2019年8月20日 星期二

CloudFormation vs Terraform

CloudFormation vs Terraform


AWS CloudFormation

Note:
  • CrossStack Referencing
    One of CloudFormations most powerful features is being able to so easily cross stack reference. This makes it extremely easy to break up the infrastructure monolith!
  • CloudFormation manages state within the managed service out-of-the-box which is a small plus compared to Terraform where you need to configure remote state yourself.
  • SAM is based on AWS CloudFormation,可以把它當作是種組合包,提供比較簡潔的語法,攥寫 serverless cloudformation template. 並且提供 aws-sam-cli,透過 sam package, deploy command,可以很簡易的做到 CI/CD
  • CDK 類似 SDK,方便不同語言開發者攥寫並轉換成 CFN template 達到 IaC ; Support JavaScript, TypeScript, Python, Java, .NET

HashiCorp Terraform


Compare


CloudFormation Terraform
License AWS MPL v2.0
Support Greater of $29 community
Language JSON or YAML HCL
Resource 1530k 3480k google search
Resource 6754 7405 stackoverflow
UI easy overview & debug

CloudFormation Terraform
Modular cross stack referencing, nested stacks
Import CloudFormer*
Diff ✔(drift) ✔(plan)
Scope almost all bits and parts of AWS supporting hundreds of providers ex: GitHub, GCP, Heroku, Azure …
Note:
CloudFormer (Beta) simply generates a template and cannot be imported into an existing stack.

Conclusion

一個是 SaaS,一個是 command line tool,其實是不同個層級的東西,從不同面向、不同角度來思考,會有各自的適應性場景,甚至也可以混搭使用,很難區分出誰優誰劣。
前提是先定義使用場景~
簡單的區分 :
如果只有使用 AWS,選 CloudFormation
如果使用多個 Cloud Provider,選 Terraform,或混搭

Other Reference


CloudFormer


Continuous Security

The cfn-nag tool looks for patterns in CloudFormation templates that may indicate insecure infrastructure.

Cloud Development Kit

CDK

CloudFormation ⇔ Terraform


CF to TF

CLI tool for generating Terraform configuration and state for existing CloudFormation resources

TF to CF

A rather convoluted way of achieving this is to use Terraform to stand-up actual AWS environments, and then to use AWS’s CloudFormer to extract CloudFormation templates (JSON or YAML) from what Terraform has built.