I'm curious to know which Infrastructure as Code (IaC) tool you all think is the best fit for managing AWS infrastructure, including both managed and serverless services. I know there are AWS-native tools like CloudFormation, SAM, and CDK, alongside vendor-independent options like Terraform. My background includes using Terraform with Azure and GCP, but in Azure, I found ARM templates a bit challenging to use, and it seems not many people opt for them. I've noticed many job postings favor AWS tools for DevOps roles. Can you share your experiences with IaC on AWS and what you recommend?
11 Answers
For complex serverless needs, I'd go with SAM. For simpler serverless tasks, CDK is fantastic. Overall, Terraform excels for general services. However, you can't rely on just one tool for all scenarios; it truly depends on your requirements.
For serverless applications, I’d recommend SAM for Lambda functions. For everything else, like VPCs and EKS clusters, Terraform or OpenTofu works great.
I use Terraform for nearly everything, but I stick with SAM for Lambda functions. It just fits better for that use case.
Why not use both? You can leverage the strengths of each tool!
There's really no 'best' option. Terraform and OpenTofu are popular for a reason, but if you prefer JSON and structure, CloudFormation can work well too. It's all about personal preference.
Honestly, compared to Terraform, CloudFormation is quite lacking. Terraform's flexibility and user-friendliness really set it apart.
I prefer Terraform because of its popularity and the ability to manage various vendors. It's great to handle everything within the same tool. Pulumi is another option that might work well, though I haven't used it much myself.
Given your experience, I’d suggest sticking with Terraform while exploring tfcdk for third-party providers, and from there, you can branch out to CDK for AWS needs. If your cloud team isn’t familiar with coding, Terraform’s a good route; for devs, learning something like CDK might be beneficial. At work, we've had success using Terraform for shared infrastructure because the team isn't as comfortable with TypeScript. I initiated some CDK projects, and the transition has been smooth, with the dev team taking over without complaints.
I've been using Terraform for over a decade, and honestly, it's the top choice for AWS in my experience. Google even phased out their own tool in favor of Terraform. It's powerful and straightforward for managing resources.
If you're starting fresh, you might want to check out OpenTofu, which is an open-source version of Terraform. It's been gaining traction since HashiCorp changed their licensing.
Agreed, I've been in AWS for 11 years, and Terraform is still king.
Choosing the right tool depends on your specific use case and scale. Terraform can work well for small to medium projects, but for large setups, it requires extra care. Tools like Pulumi or Crossplane are interesting for tight integrations with Kubernetes or for automating infrastructure with Flux or Argo. Just remember that as your workspace grows, refresh and plan times can become an issue, so consider your workspace structure.
I really like the Serverless Framework combined with CloudFormation. If you lean toward JavaScript and JSON, this setup is awesome. CDK feels overly complex for my taste, and I'm not a fan of Terraform either; it seems unnecessary when so many solutions are already present. Ansible might be older tech, but it still has its place as it integrates well into many setups.
Ansible isn’t outdated, it just serves a different purpose. It excels at configuration management, which is invaluable even in serverless or containerized environments.
I'm all about using CloudFormation. Terraform's ownership by IBM raises concerns for me regarding future changes and viability. If you need more power, consider using CDK alongside it.
But you know that OpenTofu is open source, right? It's great to have alternatives to YAML.
I would argue that CDK can enhance development experience greatly compared to writing YAML for SAM. It's also excellent for stack sets.