Article

A quick view and differences of CloudFormation and Terraform in AWS

March 31, 2020

AWS CloudFormation and Terraform offer the approach of Infrastructure as Code (IaC). With IaC, you can provision, manage and maintain different resources and services on the AWS platform. In this article we talk about how these tools are easy to use and walk you through a basic example for each one.

CloudFormation

CloudFormation is the service created by Amazon where you can write a template and provision all the infrastructure resources in your cloud environment. This template can either be in JSON or YAML format, so choose the one that fits you better.

The template consists of five sections. Only the Resources one is mandatory. The sections are:

  • Parameters – where you can input custom values.
  • Conditions – statements that define the circumstances under which entities are created or configures.
  • Resources – the AWS resources to create.
  • Mappings – matches a key to a corresponding set of named values.
  • Transforms – reference code located in S3; Lambda code or reusable snippets of CloudFormation code

When you deploy a CloudFormation template it creates a stack. A stack is a collection of AWS resources that you can manage as a single unit.

The template needs to be saved in a S3 bucket in order to CloudFormation to launch it.

Simple example.

The following is an easy template that creates a S3 bucket and an EC2 instance with a security group within a subnet that it is within a VPC

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Resources": {
        "easys3buckettocreate": {
            "Type": "AWS::S3::Bucket",
            "Properties": {
                "AccessControl": "Private",
                "BucketName": "aneasys3bucketcreation",
                "VersioningConfiguration": {
                    "Status": "Suspended"
                }
            }
        },
        "easyVPC": {
            "Type": "AWS::EC2::VPC",
            "Properties": {
                "CidrBlock": "10.0.0.0/16"
            }
        },
        "easysubnet": {
            "Type": "AWS::EC2::Subnet",
            "Properties": {
                "VpcId" : { "Ref" : "easyVPC" },
                "CidrBlock" : "10.0.0.0/24",
                "AvailabilityZone" : "us-east-1a"
            }
        },
        "easyec2instance": {
            "Type": "AWS::EC2::Instance",
            "Properties": {
                "AvailabilityZone": "us-east-1a",
                "ImageId": "ami-0cc96feef8c6bbff3",
                "InstanceType": "t2.micro",
                "KeyName": "MyPrivateKey",
                "SecurityGroupIds": [{ "Ref" : "easyInstanceSecurityGroup" }],
                "SubnetId": {"Ref" : "easysubnet"}
            }
        },
        "easyInstanceSecurityGroup" : {
            "Type" : "AWS::EC2::SecurityGroup",
            "Properties" : {
                "GroupDescription" : "Allow http to client host",
                "VpcId" : {"Ref" : "easyVPC"},
                "SecurityGroupIngress" : [{
                    "IpProtocol" : "tcp",
                    "FromPort" : 80,
                    "ToPort" : 80,
                    "CidrIp" : "0.0.0.0/0"
                },
                {
                    "IpProtocol" : "tcp",
                    "FromPort" : 443,
                    "ToPort" : 443,
                    "CidrIp" : "0.0.0.0/0"
                },
                {
                    "IpProtocol" : "tcp",
                    "FromPort" : 22,
                    "ToPort" : 22,
                    "CidrIp" : "0.0.0.0/0"
                }]
            }
        }
    }
}

Launching a template from AWS Console

Open CloudFormation Service from the console and click on “Create Stack” button.

aws console

Here you can choose between uploading a template to an Amazon S3 bucket or specify an Amazon S3 template URL. After you selected the template you want to launch, click on “next” button.
On the next screen you need to give a name to your stack.

aws console 2

Click on “next”.
In the following screen, you can change some options if you want, for example tagging the resources in your stack, add an IAM role, among other different options.

aws console 3

When you are satisfied with the options click on “next”.
This screen is just a review before you launch the template.

aws console 4

If everything is to your liking, finally click the “create” button.
You will be redirected to the main screen and you will be able to see the state of the stack that you are creating.

aws console 5

In the Status column, while the stack is being created, will show “CREATE_IN_PROGRESS”, after it has finished creating it, it will display “CREATE_COMPLETE”

Note: If for any reason, there is an error while creating the stack, it will show the status as “ROLLBACK_IN_PROGRESS”, this means that all resources created up to this point are being deleted.

After it is successfully created, you can check the resources up and running. To delete the resources, you just need to delete the stack on the console.

Terraform

Terraform is a tool created by HashiCorp for building, changing and versioning infrastructure. It can manage different service providers as well as custom in-house solutions.
It is an open source tool that codifies APIs into declarative configuration files.
Terraform can work with other providers, not just AWS, for example: Azure, Bitbucket, Chef, and GitHub among many others.
Terraform uses its own configuration language, the main purpose of the Terraform language is declaring resources. A group of resources can be gathered into a module, which creates a larger unit of configuration.
A Terraform configuration consists of a root module, where evaluation begins, along with a tree of child modules created when one module calls another. The syntax of the language consists of:

  • Blocks – are containers for other content and usually represent the configuration of an object, like a resource.
  • Arguments – assign a value to a name. They appear within blocks.
  • Expressions – represent a value. They appear as values for arguments, or within other expressions.

The Terraform language uses configuration files with the .tf file extension. A module is a collection of .tf files kept together in a directory. The simplest Terraform configuration is a single root module containing a single .tf file.

So, we will be using Terraform to create the same resources as before, S3 bucket and an EC2 instance with a security group within a subnet that it is within a VPC.

To begin to use Terraform you will need to download it and install it on our PC.

https://www.terraform.io/downloads.html

Let’s see the same example as before but using Terraform. As mentioned before, we will need to create a .tf extension file with the resources that we want to be deployed.
The code that we will use is as follows:

resource "aws_vpc" "easyvpc" {
  cidr_block = "10.0.0.0/16"
}

resource "aws_subnet" easysubnet{
  vpc_id            = "${aws_vpc.easyvpc.id}"
  availability_zone = "us-east-1a"
  cidr_block        = "10.0.1.0/24"
}

resource "aws_instance" "easyec2instance" {
  availability_zone = "us-east-1a"
  ami               = "ami-0cc96feef8c6bbff3"
  instance_type     = "t2.micro"
  key_name          = "MyPrivateKey"
  vpc_security_group_ids = ["${aws_security_group.easyinstancesecuritygroup.id}"]
  subnet_id              = "${aws_subnet.easysubnet.id}"
}

resource "aws_security_group" "easyinstancesecuritygroup" {
  name        = "terraformsg"
  vpc_id      = "${aws_vpc.easyvpc.id}"

  ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

}

resource "aws_s3_bucket" "easybucketterraform" {
  bucket = "easybucketterraform"
  acl    = "private"
}

Note: if you haven’t configured AWS CLI, you will need to provide the access key and secret key inside the .tf file, if you have configured it, you won’t need to provide these keys.

Save this file inside the Terraform folder where you placed the application (.exe)
I’ll use the command prompt from Windows.
To see the available commands, just type terraform in the console. You will see the most common commands with a small description of what they do.
First, you will need to initialize your working directory, so type terraform init on the console, if everything is correct you should see the following output.

console

After you have initialized, you will need to build your infrastructure by using the command apply. Write terraform apply in the console so it will begin to create the resources of your .tf file.

You will be prompted to write down the region where you want your resources to be created, choose one.

console 2

After that, Terraform will display to you all the actions that it will perform and will ask you if you want to perform these actions.

console 3

If all looks ok to you, type yes and Terraform will begin to create your resources.

console 4

And it is done, you can check that your resources are up and ready to go.
If you want to delete the resources type terraform destroy on the console, the process is identical as before.

 

  CloudFormation Terraform
Code Close Source Open Source
Cloud AWS only All
Type Orchestration Orchestration
Infrastructure Immutable Immutable
Language Declarative (JSON/YAML) Declarative (HCL)
Architecture Client-Only Client-Only
 

Conclusion

Both tools are great and easy to use. Given the differences and looking what both services provide, you can choose between them depending of what your needs are. If you are exclusively working on AWS environment, I would suggest that you use CloudFormation, since it is a service that is native to AWS and specifically designed to work with its resources. On the other hand, Terraform is a good way to provision your infrastructure in case you are not familiarized CloudFormation, or for some reason you can’t use it, or you need to achieve a multi-Cloud strategy. Nevertheless, if you need to use IaC for other providers, Terraform is a great tool to help you achieve your goal.

 

 

INSIGHTS

Recommended

News
Announcing New Salesforce Commerce Cloud Partnership
News
IO Connect Services Achieves AWS Well-Architected Partner Status
Video
Monitoring Mule® Applications with Datadog
News
IO Connect Services Announces CloudWatch Mule® Integration

How can we help you?

IO Connect Services is here to help you by offering cost-effective, high quality technology solutions.