Need advice about which tool to choose?Ask the StackShare community!
AWS CLI vs AWS CloudFormation: What are the differences?
Introduction
In this article, we will discuss the key differences between AWS CLI (Command Line Interface) and AWS CloudFormation, two widely used services offered by Amazon Web Services (AWS).
Deployment and Infrastructure Management: AWS CLI is a command-line tool that allows developers to interact with various AWS services by typing in commands. It enables users to perform tasks like managing Amazon S3 buckets, launching EC2 instances, and configuring security policies. On the other hand, AWS CloudFormation is a service that enables users to create and manage a collection of AWS resources using a template. It provides a declarative way to define infrastructure as code and automates the provisioning and updating of resources.
Level of Abstraction: AWS CLI provides a low-level interface, allowing users to directly interact with individual AWS services and resources. It requires a detailed understanding of the underlying AWS service APIs and their parameters. In contrast, AWS CloudFormation offers a high-level abstraction that simplifies the provisioning and management of AWS resources. It allows users to define Infrastructure as Code (IaC) using a JSON or YAML template, abstracting away much of the complexity of the underlying infrastructure.
Flexibility and Customization: AWS CLI provides full control and flexibility, allowing users to construct complex workflows by scripting multiple commands together. This level of control enables users to perform custom operations and automate intricate tasks. AWS CloudFormation, on the other hand, is designed to provide a standard and consistent way to manage infrastructure resources. While it supports limited customization using intrinsic functions and conditional statements, it promotes standardized infrastructure provisioning and management.
Orchestration and Rollbacks: AWS CLI lacks built-in orchestration capabilities to manage the provisioning and configuring of multiple resources as a single unit. It requires manual coordination to ensure the correct order and dependencies are maintained. In contrast, AWS CloudFormation offers orchestration features that simplify the management and coordination of multiple resources. It supports automated provisioning, updating, and deletion of resources, and enables rollbacks in case of failures during stack updates.
Discoverability and Documentation: AWS CLI makes it relatively easy to discover available services, commands, and their options using auto-completion and interactive documentation. It provides detailed help and examples for each command, making it an efficient tool for exploration and learning. On the other hand, AWS CloudFormation templates require familiarity with the AWS CloudFormation Resource Specification and the available resource types and properties. While CloudFormation has a rich set of documentation, it may have a steeper learning curve compared to AWS CLI.
Portability and Stack Management: AWS CLI requires users to manually manage different versions of configuration files for each environment. It lacks built-in capabilities to manage and track changes to infrastructure over time. In contrast, AWS CloudFormation supports the creation of stack templates, enabling consistent and repeatable infrastructure deployments. It allows users to version and manage their infrastructure as code, making it portable and facilitating collaboration among team members.
In summary, AWS CLI provides a command-line interface for low-level interaction with individual AWS services, while AWS CloudFormation offers a higher-level abstraction for managing infrastructure as code. AWS CLI offers more flexibility and customization options, but CloudFormation simplifies infrastructure provisioning and offers built-in orchestration features. Both services have their strengths and are often used together to achieve specific automation and management requirements.
Because Pulumi uses real programming languages, you can actually write abstractions for your infrastructure code, which is incredibly empowering. You still 'describe' your desired state, but by having a programming language at your fingers, you can factor out patterns, and package it up for easier consumption.
We use Terraform to manage AWS cloud environment for the project. It is pretty complex, largely static, security-focused, and constantly evolving.
Terraform provides descriptive (declarative) way of defining the target configuration, where it can work out the dependencies between configuration elements and apply differences without re-provisioning the entire cloud stack.
AdvantagesTerraform is vendor-neutral in a way that it is using a common configuration language (HCL) with plugins (providers) for multiple cloud and service providers.
Terraform keeps track of the previous state of the deployment and applies incremental changes, resulting in faster deployment times.
Terraform allows us to share reusable modules between projects. We have built an impressive library of modules internally, which makes it very easy to assemble a new project from pre-fabricated building blocks.
DisadvantagesSoftware is imperfect, and Terraform is no exception. Occasionally we hit annoying bugs that we have to work around. The interaction with any underlying APIs is encapsulated inside 3rd party Terraform providers, and any bug fixes or new features require a provider release. Some providers have very poor coverage of the underlying APIs.
Terraform is not great for managing highly dynamic parts of cloud environments. That part is better delegated to other tools or scripts.
Terraform state may go out of sync with the target environment or with the source configuration, which often results in painful reconciliation.
I personally am not a huge fan of vendor lock in for multiple reasons:
- I've seen cost saving moves to the cloud end up costing a fortune and trapping companies due to over utilization of cloud specific features.
- I've seen S3 failures nearly take down half the internet.
- I've seen companies get stuck in the cloud because they aren't built cloud agnostic.
I choose to use terraform for my cloud provisioning for these reasons:
- It's cloud agnostic so I can use it no matter where I am.
- It isn't difficult to use and uses a relatively easy to read language.
- It tests infrastructure before running it, and enables me to see and keep changes up to date.
- It runs from the same CLI I do most of my CM work from.
Pros of AWS CLI
Pros of AWS CloudFormation
- Automates infrastructure deployments43
- Declarative infrastructure and deployment21
- No more clicking around13
- Any Operative System you want3
- Atomic3
- Infrastructure as code3
- CDK makes it truly infrastructure-as-code1
- Automates Infrastructure Deployment1
- K8s0
Sign up to add or upvote prosMake informed product decisions
Cons of AWS CLI
Cons of AWS CloudFormation
- Brittle4
- No RBAC and policies in templates2
Sign up to add or upvote consMake informed product decisions
What is AWS CLI?
What is AWS CloudFormation?
Need advice about which tool to choose?Ask the StackShare community!
What companies use AWS CLI?
What companies use AWS CloudFormation?
Sign up to get full access to all the companiesMake informed product decisions
What tools integrate with AWS CLI?
What tools integrate with AWS CloudFormation?
Sign up to get full access to all the tool integrationsMake informed product decisions
Blog Posts
+12
+29
+42+47
+26
+23
+39
+35