Read trending IT updates for cloud businesses, managed service providers, IT pros & what innovation digital transformation is driving in tech industry.

CloudFormation vs Terraform 2021

0 7

Probably the most dependable method to automate creating, updating, and deleting your cloud sources is to explain the goal state of your infrastructure and use a device to use it to the present state of your infrastructure (see Understanding Infrastructure as Code). AWS CloudFormation and Terraform are probably the most worthwhile instruments to implement Infrastructure as Code on AWS.

I’ve labored with CloudFormation and Terraform in varied initiatives. You’ll study in regards to the variations between CloudFormation and Terraform on this article.

Do you like listening to a podcast episode over studying a weblog publish? Right here you go!

Earlier than we begin, each instruments are following a really related method.

  1. You outline a template (CloudFormation) or configuration (Terraform) describing the goal state of your infrastructure.
  2. The device (CloudFormation or Terraform) calculates the mandatory steps to achieve the outlined goal.
  3. The device (CloudFormation or Terraform) executes the adjustments.

However what are the variations between each instruments?


CloudFormation covers most elements of AWS and wishes a while to help new service capabilities. Terraform covers most AWS sources as effectively and is usually quicker than CloudFormation in relation to supporting new AWS options. On high of that, Terraform helps different cloud suppliers in addition to third social gathering providers. A shortened record of distributors supported by Terraform: Google Cloud Platform, Azure, GitHub, GitLab, Datadog, many extra.


Relying in your infrastructure, a giant or not less than small plus for Terraform.

Replace: CloudFormation launched Useful resource Suppliers in November 2019 to permit third social gathering integrations. Thus far, this new characteristic will not be used very a lot and never very user-friendly.

License and Assist

CloudFormation is a service provided by AWS without spending a dime. The AWS help plans embrace help for CloudFormation.

Terraform is an Open Supply venture. Hashicorp, the corporate behind Terraform, is providing help plans as effectively.

License and Support

When already subscribed to an AWS help plan, that may be a plus for CloudFormation. In the event you desire Open Supply, that could be a plus for Terraform.

State Administration

Each instruments have to hold monitor of all of the sources beneath administration. CloudFormation is managing its state with so-called stacks. By default, Terraform is storing its state on disk. Terraform is providing distant state as effectively, for instance, based mostly on S3 and DynamoDB or Terraform Cloud. It’s advisable to make use of distant state when a number of customers are engaged on the identical infrastructure in parallel.


CloudFormation manages state throughout the managed service out-of-the-box, which is a small plus in comparison with Terraform, the place it’s worthwhile to configure distant state your self.


Infrastructure for a typical net software consists of lots of sources: VPC, Subnets, Safety Teams, Auto Scaling Group, Elastic Load Balancer, to call a couple of. Specifying all these sources in a single blueprint will trigger you complications when sustaining the system sooner or later. Utilizing small modules that you simply stick collectively as wanted is a standard method. Terraform comes with native help for modules. You will discover open-source modules within the Terraform Registry. CloudFormation doesn’t have first-class help for modules. It supplies some options that you need to use to modularize your templates, however it’s as much as you to take action. The most important problem is to cross values from one “module” to a different. The export characteristic of CloudFormation supplies a method to share outputs, however they aren’t allowed to vary! CloudFormation lacks a central place the place templates are shared.


Dealing with modules with Terraform is straightforward. CloudFormation is providing a number of methods to create “modules” with completely different execs and cons. I’d award Terraform with a plus for usability.

Confirm Modifications

CloudFormation and Terraform don’t solely will let you create your infrastructure from scratch mechanically. You need to use each instruments to replace your infrastructure later as effectively.

CloudFormation provides change units that you need to use to confirm adjustments. Terraform supplies a command named plan, which supplies you a really detailed overview of what is going to be modified in case you apply your blueprint.

Verify Changes

Terraform presents an in depth and readable abstract of the adjustments that can be utilized. That’s a giant plus in comparison with the essential overview CloudFormation is offering with a change set.

Wait Situations

It’s helpful to have the ability to add wait circumstances to your infrastructure automation sometimes. For instance, if you wish to wait till a service has been began on a digital machine. Utilizing wait circumstances permits you to await alerts despatched through HTTPS earlier than dependent sources are created or up to date when utilizing CloudFormation.

Wait Conditions

With the ability to use wait circumstances is a plus for CloudFormation. Terraform doesn’t help wait circumstances.

Rolling Replace

What occurs once you change a Launch Configuration of an Auto Scaling Group inside your blueprint? When utilizing an replace coverage, CloudFormation will carry out a rolling replace, together with a rollback in case of a failure. Terraform doesn’t help rolling updates for Auto Scaling Teams out-of-the-box. With Terraform’s create_before_destroy, you’ll be able to implement a method to deploy new AMIs with out downtime in a blue/inexperienced style, however you’ll run into points you probably have a dynamic quantity (auto-scaling) of situations within the ASG.

Rolling Update

Supporting rolling updates for Auto Scaling Teams is a plus for CloudFormation.

Rollback & Safeguards

When CloudFormation fails to switch your infrastructure, it rolls again to the earlier working state mechanically (you’ll be able to disable rollbacks in case you want to velocity up improvement). Terraform doesn’t help rollbacks out of the field. Both you determine to repair the issue and deploy it once more, or it’s important to apply the earlier configuration your self.

Each CloudFormation and Terraform help a “forestall from deletion” characteristic. That is useful to make sure that a useful resource can by no means be deleted accidentally. CloudFormation goes one step additional and may carry out a backup of many knowledge shops earlier than it deletes or replaces them.

Deal with Current Sources

CloudFormation can import current sources for a small variety of useful resource sorts. Terraform permits you to import current sources. On high of that knowledge, suppliers allow you to question attributes from current sources.

Dealing with current sources is best supported in Terraform.

Secrets and techniques

CloudFormation can import encrypted secrets and techniques from AWS Secrets and techniques Supervisor and AWS SSM. The key values are by no means saved in CloudFormation. Terraform helps studying secrets and techniques from distant backends and surroundings recordsdata. The large threat is that Terraform at all times shops the unencrypted secret worth within the state file!

CloudFormation is best at dealing with secrets and techniques equivalent to database passwords!

Loops and circumstances

CloudFormation comes with first-class help to allow or disable sources if a situation is met. There is no such thing as a method to loop in CloudFormation over an array natively. Terraform comes with help for loops and likewise makes use of these loops to allow or disable a useful resource if a situation is met.

Situations are barely simpler in CloudFormation, whereas loops are solely attainable in Terraform.

Tagging of sources

CloudFormation can tag many sources in a stack with a set of tags out-of-the-box. In Terraform, you’ll be able to configure default_tags for the aws supplier to realize the identical.


You will discover linters for each CloudFormation and Terraform. The CloudFormation Linter catches many errors and ensures sure greatest practices throughout your templates. TFLint does the identical for Terraform.

Whereas utilizing each instruments to spin up AWS infrastructure, I imagine that the CloudFormation Linter detects extra points.


CloudFormation and Terraform are each highly effective and mature instruments. Going by means of the variations listed above will assist you to to decide. I choose the device relying on the necessities for each venture. If there isn’t a clear winner, I have a tendency to make use of CloudFormation.

Written by Andreas Wittig on

and up to date on

Andreas Wittig

Andreas Wittig

I launched ahosti.io in 2015 with my brother Michael. Since then, we now have printed a whole lot of articles, podcast episodes, and movies. It’s all free and means lots of work in our spare time. We get pleasure from sharing our AWS information with you.

Have you ever discovered one thing new by studying, listening, or watching our content material? If that’s the case, we kindly ask you to help us in producing high-quality & unbiased AWS content material. We look ahead to sharing our AWS information with you.

Assist us

Suggestions? Questions? You’ll be able to attain me through

E mail,

Twitter, or LinkedIn.

You might also like