Infrastructure-as-a-code is a big buzz in the IT industry right now, and when it comes to IaC, Terraform vs CloudFormation is a hot topic to discuss. Terraform and CloudFormation are referred to as software that defines infrastructure, which helps your IT team to provision and manages your infrastructure with different tools. Infrastructure automation is one of the pillars of implementing DevOps practices in your project.
When asked about the best tools to automate infrastructure provisioning, two prevalent names come to mind: Terraform and AWS CloudFormation. This blog discusses the different aspects of Terraform vs CloudFormation in detail.
Table of contents
- What is CloudFormation?
- What is Terraform?
- Terraform vs CloudFormation
- Terraform vs CloudFormation: Where do they fit in your infrastructure?
- The Final Battle: Advantages and Disadvantages of Terraform vs CloudFormation
- Closing thoughts on Terraform vs CloudFormation
- FAQs (Frequently Asked Questions)
This blog is also available on Medium
What is CloudFormation?
Amazon CloudFormation is a fantastic tool that gives the development and operations team the liberty to automate AWS’s infrastructure provision easily. It is a managed AWS service that allows you to design and provision AWS and third-party resources for your cloud environment. Cloudformation handles the configuration in a JSON format called templates. These templates enable the user to attain re-usability and scalability of infrastructure. Cloudformation templates can also be in YAML format.
What is Terraform?
A Hashicorp product, Terraform, is an open-source solution that enables the development of infrastructure as a code. It is a powerful tool that helps the employees work in IT operations, provision, upgrade, and maintain infrastructure. Terraform has its domain-specific language called Hashicorp Configuration Language (HCL). This is a fully JSON compatible language that helps the DevOps professionals to define the infrastructure-as-a-code.
At ClickIT, we can help you manage your infrastructure with our DevOps Outsourcing Services; contact us!
Terraform vs CloudFormation
The first question that comes to our mind is why do we need tools like Terraform and Cloudformation when we already have configuration management tools like Ansible and Puppet? These CM tools can handle almost all system-related configurations. What if a user needs to maintain a layer of abstraction between the underlying bare-metal components and the services. In such cases, the two powerful tools, CloudFormation and Terraform, come into the picture.
What is the primary difference between Terraform and CloudFormation?
The primary difference between Terraform and CloudFormation is that Terraform is a multi-cloud platform, while CloudFormation is specific to AWS. Terraform provides a common language to define and provision cloud infrastructure, while CloudFormation is an AWS-specific solution that provides a standard way to provision and manage AWS resources.
You can discover more about AWS services in the video below:
Let’s have a side-by-side comparison of the difference between Terraform and CloudFormation:
Ease of use
While CloudFormation is confined to the services offered by AWS, Terraform spans across multiple Cloud Service Providers like AWS, Azure, Google Cloud Platform, and many more. Terraform enables users to dynamically create and configure resources. There are several built-in functions for every day tasks. While CloudFormation is easy to use, there are limitations when it comes to customization and flexibility.
Language
CloudFormation uses either JSON or YAML. This makes CloudFormation easy to read and manage. But there is a constraint that doesn’t allow AWS developers to create CloudFormation templates greater than 51MB in size. In case the template exceeds this size limit, developers need to create a nested stack for the templates. CloudFormation also supports Java, Python, TypeScript and .NET.
On the other hand, Terraform uses Hashicorp’s proprietary language called HCL (Hashicorp Configuration Language). This is also a JSON compatible language. Terraform also supports TypeScript, Java, Python, Go (Golang) and C# for writing infrastructure code.
State-management
Since CloudFormation is a managed AWS service, it checks the infrastructure consistently to detect whether the provisioned infra is maintaining its state or not. CloudFormation receives a detailed response if anything changes.
On the other hand, Terraform stores the state of the infrastructure on the provisioning machine, may it be a virtual machine or a remote computer. The state is saved in the form of a JSON file, which serves as a map for Terraform describing the resources it manages.
To summarize, in Cloudformation, the state is governed by CloudFormation out-of-the-box, which prevents conflicting changes. In Terraform, the state is stored in a virtual machine or a remote computer. Another best practice for state management is that Terraform states can also be saved in storage services like S3. This has to be defined in the backend, hence making it easier and safer to manage.
Cost
Cloudformation is free and the only fee that users incur is the cost of AWS services provisioned by CloudFormation. Terraform is a free and open-source tool. Terraform also offers paid versions that have additional collaboration and governance options. The HCP free version offers up to 500 resources per month and the HCP Standard version starts at $0.00014 per resource per hour. There are two other versions called HCP Plus and HCP Enterprise that come with a custom pricing model.
Both tools enjoy the support of large communities and code contributions from members
Multi-Cloud Integration
If you are looking to provision services on multiple cloud platforms, Terraform is your go-to option. While Terraform supports all cloud vendors like AWS, GCP, Azure, and many others, CloudFormation is confined only to AWS. So, in case your environment involves multiple cloud deployments, Cloudformation is not for you. Suppose you are using AWS resources like EC2, S3, etc., you are best advised to stick to Cloudformation.
To deal with AWS’s compatibility, the latest version of Terraform now fully supports all the services in AWS. This version of Terraform is considered to be at par with CloudFormation to manage AWS cloud resources.
Terraform vs Cloudformation: Where do they fit in your infrastructure?
It is imperative to understand where and how these two IaC solutions fit into your infrastructure. Let’s talk about Terraform first.
In the diagram above, we can see how Terraform integrates with the standard CI/CD pipeline. Terraform plays a significant role in the Continuous Deployment part of the pipeline, where it is responsible for provisioning instances on Amazon’s ECS cluster. Terraform also quickly spins up to three parallel Dev, UAT, and Prod environments in the above scenario.
The diagram below shows the overall workflow of how CloudFormation works.
CloudFormation involves mainly four steps:
1. Writing your code. This is the code that is defined as the CloudFormation template.
2. This template can be saved in any code repository. In this scenario, the template is saved in an S3 bucket.
3. AWS CloudFormation is then used via AWS CLI or the browser console to create the stack.
4. The final output of the template is provisioning in the form of infrastructure stacks in the AWS cloud.
Read about our stories of success implementing AWS CloudFormation as Infrastructure as Code solution!
How to use Terraform?
Let’s look at an example where we will see how we can provision EC2 instances using Terraform on AWS. Now, let’s see the configuration part.
Pre-requisites:
1. AWS account
2. Terraform CLI
3. AWS credential configured locally. The credentials can be stored in a file, and the path can be specified on the provider.
Here is the configuration part:
terraform {
required_providers {
aws = {
source = “hashicorp/aws”
version = “~> 5.51.1”
}
}
}
provider “aws” {
profile = “default”
region = “us-west-2”
}
resource “aws_instance” “example” {
ami = “ami-0922553b7b0369273”
instance_type = “t2.micro”
}
This configuration implies that Terraform is ready to create an EC2 instance. This configuration should be copied in a .tf file, and then it can be executed.
How to use CloudFormation Templates?
The first and foremost pre-requisite for using CloudFormation is that you need a template that specifies the resources you want in your stack.
Below is an example of a CloudFormation template to provision an EC2 instance:
{
“AWSTemplateFormatVersion”: “2010-09-09”,
“Description”: “CloudFormation template to provision an EC2 instance”,
“Parameters”: {
“KeyName”: {
“Description”: “Name of an existing EC2 KeyPair to enable SSH access to the instances”,
“Type”: “AWS::EC2::KeyPair::KeyName”
},
“InstanceType”: {
“Description”: “EC2 instance type”,
“Type”: “String”,
“Default”: “t2.micro”,
“AllowedValues”: [“t2.micro”, “t2.small”, “t2.medium”],
“ConstraintDescription”: “must be a valid EC2 instance type.”
},
“Ec2securityGroup”: {
“Description”: “Security group for the instance”,
“Type”: “AWS::EC2::SecurityGroup::Id”
}
},
“Mappings”: {
“AWSRegionArch2AMI”: {
“us-west-2”: {
“HVM64”: “ami-0922553b7b0369273”
}
},
“AWSInstanceType2Arch”: {
“t2.micro”: {“Arch”: “HVM64”},
“t2.small”: {“Arch”: “HVM64”},
“t2.medium”: {“Arch”: “HVM64”}
}
},
“Resources”: {
“Ec2Instance”: {
“Type”: “AWS::EC2::Instance”,
“Properties”: {
“ImageId”: {
“Fn::FindInMap”: [
“AWSRegionArch2AMI”,
{ “Ref”: “AWS::Region” },
{ “Fn::FindInMap”: [“AWSInstanceType2Arch”, { “Ref”: “InstanceType” }, “Arch”] }
]
},
“KeyName”: { “Ref”: “KeyName” },
“InstanceType”: { “Ref”: “InstanceType” },
“SecurityGroupIds”: [{ “Ref”: “Ec2securityGroup” }],
“BlockDeviceMappings”: [
{
“DeviceName”: “/dev/sda1”,
“Ebs”: { “VolumeSize”: “50” }
},
{
“DeviceName”: “/dev/sdm”,
“Ebs”: { “VolumeSize”: “100” }
}
]
}
}
}
}
The Final Battle: Advantages and Disadvantages of Terraform vs CloudFormation
While both tools are robust and have their benefits, let’s look at the comprehensive list of advantages and disadvantages of Terraform vs CloudFormation.
Terraform
Advantages
- Modular Design: Terraform modules allow you to separate resources into dedicated and re-usable templates, enhancing scalability and maintainability. This modularity makes it easy to manage complex infrastructure setups.
- Version Control: With Terraform, you can use specific versions and different branches of the same module. This flexibility enables you to easily add new features and manage updates of the infrastructure more efficiently.
- Robust CLI: Terraform offers a robust CLI that allows you to monitor and manage the infrastructure’s status through simple commands. You can easily view the status, make updates and troubleshoot issues and streamline the infrastructure management using the CLI feature.
- Multi-cloud Integration: Terraform supports integration with multiple cloud providers like AWS, Google Cloud, Azure, and many more. This multi-cloud capability allows users to manage applications across various platforms, provides flexibility, and avoids vendor lock-in.
- Simplified Orchestration: Terraform simplifies the management and orchestration of multi-tier infrastructure. By automating provisioning and configuration of resources, it reduces manual effort and potential errors. While CloudFormation also has the same advantage when it comes to infra management and orchestration, the multi-cloud capability provides an additional layer of versatility.
- Infrastructure as Code (IaC): Terraform takes the IaC approach, allowing teams to use version control systems to track and manage changes to infrastructure. This approach promotes best practices for code reviews, testing and deployment automation that, in turn, offers a consistent infrastructure management environment.
- Extensive Community and Ecosystem: Terraform has a large and vibrant community that contributes to a rich ecosystem of plugins, modules and extensions for users to leverage.
- State Management: Terraform maintains a state file to keep track of the current state of the infrastructure that helps in detecting configuration drifts while ensuring that changes are applied consistently and predictably.
Disadvantages
- Compliance with New AWS Services: When AWS releases new services, it often takes some time for Terraform providers to support these services. This lag can affect organizations that want to use the latest AWS features immediately.
- Steeper Learning Curve: Terraform’s syntax and Hashicorp Configuration Language can be more complex for new users than CloudFormation.
- Security of State Files: As state files may contain sensitive information, improper handling of these files results in security risks. To mitigate this risk, use remote state storage with encryption and state locking. For instance, you can use AWS S3 with service-side encryption and state locking using DynamoDB to prevent concurrent changes.
- State File Management: Besides security, losing state files is a concern because tracking resource changes is impossible if the terraform state is ever lost. Remote backends not only secure state files but also keep them available across teams.
There are many other advantages to using Terraform. Some of the major ones are:
- Terraform supports a lot of security and unit testing tools like Terraform Lint, etc.
- Terraform does support conditionals.
- Terraform has workspaces, which makes it easier to manage multiple environments.
- Terraform supports multiple plugins. These plugins help a lot in extending the core functionalities of Terraform.
- The local_exec provisioner allows you to run the commands locally. This further extends Terraform’s functionality, allowing you to run bash, PowerShell, and Python scripts before running .tf files.
Terraform | |
Advantages | Disadvantages |
Has Modular Design | When AWS releases new services, it takes some time for Terraform providers to support them |
You can use specific versions and different branches of the same module | Syntax and Hashicorp Configuration Language can be complex |
Offers a robust CLI | The Security of State Files |
Supports integration with multiple cloud providers | The State File Management |
simplifies the management and orchestration of multi-tier infrastructure | |
Implements the IaC approach | |
Extensive Community and Ecosystem | |
Maintains a state file |
CloudFormation
Advantages
- Seamless Integration with AWS Services: Being an AWS product, CloudFormation seamlessly integrates with other AWS services such as Identify and Access Management (IAM), Lambda and AWS Config to manage tasks such as permissions, custom resource management and compliance auditing.
- Infrastructure as Code: CloudFormation implements Infrastructure as Code (IaC), automating the creation, updation and deletion of infrastructure resources. While this approach ensures consistent deployment of resources across different environments, it allows the infrastructure to be version controlled along with the application code. It also reduces manual intervention.
- Simplified Resource Management: CloudFormation groups related resources into stacks, which makes it easy to manage, update, and delete specific resources as a single unit. It also automatically manages resource dependencies.
- Template-driven Infrastructure: CloudFormation uses JSON or YAML templates to define infrastructure, which are easy to read and modify. Moreover, it uses nested stacks that simplify complex architecture and allow for the reuse of common components.
- Community and Support: CloudFormation boasts strong community support and member-contributed templates. Users can leverage this rich ecosystem to expedite software development projects. In addition, users get the luxury of extensive documentation and a support network from AWS.
- Change Management: CloudFormation allows users to preview and validate changes before applying them. It also offers an automatic rollback feature in case resource creation or updation fails.
- Security: CloudFormation leverages AWS IAM to offer fine-grained access control. As such, only authorized users are allowed to access and modify stacks. Users can encrypt sensitive data for increased security. It seamlessly integrates with AWS Key Management Service (KMC).
Disadvantages
- Nested stacks are not as intuitive and flexible as Terraform modules. It is a bit more challenging to implement and manage them. Tools such as CrossStacks references’, the ‘DependsOn’ attribute, or the ‘GetAtt’ function can help manage the outputs of one template as the input to another template.
- There is a size limit of 51MB on the stacks that don’t work in the developers’ favor all the time. Users are forced to break large and complex infrastructures into multiple stacks and handle the associate dependencies manually.
- Modularization of code in CloudFormation is not as mature as in Terraform. This is a relatively new feature that AWS has introduced in CloudFormation.
- As CloudFormation is confined to AWS, users are limited when implementing a multi-cloud strategy.
- For complex stacks with multiple resources, deployment times can be longer, which can slow down the development process compared to Terraform.
- CloudFormation doesn’t manage state files and lacks in terms of remote state storage and state locking.
Here are a few more advantages of CloudFormation:
- Works best for new AWS services.
- Many tools help in Unit Testing for the CloudFormation templates. It makes finding errors, warnings, and other info in the code easier.
- It integrates easily with other Infrastructure-as-a-code solutions.
- Cloudformation supports conditionals, enabling the user to decide whether to create a resource.
- It provides a clear and auditable record of infrastructure changes, facilitating compliance with organizations policies.
CloudFormation | |
Advantages | Disadvantages |
Seamlessly Integrates with AWS Services | Nested stack are complex to manage. |
Implements Infrastructure as Code Principles | Stack size limit is 51 MB |
Simplifies Resource Management | Modularization of code is not as mature as in Terraform |
Offers Template-driven Infrastructure | Writing and managing large complex templates in YAML/JSON can be challenging. |
Offers Change Management | May have longer deployment times for complex stacks with multiple resources. |
Cost Management made easy | Limited cross-cloud support |
Highly Secure | |
Highly Scalable and Flexible | |
Strong Community Support and Rich EcoSystem | |
Compliance Governance and Policy Enforcement made easy |
Closing thoughts on Terraform vs CloudFormation
Having reviewed the differences between Terraform vs CloudFormation, let’s conclude this article with some meaningful tips!
Custom resources are an advantage of CloudFormation. You can use Lambda functions for this. When you associate a Lambda function with a custom resource, the function is invoked whenever the custom resource is created, updated, or deleted. AWS CloudFormation calls a Lambda API to invoke the function and pass all the request data (such as the request type and resource properties).
Lambda’s power and customizability functions combined with AWS CloudFormation enable a wide range of scenarios, such as dynamically looking up AMI IDs during stack creation or implementing and using utility functions, such as string reversal functions.
Meanwhile, in CloudFormation, it is harder to manage different environments due to the lack of workspaces. You can work around this using Parameter Inputs and conditionals.
Terraform vs CloudFormation FAQs
Terraform is a powerful tool for provisioning, maintaining, and having useful versioning on the cloud infrastructure. Terraform can manage existing and popular solutions as well as on-premise applications as well.
CloudFormation supports almost all the services on AWS. It also integrates well with serverless and all the services offered by AWS, e.g., AWS Lambda, etc.
It is free and easy to use. Terraform’s support spans across multiple cloud providers. Besides, Terraform has many in-built modules, which makes its code reusable and flexible.
Terraform has contributed a lot in the DevOps space, changing the way infrastructure is provisioned and managed. Terraform DevOps is a practice of using Terraform in DevOps framework to automate and manage infrastructure provisioning.
Yes, Terraform can be used in AWS with the help of access and secret keys.
Yes, Terraform is also free. The resources you create using Terraform on the cloud are not free. You will have to pay the fee to the cloud service provider for the resources you provision using Terraform. However, Terraform has an Enterprise edition, which comes with a price. It offers better collaboration and governance features.