Choosing the right IaC tool on AWS
It’s been 19 years since Amazon.com Web Services, managed by Colin Bryar (later Andy Jassy) launched its first web services, opening up the Amazon.com platform to all IT specialists. While the cloud has changed a lot since that time, only one thing remained the same: Infrastructure as Code (IaC) is the foundation of a healthy AWS implementation. For something more than a fun-toy-app, IaC is the key pillar. You’ll hardly find experts running big-serious-stuff, who think letting people take shots in the dark on AWS consoles is the best way to go. The benefits that lead plenty of organizations to migrate to IaC are perpetual infrastructure, growth in the velocity of delivery, scalability, cost savings, and risk alleviation. Currently, it’s much faster not only to run all of the applications with an IaC tool but also utilize it with PoC, and get on with it. It takes nothing to come back to projects after a few weeks/months and quickly understand how things work from a familiar background/context. With that said, we need to learn what IaC tools are on the AWS deck and which one is good enough for you to choose.
CloudFormation at your service
AWS CloudFormation (CFN), released in 2011, is a built-in IaC tool in the AWS Cloud Platform that provides an easy way to quickly and effectively manage a set of multiple AWS native resources and even third-party resources utilizing IaC. CloudFormation helps manage your resources scaling and automate management processes leveraging and integrating other AWS resources. In addition, AWS CloudFormation also allows you to use an open-source CLI to create your own resource providers to manage third-party application resources. With CloudFormation’s templates written in YAML and JSON, you just code your infrastructure from scratch leveraging the template language and operate the resources you designed in the pattern. What’s more, you can always roll back your infrastructure to the previous state in case of failures.
A little while ago, we only had Custom Resources to provide and operate capabilities that CloudFormation did not natively support. The situation has now been largely improved by Resource Providers, which currently allow you to design individual providers to manage third-party resources in your stacks. For instance, you can easily utilize Datadog (a monitoring tool) in your stack to provide and manage your supervision without the need for any extraneous process.
Cloud Development Kit making an entrance
Terraform — a new approach to IaC
As other IaC tools, Terraform utilizes configuration files to granularize infrastructure setup but takes a higher position promoting cloud independence and allowing multiple providers and services to be aggregated and merged. For instance, Terraform can be leveraged to orchestrate an AWS and OpenStack cluster at the same time while allowing third-party vendors such as CloudFlare and DNSimple to combine to provide CDN and DNS services. This allows Terraform to operate the entire infrastructure with its maintaining services, not just a subunit of the existing infrastructure within a single provider. It provides an original, consolidated syntax (Hashicorp Configuration Language (HCL) instead of requiring DevOps engineers to utilize self-sufficient and incompatible tools for each platform and service.
Terraform also separates the planning stage from the execution stage utilizing the idea of an execution plan. With terraform plan running, the current state is updated and configuration is consulted on an action plan. The plan includes all the actions that need to be taken: what resources will be created, eliminated, or changed. DevOps engineers can test it to make sure it is ready to be implemented and approve the plan.
With a terraform graph, you can visualize the plan to follow the dependencies. Once the plan has been drawn up, the execution phase can only be limited to activities in the plan. Other tools combine the planning/execution stages, which means engineers have to rely on their brains to introspectively contemplate the implications of a change that quickly becomes overwhelming in large infrastructures. With Terraform, DevOps engineers can feel confident applying changes because they know exactly what will happen in advance.
Final thoughts: Which one to choose
With an immense choice of tools presented and a huge variety of business requirements, it’s absolutely impossible to give one all-purpose solution. However, when contemplating your alternatives, evaluate these simple facts, and you’ll get the answers.
- My solution is quite simple and particularly serverless — AWS CloudFormation to help you (notably AWS SAM).
- I vertically distribute best practices and orchestration — Terraform / CDK.
- AWS is my final selection and I’ll stay with AWS — CloudFormation / CDK.
- I want to orchestrate some resources outside AWS — Terraform / CDK for Terraform.
- I want to have a multi-cloud environment — Terraform.
One way or another, choosing the right IaC tool on AWS is a quite demanding process involving plenty of thinking. However, no matter what you choose, the only truly wrong decision is not to use tools designed to streamline your software development and delivery processes at most. If you have any questions regarding what IaC tool to pick or any other DevOps-allied question you can always contact us.