Cloudformation to Terraform

“Now this is a story all about how
My life got flipped-turned upside down
And I’d like to take a minute
Just sit right there
I’ll tell you how we moved from cloudformation to terraform and why…”

Ok, I’m no song writer. In this blog, I would like to talk about how we used cloudformation and how/why we moved to terraform.

I’ll start 2 years ago, when we at comparethemarket.com started our first project in AWS. We wanted our infrastructure as code and at the time it seemed that the Cloudformation service provided by AWS was the best tool for the job, it worked well creating our infrastructure.

The first problem was management of the code; 1 massive JSON blob with nested objects (not so easy on the eyes) and not so fun to update. This wasn’t a big issue as we created a gem to create the JSON file from yaml with pre-set fields.

The second (and main) problem was the updates. You couldn’t see the changes that were going to happen until you ran it. This was a big problem, we were still new to AWS and this proof-of-concept project would determine if this is our direction, so we wanted everything to run smoothly and fast. We stuck with it for the project having wrapped the JSON generation with checks to make sure everything was valid.

Below is an example of Cloudformation json to create a VPC with a single subnet.

6 months later…

We start running into problems, security groups being removed and not recreated during the deployments due to invalid config. Now our services can’t connect and start causing downtime. After investigating into the problem, we found it was down to how Cloudformation changes resources, that’s when we decided to try a different tool, Terraform. This gave a way of viewing changes before they were put live. Also, the syntax (HCL, HashiCorp Configuration Language) was easier to read and allowed us to split the code into multiple files making management a lot easier.

Below is an example of Terraform HCL to create a VPC with 3 public and 3 private subnets.

This template is reusable and could even be extracted into a module.

I know Cloudformation has improved massively recently with change sets and the design interface, and we may even revisit this tool in the future, but at the moment, my view is: terraform FTW.

See Cloudformation or Terraform for more info.