interfaces, and APIs to manage your Infrastructure as Code projects.
CloudFormation vs Terraform - which is the best for you?
In terms of blow by blow features, Terraform and CloudFormation come pretty close to each other. The major differences are in out of the box support for multi-cloud deployment and testing.
If you're an AWS-only shop, CloudFormation is still a solid choice for your IaC deployments. If you're operating in a multi-cloud environment, however, Terraform remains the most natural choice. CloudFormation users may consider moving to Terraform for some of its more advanced features, such as testing and governance.
How TinyStacks can help
It takes a lot of effort to build a solid Infrastructure as Code stack. It takes even more effort to get it into your customer's hands.
Whether you use CloudFormation or Terraform, TinyStacks can help you turn your application into an easily deployable cloud stack that your customers can install and update in a self-service manner. Contact us today to find out more.