SummaryCDK, CloudFormation, and Terraform are frameworks for managing cloud infrastructure using code. In this post, we will look at these options, compare and contrast them, and discuss what types of organizations should use take which approach.
Introducing AWS CDK
A relative newcomer to this space, AWS CDK (Cloud Develoment Kit) is an open source framework for managing cloud resources developed by AWS. It allows you to write code in Python or Typescript (Java and C# are in developer preview) that will generate CloudFormation templates for creating resources in AWS. In addition, CDK will handle the uploading to S3 of any code or other assets and management of the stacks. This is also enabled through the use of the cdk CLI, which is distributed through npm.
CloudFormation is an AWS service which allows you to define your AWS infrastructure using YAML (or JSON). This is a native service provided by AWS. As such there are a lot of features for it which are accessible in the AWS Console. Making it friendly for people new to AWS.
Terraform is a popular tool from Hashicorp similar to CloudFormation. It allows you to describe your AWS infrastructure using HCL, which is a custom markup created by Hashicorp. In addition, Terraform works across many cloud providers and other middleware and services (databases, SaaS products, etc…).
“CDK really puts the C in Infrastructure as Code”
AWS CDK is the most flexible of them all, allowing you to do anything you would like to do in an imperative programming language. CDK really puts the C in Infrastructure as Code. While CloudFormation and Terraform are IaC tools, they rely on a declarative approach, which makes it more difficult to create abstractions with logic. However, Terraform is more flexible than CloudFormation, providing mechanisms for creating reusable modules and looping. Some of this can be achieved in CloudFormation, but it’s a little more difficult and relies on supporting Lambdas, which can get messy.
Ease of access
When looking at ease of access, I am considering which tool would be the easiest to get started with from scratch with no prior knowledge. Here I am going to say that CloudFormation has the edge. It is easy to get started with CloudFormation, just copy an example template and upload it to the AWS console. AWS CDK is perhaps a bit easier than Terraform to get started, but that likely depends on whether or not you have developers on staff familiar with Typescript or Python. For Terraform, you have to learn a new declarative syntax, and figure out how to handle state files. For CloudFormation and likewise AWS CDK the state is managed in AWS so you just need to worry about the code.
Both CDK and Terraform are strongly typed, so a decent IDE will be very helpful when developing templates. I recommend the IntelliJ plugin for Terraform, however, it shouldn’t be hard to find a plugin for your favorite IDE. The dev deploy feedback loop is extremely painful with CloudFormation. My recommendation when you are developing templates is to create one resource at a time and create a script that does the deployment for you. It will save a ton of time. With CDK you can write tests, which can be nice. Testing tends to be less valuable for declarative syntax like CloudFormation and Terraform. However, there are tools you can use to test your Terraform plans.
“Terraform gives you the ability to manage your state, which can be a lifesaver”
Getting up and running fast is great, but how easy is it going to be to manage in a few years? I feel like Terraform wins this one. Being able to modularize your plans is very helpful for scaling and reusing code. You should follow Hashcorp’s Best Practices to ensure that the code can grow. Terraform gives you the ability to manage your state, which can be a lifesaver. CDK allows for scalable code, however, being backed by CloudFormation means you will inevitably run into some tricky situations if drift is introduced. However, there is a nice drift detection feature now to help out with that.
Being able to reuse modules in your code keeps everything cleaner and follows DRY principles. Both CDK and Terraform have mechanisms for doing so. With CDK you would need to create an npm package to distribute. This is more overhead, but could be negligible if you are already using npm in your organization. With Terraform you can simply put Terraform manifests in a repository and reference from there. You will most likely want to do some versioning by creating tags in the repository. In cases where the module is not for external usage, you can simply include a directory in Terraform or a function call with CDK. Both easily accomplished. With CloudFormation you can do some things like nesting stacks or includes to do some modularization, but I try to avoid them (from experience)
“You can use Terraform to manage CloudFormation stacks”
Any of these tools are best of breed tools for managing AWS resources. So which should you use? If you have developers managing resources and they are familiar with the Node ecosystem, CDK would probably be the best option. However, if you are new to cloud and do not have a lot of cloud competency on your team, I would start with CloudFormation. It has great documentation and you can always move to Terraform later as it supports managing CloudFormation stacks. That’s right, you can use Terraform to manage CloudFormation stacks. On the other hand, if you are needing to manage multiple clouds/products, you probably will want to start with Terraform.