As cloud environments scale, clicking through web consoles just doesn’t cut it. Infrastructure-as-Code (IaC) lets developers codify, version, and automate everything from virtual machines and networks to IAM roles and app deployments.
This blog dives into Terraform, AWS CloudFormation, and Ansible with a code-first mindset—ideal for scripting infrastructure across AWS, Azure, or GCP.
Why Infrastructure as Code?
- Version-controlled infrastructure using Git
- Repeatable environments for dev, staging, and prod
- Auditability and compliance through declarative syntax
- Automation of provisioning, configuration, and teardown
1. Terraform: Cloud-Agnostic and Dev-Friendly
Terraform is a declarative IaC tool by HashiCorp. It uses HCL (HashiCorp Configuration Language) and is ideal for managing infrastructure across multiple cloud providers.
Spin up an AWS EC2 instance with Terraform:
provider "aws" {
region = "us-east-1"
}
resource "aws_instance" "web" {
ami = "ami-0abcdef1234567890"
instance_type = "t2.micro"
tags = {
Name = "TerraformWeb"
}
}
Commands:
terraform init
terraform plan
terraform apply
Remote State + Versioning Tip:
Use S3 + DynamoDB for shared team state:
backend "s3" {
bucket = "my-terraform-state"
key = "env/dev/terraform.tfstate"
region = "us-east-1"
dynamodb_table = "terraform-locks"
}
2. AWS CloudFormation: Native, Declarative, and Integrated
CloudFormation allows you to define AWS infrastructure in JSON or YAML. Great for teams working deeply within AWS who need tight integration with native services like Control Tower, StackSets, or CodePipeline.
Basic EC2 Template (YAML):
Resources:
WebInstance:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: ami-0abcdef1234567890
Tags:
- Key: Name
Value: CF-Web
Deploy via CLI:
aws cloudformation create-stack \
--stack-name web-stack \
--template-body file://web.yaml
Parameterization & Outputs:
Parameters:
EnvName:
Type: String
Default: dev
Outputs:
InstanceID:
Value: !Ref WebInstance
3. Ansible: Configuration Meets Orchestration
Unlike Terraform and CloudFormation, Ansible is procedural and SSH-based. It excels at configuration management, post-provisioning automation, and hybrid on-prem + cloud tasks.
Sample Playbook: Provision & Configure EC2
- name: Configure web server
hosts: aws_ec2
become: true
tasks:
- name: Install NGINX
apt:
name: nginx
state: present
- name: Ensure NGINX is running
service:
name: nginx
state: started
enabled: true
Use dynamic inventory for AWS:
ansible -i aws_ec2.yaml -m ping all
Inventory plugin example (aws_ec2.yaml):
plugin: aws_ec2
regions:
- us-east-1
filters:
tag:Role: web
keyed_groups:
- key: tags.Role
🧠 Pro Tip: Combine Ansible + Terraform by using Terraform to provision EC2 and Ansible to configure it.
Multi-Cloud & DevOps Pipelines
IaC + CI/CD = Full automation. Examples:
- Use GitHub Actions or GitLab CI to trigger
terraform applyon merge - Build CloudFormation pipelines with AWS CodePipeline and ChangeSets
- Run Ansible Tower or AWX for GUI-based orchestration and job control
Security Best Practices
| Tool | Practice |
|---|---|
| Terraform | Use terraform validate, state encryption, workspaces |
| CloudFormation | Use IAM roles per stack, enable drift detection |
| Ansible | Encrypt credentials with ansible-vault, restrict SSH |
Tag resources, use modular templates, and rotate secrets with automation (e.g., SSM Parameter Store or HashiCorp Vault).
Which IaC Tool Should You Use?
| Tool | Strengths | Best For |
|---|---|---|
| Terraform | Multi-cloud, mature ecosystem, modular | Cross-platform automation |
| CloudFormation | AWS-native, deeply integrated | All-in on AWS |
| Ansible | Config management, procedural tasks | Post-provisioning + SSH targets |
Bonus: Use Pulumi if you prefer coding infrastructure in Python, JavaScript, or Go.
Summary Commands Cheat Sheet
# Terraform
terraform init && terraform plan && terraform apply
# CloudFormation
aws cloudformation deploy --template-file stack.yaml --stack-name mystack
# Ansible
ansible-playbook -i aws_ec2.yaml playbook.yml
Final Thoughts
IaC is more than just code—it’s reproducibility, security, and speed. Whether you’re managing ephemeral dev stacks or mission-critical production environments, Terraform, CloudFormation, and Ansible let you codify your cloud with confidence.
Embrace the terminal. Script your infrastructure. Control your destiny.