Terraform vs CloudFormation

Infrastructure as code (IaC) tools is in trend nowadays that allow for managing infrastructure with configuration files instead of using a graphical user interface. Using this, we can create, modify, and manage infrastructure in a secure, consistent, and repeatable way by specifying resource configurations that you can reuse, version, and share. For better handling this, two services are used that is Terraform by HashiCorp and AWS CloudFormation. 

Where Terraform is an AWS Partner Network (APN) Advanced Technology Partner and member of the AWS DevOps Competency. Both of these are used for creating, updating, and versioning Amazon Web Services (AWS) infrastructure. But, which one to go with? To find an answer for this, in this blog, we will compare both these services by understanding their features, uses, and differences. So, let’s begin with an overview of both services.

Primary difference between Terraform and CloudFormation

Terraform and AWS CloudFormation are both infrastructure as code (IaC) tools used to manage and provision resources in the cloud, but there are some key differences between the two.

The primary difference between Terraform and CloudFormation is that Terraform is a platform-agnostic tool that supports multiple cloud providers and on-premises resources, while CloudFormation is an AWS-specific tool that only works with resources in the AWS cloud.

Some other differences between the two tools include:

1. Configuration syntax: Terraform uses its own syntax for defining resources and infrastructure, while CloudFormation uses JSON or YAML.
2. Resource support: Terraform has a broader range of resource support, including resources from multiple cloud providers and on-premises resources, while CloudFormation only supports resources in the AWS cloud.
3. Resource dependencies: Terraform allows for more flexible resource dependencies, while CloudFormation has stricter dependencies that must be defined in a specific order.
4. Preview and validation: Terraform provides a preview of changes before applying them, while CloudFormation provides validation of templates before creating or updating stacks.
5. State management: Terraform stores resource state in a local file or remote backend, while CloudFormation stores resource state in the AWS CloudFormation stack.

In summary, while both Terraform and CloudFormation are powerful IaC tools used for managing and provisioning cloud resources, Terraform is a more platform-agnostic tool that supports multiple cloud providers and on-premises resources, while CloudFormation is an AWS-specific tool that only works with resources in the AWS cloud.

What is Terraform?

Terraform is an infrastructure as a code tool provided by HashiCorp used for defining resources and infrastructure in human-readable, declarative configuration files, and managing infrastructure’s lifecycle. However, Terraform has several advantages over manually managing your infrastructure, for example:

• Firstly, Terraform can manage infrastructure on multiple cloud platforms.
• Secondly, the human-readable configuration language helps in quickly writing infrastructure code.
• Thirdly, Terraform’s state enables tracking of resource changes throughout your deployments.
• Lastly, you can commit your configurations to version control for safely collaborating on infrastructure.

Glossary: Terraform

Here are some key terms and concepts related to Terraform:

1. Infrastructure as code (IaC): A methodology for managing infrastructure resources using code.
2. Terraform: An open-source IaC tool for managing infrastructure resources.
3. Provider: A plugin that allows Terraform to interact with a specific cloud provider, such as AWS or Google Cloud.
4. Resource: An infrastructure component that is managed by Terraform, such as a virtual machine, database, or network interface.
5. Module: A self-contained set of Terraform configuration files that can be reused across multiple projects or environments.
6. State file: A file that stores the current state of managed infrastructure resources, including their attributes and dependencies.
7. Plan: A preview of changes that Terraform will make to the infrastructure resources when applied.
8. Apply: The process of creating or modifying infrastructure resources based on a Terraform configuration.
9. Destroy: The process of deleting infrastructure resources managed by Terraform.
10. Provisioner: A tool or script that is used to perform additional configuration tasks on resources after they are created.
11. Input variables: Variables that can be passed to a Terraform configuration file to customize the infrastructure resources created.
12. Output variables: Variables that are generated by a Terraform configuration file and can be passed to other resources or scripts.
13. Backends: A mechanism that allows Terraform to store the state file remotely, such as in a cloud storage bucket or a version control system.
14. Terraform Cloud: A service provided by HashiCorp that allows for collaboration, remote state management, and automation of Terraform workflows.

These are just some of the key terms and concepts related to Terraform. For a more comprehensive glossary, you can refer to the Terraform documentation.

Why use Terraform?

Terraform is used for:

1. Managing any infrastructure

Terraform comes with plugins known as providers that allow you to interact with cloud platforms and other services through application programming interfaces (APIs). HashiCorp and the Terraform community have written many providers for managing resources on AWS, Azure, GCP, Kubernetes, Helm, GitHub, Splunk, and DataDog, etc. 

2. Standardizing your deployment workflow

Providers in Terraform specifies individual units of infrastructure like computing instances or private networks, as resources. However, you can also create resources from various providers into reusable Terraform configurations known modules. Then, manage them using a consistent language and workflow.

Further, Terraform’s configuration language is declarative. That is to say, it explains the desired end-state for your infrastructure, in contrast to procedural programming languages that need step-by-step instructions for performing tasks. Terraform providers have the ability to automatically calculate dependencies between resources for creating or destroying them in the correct order.

3. Tracking your infrastructure

Terraform always keeps a track of real infrastructure in a state file, which acts as a source of truth for your environment. Moreover, it utilizes the state file for determining the modifications to make to your infrastructure for matching your configuration.

4. Collaborating

Terraform allows collaboration on your infrastructure with its remote state backends. However, while using Terraform Cloud, you can securely share your state with your teammates, thus providing a stable environment for Terraform to run in. And, preventing race conditions when multiple people make configuration changes at once.

Further, you can also connect Terraform Cloud to version control systems (VCSs) like GitHub, GitLab, and others for automatically proposing infrastructure changes when you commit configuration changes to VCS. 

Working of Terraform

Terraform enables infrastructure to be demonstrated as code in a simple, human-readable language known as HCL (HashiCorp Configuration Language). However, for deploying infrastructure with Terraform use:

• Scope – Identifying the infrastructure for your project.
• Author – Writing the configuration for your infrastructure.
• Initialize – Installing the plugins Terraform needs for managing the infrastructure.
• Plan – Previewing the changes Terraform will make for matching your configuration.
• Apply – Making the planned changes.

To better understand:

Delivering Infrastructure as Code

1. Write

Writing infrastructure as code using declarative configuration files. HashiCorp Configuration Language (HCL) enables concise descriptions of resources using blocks, arguments, and expressions.

2. Plan

Running terraform plan for checking whether the execution plan for a configuration matches your expectations before provisioning or changing infrastructure.

3. Apply

Apply changes to hundreds of cloud providers with terraform apply for reaching the desired state of the configuration.

Features of Terraform

The features of Terraform include:

1. Writing declarative config files

There is no requirement for creating new resources, managing existing ones, and destroying. This can be done by defining infrastructure as code for managing the full lifecycle.

2. Installable modules

Automatically downloading and installing community or partner modules from the registry with terraform init.

3. Plan and predict changes

Terraform enables operators to securely and predictably make changes to infrastructure, with clearly planned resource dependencies and separation of the plan and apply.

4. Dependency graphing

You can easily create terraform plan, refresh state, and more, with Terraform config dependency graphing.

5. State management

Plan real-world resources to your configuration by keeping tabs on metadata, and improving performance for big infrastructures.

6. Provision infrastructure in familiar languages

CDK for Terraform (experimental) allows you to specify infrastructure code in TypeScript, Python, Java, C#, and Go, using the many existing Terraform providers and HCL Terraform modules.

7. Terraform Registry with 1000+ providers

Select from an array of providers for your cloud platforms and services. Then, add them to your configuration and use their resources for provisioning infrastructure.

What is AWS Cloud​Formation?

AWS CloudFormation provides a simple way for modeling a collection of related AWS and third-party resources by quickly provisioning and managing them throughout their lifecycles, by managing infrastructure as code. CloudFormation includes a template that explains the desired resources and their dependencies for launching and configuring them together as a stack. Further, you can use a template for creating, updating, and deleting an entire stack as a single unit. And, you can also manage and provision stacks over multiple AWS accounts and AWS Regions.

Glossary: CloudFormation

Here are some key terms and concepts related to AWS CloudFormation:

1. Infrastructure as code (IaC): A methodology for managing infrastructure resources using code.
2. AWS CloudFormation: An AWS-native IaC tool for managing AWS infrastructure resources.
3. Stack: A collection of AWS resources that are created, updated, or deleted together as a single unit.
4. Template: A JSON or YAML file that describes the AWS resources to be created and their configurations.
5. Resource: An infrastructure component that is managed by CloudFormation, such as a virtual machine, database, or network interface.
6. Output: A value that is generated by a CloudFormation stack and can be passed to other AWS resources or scripts.
7. Parameter: A value that is passed to a CloudFormation template to customize the infrastructure resources created.
8. Change set: A preview of changes that CloudFormation will make to the infrastructure resources when executed.
9. Stack policy: A policy that defines the permissions and restrictions for making changes to a CloudFormation stack.
10. Nested stack: A stack that is created as a resource within another stack.
11. Rollback: The process of undoing changes made to a CloudFormation stack.
12. AWS CloudFormation Designer: A visual tool for designing CloudFormation templates.
13. Drift: The process of detecting and reconciling differences between the expected and actual configurations of AWS resources.
14. AWS CloudFormation StackSets: A service that enables you to create, update, or delete CloudFormation stacks across multiple accounts and regions with a single CloudFormation template and set of parameters.

These are just some of the key terms and concepts related to AWS CloudFormation. For a more comprehensive glossary, you can refer to the AWS CloudFormation documentation.

Why use CloudFormation?

CloudFormation is used for:

1. Automating best practices

CloudFormation allows you to apply DevOps and GitOps best practices using largely adopted processes like starting with a git repository and deploying through a CI/CD pipeline. And, using pipeline integrations like GitHub Actions and AWS CodePipeline you can simplify auditing modifications and also trigger automated deployments.

2. Scaling your infrastructure worldwide

Share CloudFormation templates for managing resource scaling. These as a result are used over your organization, for meeting safety, compliance, and configuration standards over AWS accounts and regions. However, templates and parameters allow easy scaling for sharing best practices and company policies. Additionally, CloudFormation StackSets also allow you for creating, updating, or deleting stacks across multiple AWS accounts and regions, with a single operation.

3. Integrating with other AWS services

You can combine CloudFormation with other AWS services for automating resource management across your organization including,

• Identity and Access Management (IAM) for access control in AWS
• AWS Config for compliance
• Lastly, AWS Service Catalog for turnkey application distribution and additional governance controls. 

4. Managing third-party and private resources

Using CloudFormation, you can model, provision, and manage third-party public or private application resources alongside your AWS resources. Moreover, you can utilize the open-source CloudFormation CLI for creating your own CloudFormation resource types.

5. Contributing to CloudFormation with the community

The AWS CloudFormation GitHub organization provides open-source projects that are used for creating CloudFormation’s capabilities. Moreover, you can systematically build resource providers for automating the creation of cloud infrastructure using the CloudFormation Registry and CloudFormation CLI.

Further, you check CloudFormation templates for policy compliance (using cfn-guard) or validate the use of best practices (using cfn-lint) using CloudFormation GitHub projects.

6. Extending CloudFormation with third-party resource types

In the CloudFormation Public Registry, you get an option for discovering, provisioning and managing third-party resources published by AWS Partner Network (APN) Partners and the developer community. Further, for simplifying the building of your cloud infrastructure the Public Registry provides a managed catalog of extensions.

Working of CloudFormation:

What are the features of CloudFormation?

AWS CloudFormation includes features such as:

1. Extensibility

In the CloudFormation Public Registry, you get an option for discovering, provisioning and managing third-party resources published by AWS Partner Network (APN) Partners and the developer community. Some examples of third-party resources are incident management, and version control tools, monitoring team productivity, and more.

2. Cross account & cross-region management

CloudFormation StackSets provides access for provisioning a common set of AWS resources over multiple accounts and regions. This can be done with a single CloudFormation template. Moreover, the StackSets also takes care of automatically and safely provisioning, updating, or deleting stacks.

3. Authoring with JSON/YAML

CloudFormation allows the modeling of your entire cloud environment in text files. Moreover, you can use open-source declarative languages like JSON or YAML for explaining what AWS resources you want for creating and configuring. Further, if you prefer to design visually, then start using AWS CloudFormation Designer for helping in getting start with AWS CloudFormation templates.

4. Authoring with familiar programming languages

You have the option to specify your cloud environment with the AWS Cloud Development Kit (AWS CDK) using TypeScript, Python, Java, and .NET. However, AWS CDK is use for modeling cloud application resources with familiar programming languages and can be consider as an open-source software development framework. And, it can provision your infrastructure using CloudFormation from your IDE. Further, CDK provides high-level components that preconfigure cloud resources with defaults. This as a result will allow you to create cloud applications without any requirement of being an expert. Learn more about AWS CDK.

5. Build serverless applications with SAM

AWS Serverless Application Model (SAM) refers to an open-source framework that helps in creating serverless applications faster and provides shorthand syntax for expressing functions, APIs, databases, and event source mappings. Moreover, you can specify the application you want in just a few lines per resource and model it using YAML.

6. Safety controls

CloudFormation helps in automating provisioning and updating your infrastructure in a secure way. There are no manual steps or controls that can lead to errors. Moreover, you can use Rollback Triggers for defining the CloudWatch alarms that CloudFormation should monitor during the stack creation and update process.

Further, you can even preview the modifications using ChangeSets that CloudFormation plans to make to your infrastructure and application resources prior to execution for accurate deployments. CloudFormation determines the operations for executing provisions resources in the most efficient way possible. And, if in any case there is an error it rolls back automatically.

6. Preview changes to your environment

AWS CloudFormation Change Sets provides you access for previewing the proposed modifications stack process that can affect your running resources. For example, for checking whether your changes will delete or replace any critical resources.

7. Dependency management

AWS CloudFormation has the ability for managing dependencies automatically between your resources during stack management actions. That is to say, there is no need for worrying about specifying the order in which resources are create, update, or delete.

Summarizing:

Terraform	CloudFormation
Terraform can stores the infrastructure state on disk by default and remotely. For remotely, Terraform uses flexible versioning for developing the infrastructure in parallel.	AWS CloudFormation provisions resource automatically and can collect AWS resources and dependencies and wrap them into stacks.
Terraform comes with support for many third-party modules that can be achieved using providers or plugins implementing the resource types. So, it can add any resource, AWS or third-party using a provider to your configuration.	CloudFormation uses nested stacks or templates as modules. These can be referred to as building blocks for infrastructure used for importing and exporting basic configuration settings.
Terraform offers deletion protection.	CloudFormation offers deletion protection.
Terraform does not have the support of automatic rollbacks. That is to say, you can deploy fixes manually to a previous configuration that worked. Further, you can use the command terraform plan for avoiding a rollback. This outputs a list of all upcoming changes before executing them.	CloudFormationhas the ability to back up data stores before deleting or changing them. This can automatically roll back your infrastructure to its previous working state.
Terraform uses Hashicorp’s proprietary language called HCL  (Hashicorp Configuration Language). But, this is also compatible with JSON language.	CloudFormation has the option to either use JSON or YAML. This makes it easy to read and manage.
Terraform has the support for reading secrets from remote backends and environment files.	CloudFormation has the ability for importing encrypted secrets from AWS Secrets Manager and AWS SSM. But, the secret values are never stored in CloudFormation.
Terraform is an open-source and free tool that provides a paid enterprise version that has additional collaboration and governance options.	Cloudformation has no price and the only fee that users experience is the cost of AWS service provisioned by CloudFormation.

Terraform vs Cloudformation:In what capacity do they fit into your system?

Terraform and AWS CloudFormation are both infrastructure as code (IaC) tools that can help you manage and provision resources in the cloud. Choosing the right tool for your infrastructure depends on your specific needs and requirements.

Here are some general guidelines to help you decide where Terraform and CloudFormation fit in your infrastructure:

1. Platform support: If you have a multi-cloud or hybrid cloud environment, Terraform may be a better choice, as it supports multiple cloud providers and on-premises resources. If you are only using AWS, CloudFormation may be a more natural fit.
2. Resource support: Terraform has a broader range of resource support, including resources from multiple cloud providers and on-premises resources, while CloudFormation only supports resources in the AWS cloud. If you need to manage resources outside of AWS, Terraform may be a better choice.
3. Configuration syntax: Terraform uses its own syntax for defining resources and infrastructure, while CloudFormation uses JSON or YAML. If you have a preference for one syntax over the other, that may influence your decision.
4. State management: Terraform stores resource state in a local file or remote backend, while CloudFormation stores resource state in the AWS CloudFormation stack. If you prefer to manage resource state locally or want to use a remote backend, Terraform may be a better choice.
5. Preview and validation: Terraform provides a preview of changes before applying them, while CloudFormation provides validation of templates before creating or updating stacks. If you need to validate your templates before deploying them, CloudFormation may be a better choice.

In summary, both Terraform and CloudFormation are powerful IaC tools that can help you manage and provision resources in the cloud, but the choice of which tool to use depends on your specific needs and requirements.

Final Words

Both CloudFormation and Terraform are powerful Infrastructure as Code (IaC) tools that are providing solutions in many ways. So, if you have to choose one out of these then go through the blog and understand both services. After that, select the one that completely matches your requirements.