Need advice about which tool to choose?Ask the StackShare community!
AWS CloudFormation vs Ansible: What are the differences?
AWS CloudFormation and Ansible are two popular tools used for infrastructure automation. Let's explore the key differences between them.
Orchestration vs Configuration Management: AWS CloudFormation primarily focuses on orchestrating and managing resources in the AWS ecosystem. It provides a declarative language, using which you can define the desired state of your infrastructure and let CloudFormation handle the provisioning and management of resources. On the other hand, Ansible is a configuration management tool that focuses on configuring and managing software and systems. It uses a procedural language to define the steps required for achieving a desired state.
Scope: AWS CloudFormation is tailored specifically for managing AWS resources. It provides a wide range of resource types, such as EC2 instances, S3 buckets, RDS databases, etc., that can be provisioned, updated, or deleted using CloudFormation templates. In contrast, Ansible is agnostic to the cloud provider and can be used to manage resources on various platforms, including public clouds, private clouds, and even physical servers.
Learning Curve and Complexity: AWS CloudFormation involves a steeper learning curve as it requires knowledge of the CloudFormation syntax and understanding of various AWS resource types and their configuration. Mastering CloudFormation templates and best practices can take time. On the other hand, Ansible has an easier learning curve, especially for those familiar with YAML syntax. Ansible playbooks are generally easier to understand and write, making it more accessible to beginners.
Statefulness: CloudFormation has a concept of stacks, which represent the state of your infrastructure. Each time you update a CloudFormation stack, it compares the current state with the desired state declared in the template and applies the necessary changes. In contrast, Ansible does not have built-in state tracking. Each time you run an Ansible playbook, it executes all the defined tasks, even if they have been executed before. This can lead to unnecessary overhead, especially for large playbooks.
Extensibility: Ansible offers a rich ecosystem of community-supported modules that allow you to extend its functionality and integrate with various tools and platforms. These modules can be easily shared, customized, and reused. CloudFormation, on the other hand, has limited extensibility options. It relies on AWS resource types and CloudFormation-specific constructs for provisioning and management tasks.
Deployment and Execution: AWS CloudFormation templates are deployed and executed through the AWS Management Console, AWS CLI, or SDKs. It seamlessly integrates with other AWS services, such as AWS CodePipeline for continuous deployment. On the other hand, Ansible playbooks are executed through the Ansible command-line tool or Ansible Tower. Ansible supports various deployment methods, including ad-hoc execution, rolling updates, and integration with CI/CD pipelines.
In summary, AWS CloudFormation focuses on orchestrating and managing AWS resources using a declarative approach, whereas Ansible is a configuration management tool that can be used to manage resources on various platforms. CloudFormation has a steeper learning curve, is AWS-centric, and has built-in state tracking. Ansible, on the other hand, has an easier learning curve, is more extensible, and lacks built-in state tracking.
I'm just getting started using Vagrant to help automate setting up local VMs to set up a Kubernetes cluster (development and experimentation only). (Yes, I do know about minikube)
I'm looking for a tool to help install software packages, setup users, etc..., on these VMs. I'm also fairly new to Ansible, Chef, and Puppet. What's a good one to start with to learn? I might decide to try all 3 at some point for my own curiosity.
The most important factors for me are simplicity, ease of use, shortest learning curve.
I have been working with Puppet and Ansible. The reason why I prefer ansible is the distribution of it. Ansible is more lightweight and therefore more popular. This leads to situations, where you can get fully packaged applications for ansible (e.g. confluent) supported by the vendor, but only incomplete packages for Puppet.
The only advantage I would see with Puppet if someone wants to use Foreman. This is still better supported with Puppet.
If you are just starting out, might as well learn Kubernetes There's a lot of tools that come with Kube that make it easier to use and most importantly: you become cloud-agnostic. We use Ansible because it's a lot simpler than Chef or Puppet and if you use Docker Compose for your deployments you can re-use them with Kubernetes later when you migrate
Ok, so first - AWS Copilot is CloudFormation under the hood, but the way it works results in you not thinking about CFN anymore. AWS found the right balance with Copilot - it's insanely simple to setup production-ready multi-account environment with many services inside, with CI/CD out of the box etc etc. It's pretty new, but even now it was enough to launch Transcripto, which uses may be a dozen of different AWS services, all bound together by Copilot.
Because Pulumi uses real programming languages, you can actually write abstractions for your infrastructure code, which is incredibly empowering. You still 'describe' your desired state, but by having a programming language at your fingers, you can factor out patterns, and package it up for easier consumption.
We use Terraform to manage AWS cloud environment for the project. It is pretty complex, largely static, security-focused, and constantly evolving.
Terraform provides descriptive (declarative) way of defining the target configuration, where it can work out the dependencies between configuration elements and apply differences without re-provisioning the entire cloud stack.
AdvantagesTerraform is vendor-neutral in a way that it is using a common configuration language (HCL) with plugins (providers) for multiple cloud and service providers.
Terraform keeps track of the previous state of the deployment and applies incremental changes, resulting in faster deployment times.
Terraform allows us to share reusable modules between projects. We have built an impressive library of modules internally, which makes it very easy to assemble a new project from pre-fabricated building blocks.
DisadvantagesSoftware is imperfect, and Terraform is no exception. Occasionally we hit annoying bugs that we have to work around. The interaction with any underlying APIs is encapsulated inside 3rd party Terraform providers, and any bug fixes or new features require a provider release. Some providers have very poor coverage of the underlying APIs.
Terraform is not great for managing highly dynamic parts of cloud environments. That part is better delegated to other tools or scripts.
Terraform state may go out of sync with the target environment or with the source configuration, which often results in painful reconciliation.
I personally am not a huge fan of vendor lock in for multiple reasons:
- I've seen cost saving moves to the cloud end up costing a fortune and trapping companies due to over utilization of cloud specific features.
- I've seen S3 failures nearly take down half the internet.
- I've seen companies get stuck in the cloud because they aren't built cloud agnostic.
I choose to use terraform for my cloud provisioning for these reasons:
- It's cloud agnostic so I can use it no matter where I am.
- It isn't difficult to use and uses a relatively easy to read language.
- It tests infrastructure before running it, and enables me to see and keep changes up to date.
- It runs from the same CLI I do most of my CM work from.
Pros of Ansible
- Agentless284
- Great configuration210
- Simple199
- Powerful176
- Easy to learn155
- Flexible69
- Doesn't get in the way of getting s--- done55
- Makes sense35
- Super efficient and flexible30
- Powerful27
- Dynamic Inventory11
- Backed by Red Hat9
- Works with AWS7
- Cloud Oriented6
- Easy to maintain6
- Vagrant provisioner4
- Simple and powerful4
- Multi language4
- Simple4
- Because SSH4
- Procedural or declarative, or both4
- Easy4
- Consistency3
- Well-documented2
- Masterless2
- Debugging is simple2
- Merge hash to get final configuration similar to hiera2
- Fast as hell2
- Manage any OS1
- Work on windows, but difficult to manage1
- Certified Content1
Pros of AWS CloudFormation
- Automates infrastructure deployments43
- Declarative infrastructure and deployment21
- No more clicking around13
- Any Operative System you want3
- Atomic3
- Infrastructure as code3
- CDK makes it truly infrastructure-as-code1
- Automates Infrastructure Deployment1
- K8s0
Sign up to add or upvote prosMake informed product decisions
Cons of Ansible
- Dangerous8
- Hard to install5
- Doesn't Run on Windows3
- Bloated3
- Backward compatibility3
- No immutable infrastructure2
Cons of AWS CloudFormation
- Brittle4
- No RBAC and policies in templates2
Sign up to add or upvote consMake informed product decisions
What is Ansible?
What is AWS CloudFormation?
Need advice about which tool to choose?Ask the StackShare community!
What companies use Ansible?
What companies use AWS CloudFormation?
Sign up to get full access to all the companiesMake informed product decisions
What tools integrate with Ansible?
What tools integrate with AWS CloudFormation?
Sign up to get full access to all the tool integrationsMake informed product decisions
Blog Posts
+14
+29
+13+42+47
+30+26+33