Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.
2.2.1.6. Comparative Table: CloudFormation vs. CDK vs. Terraform
2.2.1.6. Comparative Table: CloudFormation vs. CDK vs. Terraform
| Feature | CloudFormation | CDK | Terraform |
|---|---|---|---|
| Language | JSON/YAML | TypeScript, Python, Java, C# | HCL |
| State management | Managed by AWS | Managed by AWS (via CFN) | Self-managed (S3+DynamoDB) |
| Drift detection | Built-in | Via CloudFormation | terraform plan shows drift |
| Multi-cloud | AWS only | AWS only | AWS, Azure, GCP, 1000+ providers |
| Rollback | Automatic on failure | Via CloudFormation | Manual |
| Preview changes | Change sets | cdk diff | terraform plan |
| Modularity | Nested stacks | Constructs (L1/L2/L3) | Modules |
When to choose each:
- CloudFormation: AWS-only, team prefers declarative YAML, need automatic rollback
- CDK: Complex infrastructure with loops/conditionals, team has programming experience, want reusable constructs
- Terraform: Multi-cloud strategy, existing Terraform expertise, need provider ecosystem beyond AWS
CDK construct levels:
- L1 (Cfn): Direct CloudFormation resource mapping — use when no higher construct exists
- L2 (Default): AWS-recommended defaults with sensible security. Most common level.
- L3 (Patterns): Multi-resource architectures (e.g.,
ApplicationLoadBalancedFargateService)
Exam Trap: Terraform's state file contains sensitive values (database passwords, private keys) in plaintext. If using S3 as a backend, enable SSE-KMS encryption and restrict access. A leaked state file is a full credential exposure.
Written byAlvin Varughese•Founder•15 professional certifications