Understanding the differences between tools like Terraform, CloudFormation, Ansible, and Puppet

When first getting into DevOps and cloud computing, it can be difficult to distinguish between the vast array of tools used to manage cloud resources and virtual machines. Many are similar, and offer similar features across different cloud providers.

Where there are far too many tools to list out individually, I like to separate them into two categories

  • Configuration Management
  • Provisioning Management

Here’s how to tell the difference.

Configuration Management

Configuration management tools are used to manage the configurations on already-existing virtual machines. As containerization and ephemerality rise in popularity, you’re less likely to find configuration tools in use at newer startups. Don’t be fooled though; they still drive the underlying infrastructure for many critical businesses today, and are very much in use for on-premise resources (not in the cloud).

A configuration tool like Puppet or Ansible, allows you to bring a machine to a desired state. By running commands, modifying files, or otherwise modifying things within the scope of the machine, we can take it from its existing state (wherever it may be) to a desired one ready to serve a purpose.

Example Uses

  • I want my server to have docker installed, with nginx in front of it
  • I want to build a golden image that can be used on multiple virtual machines
  • I want to install WordPress on a virtual machine for my clients

Provisioning Management

Whereas configuration management tools define everything within a virtual machine – provisioning management tools define everything outside of it. Tools like Terraform or CloudFormation allow developers to define the resources they need to perform the workloads they’d like to do.

Example Uses

  • I want to create 5 virtual machines behind a load balancer
  • I want to set up a Kubernetes cluster
  • I want to provision a Google Cloud Run instance to serve my Django site
  • I want to create an RDS database in AWS and connect it to my EC2 instance

When Would I Use Both?

If you’re at a company that uses a fair amount of virtual machines (EC2 instances, Google Compute Instances), you’re likely to encounter both of these tools. For example, you may use Packer to build EC2 AMIs, and CloudFormation to deploy EC2 machines with those built images.

With companies running Kubernetes based stacks, you can think of it in a similar method. While it’s certainly possible to define Kubernetes resources in provisioning management tools like terraform – many developers prefer to draw a line, letting terraform define the cluster, and another configuration tool (even YAML) define the desired state of the cluster.

Looking to build secure infrastructure?

Get started with Cloudrail