AWS CloudFormation vs AWS Config

Overview

AWS CloudFormation

Stacks1.6K

Followers1.3K

Votes88

AWS Config

Stacks56

Followers102

Votes6

AWS CloudFormation vs AWS Config: What are the differences?

Introduction

In this article, we will compare AWS CloudFormation and AWS Config, two powerful services provided by Amazon Web Services (AWS) for managing and monitoring your infrastructure in the cloud.

Key Difference 1: Infrastructure Management vs. Resource Configuration: AWS CloudFormation focuses on infrastructure management and provisioning by allowing you to define and deploy infrastructure resources as code using templates. It helps in automating the process of creating, updating, and deleting resources in a consistent and repeatable manner. On the other hand, AWS Config focuses on resource configuration management by continuously monitoring and recording changes to your AWS resources, providing a detailed inventory, and enabling compliance and security assessment.
Key Difference 2: Provisioning vs. Configuration: CloudFormation primarily deals with provisioning and orchestration of infrastructure resources based on the defined templates, ensuring the correct resource configuration and dependencies. It helps in creating and managing stacks of resources, including EC2 instances, RDS databases, S3 buckets, etc. In contrast, AWS Config focuses more on the configuration aspects of the resources, tracking their compliance with desired configurations, and detecting configuration drifts.
Key Difference 3: Declarative vs. Continuous Monitoring: CloudFormation operates in a declarative manner, allowing you to define the desired state of your infrastructure resources in templates. It takes care of provisioning resources and ensuring the infrastructure matches the defined state. AWS Config, on the other hand, provides continuous monitoring, capturing real-time configuration changes and maintaining a configuration history. It helps in identifying and addressing any deviations from the desired state.
Key Difference 4: Infrastructure as Code vs. Resource Configuration History: CloudFormation empowers you to treat infrastructure as code, enabling version control, change management, and reuse of templates across different environments. It allows you to easily create, update, and delete stacks of resources using the AWS Management Console, CLI, or API. AWS Config, in contrast, provides a detailed configuration history for resources, allowing you to see how their configurations have changed over time, enabling compliance auditing, and troubleshooting.
Key Difference 5: Scope of Management: CloudFormation provides a broader scope of infrastructure management, covering various AWS services and resource types. It allows you to create complex infrastructures using pre-defined templates and customize them as per your requirements. AWS Config, on the other hand, focuses on monitoring and managing individual resource configurations, providing detailed configuration item history, evaluating resource compliance, and detecting configuration drift.
Key Difference 6: Automation and Remediation vs. Compliance Assessment: CloudFormation offers the automation and remediation capabilities through changesets, which allow you to preview and apply changes to your stacks in a controlled manner. It provides automatic rollback in case of stack creation or update failures. AWS Config, on the other hand, focuses on compliance assessment and tracking of resource configuration changes, allowing you to configure rules and remediation actions to ensure compliant resource configurations.

In Summary, AWS CloudFormation primarily focuses on infrastructure provisioning and management through declarative templates, while AWS Config focuses on continuous monitoring and recording of resource configurations to ensure compliance and detect configuration drifts.

Share your Stack

Help developers discover the tools you use. Get visibility for your team's tech choices and contribute to the community's knowledge.

View Docs

CLI (Node.js)

Manual

Advice on AWS CloudFormation, AWS Config

Timothy

SRE

Mar 20, 2020

Decided

I personally am not a huge fan of vendor lock in for multiple reasons:

I've seen cost saving moves to the cloud end up costing a fortune and trapping companies due to over utilization of cloud specific features.
I've seen S3 failures nearly take down half the internet.
I've seen companies get stuck in the cloud because they aren't built cloud agnostic.

I choose to use terraform for my cloud provisioning for these reasons:

It's cloud agnostic so I can use it no matter where I am.
It isn't difficult to use and uses a relatively easy to read language.
It tests infrastructure before running it, and enables me to see and keep changes up to date.
It runs from the same CLI I do most of my CM work from.

385k views385k

Comments

Daniel

May 4, 2020

Decided

Because Pulumi uses real programming languages, you can actually write abstractions for your infrastructure code, which is incredibly empowering. You still 'describe' your desired state, but by having a programming language at your fingers, you can factor out patterns, and package it up for easier consumption.

426k views426k

Comments

Sergey

Contractor at Adaptive

Apr 17, 2020

Decided

Overview

We use Terraform to manage AWS cloud environment for the project. It is pretty complex, largely static, security-focused, and constantly evolving.

Terraform provides descriptive (declarative) way of defining the target configuration, where it can work out the dependencies between configuration elements and apply differences without re-provisioning the entire cloud stack.

Advantages

Terraform is vendor-neutral in a way that it is using a common configuration language (HCL) with plugins (providers) for multiple cloud and service providers.

Terraform keeps track of the previous state of the deployment and applies incremental changes, resulting in faster deployment times.

Terraform allows us to share reusable modules between projects. We have built an impressive library of modules internally, which makes it very easy to assemble a new project from pre-fabricated building blocks.

Disadvantages

Software is imperfect, and Terraform is no exception. Occasionally we hit annoying bugs that we have to work around. The interaction with any underlying APIs is encapsulated inside 3rd party Terraform providers, and any bug fixes or new features require a provider release. Some providers have very poor coverage of the underlying APIs.

Terraform is not great for managing highly dynamic parts of cloud environments. That part is better delegated to other tools or scripts.

Terraform state may go out of sync with the target environment or with the source configuration, which often results in painful reconciliation.

426k views426k

Comments

Detailed Comparison

AWS CloudFormation	AWS Config
You can use AWS CloudFormation’s sample templates or create your own templates to describe the AWS resources, and any associated dependencies or runtime parameters, required to run your application. You don’t need to figure out the order in which AWS services need to be provisioned or the subtleties of how to make those dependencies work.	AWS Config is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. With AWS Config you can discover existing AWS resources, export a complete inventory of your AWS resources with all configuration details, and determine how a resource was configured at any point in time. These capabilities enable compliance auditing, security analysis, resource change tracking, and troubleshooting.
AWS CloudFormation comes with the following ready-to-run sample templates: WordPress (blog),Tracks (project tracking), Gollum (wiki used by GitHub), Drupal (content management), Joomla (content management), Insoshi (social apps), Redmine (project mgmt);No Need to Reinvent the Wheel – A template can be used repeatedly to create identical copies of the same stack (or to use as a foundation to start a new stack);Transparent and Open – Templates are simple JSON formatted text files that can be placed under your normal source control mechanisms, stored in private or public locations such as Amazon S3 and exchanged via email.;Declarative and Flexible – To create the infrastructure you want, you enumerate what AWS resources, configuration values and interconnections you need in a template and then let AWS CloudFormation do the rest with a few simple clicks in the AWS Management Console, via the command line tools or by calling the APIs.	Configuration Visibility;Fully Managed;Easy to get started;Low cost;Ecosystem of Partner solutions
Statistics
Stacks 1.6K	Stacks 56
Followers 1.3K	Followers 102
Votes 88	Votes 6
Pros & Cons
Pros 43 Automates infrastructure deployments 21 Declarative infrastructure and deployment 13 No more clicking around 3 Infrastructure as code 3 Atomic Cons 4 Brittle 2 No RBAC and policies in templates	Pros 4 Backed by Amazon 2 One stop solution Cons 2 Not user friendly

What are some alternatives to AWS CloudFormation, AWS Config?

Amazon CloudWatch

It helps you gain system-wide visibility into resource utilization, application performance, and operational health. It retrieve your monitoring data, view graphs to help take automated action based on the state of your cloud environment.

Stackdriver

Google Stackdriver provides powerful monitoring, logging, and diagnostics. It equips you with insight into the health, performance, and availability of cloud-powered applications, enabling you to find and fix issues faster.

Packer

Packer automates the creation of any type of machine image. It embraces modern configuration management by encouraging you to use automated scripts to install and configure the software within your Packer-made images.

Lumigo

Lumigo is an observability platform built for developers, unifying distributed tracing with payload data, log management, and real-time metrics to help you deeply understand and troubleshoot your systems.

Scalr

Scalr is a remote state & operations backend for Terraform with access controls, policy as code, and many quality of life features.

Pulumi

Pulumi is a cloud development platform that makes creating cloud programs easy and productive. Skip the YAML and just write code. Pulumi is multi-language, multi-cloud and fully extensible in both its engine and ecosystem of packages.

CAST.AI

It is an AI-driven cloud optimization platform for Kubernetes. Instantly cut your cloud bill, prevent downtime, and 10X the power of DevOps.

Azure Resource Manager

It is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure subscription. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.

Cloudability

Cloudability aggregates expenditures into accessible and comprehensive reports, helps identify new opportunities for reducing spend and increasing cloud efficiency, offers budget alerts and recommendations via SMS and email, provides APIs for connecting cloud billing and usage data to any business or financial system, and more.

CloudCheckr

CloudCheckr provides otherwise unavailable visibility and analytics to remove the complexity from AWS usage. Our users quickly and efficiently gain control of their deployment, reduce costs, and optimize infrastructure performance.

Related Comparisons

AWS CloudFormation vs AWS Config: What are the differences?

Introduction

In this article, we will compare AWS CloudFormation and AWS Config, two powerful services provided by Amazon Web Services (AWS) for managing and monitoring your infrastructure in the cloud.

Key Difference 1: Infrastructure Management vs. Resource Configuration: AWS CloudFormation focuses on infrastructure management and provisioning by allowing you to define and deploy infrastructure resources as code using templates. It helps in automating the process of creating, updating, and deleting resources in a consistent and repeatable manner. On the other hand, AWS Config focuses on resource configuration management by continuously monitoring and recording changes to your AWS resources, providing a detailed inventory, and enabling compliance and security assessment.
Key Difference 2: Provisioning vs. Configuration: CloudFormation primarily deals with provisioning and orchestration of infrastructure resources based on the defined templates, ensuring the correct resource configuration and dependencies. It helps in creating and managing stacks of resources, including EC2 instances, RDS databases, S3 buckets, etc. In contrast, AWS Config focuses more on the configuration aspects of the resources, tracking their compliance with desired configurations, and detecting configuration drifts.
Key Difference 3: Declarative vs. Continuous Monitoring: CloudFormation operates in a declarative manner, allowing you to define the desired state of your infrastructure resources in templates. It takes care of provisioning resources and ensuring the infrastructure matches the defined state. AWS Config, on the other hand, provides continuous monitoring, capturing real-time configuration changes and maintaining a configuration history. It helps in identifying and addressing any deviations from the desired state.
Key Difference 4: Infrastructure as Code vs. Resource Configuration History: CloudFormation empowers you to treat infrastructure as code, enabling version control, change management, and reuse of templates across different environments. It allows you to easily create, update, and delete stacks of resources using the AWS Management Console, CLI, or API. AWS Config, in contrast, provides a detailed configuration history for resources, allowing you to see how their configurations have changed over time, enabling compliance auditing, and troubleshooting.
Key Difference 5: Scope of Management: CloudFormation provides a broader scope of infrastructure management, covering various AWS services and resource types. It allows you to create complex infrastructures using pre-defined templates and customize them as per your requirements. AWS Config, on the other hand, focuses on monitoring and managing individual resource configurations, providing detailed configuration item history, evaluating resource compliance, and detecting configuration drift.
Key Difference 6: Automation and Remediation vs. Compliance Assessment: CloudFormation offers the automation and remediation capabilities through changesets, which allow you to preview and apply changes to your stacks in a controlled manner. It provides automatic rollback in case of stack creation or update failures. AWS Config, on the other hand, focuses on compliance assessment and tracking of resource configuration changes, allowing you to configure rules and remediation actions to ensure compliant resource configurations.

AWS CloudFormation vs AWS Config

Overview

AWS CloudFormation vs AWS Config: What are the differences?