AWS
How to Create a VPC with Terraform - Complete AWS Networking Guide
Build a production-ready AWS VPC with Terraform. Covers subnets, route tables, NAT gateways, security groups, and network ACLs step by step.
2 min read
Terraform
Terraform vs CloudFormation - Which IaC Tool Should You Choose
Compare Terraform vs AWS CloudFormation — multi-cloud support, state management, language, ecosystem, and when to use each for infrastructure as code.
LLuca Berton2 min read
Quick Answer
#Choose Terraform if you use multiple cloud providers or want provider-agnostic IaC. Choose CloudFormation if you're 100% AWS and want native integration with no state management overhead.
Feature Comparison
#| Feature | Terraform | CloudFormation |
|---|---|---|
| Multi-cloud | ✅ AWS, Azure, GCP, 3000+ providers | ❌ AWS only |
| Language | HCL (HashiCorp Configuration Language) | JSON or YAML |
| State management | You manage (S3, Terraform Cloud) | AWS manages automatically |
| Drift detection | terraform plan (manual) | Built-in (automatic) |
| Rollback | Manual (apply previous config) | Automatic on failure |
| Pricing | Free (OSS) / Paid (Cloud) | Free (included with AWS) |
| Modules | Terraform Registry (15,000+) | Nested stacks, CDK constructs |
| Preview changes | terraform plan | Change Sets |
| Import existing | terraform import | resource import (since 2023) |
| Learning curve | Moderate (HCL) | Moderate (YAML/JSON) |
Language Comparison
#Terraform (HCL)
#resource "aws_s3_bucket" "data" {
bucket = "my-data-bucket-${var.environment}"
tags = {
Environment = var.environment
ManagedBy = "terraform"
}
}
resource "aws_s3_bucket_versioning" "data" {
bucket = aws_s3_bucket.data.id
versioning_configuration {
status = "Enabled"
}
}CloudFormation (YAML)
#Resources:
DataBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub "my-data-bucket-${Environment}"
VersioningConfiguration:
Status: Enabled
Tags:
- Key: Environment
Value: !Ref Environment
- Key: ManagedBy
Value: cloudformation
Parameters:
Environment:
Type: String
Default: devWhen to Choose Terraform
#- Multi-cloud — you use AWS + Azure, AWS + GCP, or plan to
- Third-party services — you manage Datadog, PagerDuty, GitHub, Cloudflare alongside infrastructure
- Team familiarity — team already knows HCL
- Module ecosystem — rich library of reusable modules on Terraform Registry
- Provider flexibility — 3,000+ providers, community-driven
When to Choose CloudFormation
#- AWS-only — you're 100% committed to AWS
- No state management — AWS handles state and locking automatically
- Automatic rollback — failed deployments roll back to previous state
- Native integration — works with AWS Organizations, Service Catalog, Control Tower
- StackSets — deploy across multiple AWS accounts and regions
State Management
#Terraform
#You're responsible for state:
terraform {
backend "s3" {
bucket = "my-tf-state"
key = "prod/terraform.tfstate"
region = "us-east-1"
dynamodb_table = "terraform-locks"
encrypt = true
}
}CloudFormation
#AWS manages state automatically. No backend configuration needed. Drift detection is built in:
aws cloudformation detect-stack-drift --stack-name my-stackMigration Paths
#CloudFormation → Terraform
## 1. List CloudFormation resources
aws cloudformation list-stack-resources --stack-name my-stack
# 2. Write Terraform config for each resource
# 3. Import into Terraform state
terraform import aws_s3_bucket.data my-data-bucket
# 4. Verify
terraform plan # Should show no changes
# 5. Delete CloudFormation stack with DeletionPolicy: RetainTerraform → CloudFormation
## 1. terraform state rm each resource (keeps cloud resources)
# 2. Create CloudFormation template
# 3. Import resources into CloudFormation stack
aws cloudformation create-stack --stack-name my-stack \
--template-body file://template.yaml \
--parameters ParameterKey=...,ParameterValue=...Common Misconceptions
#| Myth | Reality |
|---|---|
| "Terraform is always better" | CloudFormation has better rollback and zero state overhead |
| "CloudFormation is simpler" | YAML templates get verbose fast; Terraform HCL is more concise |
| "You can't use both" | Many teams use both — CFN for foundational AWS, Terraform for app infra |
| "Terraform can't do X on AWS" | AWS provider covers 99%+ of services |
Related Articles
#Conclusion
#Both are production-ready IaC tools. Terraform wins on multi-cloud, ecosystem, and language expressiveness. CloudFormation wins on zero state management, automatic rollback, and native AWS integration. Many enterprises use both — CloudFormation for foundational AWS infrastructure and Terraform for application-level resources and multi-cloud services.
#Terraform#AWS#Infrastructure as Code#DevOps#CloudFormation
Related articles
Terraform
Deploy AWS EC2 Instance with Terraform - Step-by-Step Guide
Deploy an AWS EC2 instance with Terraform step by step. Complete guide with VPC, security groups, key pairs, user data, and production-ready configuration.
3 min read
Terraform
How to Use Terraform Data Sources - Query Existing Resources
Learn to use Terraform data sources to query existing infrastructure. Covers AWS AMI lookup, VPC discovery, AZ listing, and cross-state data access patterns.
3 min read
Terraform
Introduction to AWS IAM, S3, and DynamoDB for Terraform
Learn the AWS services essential for Terraform — IAM for authentication, S3 for state storage, DynamoDB for state locking. Complete setup guide.
2 min read