Using CloudFormation Files in Terraform

Introduction
Step-by-Step Guide
Code Example
Additional Notes
Summary
Conclusion
References

Introduction

Terraform and CloudFormation are both powerful tools for managing cloud infrastructure, but they have distinct approaches. Let's clarify their relationship and explore when you might choose one over the other.

Step-by-Step Guide

While Terraform and CloudFormation both manage your cloud infrastructure, they are fundamentally different. Terraform doesn't operate "under the hood" of CloudFormation. Instead of being an abstraction layer, Terraform interacts directly with cloud provider APIs (like AWS) using its own syntax and logic.

You can, however, execute a CloudFormation template within your Terraform code. Terraform provides a resource for this: aws_cloudformation_stack. This resource allows you to define parameters, pass inputs, and manage the lifecycle of your CloudFormation stack directly from your Terraform scripts.

This approach can be useful for incorporating existing CloudFormation templates into your Terraform workflow or leveraging specific CloudFormation features. However, it's generally recommended to choose one tool (Terraform or CloudFormation) for consistency and to fully benefit from their respective strengths.

If you're starting fresh, many prefer Terraform due to its:

Multi-cloud support: Manage resources across different cloud providers (AWS, Azure, GCP, etc.) from a single configuration.
Declarative approach: Define your desired end state, and Terraform figures out how to get there, making infrastructure management more predictable.
Modular structure: Organize your code into reusable modules for better organization and maintainability.

Ultimately, the best tool depends on your specific needs and project requirements.

Code Example

This code demonstrates how to deploy an S3 bucket on AWS using a CloudFormation template within a Terraform script. The CloudFormation template defines the S3 bucket resource, while the Terraform code provisions the CloudFormation stack, passing in the bucket name as a parameter. The output of the Terraform script displays the name of the created S3 bucket. This example highlights how to combine CloudFormation and Terraform for infrastructure management, although using Terraform's native resources might be more advantageous for new projects.

This example demonstrates how to deploy an S3 bucket using a CloudFormation template within your Terraform code.

1. CloudFormation Template (s3_bucket.yaml):

Resources:
  MyS3Bucket:
    Type: 'AWS::S3::Bucket'
    Properties:
      BucketName: my-bucket-from-cfn

2. Terraform Code (main.tf):

# Configure the AWS Provider
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.0"
    }
  }
}

# Define variables for the CloudFormation stack
variable "bucket_name" {
  default = "my-bucket-from-cfn"
}

# Create the S3 bucket using CloudFormation
resource "aws_cloudformation_stack" "s3_bucket_stack" {
  name = "s3-bucket-stack"

  # Path to the CloudFormation template
  template_body = file("${path.module}/s3_bucket.yaml")

  # Pass parameters to the CloudFormation template
  parameters = {
    BucketName = var.bucket_name
  }
}

# Output the S3 bucket name
output "s3_bucket_name" {
  value = aws_cloudformation_stack.s3_bucket_stack.outputs.MyS3Bucket
}

Explanation:

CloudFormation Template: This template defines a simple S3 bucket resource.
Terraform Code:
- aws_cloudformation_stack resource: This resource deploys the CloudFormation stack.
- template_body: Specifies the path to the CloudFormation template file.
- parameters: Passes values to the parameters defined in the CloudFormation template.
- Output: Displays the S3 bucket name created by the CloudFormation stack.

Running the Code:

Save the CloudFormation template as s3_bucket.yaml and the Terraform code as main.tf.
Run terraform init to initialize the Terraform working directory.
Run terraform apply to deploy the infrastructure.

This example shows how to integrate CloudFormation within a Terraform workflow. However, for new projects, leveraging Terraform's multi-cloud capabilities and declarative approach might be more beneficial for managing your infrastructure effectively.

Additional Notes

Terraform's API Interaction: Terraform's direct interaction with cloud provider APIs gives it flexibility and potentially faster performance compared to going through an intermediary layer.
CloudFormation within Terraform - Use Cases: Using CloudFormation inside Terraform is primarily beneficial for integrating legacy CloudFormation code or leveraging CloudFormation-specific features not yet available in Terraform.
Consistency is Key: For new projects, sticking to one tool (ideally Terraform for its broader scope) is recommended for maintainability and to avoid unnecessary complexity.
Terraform's Advantages:
- Multi-cloud is Powerful: Terraform's ability to manage multiple cloud providers simplifies complex deployments and avoids vendor lock-in.
- Declarative for Predictability: Terraform's declarative approach makes infrastructure changes more predictable and easier to reason about.
- Modules for Reusability: Terraform modules promote code reuse, improving organization and reducing redundancy in large projects.
Choosing the Right Tool: The best tool always depends on the specific project. Factors to consider include existing infrastructure, team expertise, future scalability needs, and desired cloud providers.
Learning Resources: The provided links offer valuable resources for further exploration of Terraform, CloudFormation, and their integration.

Summary

Feature	Terraform	CloudFormation
Relationship	Operates independently, can execute CloudFormation templates	Native to AWS, works "under the hood"
Cloud Support	Multi-cloud (AWS, Azure, GCP, etc.)	Primarily AWS
Approach	Declarative (define desired state)	Declarative (define desired state)
Structure	Modular, reusable components	Can be modular, but less emphasized
Strengths	Multi-cloud management, consistency across platforms, strong community support	Deep AWS integration, familiar for AWS users
Best For	New projects, multi-cloud environments, teams valuing flexibility	AWS-focused projects, leveraging existing CloudFormation expertise

Key Takeaway: While both tools manage cloud infrastructure, Terraform offers greater flexibility and multi-cloud support, while CloudFormation excels in AWS-specific environments. Choose the tool that best aligns with your project needs and team expertise.

Conclusion

In conclusion, Terraform and CloudFormation offer distinct approaches to infrastructure management. While Terraform can execute CloudFormation templates, its strength lies in its multi-cloud support, declarative nature, and modular structure, making it ideal for new projects and diverse environments. CloudFormation, deeply integrated with AWS, might be preferable for AWS-centric projects or when leveraging existing CloudFormation expertise. Ultimately, the optimal choice depends on your project's specific needs, future scalability, and team expertise. Carefully evaluate both tools to determine the best fit for your infrastructure management strategy.

References

Why use Terraform over CloudFormation? : r/aws | Posted by u/derjanni - 148 votes and 168 comments
aws_cloudformation_stack | Resources | hashicorp/aws | Terraform ... | Provides a CloudFormation Stack resource. Example Usage resource "aws_cloudformation_stack" "network" { name = "networking-stack" parameters = { VPCCidr = "10. ...
Is there a way to turn a existing cloudformation template into a ... | Posted by u/ccarrylab81 - 11 votes and 19 comments
terraform to run Cloud formation template | Terraform does not automatically rollback in the face of errors. Instead, your Terraform state file has been partially updated with ... terraform I was able to ...
Terraform vs CloudFormation. This question pops up once in a while ... | This question pops up once in a while — why use a third party tool if AWS has a service which does essentially the same thing?
Does Terraform uses AWS cloudformation under the hood? - AWS ... | Hey all, I had a discussion with one of colleagues over Terraform and Cloudformation and he mentioned that Terraform is basically an abstraction over Cloudformation. I was wondering if Terraform actually uses Cloudformation under the hood and interacts directly the the aws resources API? Couldn’t find this information anywhere so wanted to ask here! Thanks everyone!
Using Cloudformation with Terraform | Jan 9, 2020 ... ... file. To make this post a little more readable, I'll show you ... Finally, I add the terraform code to run the cloudformation template.
Help with developing and using a terraform module I published to ... | Hey everyone! I’m working on developing a set of terraform modules that I can use for deploying web applications for different environments (ad-hoc per developer, dev, qa, rc, stage, prod, demo, etc.) I originally learned a lot about Infrastructure as Code by using CloudFormation and then CDK, and I have published a CDK construct library that I can use for the same purpose of deploying web applications, here’s the link: https://www.npmjs.com/package/django-cdk. I’m basically trying to create so...
SonarCloud can scan Terraform and CloudFormation files + cfn-lint ... | Hello Terraform, CloudFormation developers, IaC Engine Today, we are happy to announce that SonarCloud can start helping you deploying safer infrastructures. This is just the beginning of the journey with the first set of 10 rules targeting mainly AWS S3 buckets. Security Hotspot Detections: Allowing public ACLs or policies on a S3 bucket is security-sensitive Authorizing HTTP communications with S3 buckets is security-sensitive Disabling S3 server access logging is security-sensitive Disa...