If you start building your infrastructure in AWS using the IAC (Infrastructure as Code) approach you will currently find two big players in the market and you will need to choose between Terraform and AWS Cloudformation.
One product is not better than the other, in some cases the right choice is Terraform but in other scenarios AWS Cloudformation is better.
As published by hashicorp there are 3 versions:
- Terraform Open Source – Free
- Terraform Pro – Paid access but price is not published
- Terraform Premium – Paid access but price is not published , this has more features than Pro version so will be more expensive
In this article we will compare the Terraform Open Source Version and AWS CloudFormation
Strengths of Terraform vs AWS CloudFormation
- Syntax and code learning Curve: writing Terraform code is much simpler than CloudFormation. CloudFormation use JSON or YAML language, Terraform has its own HCL . This language was created for humans and it is very easy to read and write.
- The module feature: you can call a module as you do in programming when you call a function, in AWS CloudFormation there is something similar but it is much more difficult and less flexible to use.
- Comments: commenting the code is something essential in a programming language and also in IAC . The first version of CloudFormantion was JSON based and in JSON you can’t make any comment. At present there is also an YAML version where you can make comments but YAML is based on tabs and spaces and it is easier to make indentation mistakes.
- Code Organization: in Terraform it is easy to manage the code in multiple files compared to AWS CloudFormation. This feature improves a lot the organization for big infrastructures with a lot of codes.
- Official Documentation: Terraform documentation is not always so easy to read and understand but in my opinion it is much better than AWS CloudFormation.
Strengths of AWS CloudFormation vs Terraform
- The management WebConsole: it should be present in the paid versions of Terraform and provides you with the following advantages:
- You don’t need to download a program.
- You have both the source code and the state together.
- You have all the logs of the previous actions, the events, the parameters: everything is saved and available to be read even months after the run.
- You can use the editor to create your templates and dependencies, with Terraform the graph option serves the sole purpose of seeing the result and not creating the template.
- More Resources Available: once a new service comes out it needs time to implement the Terraform integration. At the moment Cognito and the integration with API Gateway with Cognito is available in CloudFormation but not in Terrarform. In this post a person complains about a problem with Redis MultiAZ configuration. There are probably other services which are not yet fully supported by Terraform.
- Automatic State File Saving: this is provided by the Webconsole , it is very important to keep the state because if you loose it you can’t delete in automatic way your infrastructure. In Terraform there is a bucket saving option which nevertheless seems not to work with MFA and in any case you are responsible for that.
- Mature/Stable bugs and examples: AWS Cloudformation is more mature and stable compared to Terraform, this is age-related and it means less bugs and more examples. You can find on the internet more examples of AWS CloudFormation but maybe this won’t be true in a near future because Terraform is growing a lot.
- Rollback: in AWS CloudFormation in case of errors during the deploy you can choose if you want rollback and destroy a part of the infrastructure that was created and start again. Or you can choose to keep it and apply an update over the existing one. In Terraform you don’t have this choice: the infrastructure is always kept and if you want to use a rollback strategy you need to run the destroy command.
- MFA Multi Factor Authentication: you can implement in Terraform using an external python library but you need to put a little bit of effort in this. In CloudFormation this is the default.
False Myth Multi-Cloud
Terraform is not multi-cloud. Terraform is multi-provider which is even better than multi-cloud (because the cloud are a sub-part of the providers), basically you can integrate together all the “services” you find in the terraform providers list.
Let’s see an example: suppose you have your dns provider in DNSMadeEasy and instead your infrastructure in Google Compute Engine, you can have a template which creates the resource in Google Compute Engine and after put the public IP or dns alias inside the DNSMadeEasy.
Of course it can be useful but most of the time AWS is your unique provider so you don’t use this feature.
Some people think “I write the code once and I deploy the same in AWS, in Azure and in Google Cloud” but this is completely wrong. In order to do that you need to rewrite the whole code, maybe you can keep the input variables but all the other parts must be re-written. Instead if you have a part of your infrastructure in AWS and another part in Azure and they need to exchange information with each other, this is achievable with Terraform.
When it is convenient to use Terraform instead of AWS CloudFormation
- If you need to deploy a big and complex project;
- If all the services with all the features that you need are available on Terraform;
- If you really need a multi-providers solution;
- If you don’t have to deliver to other teams whose aim is merely delivering with the least possible knowledge, time and effort.
When it is convenient to use AWS CloudFormation and not Terraform
- If your project it is not too complex and in my opinion is less than 15 resources;
- If you have resources which are not supported in Terraform, currently Cognito and Redis Multi AZ;
- If you have everything in AWS and you don’t have external providers to integrate that are available in Terraform;
- If you need to delivery easily to other people/teams with low knowledge and no time to learn.
- Terraform’s statements about its competitors Terraform vs Other and especially the section Terraform vs. CloudFormation, Heat;
- A critical article on why AWS CloudFormation was preferred to Terraform mainly for a Redis deployment issue;
- Some examples of advantages and disadvantages;
- Difference between Configuration Management vs Orchestration is well explained by the great gruntwork people;
- Vendor-lockin and pitfalls analysis.
Editor: Lorenza Fattor