What AWS CloudFormation Terraform Actually Does and When to Use It

You are staring at two stacks that won’t talk to each other. One managed by AWS CloudFormation, the other living in Terraform. Both claim to be your infrastructure source of truth. Neither wants to take orders. Welcome to the DevOps cold war of IaC.

CloudFormation is AWS’s native templating engine. It defines and provisions resources inside your account using JSON or YAML. Terraform is the daredevil outsider, open source and cloud-agnostic. It writes the same infrastructure as code, but its power comes from providers and a single declarative workflow across any platform. Together, AWS CloudFormation Terraform alignment means one language for AWS semantics with the portability Terraform brings.

How it fits together

Think of CloudFormation as the official standard library and Terraform as the orchestrator that calls it. The Terraform AWS provider can create resources the same way CloudFormation would, or it can even use the CloudFormation stack resource type directly. You define infrastructure once, and Terraform drives CloudFormation to apply it inside AWS securely using IAM roles.

Most teams connect the dots through identity federation. They use OIDC or AWS SSO so Terraform’s runs inherit short-lived credentials from a trusted identity provider. That keeps humans out of the loop and satisfies compliance constraints like SOC 2 or ISO 27001 without endless key rotation.

Guardrails and good habits

Keep declarative ownership clear. Terraform should manage lifecycle, CloudFormation handles low-level drift detection. Always lock state remotely with versioning on. Use least-privilege IAM policies. Track stack outputs as Terraform data sources to avoid duplicating definitions. Those steps prevent the circular dependencies that usually appear at 2 a.m.

Continue reading? Get the full guide.

AWS IAM Policies + Terraform Security (tfsec, Checkov): Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Real benefits

Unified infrastructure graph across AWS and multi-cloud
One permission model through IAM and Terraform Cloud
Faster deployment approvals and clearer audit trails
Reduced human access and automatic rollback safety
Consistency for CI/CD pipelines using the same IaC modules

The developer experience part

Once integrated, developers stop waiting for ops tickets. Terraform plans explain what CloudFormation will do before it happens. Logs become readable, diffs become honest. Velocity improves because fewer people need to interpret AWS console quirks. Infrastructure feels like versioned software again.

Platforms like hoop.dev take it further. They enforce policies around who can apply those Terraform plans into AWS, mapping identity straight from Okta or GitHub. Instead of chasing permission files, developers just run their workflow, and the platform enforces the right boundaries automatically.

Quick answers

How do I connect AWS CloudFormation and Terraform?
Use the Terraform AWS provider with the CloudFormation resource type or delegate stack creation to CloudFormation modules. Authenticate with assumed roles via your identity provider.

Why not just pick one?
Because Terraform offers a global view, while CloudFormation knows AWS internals best. Combined, you get coverage and fidelity without vendor lock-in.

The closing thought

AWS CloudFormation Terraform integration isn’t about more tools. It is about treating your cloud configuration like code, built once, deployed everywhere, and audited by design.

See an Environment Agnostic Identity-Aware Proxy in action with hoop.dev. Deploy it, connect your identity provider, and watch it protect your endpoints everywhere—live in minutes.