Description
Infrastructure as Code Terraform CloudFormation ARM
- Definition: IaC is the practice of provisioning and managing infrastructure through code for repeatability, versioning, and automation.
- Scope by tool: Terraform is multi‑cloud and provider‑driven; CloudFormation is AWS‑native; ARM Templates target Azure.
- Language and format: Terraform uses HCL; CloudFormation and ARM use JSON/YAML (ARM often authored via Bicep for readability).
- Declarative model: All three are declarative — you declare desired state and the engine computes changes.
- State management: Terraform maintains a state file (local or remote backends) to track resources; CloudFormation and ARM rely on cloud control planes and stacks.
- Change planning: Terraform’s plan shows diffs before apply; CloudFormation has Change Sets; ARM has deployment what‑if and incremental modes.
- Modularity: Modules (Terraform), nested stacks (CloudFormation), and linked templates (ARM) enable reuse and team ownership.
- Drift detection and reconciliation: CloudFormation and ARM detect stack drift via cloud APIs; Terraform can detect drift by refreshing state and reconciling.
- Extensibility: Terraform’s provider ecosystem enables third‑party and on‑prem resource management; CloudFormation and ARM focus on their cloud’s native resources.
- Policy and governance: Use Sentinel, OPA, or cloud policy services to enforce guardrails and compliance during CI/CD.
- Testing and validation: Unit tests, integration tests, and terraform validate / linter tools are standard for safe changes.
- Workflows for experienced engineers: GitOps, feature branches, PR reviews, automated plans, and gated applies scale from small teams to platform engineering.
- Advanced patterns: Blue/green and canary infra deployments, immutable infrastructure, and environment promotion pipelines.
- Secrets and sensitive data: Remote state encryption, secrets managers, and least‑privilege service principals are required for production security.
- Migrations and imports: Importing existing resources, state reconciliation, and incremental adoption strategies are key for brownfield environments.
- Observability and cost control: Tagging strategies, drift alerts, and cost estimation tools integrate with IaC to manage spend and visibility.
- Career focus by experience: For 3–5 years, master modules, state backends, and CI integration; for 6–12 years, design platform patterns, governance, and multi‑account strategies; for 13–20 years, lead platform engineering, cross‑cloud architecture, and policy automation.
