2.2.1.1. IaC Options & Tools for AWS (CloudFormation, CDK, SAM)

2.2.1.1. IaC Options & Tools for AWS (CloudFormation, CDK, SAM)

Loading diagram...

AWS CloudFormation is the foundational IaC service. You define resources in JSON/YAML templates, and CloudFormation provisions them as a stack — a single unit you can create, update, and delete atomically. Key features: drift detection, change sets (preview changes before applying), stack policies (protect critical resources from accidental updates), and rollback on failure.

AWS CDK lets you define infrastructure using TypeScript, Python, Java, or C#. CDK synthesizes to CloudFormation templates — it's an abstraction layer, not a separate provisioning engine. Use CDK when your infrastructure has complex logic (conditionals, loops, reusable constructs) that's painful in raw YAML.

// CDK example: VPC + ECS Fargate service in ~10 lines
const vpc = new ec2.Vpc(this, 'MyVpc', { maxAzs: 2 });
const cluster = new ecs.Cluster(this, 'Cluster', { vpc });
new ecsPatterns.ApplicationLoadBalancedFargateService(this, 'Service', {
  cluster,
  taskImageOptions: { image: ecs.ContainerImage.fromRegistry('nginx') },
});

AWS SAM extends CloudFormation with serverless-specific shorthand. A AWS::Serverless::Function resource creates a Lambda function, IAM role, API Gateway endpoint, and event source mapping in one declaration. SAM CLI provides local testing (sam local invoke).

Terraform is the multi-cloud alternative using HCL syntax. It maintains its own state file and doesn't depend on CloudFormation. Use when managing resources across AWS + Azure/GCP, or when the team prefers HCL.

Exam Trap: CDK generates CloudFormation under the hood — debugging CDK deployment failures means reading CloudFormation events, not CDK logs. If the exam describes a CDK deployment failure, the troubleshooting path goes through the CloudFormation console.