With modern software engineering, Terraform Cloud and AWS CloudFormation is becoming increasingly important. For those unfamiliar with it, these are tools in which cloud infrastructure is provisioned and managed using an automated typed language rather than a manual ClickOps approach.
For example, consider the following architecture diagram:
There are two ways to provision the infrastructure for this app:
- By navigating the GUI on AWS
- By using a typed IaC tool.
If you were navigating the GUI, you’d have to manually provision resources one by one, create the interconnectivity requirements necessary, and configure the app manually. This is time-consuming. Instead, you can leverage a typed IaC tool such as Terraform or CloudFormation to define your infrastructure as a code file and automatically provision the infrastructure with a single command.
By using IaC tools, teams can rapidly adopt DevOps, which helps create the necessary synergy between Ops and Dev teams to boost productivity and efficiency.
Two main tools that are heavily used in the industry for IaC are Terraform and AWS CloudFormation. Let’s look at each tool in greater detail to understand what’s right for you.
What Is Terraform Cloud and How Does It Work?
Terraform is an IaC tool created by Harshicorp that can be used to provision and manage your cloud infrastructure. It doesn’t necessarily have to be cloud infrastructure; Terraform can automate anything. For example, you can write a Terraform script to build a Docker image, create a text file, and more.
When it comes to provisioning cloud infrastructure, Terraform is often sought after. Most companies don’t rely on a single cloud for their applications; most have solutions that span multiple clouds.
In such cases, teams will need to manage infrastructure across several clouds. Terraform is a cloud-agnostic tool that lets teams manage infrastructure across any cloud, including AWS, GCP, Azure, and more.
The snippet below showcases a Terraform script:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
provider "aws" { region = "us-east-1" } resource "aws_api_gateway_rest_api" "my_api" { name = "MyAPI" description = "API Gateway provisioned via Terraform" } resource "aws_api_gateway_resource" "my_resource" { rest_api_id = aws_api_gateway_rest_api.my_api.id parent_id = aws_api_gateway_rest_api.my_api.root_resource_id path_part = "myresource" } resource "aws_api_gateway_method" "my_method" { rest_api_id = aws_api_gateway_rest_api.my_api.id resource_id = aws_api_gateway_resource.my_resource.id http_method = "GET" authorization = "NONE" } resource "aws_api_gateway_integration" "mock_integration" { rest_api_id = aws_api_gateway_rest_api.my_api.id resource_id = aws_api_gateway_resource.my_resource.id http_method = aws_api_gateway_method.my_method.http_method type = "MOCK" request_templates = { "application/json" = "{\"statusCode\": 200}" } } resource "aws_api_gateway_deployment" "my_deployment" { depends_on = [aws_api_gateway_method.my_method] rest_api_id = aws_api_gateway_rest_api.my_api.id stage_name = "prod" } output "api_gateway_invoke_url" { value = "https://${aws_api_gateway_rest_api.my_api.id}.execute-api.${var.region}.amazonaws.com/prod/myresource" } |
The snippet above showcases an Terraform script written using HCL that provisions an API Gateway and outputs a deployment that can be invoked via the public internet.
All you’d have to do is deploy the script using terraform apply.
What Is AWS CloudFormation and When Should You Use It?
AWS CloudFormation is a managed AWS service that lets teams manage their application infrastructure primarily within an AWS ecosystem. However, CloudFormation also offers support for managing third-party resources through the CloudFormation public registry.
Teams can work on their CloudFormation script and upload it to the AWS CloudFormation service to deploy the necessary infrastructure on the AWS Cloud. One good thing about this is that you don’t need to remember the order in which services must be provisioned. AWS CloudFormation will take care of that for you automatically and create the required tree.
The snippet attached below showcases a simple CloudFormation script:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
AWSTemplateFormatVersion: '2010-09-09' Description: CloudFormation template to provision an API Gateway Resources: MyApiGateway: Type: AWS::ApiGateway::RestApi Properties: Name: MyAPI Description: API Gateway provisioned via CloudFormation FailOnWarnings: true MyApiGatewayResource: Type: AWS::ApiGateway::Resource Properties: ParentId: !GetAtt MyApiGateway.RootResourceId PathPart: myresource RestApiId: !Ref MyApiGateway MyApiGatewayMethod: Type: AWS::ApiGateway::Method Properties: RestApiId: !Ref MyApiGateway ResourceId: !Ref MyApiGatewayResource HttpMethod: GET AuthorizationType: NONE Integration: Type: MOCK RequestTemplates: application/json: '{"statusCode": 200}' MyApiGatewayDeployment: Type: AWS::ApiGateway::Deployment DependsOn: MyApiGatewayMethod Properties: RestApiId: !Ref MyApiGateway StageName: prod Outputs: ApiGatewayInvokeURL: Description: Invoke URL for the API Gateway Value: !Sub "https://${MyApiGateway}.execute-api.${AWS::Region}.amazonaws.com/prod/myresource" |
The snippet above provisions an AWS API Gateway, Resource, GET Method and a Deployment of the API using a YAML template and outputs the invocation URL so that users can immediately test out the API upon deployment.
Terraform Cloud vs AWS CloudFormation: A Feature-by-Feature Breakdown
How Each Tool Manages Infrastructure State
Terraform manages infrastructure state using a state file (terraform.tfstate). This file records the current state of deployed resources, helping Terraform understand what changes need to be applied. The state file can be stored locally or in a remote backend (such as AWS S3 with DynamoDB for locking). This allows teams to collaborate efficiently without conflicts.
Additionally, Terraform’s state management gives users more control over tracking changes, however it also comes with risks. For example:
- If the state file is lost or corrupted, recovering it can be challenging.
- Terraform doesn’t automatically reconcile the actual infrastructure state with the state file, drift detection requires running terraform plan manually.
However, this is where tools like ControlMonkey come into play. Control Monkey is able to spin up, automate and govern your cloud infrastructure while monitoring drift.
CloudFormation, on the other hand, automatically manages the state of resources within AWS. The AWS Management Console provides visibility into stack updates, rollbacks, and deletions. Since CloudFormation keeps track of the entire stack’s history, manual state management is unnecessary.
A major advantage of CloudFormation is built-in drift detection. AWS automatically notifies users when infrastructure deviates from the defined CloudFormation stack, allowing proactive remediation. Since CloudFormation’s state is stored natively within AWS, there’s no risk of losing state files.
Terraform Cloud Pricing vs AWS CloudFormation: What’s the Real Cost?
Terraform is free to use. However, if teams want enterprise features such as policy enforcement, team collaboration, or remote execution, they may need to use Terraform Standard or Terraform Plus, both of which are paid services.
The costs associated with Terraform mainly come from:
- State management – Storing the state in an AWS S3 bucket with DynamoDB (for locking) incurs minor costs.
- Infrastructure drift detection – Terraform doesn’t automatically detect drift, so users might need external monitoring solutions.
On the other hand, AWS CloudFormation is free to use. Users only pay for the AWS resources they provision through CloudFormation. There are no additional charges for managing infrastructure stacks, updating resources, or using AWS drift detection.
However, one indirect cost of using CloudFormation is the execution time of the overall deployment. CloudFormation stacks sometimes can take a longer to deploy than Terraform due to AWS handling rollback processes. If an update fails, AWS may revert changes, prolonging deployment times and leading to higher infrastructure costs.
Scripting Language Differences: Terraform HCL vs AWS CloudFormation YAML
Terraform uses HCL (HashiCorp Configuration Language), which is a declarative language designed for infrastructure as code (IaC). HCL is readable, supports variables, loops, and conditionals, and integrates well with modules to promote reusability.
Consider the HCL snippet shown below:
|
1 2 3 |
resource "aws_s3_bucket" "my_bucket" { bucket = "MyBucket" } |
The snippet shown above uses HCL to define an S3 bucket that can be deployed onto AWS.
CloudFormation supports YAML and JSON, which are more verbose, but lack built-in looping constructs (although AWS Macros and AWS CDK help overcome these limitations). Here’s the exact S3 Bucket provisioned using CloudFormation:
|
1 2 3 |
Resources: MyBucket: Type: AWS::S3::Bucket |
Support & Ecosystem: Community, Docs, and Vendor Backing
Terraform is multi-cloud, supporting AWS, Azure, GCP, Kubernetes, and on-prem infrastructure. HashiCorp provides official documentation, and there’s a strong community support system, including Terraform Registry modules.
Additionally, for enterprise users, HashiCorp offers paid support with SLAs (Service Level Agreements), security compliance, and team collaboration features.
However, CloudFormation is AWS-only. It is strictly revolving around AWS managed infrastructure and does not let you manage multi-cloud infra.
Which IaC Tool Fits Your Workflow?
Well, the answer is simple. If you have a problem in which your solution will span across multiple clouds, you will definitely have to use Terraform given that it lets you manage multi-cloud infrastructure.
But, if your solution is a simple POC that is running on AWS, you can proceed with CloudFormation.
Final Thoughts & Key Takeaways
And, that’s everything you need to know about CloudFormation and Terraform.
Both tools are widely accepted infrastructure management tools, while Terraform supports multi-cloud and CloudFormation supports only AWS.
So, it’s important to remember that if you’re working on a multi-cloud solution, you’ll definitely need to look at using Terraform with its module support, declarative approach and multi-cloud support.
With ControlMonkey, you can seamlessly manage your Terraform stack with ease by providing an end-to-end automation platform with AI driven code generation, automated drift detection and remediation across multiple clouds and with strict compliance policies.
