Terraform vs CloudFormation — The Multi-Cloud Generalist vs The AWS Specialist

The Core Difference: Multi-Cloud Flexibility vs AWS-Only Depth

Terraform is a general-purpose infrastructure-as-code (IaC) tool from HashiCorp that uses HCL syntax to define resources across any cloud (AWS, Azure, Google Cloud) or service (like GitHub or Datadog) via its provider plugins. CloudFormation is an AWS-native service that exclusively manages AWS resources using JSON or YAML templates, with deep hooks into AWS's internal APIs and lifecycle events. Terraform's strength is breadth—you can write one module to deploy a VPC on AWS and a similar network on Azure. CloudFormation's strength is depth—it knows AWS-specific nuances like stack policies and change sets that Terraform approximates with workarounds.

Where Terraform Wins: Readability, State Management, and Ecosystem

Terraform's HCL is more human-readable than CloudFormation's often-cryptic JSON/YAML, with clearer variable definitions and less boilerplate. Its state file (.tfstate) tracks resource dependencies and attributes explicitly, allowing precise updates and imports—CloudFormation relies on AWS's internal state, which can be opaque. The Terraform Registry offers thousands of pre-built modules (e.g., for Kubernetes or databases) that are community-vetted, while CloudFormation's public templates are sparse and AWS-official ones lag behind new services. For example, Terraform might deploy an AWS EKS cluster with 50 lines of HCL, where CloudFormation requires 200+ lines of YAML.

Where CloudFormation Holds Its Own: Native AWS Integration and Drift Detection

CloudFormation excels in pure AWS environments due to its tight integration with AWS services. It supports AWS-specific features like Service Catalog and StackSets for multi-account deployments natively, without third-party tools. Its drift detection automatically flags manual changes to resources, while Terraform requires manual terraform plan runs or paid tools like Terraform Cloud. For AWS-heavy teams, CloudFormation's change sets preview impacts safely, and its rollback on failure is more robust—Terraform can leave partial deployments if errors occur mid-run.

Gotchas and Switching Costs: State Locking and AWS Learning Curve

Terraform's state file is a liability if not stored securely (e.g., in S3 with locking) because corruption breaks everything; CloudFormation avoids this by managing state internally. Switching from CloudFormation to Terraform means rewriting all templates into HCL and learning a new tool—a heavy lift for large AWS estates. Conversely, Terraform users moving to AWS-only might miss multi-cloud capabilities. Pricing-wise, Terraform is free for CLI use but costs $20/user/month for Terraform Cloud with collaboration features; CloudFormation is free as part of AWS, though you pay for resources deployed.

Practical Recommendation: Start with Terraform Unless AWS-Only

For new projects, choose Terraform if you foresee multi-cloud or hybrid needs—its provider model future-proofs you against vendor changes. Use CloudFormation only if your organization is 100% committed to AWS and values deep AWS automation over flexibility. In practice, many teams use both: Terraform for cross-cloud baseline (like IAM or networking) and CloudFormation for AWS-specific app stacks. For cost, Terraform's free tier suffices for small teams, while CloudFormation adds no direct charge but locks you into AWS's pricing for resources.

Quick Comparison

The Verdict

Use Terraform if: You're managing infrastructure across multiple clouds (e.g., AWS and Azure) or want to avoid vendor lock-in with a readable, modular IaC approach.

Use Cloudformation if: Your organization is all-in on AWS and needs deep, native integration with AWS services like StackSets or Service Catalog, prioritizing automation over flexibility.

Consider: Pulumi if you prefer writing IaC in general-purpose languages like Python or TypeScript instead of HCL or YAML.