aws partner network

Automation in AWS - Infrastructure as a Code with AWS CloudFormation and Terraform

If there is one thing where IT excels at – it is an automation. Software engineering in the last decades developed many ways to increase quality of the code by using tools like code repositories, automated code builds and testing. The area where these practices could not be applied was hardware. When you are dealing with servers, storage, cables, switches – there are not many opportunities to be efficient and scalable - because you are managing physical devices. Everything that you do in your cloud environment – provision a server or storage, define ports on your cloud firewall – is a REST API call. Hardware is not physical anymore, it is virtual. That means, you can use code to automate it.

Blog - Trustsoft web cover foto-6

How to automate your cloud infrastructure?

When you are at the early stage with the cloud, you probably do everything through a web interface  (e.g. ClickOps). Later, when you get more comfortable, you probably start creating your first scripts via CLI  or PowerShell . And when you want to have the full power, you switch to programming languages like Python, Java, Ruby and manage your cloud environment via SDK  (software development kit) calls. Although all these tools are extremely powerful and help you automate your job, they are not an ideal for tasks like provisioning servers or defining your virtual networks. 

Why?

Imagine a situation when you want to start 10 servers. You run your script for the first time, and in a short while they are up and running. What if you want to decrease the number of servers to only 5? At that moment you have to modify your script, add plenty of if statements and some logic that will decide which servers will be terminated and which will stay. Lot of code to write.For such tasks, tools that use declarative languages (e.g. you define your desired end state and let the tool decide how to make it happen) are more suitable. Two most frequent tools for running your infrastructure as a code are AWS CloudFormation and Terraform

AWS CloudFormation

Amazon Web Services introduced AWS CloudFormation in February 2011. As per definition “AWS CloudFormation gives you an easy way to model a collection of related AWS and third-party resources, provision them quickly and consistently, and manage them throughout their lifecycles, by treating infrastructure as code. (…) You can use a template to create, update, and delete an entire stack as a single unit, as often as you need to, instead of managing resources individually. You can manage and provision stacks across multiple AWS accounts and AWS Regions.” 

How does it actually work?

  • Write the template in JSON or YAML, where you define resources you want to provision in your AWS account
  • Upload it to S3 or from your local computer to the AWS CloudFormation service which creates a Stack
  • AWS CloudFormation provisions resources in your AWS account (or multiple accounts) as per your specification in the template
AWS cloud formation step by step

Terraform

Terraform is about 3 years younger than AWS CloudFormation, it has been released in July 2014 by a company named HashiCorp. It is an “open-source infrastructure as code software tool that provides a consistent CLI workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files.” 
It works similar as AWS CloudFormation, as you:

  • Define your infrastructure through configuration file in HCL (HashiCorp Configuration Language)
  • Apply the configuration from the command line via Terraform CLI
  • Terraform provisions the infrastructure for you with all necessary dependencies

Similarities and Differences

Both tools have some commonalities and areas where they differ. Let’s quickly summarize them:

IaaC_tabulka

Which one to choose?

Although both – AWS CloudFormation and Terraform are free of charge – you have to invest time and effort to learn to work with them and integrate them into your CI/CD pipelines. Sooner or later you might face the “one million dollar question” – which one to choose? If the table above did not help you to make the decision, you can ask yourself the following questions:

  • Do I plan to use other cloud providers than AWS? (if yes, then Terraform)
  • Do I want to have support for my IaaC tool from the cloud vendor? (if yes, then AWS CloudFormation)
  • Do I need support for the latest AWS services in my IaaC tool? (usually Terraform)
  • Do I have mechanisms to avoid storing secrets in state file? (Terraform stores your secrets in .tfstate in plain text. Details in this article.)
  • Do I have state management process for my DevOps team members? (If not, use AWS CloudFormation, otherwise Terraform)
  • Do I need automated rollbacks in case of failed deployment? (AWS CloudFormation)


If you start googling, you might find plenty of articles recommending one or the other tool. One that resonated with me (at least with the title) is called “Do not use AWS CloudFormation”.

Summary

AWS CloudFormation and Terraform are fantastic tools to provision your cloud infrastructure. They are free of charge and once you learn to use them properly, they will help to move your infrastructure automation to a whole new level. So, which version of your virtual datacenter do you want to deploy today?


At the end of the day, the choice is yours.

Vladimír Šimek
Chief Cloud Architect