Cloudformation Vs Apis

Some thoughts about infrastructure as code (IaC) build on top of cloudformation (eg. CDK, SAM) vs IaC build on top of APIs (eg. Terraform, Pulumi)

Note that this is NOT going into the merits of using a declarative DSL or a programming language to do IaC or even doing IaC outside of AWS - the following points are solely for evaluating the effectiveness of doing IaC with cloudformation at the base vs API calls.

cloudformation

pros

• lots of documentation
• best in class support for aws services
• built-in support for multi-region and multi-account deployments

cons

• generallly does not have day one support for new services
• failed deployments are painful (cloudformation will try to rollback vs stoppig)
• can't import existing resources

api

pros

• faster support for services that do not have cloudformation support
• ability to import existing resources

cons

• requires contributors or vendor to keep api abstractions up to date
• more leaky abstractions and edge cases to keep in mind (eg. https://github.com/hashicorp/terraform-provider-aws/issues/10654)

Related

• devops On Observability - 2023-06-18
• journal Weekly Review - 2023-06-11
• projects Address Mapper - 2024-09-02
• schemas Docs Related Ideas - 2023-05-02
• books Nonviolent Communications - 2024-07-20

Created 2023-06-14T00:32:10.467000, updated 2023-06-14T00:40:13.817000 · History · Edit