IaC (Infrastructure-as-Code), as the name implies, is a process of creating and managing infrastructure using code. The coded infrastructure is easy to scale, maintain, document and replicate. IaC has some challenges, but automated provisioning and configuration are faster and better than manual deployments.

Cloud providers often maintain an IaC tool that exclusively supports the resource deployment on their cloud platform, for example, AWS CloudFormation to deploy AWS resources. However, there are other tools independent of any cloud provider. One such IaC tool is Terraform.

When managing AWS resources, you might find it difficult to decide between Terraform and CloudFormation. Hopefully this article will bring clarity to the Terraform vs. CloudFormation discourse.

AWS CloudFormation is a native AWS service that enables users to create, provision and manage Amazon resources, making it easier to manage, monitor and test the infrastructure built on AWS.

Terraform is a popular open source cloud-agnostic IaC tool maintained and developed by HashiCorp. It allows infrastructure creation, updating and provisioning by connecting multiple cloud providers.

Let’s compare Terraform and CloudFormation based on the following criteria:

One use case of IaC is the modularity that allows repeatability and quick provisioning.

Terraform modules are groups of resources assigned to perform one task and that can be reused for similar infrastructure components. You can create your custom modules and use the ones developed by the community.

CloudFormation’s stack is similar to modules but is less flexible. You can import and export the AWS configurations as stacks, but automatic provisioning and nested stacks hide the configuration’s details.

Terraform brings many inbuilt functions to IaC that can be used to manipulate the data and provide the possibilities to combine, transform or operate on provided values. Terraform’s function list is extensive and includes numeric, string manipulation and filesystem. However, you cannot create custom functions.

CloudFormation provides fewer than 15 functions, which are insufficient to manage large-scale infrastructure. The lack of inbuilt functions leads to additional work — you have to create custom resources within the template and call a lambda function to fetch them.

CloudFormation uses JSON and YAML, which are popular among developers. Hence, there is no (or less of a) learning curve. Terraform’s HashiCorp Configuration Language (HCL) syntax is readable and easy to learn, yet it’s still one “new thing.”

One significant difference between Terraform and CloudFormation is that Terraform supports multiple clouds and providers, including Google, AWS and Azure, while CloudFormation is confined to AWS resources.

Terraform supports all AWS resources, but we shouldn’t be surprised that new AWS resources types are supported in CloudFormation first.

Terraform has a state file that stores the information of infrastructure and works as a map for all the Terraform resources. By default, state is stored on a virtual machine or a remote computer, so collaboration is nearly impossible. Many organizations adopt a GitOps approach by using a version control provider, an Amazon S3 bucket or Spacelift’s managed state feature.

With CloudFormation, you do not have to worry about it. AWS consistently governs the infrastructure and shows a detailed message if there is any change in state.

Both Terraform and CloudFormation ensure that you do not accidentally delete the resources used in other applications.

CloudFormation backs up the infrastructure state before deleting it. If an update or modification breaks the infrastructure, it will automatically roll back to the last working state.

In Terraform, you must manually deploy the fixes and roll them to the previous configuration. But you can run tests to check the output after applying the update. You can commit the changes once you find the output is satisfactory.

If you are new and using AWS for the entire infrastructure, the knowledge base and AWS expert support would fill your team’s skill gap. You will sleep peacefully knowing the AWS team is available to help you with any issue.

There is a large and active community behind Terraform that provides best effort support, but it comes with lots of misinformation and context-based solutions. Hashicorp offers native support for HCL via managed service offerings.

AWS CloudFormation and Terraform are the most popular but are not the only IaC tools in the market. There is Azure Resource Manager and Bicep from Microsoft, while Google provides Deployment Manager and first-class support for Terraform. Pulumi takes a unique approach by supporting various programming languages to deploy infrastructure resources. The traditional IT automation solutions like Ansible, Chef and Puppet also provide some IaC capabilities. But every tool has its own set of benefits and complications.

Many organizations build custom tools and later discover these custom IaC languages are difficult to scale, have compliance issues and have high maintenance costs.

Spacelift is a sophisticated CI/CD tool for Infrastructure-as-Code and was purpose-built to support complex organizational and infrastructure requirements. Spacelift supports multiple IaC languages and frameworks, including CloudFormation and Terraform, which allows you to standardize your deployment processes and compliance requirements across all of your IaC languages.

CloudFormation is a better option if your entire infrastructure is on AWS and there are no plans to go multicloud. If you are new to AWS services, native support would be beneficial. It is built by AWS and has faster AWS-related updates. It also uses JSON and YAML, so there is no learning curve as opposed to HCL.

Terraform is the best option if you are using or planning to use multicloud resources and would like faster processing. The modular approach allows you to create reusable templates, which speed up the configuration. Moreover, Terraform comes with an extensive set of functions that CloudFormation lacks, which is helpful in faster provisioning.

But what is best for you depends on your requirements. I recommend selecting the IaC tools after evaluating your application’s infrastructure strategy.

TNS owner Insight Partners is an investor in: Spacelift, Docker.