Terraform vs CDK vs CloudFormation: Which IaC Tool to Use in 2026?

Three tools, all do infrastructure as code on AWS. All have passionate supporters. Here's the honest comparison that tells you which one to actually use.

Quick Summary

Terraform

Terraform uses HCL (HashiCorp Configuration Language) — a declarative language designed specifically for infrastructure. You describe what you want, Terraform figures out how to create/update/destroy it.

resource "aws_eks_cluster" "main" {
  name     = "production"
  role_arn = aws_iam_role.eks.arn
 
  vpc_config {
    subnet_ids = aws_subnet.private[*].id
  }
}

Strengths:

• Works on 300+ providers: AWS, GCP, Azure, Kubernetes, Datadog, GitHub, PagerDuty
• HCL is readable and not a full programming language (less footgun risk)
• Strong module ecosystem on Terraform Registry
• State management gives you drift detection
• Massive community, best documentation for most use cases
• Plan/Apply workflow is clear: preview changes before applying

Weaknesses:

• HCL can get verbose for complex logic (loops, conditionals are clunky)
• State file is a liability (needs remote storage + locking)
• Terraform Cloud costs money at scale
• Not native AWS — no automatic support for new AWS features on day 1

Use Terraform when:

• Your team manages infra on multiple clouds
• You want a large module ecosystem
• Team members aren't strong developers
• You're managing non-AWS resources (Kubernetes, DNS, monitoring tools)

AWS CDK (Cloud Development Kit)

CDK lets you write infrastructure using real programming languages — TypeScript, Python, Java, C#, Go. It compiles to CloudFormation templates under the hood.

from aws_cdk import aws_eks as eks, aws_ec2 as ec2
 
cluster = eks.Cluster(self, "ProductionCluster",
    version=eks.KubernetesVersion.V1_29,
    vpc=vpc,
    default_capacity=0
)
 
cluster.add_nodegroup_capacity("workers",
    instance_types=[ec2.InstanceType("t3.medium")],
    min_size=2,
    max_size=10
)

Strengths:

• Full programming language — use loops, functions, classes, inheritance
• Type safety (especially with TypeScript) — catch errors at compile time
• IDE autocomplete and documentation for all AWS resources
• Higher-level constructs (eks.Cluster handles 50+ CloudFormation resources)
• First-class AWS support — new services supported fast
• Great for application developers who are also writing infra

Weaknesses:

• AWS-only (though CDK for Terraform exists — cdktf)
• Still generates CloudFormation — same limits and quirks underneath
• Steeper learning curve if team isn't strong in TypeScript/Python
• Debugging "why did CDK generate this CloudFormation" is painful
• Less mature ecosystem compared to Terraform modules

Use CDK when:

• Your team is AWS-only and consists of developers
• You want type-safe infrastructure with IDE support
• You're building complex infra that benefits from object-oriented patterns
• You want L2/L3 constructs that bundle best practices

AWS CloudFormation

CloudFormation is the original AWS IaC tool — you write YAML or JSON templates, AWS deploys them as stacks.

Resources:
  EKSCluster:
    Type: AWS::EKS::Cluster
    Properties:
      Name: production
      RoleArn: !GetAtt EKSRole.Arn
      ResourcesVpcConfig:
        SubnetIds:
          - !Ref PrivateSubnet1
          - !Ref PrivateSubnet2

Strengths:

• Native AWS service — zero setup, works everywhere AWS is
• Direct AWS support — new services available on day 1
• StackSets for multi-account, multi-region deployments
• Drift detection built in
• No state file to manage (AWS manages it)
• Required for AWS Service Catalog and Control Tower

Weaknesses:

• Extremely verbose — an EKS cluster can be 1,000+ lines of YAML
• Error messages are terrible: Resource handler returned message: "Internal failure"
• No native loops (Mappings and Conditions are workarounds)
• CloudFormation limits: 500 resources per stack, 51 parameters
• Rollbacks can get stuck, leaving stacks in UPDATE_ROLLBACK_FAILED
• Almost nobody writes raw CloudFormation by choice anymore — CDK generates it instead

Use CloudFormation when:

• Compliance/governance requires native AWS tooling
• You're using AWS Service Catalog or Control Tower
• You've inherited an existing CFN codebase
• You need StackSets for multi-account deployments

Real-World Usage (2026)

Based on DevOps job postings and survey data:

• Terraform: 65% of DevOps teams (most common)
• AWS CDK: 20% (growing, especially dev-led teams)
• CloudFormation: 15% (declining, mostly legacy or compliance)

Head-to-Head Scenarios

"I need to provision AWS + Cloudflare DNS + Datadog monitoring"

→ Terraform — only option that does all three

"I'm a TypeScript developer building a serverless app on AWS"

→ CDK — Lambda + API Gateway + DynamoDB as typed constructs

"My company requires all infra in AWS native tooling for compliance"

→ CloudFormation (or CDK which compiles to CFN)

"I want to learn IaC from scratch"

→ Terraform — most job postings, most community resources, most transferable

"I need multi-account AWS organization management"

→ Terraform (with Terragrunt) or CloudFormation StackSets

Migration Between Tools

CloudFormation → Terraform: Use terraform import to bring existing CFN resources into Terraform state. Then delete the CFN stack. Takes time but works.

Terraform → CDK: Generally not worth it unless you have a strong reason. Rewrites are expensive.

CDK → Terraform: Export the synthesized CloudFormation template, then import resources into Terraform.

Which One to Learn First

If you're starting out: Terraform. It's in 65% of job postings, works across clouds, and the skills transfer if you later move to CDK or Pulumi.

Once you know Terraform well, CDK is much easier to learn — the concepts are similar, just with a real programming language.

Resources

• Terraform Official Docs — start here
• CDK Workshop — free, hands-on CDK learning
• Terraform: From Beginner to Advanced on Udemy — best paid course
• DevOpsBoys Terraform Remote State Guide — essential for team use
• OpenTofu Guide — Terraform's open-source fork

All three tools work. Terraform wins on versatility and job market demand. CDK wins for developer experience on AWS. CloudFormation wins for compliance. Pick based on your context.