Terraform vs. CloudFormation – Infrastructure as Code Tools Compared

Posted on by uplatzblog

Terraform vs. CloudFormation – Infrastructure as Code Tools Compared

Infrastructure as Code (IaC) has become a cornerstone of modern DevOps and cloud operations, enabling teams to define, provision, and manage infrastructure through declarative code. HashiCorp Terraform and AWS CloudFormation are two of the most widely adopted IaC tools, each with distinct strengths, trade-offs, and use cases. This comparison examines their key features, architectures, workflows, and decision criteria to help you choose the right tool for your environment.

  1. Overview and Core Concepts

Terraform

Terraform is an open-source IaC tool by HashiCorp that uses the HashiCorp Configuration Language (HCL) to define infrastructure resources. It supports over 130 official and 160 community-maintained providers, enabling multi-cloud and hybrid deployments through a consistent workflow across AWS, Azure, GCP, and on-premises platforms.

AWS CloudFormation

CloudFormation is a fully managed AWS service that uses JSON or YAML templates to model and provision AWS and supported third-party resources as a stack. It automates resource creation, updates, and deletion, handling dependencies and drift detection natively within the AWS ecosystem.

  1. Language and Template Syntax
  • Terraform uses HCL, a purpose-built declarative language designed for readability, modularity, and expression of complex logic through features like count, for_each, and dynamic blocks.
  • CloudFormation relies on JSON or YAML. Templates consist of sections such as Resources, Parameters, Mappings, Conditions, and Outputs. YAML is often preferred for readability and comments, while JSON may benefit existing JSON-centric workflows.
  1. State Management

Terraform State

Terraform maintains a .tfstate file that tracks resource metadata and dependencies. By default, this state is local but can be stored remotely (e.g., AWS S3, Azure Blob, GCP Storage) to enable team collaboration, locking, and remote data sharing via the terraform_remote_state data source.

CloudFormation State

CloudFormation manages state internally within AWS. Users do not directly access state files; AWS tracks stack metadata automatically. Drift detection can be performed via the console or API to compare actual resource configurations against the template definitions.

  1. Execution Model and Workflow
Workflow Stage Terraform CloudFormation
Planning terraform plan generates an execution plan showing planned changes and diffs Change Sets preview proposed updates before execution
Execution terraform apply applies the plan in parallel based on the resource graph CreateStack / UpdateStack actions execute sequentially with dependency resolution by AWS
Rollback on Failure No automatic rollback; requires manual or scripted corrective actions Automatic rollback on stack creation/update failure by default
Modularization Reusable modules packaged locally or via Terraform Registry Nested stacks enable template reuse, but modularity is less flexible

 

  1. Multi-Cloud and Extensibility
  • Terraform shines in multi-cloud scenarios, supporting numerous providers via plugins and allowing a single codebase to target AWS, Azure, GCP, Kubernetes, and more.
  • CloudFormation is AWS-centric. Third-party and partner-published resource types are available through the CloudFormation Registry, but true multi-cloud orchestration requires external tooling or CDK constructs.
  1. Ecosystem and Community Support
  • Terraform benefits from a large open-source community, extensive provider ecosystem, community modules, and enterprise features (Sentinel policy as code, private module registry).
  • CloudFormation offers deep integration with AWS services, built-in drift detection, guardrails via StackSets, and AWS CDK support for writing constructs in familiar programming languages (TypeScript, Python, Java, …).
  1. Error Handling and Drift Detection
  • Terraform provides detailed error messages and plan diffs, but drift detection is manual via comparing remote state with actual resource configurations. External tools like terraform plan can expose drift changes.
  • CloudFormation includes automatic dependency analysis, resource drift detection, and comprehensive drift reports in the console and API for stacks and individual resources.
  1. Pricing and Governance
  • Terraform Open Source is free; Terraform Cloud/Enterprise offers commercial features such as remote runs, policy enforcement, collaboration, and private registries at added cost.
  • CloudFormation is free; you pay only for the AWS resources it provisions. Governance can be enforced via AWS Organizations SCPs, IAM policies, and StackSets permissions.
  1. Decision Criteria

Choose Terraform When:

  • You require multi-cloud or hybrid infrastructure management.
  • A consistent workflow across diverse providers is essential.
  • You need advanced features like dynamic resource counts, loops, and custom providers.
  • You prefer HCL’s readability and modularity through shared modules.

Choose CloudFormation When:

  • You operate solely within AWS and want deep service integration.
  • Automatic rollback and drift detection are critical for your change management.
  • You leverage AWS CDK or require native support for AWS-specific features (StackSets, Change Sets).
  • You prefer fully managed service without external state management.
  1. Complementary Usage

Many organizations adopt a hybrid approach, using Terraform for initial provisioning across clouds and CloudFormation (or AWS CDK) for AWS-specific advanced constructs, combining Terraform’s broad ecosystem with CloudFormation’s tight AWS integration.

The choice between Terraform and CloudFormation hinges on your organizational priorities—multi-cloud flexibility versus AWS-native depth. Understanding their trade-offs ensures you select the most effective IaC strategy for your infrastructure.