Infrastructure as Code (IAC) facilitates modeling, provisioning and lifecycle management of IT Infrastructure resources consistently by treating them as code.

On AWS, the primary Infrastructure as Code service is CloudFormation. If you can define an architecure consisting of AWS resources, you can model and provision the resources on AWS using CloudFormation templates. CloudFormation templates can be created using JSON or YAML. The biggest limitation of CloudFormation templates is that the JSON or YAML template files get too complicated and unmanageable as your infrastructure grows.

Important CloudFormation concepts:

  • JSON or YAML templates contain declarative code describing the intended state of all the resources you need
  • A Stack implements and manages a group of resources
  • A Change Set provides a preview of stack operations to create, update, or remove resources
  • A Stack Set is a group of Stacks

CloudFormation also allows the importing existing resources and detecting configuration drift, if manual changes are made outside of the CloudFormation templates. A recent addition inlcudes a registry that makes it easier to create custom types that inherit many core CloudFormation benefits.

AWS Cloud Development Kit (CDK) is the next level up in IAC. With CDK, developers can build IAC using programming constructs in JavaScript, TypeScript, Python, Java, and C#. CDK scripts compile down to CloudFormation templates and use CloudFormation as the underlying service.

However, CDK is an AWS product serving only AWS. This is where cross-platform IAC frameworks come in. The most popular ones are:

Pulumi is my favorite, at the moment, primarily for the following reasons:

  • I am able to write Infrastructure as Code in my favorite programming language, Python (Pulumi also allows Javascript, Typescript, C#, GO)
  • Concise code with familiar constructs like for loops, functions, and classes compared to verbose JSON or YAML templates
  • Multi-cloud, in case I need to deploy on Azure or Google Cloud (Pulumi also has providers for Kubernetes, Cloudflare, Let’s Encrypt and many others)
  • Powerful CLI (Commandline interface)

Terraform works well as a multi-cloud framework. However, Pulumi has the following advantages over Terraform:

  • Support for real programming languages. Terraform uses a custom DSL (Domian Specific Language) HCL (Hashicorp Configuration language) that is closer to JSON than a programming language like Python or Javascript
  • Pulumi can adapt any Terraform provider to use with Pulumi. With this scheme, Pulumi will likely be able to support more providers that the other frameworks.

Pulumi has published some comparisons here.