Home » Tech Tips » What is Difference Between CloudFormation and Terraform?

What is Difference Between CloudFormation and Terraform?

CloudFormation

AWS CloudFormation is a managed AWS service with a common language for you to model and provision AWS and third-party application resources for your cloud environment in a secure and repeatable manner. This provides a single reference point for both AWS infrastructure mapping and development.

CloudFormation abstracts away many of the subtleties involved in managing dependencies between AWS resources. Additionally, CloudFormation allows for the modification and destruction of provisioned resources in a prescribed and predictable manner, making versioning and iterating on your infrastructure much more accessible. CloudFormation is AWS-focused and AWS-native.

With CloudFormation, you don’t need to figure out which AWS services need to be provisioned or the subtleties of how to make these dependencies connect together  — CloudFormation takes care of this for you in a siloed kind of manner. Once deployed, you can destroy and modify AWS resources in a controlled and predictable way within CloudFormation, allowing you to version control your own AWS infrastructure. This allows for iterative testing, as well as rollback (when configured properly).

cloudformation-mytechmint

Terraform

Created by HashiCorp, Terraform is an open-source infrastructure-as-code software tool that helps users with the task of setting up and provisioning data center infrastructure. A cloud-agnostic tool, Terraform codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned. It is a powerful tool that helps the employees work in IT operations, provision, upgrade, and maintain infrastructure. Terraform has its domain-specific language called Hashicorp Configuration Language (HCL). This is a fully JSON-compatible language that helps the DevOps professionals to define the infrastructure-as-a-code.

terraform-mytechmint

CloudFormation vs. Terraform

Scope

CloudFormation covers most parts of AWS and needs some time to support new service capabilities. Terraform covers most AWS resources as well and is often faster than CloudFormation when it comes to supporting new AWS features. On top of that, Terraform supports other cloud providers as well as 3rd party services. A shortened list of vendors supported by Terraform: Google Cloud Platform, Azure, GitHub, GitLab, Datadog, many more.

cloudformation-terraform-scope-mytechmint

Multi-Cloud Integration

If you are looking to provision services on multiple cloud platforms, Terraform is your go-to option. While Terraform supports all cloud vendors like AWS, GCP, Azure, and many others, CloudFormation is confined only to AWS. So, in case your environment involves multiple cloud deployments, Cloudformation is not for you. Suppose you are using AWS resources like EC2, S3, etc., you are best advised to stick to Cloudformation.

To deal with AWS’s compatibility, the latest version of Terraform now fully supports all the services in AWS. This version of Terraform is considered to be at par with CloudFormation to manage AWS cloud resources.

Language

Terraform uses HashiCorp Configuration Language (HCL), a language built by HashiCorp. It is fully compatible with JSON and was created to strike a balance between human-friendly and machine-friendly languages while remaining interpretable to humans.

AWS CloudFormation utilizes either JSON or YAML, with the YAML version being slightly easier to read (as well as more compact). CloudFormation also has a limit of 51,000 bytes for the template body itself. If a larger template is needed, AWS advises developers to separate resources into nested stacks.

State Management

With both CloudFormation and Terraform, you need to keep track of all resources under management.

With CloudFormation, users can perform regular drift detection on their entire provisioned infrastructure, and receive detailed responses if anything has changed. Some resources in a CloudFormation stack are able to have parameters changed without destroying and rebuilding the targeted resource, while others are considered immutable and will be rebuilt.  Additionally, before CloudFormation will delete a resource, it will determine dependencies and fail the command if any exist (which would remain after resource removal).

Terraform stores the state of the infrastructure on the provisioning computer, or in a remote site (for team use). This state file is a custom JSON format that serves as a map for Terraform, describing which resources it manages, and how those resources should be configured.

Since CloudFormation is a managed AWS service, it does this for you. CloudFormation will consistently check the infrastructure it has provisioned to detect if it is maintaining that state and configuration.  If you’re using Terraform, it stores its state on a local disk, and there is a remote state option, which writes the state data to a remote data store, to be shared between all members of a team. The remote state supports Amazon S3, but you need to configure it yourself.

Configuration

CloudFormation and Terraform differ in how they handle configuration and parameters.

Terraform uses provider-specific data sources. The implementation is in a modular fashion, allowing data to be fetched or computed for use elsewhere in a Terraform configuration. This lets a Terraform configuration make use of information defined outside of Terraform (such as an Elastic IP address), to update or provision infrastructure.

CloudFormation uses parameters and has a maximum of 60 parameters per template. Each parameter must have a logical and unique ID among all others in the template. The parameters must be of a type supported by CloudFormation and they have to be provided at the stack’s runtime. Additionally, each parameter must be declared and referenced from within the same template. CloudFormation does have the capability to use Dynamic References to retrieve parameters at runtime from AWS Systems Manager parameter store if one has been configured properly.

Modularity

In the constantly changing world of infrastructure requirements,  flexibility is key. CloudFormation and Terraform have unique ways of addressing this need.

Terraform has modules, which are containers for multiple resources that are used together. Modules allow developers to abstract their infrastructure into reusable, shareable code and increases iteration speed for teams (much like functions do in a programming language like Ruby).

CloudFormation utilizes a system called “nested stacks.” That is, CloudFormation templates being called from within CloudFormation templates. These nested stacks can further be abstracted into StackSets. It should be noted that StackSets require additional permissions, beyond those of normal AWS CloudFormation.

A benefit of Terraform is increased flexibility over CloudFormation with regards to modularity. Terraform modules can be pulled in for any provider supported, or organizations can roll their own.

Conversely, in a multi-cloud or hybrid environment, CloudFormation doesn’t easily allow users to provision or natively coordinate non-AWS resources. It’s not impossible, as there is a custom resource feature in CloudFormation, but it requires additional templating and design to bring in third-party resources, or those AWS services not available organically.

Ease of Use

While CloudFormation is confined to the services offered by AWS, Terraform spans across multiple Cloud Service Providers like AWS, Azure, Google Cloud Platform, and many more, Terraform covers most of the AWS resources.

Cost

The best part about both these tools is that both are free of cost. Both of these tools have large communities with a lot of support and examples. Cloudformation has no price. The only fee that users incur is the cost of AWS service provisioned by CloudFormation. Terraform is a free and open-source tool. Terraform however offers a paid enterprise version that has additional collaboration and governance options.

How to use Terraform?

Let’s look at an example where we will see how we can provision EC2 instances using Terraform on AWS. Now, let’s see the configuration part.

Pre-requisites:

1. AWS account
2. Terraform CLI
3. AWS credential configured locally. The credentials can be stored in a file, and the path can be specified on the provider.

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 2.70"
    }
  }
}
provider "aws" {
  profile = "default"
  region  = "us-west-2"
}
resource "aws_instance" "example" {
  ami           = "ami-830c94e3"
  instance_type = "t.2.micro"
}

This configuration implies that Terraform is ready to create an EC2 instance. This configuration should be copied in a .tf file, and then it can be executed.

How to use CloudFormation Templates?

The first and foremost pre-requisite for using CloudFormation is that you need a template that specifies the resources you want in your stack.

Below is an example of a CloudFormation template to provision an EC2 instance:

   "Ec2Instance" : {
      "Type" : "AWS::EC2::Instance",
      "Properties" : {      {"
        "ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", {
"Ref" : "AWS::Region" } ,
                                          { "Fn::FindInMap" : [
"AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ]  }  ]  },
        "KeyName" : { "Ref" : "KeyName" },
        "InstanceType" :  { "Ref"   :  "InstanceType"  }, 
        "SecurityGroups"  : [{ "Ref"  : "Ec2securityGroup"  }] , 
        "BlockDeviceMappings"  : [
          {   
            "DeviceName" : "/dev/sdal",
            "Ebs" : { "VolumeSize  : "50" }
          },{
            "DeviceName" : "/dev/sdm",
            "Ebs" : { "VolumeSize" : "100"  }
          }
        ]
      }
    }

Terraform

Advantages

  1. Terraform modules allows us to separate resources into dedicated and re-usable templates.
  2. You can use specific versions and different branches of the same module, so changing it to add new features is more straightforward, which provides flexibility.
  3. Terraform has a robust CLI that makes it easier to see the infrastructure’s status through simple commands.
  4. Terraform supports multi-cloud integration. Users can use Terraform to deploy applications on multiple cloud platforms.
  5. It simplifies the management and orchestration of multi-tier infrastructure. CloudFormation also has the same advantage when it comes to infra management and orchestration.

Other Advantages:

  • Terraform supports a lot of security and unit testing tools like Terraform Lint, etc.
  • Terraform does support conditionals.
  • Terraform has workspaces, which makes it easier to manage multiple environments.
  • Terraform supports multiple plugins. These plugins help a lot in extending the core functionalities of Terraform.
  • The local_exec provisioner allows you to run the commands locally. This further extends Terraform’s functionality allowing you to run bash, PowerShell, Python scripts before running .tf files.

Disadvantages

  1. When AWS launches new services, it takes longer to get compliance checks in Terraform.
  2. The learning curve in Terraform is steeper as compared to CloudFormation.
  3. Security of “state files” is a concern. The users need to ensure that the state files are handled in the remote backend because they have confidential information.
  4. In addition to security, state files are a concern because managing the resources is impossible if the terraform state is ever lost; using a backend to store the state files is a best practice

CloudFormation

Advantages

  1. Works best for new AWS services.
  2. YAML is friendly and easier to use and configure.
  3. Many tools help in Unit Testing for the CloudFormation templates. It makes it easier to find errors, warnings, and other info in the code.
  4. It integrates easily with other Infrastructure-as-a-code solutions.
  5. Cloudformation supports conditionals, which enables the user to decide whether to create a resource or not.

Disadvantages

  1. Nested stacks are not as good as Terraform. It is a bit more challenging to implement and manage. CorssStacks references, the DependsOn attribute, or the GetAtt function can help manage the outputs of one template as the input to another template.
  2. There is a size limit of 51MB on the stacks that don’t work in the developers’ favor all the time.
  3. Modularization of code in CloudFormation is not as mature as Terraform. This is a very new feature that has been introduced by AWS in CloudFormation.

1 thought on “What is Difference Between CloudFormation and Terraform?”

Leave a Comment