Terraform vs AWS CDK vs CloudFormation vs Pulumi
When weighing up Terraform vs CloudFormation vs Pulumi vs AWS CDK, which should you choose? We explain the pros and cons of each in this guide.
By Pilotcore
More and more companies host their IT infrastructures on the cloud, but what’s the best way to manage that process?
Infrastructure-as-code or IaC is central to the DevOps revolution. It provides an agile way to create fully functioning cloud environments through a few lines of code and a couple of CLI commands.
Amazon AWS integrates IaC via its AWS CDK toolkit, but several other options exist. The question is, which one should you use?
This article examines the Terraform vs Pulumi vs CloudFormation vs AWS CDK debate.
We outline each tool’s features and their pros and cons. Discover the benefits of Pulumi over Terraform. See which tools cloud migration consulting firms such as Pilotcore prefer.
Read on to learn the best way to implement your IaC into AWS and save money by choosing the right tool.
What Is Infrastructure as Code?
Sytems admins in the past needed to configure each server manually, often using shell scripts that were difficult to maintain. This configuration would have to be done on a server-by-server basis, requiring specialist knowledge, particularly in environments with different operating systems.
Modern cloud platforms augment and replace on-premises architecture. And Infrastructure as Code replaces complex configurations.
IaC is the solution to managing large-scale, distributed systems on the cloud. It can create and configure instances of:
- Networks
- Virtual machines
- Load balancers
- Connection topology
- Automated deployment pipelines
- Databases
- Cloud-native serverless applications
Once coded correctly, IaC can generate the same environment each time it’s applied and provide an easy way to configure variations and set up disaster recovery solutions.
That’s perfect for DevOps teams who require a robust and quick development platform. They can control and provision aspects like containers, storage, and other components using IaC.
Systems administrators can also create scripts and implement them as required.
IaC Tools
There are several IaC tools available that can configure a cloud environment.
Each offers its coding syntax or method of writing the configuration files. They work alongside major cloud network providers like AWS and Azure. Some are open-source, while others have vendor lock-in.
The primary four include:
The remainder of this article examines each tool in turn by reviewing its pros and cons and how it works.
IT decision-makers in startups and small to medium-sized businesses will discover which tool offers the right features for their unique workloads. And which tool is best for their production environment.
Terraform vs Pulumi vs CloudFormation vs AWS CDK
Amazon Web Services offers the ability to manage everything manually from the console. From S3 data buckets to EBS volumes and EC2 instances, engineers can point and click to create the perfect project.
Anyone who has worked on large-scale server roll-outs knows that a console approach is unmaintainable.
Selecting individual settings wastes time and can lead to incorrect configurations. The latter can lead to costly mistakes down the line. Better to write and track in source control a script that you can call to deploy everything for you.
Which tool should you use to build it?
Terraform Overview
Terraform is an open-source IaC software tool designed by HashiCorp.
It provides a consistent way to build, change, and version cloud infrastructure efficiently and safely. It can work with a single application or scale up to manage your entire data center in multi-cloud environments. You can use it with AWS, Azure, GCP, even Digital Ocean and more.
Terraform’s config files which use Hashicorp Configuration Language, or HCL, bring the required components together into one plan then execute it. Even if those files change, the software recognizes the edits and builds a new plan automatically. If the infrastructure deviates from the design, set out in the Terraform configuration files, re-applying the Terraform can return it to the correct state.
Terraform works with low-level components like compute instances and high-level ones like PaaS features. It’s free to use Terraform, but HashiCorp does offer an Enterprise tier as well at a cost.
Pulumi Overview
Pulumi uses familiar languages to build, deploy, and manage cloud apps and infrastructures.
Software engineers with experience in Python or C# can create a script within minutes. There’s even support for JavaScript and TypeScript with techniques like using class objects.
Pulumi Platform comes at a monthly cost as it is proprietary, although they offer a community version at no charge.
CloudFormation Overview
Released in 2011, CloudFormation or CFN was the original IaC tool for AWS.
It provides a simple way to model collections of related AWS resources together. You can then provision them consistently and manage their lifecycles through the code.
CloudFormation templates let you launch and config resources and their dependencies as a stack.
You can create/update/delete, and even nest stacks to build a robust infrastructure. Plus, the system allows you to provision stacks across several AWS accounts and regions.
Cost-wise, CloudFormation is free to use, and as with all IaC tools that work with AWS, Amazon only charges for the cloud resources you use.
AWS CDK Overview
AWS Cloud Development Kit or AWS CDK is Amazon’s open-source software development framework. It allows you to define your cloud app resources using familiar programming languages.
Much like Pulumi, CDK works with popular coding languages like Java, .NET, Python, and TypeScript.
It also includes pre-configured cloud resources with defined defaults that can enable junior developers to set up and maintain environments with ease. Plus, the system even works alongside CloudFormation, Terraform, and Kubernetes.
Pros and Cons of Terraform
Terraform hinges on three elements:
- Execution Plans
- Resource Graph
- Change Automation
Execution plans display what Terraform will do when you apply the script. They ensure you avoid any nasty surprises when the tool modifies your infrastructure.
Terraform builds resource graphs of all dependent and non-dependent resources.
This functionality makes building infrastructure extremely efficient, and it’s easy to spot links within the system. Changes to the infrastructure need minimal human interaction as a result.
You can manage hundreds of cloud services across cloud platforms in a multi-cloud environment using a consistent CLI workflow. The software even codifies cloud APIs into configuration files for you. And Terraform incorporates workspaces for isolating state files.
Downsides of Using Terraform
Although Terraform can work with AWS, Azure, Google Cloud, and others, it cannot automatically roll back changes in the same way you can with CloudFormation. With the latter you can trigger an automatic rollback on creation or updating of a stack when your alarms are triggered, but wiht Terraform if you incorrectly edit a file and execute it, it will simply fail to complete or timeout during the apply which can leave your infrastructure in an undesirable state. Terraform allows you to see a plan of changes before applying them, and errors in your HCL coding will prevent Terraform from applying in the first place which is a good thing, but if an error or dependency error on the AWS side prevents your change from completing, you won’t know until you’ve already begun the apply.
The HCL syntax takes time to learn, and unlike the other tools here, you can’t use familiar languages to edit files.
Smaller companies can access collaboration and security features but must pay a premium. These features are only available in enterprise plans, even though the software is open-source.
Benefits of Pulumi and Its Weaknesses
Building IaC with Pulumi removes many entry barriers as it works with modern languages like Go and Node.js. You can construct logic loops and conditions to pull in the resources you need with code language you’re familiar with.
The tool boasts a more productive workflow that doesn’t stitch different deployment tools or Bash scripts. With Pulumi, you have full control to build custom cloud infrastructures as you wish.
Deployment occurs through a single CI/CD pipeline instead of separate pipelines. This streamlines all aspects of versioning and building cloud apps.
It enhances the testing process by letting you run unit and integration tests before delivering them. That will increase confidence amongst your team and stakeholders.
Pulumi also has full version history built into the system. You can track all changes made over time and, more importantly, roll back from errors.
Pulumi Cons
Pulumi’s greatest strength is also its biggest weakness.
Allowing different programming languages to work with the tool can lead to some code duplication. Teams may develop the same fundamental functionality using different languages, which isn’t efficient.
Terraform and CloudFormation have a well-developed community online. Pulumi is the “new kid on the block,” and its documentation isn’t as abundant as a result.
Then there’s the monthly cost. Pulumi Platform has a pricing model based on credits for the number of resources managed per month, the number of seats, etc.
Pros and Cons of CloudFormation
CloudFormation is Amazon’s free IaC automation solution to define and implement design templates.
It covers both AWS and third-party resources but not as many as the other tools. Support for the service comes included with AWS Support and won’t add additional hidden charges.
State gets managed by the CloudFormation service, unlike Terraform that saves state locally, in a backend database or data bucket. That helps to prevent conflict changes in large-scale app environments.
CloudFormation Issues
However, CloudFormation isn’t without its problems.
There are several configurations and resources that can’t be managed in a CloudFormation template. You can’t always check a template locally without executing it. Error messages aren’t that helpful and require you to examine the execution log.
AWS CDK Review
AWS CDK is Amazon’s ‘upgrade’ to CloudFormation. It allows developers to use their preferred IDEs and modern coding languages to create server environments.
This object model style of IaC creates constructs that act in a similar way to templates in CloudFormation. Constructs can work with other constructs to build stacks for easy deployment.
Building a high-level construct is where AWS CDK excels. It also offers type checking, auto-completion, and a CLI toolkit for Visual Studio Code.
Downsides of AWS CDK
AWS CDK lacks cross-account deployment support. However, you can write your own logic code using their toolset or use the CDK credential plugin.
It doesn’t have a console GUI to deploy your app the way CloudFormation does, so you must use the CLI.
Pilotcore AWS Cloud Consulting Experts
Who wins in the IaC tool war? Terraform vs Pulumi vs CloudFormation vs AWS CDK?
If you don’t mind learning Terraform’s code syntax, then it’s an excellent open-source option. Pulumi integrates with popular software languages so developers can build templates quickly. AWS CDK is Amazon’s official IaC, and they don’t charge extra to use it.
Regardless of which tool you use, you’ll still need CI/CD consulting and DevOps consulting to get you started.
Pilotcore offers cloud architecture design solutions, including IaC advice and implementation.
Our experts can help guide you on Infrastructure as Code. As AWS experts, we know how to build with Amazon’s web services. And we can help save you money too.
Ready to Elevate Your Business?
Discuss your cloud strategy with our experts and discover the best solutions for your needs.