Cloud Computing has revolutionized the world of information and technology. From the way we deploy and maintain applications to the development practices, everything has been highly impacted by Cloud Computing. All new applications are developed to be cloud-native and compatible with cloud services. Cloud Computing helps us develop highly available, scalable, and efficient architectures, which makes cloud services more and more in demand. With this boom in cloud computing comes a need to maintain infrastructure as a code. Maintaining cloud resources manually via console can be a complex task that can be very difficult to track. Infrastructure as a code, aka IAC or IAAC, solves this problem. By using IAC, we can define our resources as code and use this code to provision cloud services. Using infrastructure as a code allows multiple developers to collaborate on infrastructure and keep track of the changes made by developers.
Infrastructure as a Code in AWS
AWS is the biggest and the most widely used cloud provider globally. It has its own IAC tool, the AWS CloudFormation or AWS CDK, and also allows 3rd party IAC tools like Terraform to provision resources. When choosing IAC tools for AWS, Terraform, a 3rd party tool, is a solid competition to the AWS-Managed tools, AWS CloudFormation and AWS CDK. With so many choices and features that each of these tools provides, choosing the right IAC tool can be challenging. In this article, we will discuss the difference between AWS CDK and Terraform. AWS CDK uses Cloudformation internally, so for a deeper view into Cloudformation and Terraform, please refer to the related article, Understanding IAC tools: CloudFormation vs. Terraform.
Terraform
Terraform is an open-source Infrastructure as a Code tool initially developed by Hashicorp. It is a highly accurate and mature tool that supports not only AWS but other cloud providers as well. Terraform supports all the AWS services, and the development community is quick to pick up on any new feature that AWS adds to its services. It allows us to write code in Hashicorp developed language (HCL). HCL is a JSON-like language for defining infrastructure resources.
AWS CDK
AWS CDK is a wrapper around AWS CloudFormation. To understand the working of the AWS CDK, you should know a little about AWS CloudFormation. AWS CloudFormation is an AWS-managed tool that allows us to define AWS infrastructure in YML or JSON format. Even though reading JSON and YML is easy, they are not actual programming languages. There is no native support for loops and functions, which makes maintaining big infrastructures more and more difficult. This is where AWS CDK comes in. AWS CDK is a wrapper around AWS CloudFromation that allows you to use familiar programming languages like – JAVA or Python to provision your infrastructure. This makes it easier to write and maintain code.
Terraform vs. AWS CDK: Differences
#1. Language and Ease of use
Language and ease of use are vital to understanding the difference between the AWS CDK and Terraform. Let us talk about Terraform first. Terraform uses a JSON-like language to define resources and other data, the HCL, or HashiCorp Configuration Language. It is pretty straightforward, and the documentation is easy to understand and follow, even for beginners. Let us see a code to create an S3 bucket. The code is fairly simple to read, and you can see other parameters that this resource supports in the Terraform documentation. As mentioned before, AWS CDK is a CloudFormation wrapper that allows us to define our resources in programming languages. Let us see an AWS CDK code to create an S3 bucket. Terraform code can look a bit neater than the CDK, but both Terraform and CDK codes are pretty simple. If you plan on using IAC for a small project, both Terraform and CDK are great options as far as language and ease-of-use are concerned. However, when choosing the right IAC tool for a big project with many developers, Terraform has a drawback. As simple as Terraform is, it is a new language, and you will need to train your developers in a whole new language that is not similar to the other programming languages in use. More importantly, data manipulation in Terraform is not as simple as in other programming languages. For example, iterating through lists and objects and transforming values is not as simple, especially for beginners. Personally, I would prefer AWS CDK over Terraform if considering the ease of use. When using Terraform, there have been times when I have had to use workarounds or complicated scripts to get the desired results. The control we have over data and the ability to easily manipulate data in AWS CDK languages is a big win for AWS CDK.
#2. Scope
Terraform is a multi-cloud IAC tool, which means that you can not only use Terraform with AWS but also with other cloud providers like Azure or GCP. Terraform is a great tool to create multi-cloud deployments and have any number of cloud providers for your application. There have been times when widely used global platforms went down due to an issue in the Cloud Provider’s services. In today’s time, it is a smart decision to have more than one cloud provider for your applications. AWS CDK is an AWS offering for IAC. As powerful and mature the CDK may be, it is limited only to AWS Cloud. When considering the scope of the IAC tools, Terraform is the obvious winner of the two. It makes a lot of sense to have your developers use a single tool for all the cloud platforms.
#3. Performance
Performance is usually not the most important criteria when choosing the right IAC tool, but it might matter in large projects. Terraform deploys resources using the AWS SDK, whereas the CDK code is first converted to CloudFormation templates and then applied. Terraform would work slightly faster than AWS CDK, particularly because of the time CDK takes to convert code to CloudFormation Template.
#4. Modularity
Both Terraform and AWS CDK can be used to create modules. Terraform has native support for modules. You can create your own modules and host them on a private module registry for use within your organization. Terraform also has a public module registry for hosting and using public modules. In AWS CDK, you can create reusable functions, classes and share this code within your organization to achieve the same result. This is a big plus in AWS CDK as the other AWS IAC tool – CloudFormation does not allow you to create and reuse code as modules. You can use nested stacks in CloudFormation to achieve this requirement but using AWS CDK is a lot more suitable alternative. All in all, both the tools are similar in this aspect.
#5. Control and Governance
Ultimately all access to AWS Console is controlled by IAM, the Identity Management Service from AWS. You can use IAM policies with both AWS CDK and Terraform to allow and deny certain actions. IAM allows you to have fine-grained control over what actions can be taken on your account. In addition to using IAM to control access to account resources, Terraform offers a policy as a code framework, Sentinel. Sentinel allows you to write fine-grained policies to correctly control a user’s actions via Terraform.
Conclusion
Since AWS CDK internally uses CloudFormation, I suggest you go through the CloudFormation vs. Terraform article to better understand the differences between AWS CDK and Terraform. Overall, both AWS CDK and Terraform are mature and powerful tools. Terraform has a slight disadvantage when it comes to data manipulation. However, in my experience, once you get more comfortable with writing Terraform, using workarounds and performing data transformations becomes easier. For multi-cloud operations, Terraform is an obvious choice; however, if you are looking to use AWS as your cloud provider, AWS CDK is an excellent alternative.