Is Terraform better than AWS CloudFormation?

Let's outline some of the key differences between Terraform and AWS CloudFormation.

Anil Augustine Chalissery
6 min readJun 3, 2022

Introduction

When asked about the best tools to automate infrastructure provisioning, two prevalent names come to mind: Terraform and AWS CloudFormation. Infrastructure-as-Code (IaC) has become fundamental to businesses in their cloud journey. As the name implies, IaC provides the ability to define your infrastructure, typically cloud infrastructure, as code. In today’s world, where we are surrounded by companies heavily relying on cloud providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud, Building and managing cloud infrastructure manually can be quite the task and even more challenging when you’re operating as a distributed team.

Cloud providers typically offer a native infrastructure as code language that exclusively supports the deployment of resources to their cloud platform. For AWS, that offering is a service called AWS CloudFormation. There are other tools on the market, some of which are sometimes described as “cloud agnostic” due to their ability to support the deployment to multiple cloud providers. Terraform by HashiCorp is one of the most common IaC tools which is “cloud agnostic”.

What is Terraform?

Terraform is an open-source, cloud-agnostic infrastructure management tool developed by HashiCorp that enables modular configuration of infrastructure, thereby allowing you to use AWS modules and third-party modules in the same infrastructure. Terraform utilizes a syntax called the HashiCorp Configuration Language (HCL), which allows users to define their infrastructure programmatically.

In addition to the “multi-provider” support that Terraform provides, there are other benefits to consider as well such as its ability to dynamically create resources using its for_each or count features and the ability to dynamically configure properties of a resource with the dynamic block functionality. Additionally, Terraform supports built-in functions that can be called and used within your code, which become very useful for everyday tasks.

What is AWS CloudFormation?

Amazon CloudFormation is a fantastic tool that gives the development and operations team the liberty to automate AWS’s infrastructure provision easily. It is a managed AWS service that allows you to design and provision AWS and third-party resources for your cloud environment. Cloudformation handles the configuration in a JSON or YAML format called templates. These templates enable the user to attain re-usability and scalability of infrastructure. In addition to this, AWS Support will probably be more capable of assisting you with issues when you need help. AWS Support is essential for large enterprises, particularly those new to the cloud or slow to adopt.

The comparison

Now that we’ve defined these two IaC platforms, let’s review some of the key differences in more depth. When trying to determine the better of the two, you might be overwhelmed with the features they both offer. One of them could be better than the other depending on how they suit your infrastructure’s needs.

1. State Management

Both tools need to keep track of all the resources under management. CloudFormation is managing its state with so-called stacks. By default, Terraform is storing its state on disk. Terraform is offering remote state as well, for example, based on S3 and DynamoDB or Terraform Cloud. It is advisable to use a remote state when multiple users are working on the same infrastructure in parallel. CloudFormation manages state within the managed service out-of-the-box, which is a small plus compared to Terraform, where you need to configure remote state yourself.

2. Cost and Support

The best part about both these tools is that both are free of cost. Both of these tools have large communities with a lot of support and examples. Cloudformation is not billed. The only fee that users incur is the cost of AWS service provisioned by CloudFormation. Terraform is a free and open-source tool. Terraform however offers a paid enterprise version that has additional collaboration and governance options. The AWS support plans include support for CloudFormation. Hashicorp, the company behind Terraform, is offering support plans as well.

3. Cloud Providers

AWS CloudFormation, as the name suggests, is specific to Amazon Web Services. You can theoretically achieve deployment to third-party resources through the use of custom resources, but this is rather hacky, and at the end of the day those third-party resources are not truly supported by CloudFormation. On the other hand, Terraform allows you to deploy to other cloud providers as well. Granted, you won’t be able to re-use the same codebase from one cloud provider to another. At the very least, when using Terraform, you’ll have familiar syntax and methods for deploying to different cloud providers. For some companies this is a significant benefit, as being able to use the same syntax and deployment methods to deploy to multiple cloud providers is a clear plus.

4. Modularity

CloudFormation uses sets of “nested stacks” or templates as modules. These nested stacks act as building blocks for your infrastructure and allow you to import and export standard configuration settings. For example, you might have multiple configurations of resources used for different applications or infrastructure. In these cases, you can create a dedicated template for such resources that you can then import into every stack that needs the resource.

Terraform outstands when considering its modularity. HashiCorp built Terraform to be cloud-agnostic and be able to incorporate any resource. Terraform includes native support for many third-party modules. It accomplishes this via “providers,” or plugins that implement resource types. You can add any resource, AWS or third-party, by adding a provider to your configuration.

Terraform also uses modules to organize configurations. Modules allow complex configurations to remain readable by managing related parts. You can also use modules to reuse and share common configurations. Reusing modules causes fewer errors and less time to rewrite your configurations. Terraform practitioners often publish modules online. The vast community that Terraform has built allows you to tap into community knowledge and experience and dramatically reduces the time you’d spend writing and debugging configuration files.

5. Rollback

When CloudFormation fails to modify your infrastructure, it rolls back to the previous working state automatically. Terraform does not support rollbacks out of the box. Either you decide to fix the problem and deploy it again, or you have to apply the previous configuration yourself. You can also prevent a rollback by using the command terraform plan that outputs a list of all upcoming changes before actually executing them. You can also use terraform plan to complete dry runs of an update, double-check the output to ensure all changes are as expected, and then commit your changes.

Both CloudFormation and Terraform support a “prevent from deletion” feature. This safeguard ensures that you cannot delete resources in use as dependencies in other applications, thereby dramatically reducing your chances of accidentally breaking your infrastructure!

6. Built-in Functions

The ability to use built-in functions within your code can have tremendous benefits. In Terraform, you have access to many different types of functions. A few example categories of Terraform functions include numeric, string manipulation, encoding, date/time, and filesystem — and this is not the complete list! In comparison, CloudFormation is extremely limited, providing less than 15 intrinsic functions in total. The lack of helper functions can lead to annoying, complicated situations for basic tasks. For example, if you’re simply looking to obtain the date or time within your CloudFormation template, there’s no built-in function for this. Instead, you’ll need to create a custom resource within your template that calls a lambda function that returns the information you need.

The final decision on Terraform vs CloudFormation

Before determining between using CloudFormation or Terraform, consider your infrastructure’s needs and your organizational needs. Both CloudFormation and Terraform are flexible and powerful tools and offer comprehensive state management and automated logging. But they also provide different features that suit your infrastructure needs differently. If you’re mainly working with AWS resources, CloudFormation might work best for you. If your infrastructure relies on many third-party resources, Terraform might be a better fit.

Reference

--

--