CloudFormation vs. Terraform
| Feature | CloudFormation | Terraform |
|---|---|---|
| Scope | Nur AWS | Multi-Cloud |
| State | AWS-managed | State File |
| Kosten | Kostenlos | Kostenlos (OSS) |
| Drift Detection | Ja | Ja |
| CDK | Ja (AWS CDK) | Ja (CDKTF) |
Erste CloudFormation Stack
# stack-ec2.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Einfache EC2-Instanz mit Security Group'
Parameters:
InstanceType:
Type: String
Default: t3.small
AllowedValues: [t3.micro, t3.small, t3.medium]
KeyName:
Type: AWS::EC2::KeyPair::KeyName
Description: SSH Key Pair
Mappings:
RegionAMI:
eu-central-1:
Ubuntu2404: ami-0a628e1e89aaedf80
Resources:
WebSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Web Server Security Group
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
WebServer:
Type: AWS::EC2::Instance
Properties:
InstanceType: !Ref InstanceType
ImageId: !FindInMap [RegionAMI, !Ref AWS::Region, Ubuntu2404]
KeyName: !Ref KeyName
SecurityGroupIds:
- !Ref WebSecurityGroup
UserData:
Fn::Base64: !Sub |
#!/bin/bash
apt update && apt install -y nginx
systemctl enable --now nginx
Tags:
- Key: Name
Value: !Sub '${AWS::StackName}-web-server'
Outputs:
PublicIP:
Value: !GetAtt WebServer.PublicIp
Description: Public IP Address
InstanceId:
Value: !Ref WebServer
# Stack deployen
aws cloudformation deploy --stack-name firma-web-server --template-file stack-ec2.yaml --parameter-overrides InstanceType=t3.small KeyName=mein-key --capabilities CAPABILITY_IAM
# Stack-Status
aws cloudformation describe-stacks --stack-name firma-web-server --query 'Stacks[0].{Status:StackStatus,Outputs:Outputs}'
# Outputs abrufen
aws cloudformation describe-stacks --stack-name firma-web-server --query 'Stacks[0].Outputs'
Nested Stacks
# main-stack.yaml
Resources:
VPCStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: https://s3.amazonaws.com/meine-templates/vpc-stack.yaml
EC2Stack:
Type: AWS::CloudFormation::Stack
DependsOn: VPCStack
Properties:
TemplateURL: https://s3.amazonaws.com/meine-templates/ec2-stack.yaml
Parameters:
VpcId: !GetAtt VPCStack.Outputs.VpcId
Stack aktualisieren und Rollback
# Änderungssatz (Change Set) erstellen vor Update
aws cloudformation create-change-set --stack-name firma-web-server --change-set-name meine-aenderung --template-file stack-ec2.yaml --parameter-overrides InstanceType=t3.medium
# Change Set anzeigen
aws cloudformation describe-change-set --stack-name firma-web-server --change-set-name meine-aenderung
# Change Set ausführen
aws cloudformation execute-change-set --stack-name firma-web-server --change-set-name meine-aenderung
# Stack löschen
aws cloudformation delete-stack --stack-name firma-web-server
FAQ
Wann CloudFormation, wann Terraform für AWS?
CloudFormation: wenn ausschließlich AWS, kein State-Management-Aufwand. Terraform: wenn Multi-Cloud oder bestehender Terraform-Stack vorhanden.
Fazit
CloudFormation ermöglicht reproduzierbare AWS-Infrastruktur. Templates in Git versioniert machen Deployments auditierbar.
AWS CloudFormation und IaC für KMU in Heidelberg, Mannheim und der Rhein-Neckar-Region. Anfragen.