Cloud Comparison

AWS IaC Maturity - The Advantage of Declarative Infrastructure Management with CloudFormation, CDK, and SAM

Examine the maturity of AWS's Infrastructure as Code ecosystem centered on CloudFormation, CDK, and SAM, compared with Azure ARM/Bicep and GCP Deployment Manager, and how CDK's multi-language support transforms the developer experience.

約 8 分で読めます

IaC Is a Measure of Cloud Operations Maturity

Infrastructure as Code (IaC) is the practice of managing cloud infrastructure configurations as code. Manually creating resources through the console results in poor environment reproducibility and makes it difficult to track changes. By adopting IaC, infrastructure configurations become version-controlled, reviewable, and testable. The maturity of a cloud provider's IaC tools directly impacts the quality of operations on that platform. AWS released CloudFormation in 2011 and has spent over a decade expanding its IaC ecosystem. Built on CloudFormation as the foundation, AWS has constructed a three-layer structure: SAM for serverless-specific abstraction and CDK for defining infrastructure in programming languages. This layered approach creates a level of flexibility and maturity unmatched by other providers.

CloudFormation - The Foundation of AWS IaC

CloudFormation is AWS's native IaC service that declaratively defines infrastructure resources in JSON or YAML. As of 2025, it supports over 800 resource types, and CloudFormation support is promptly added when new AWS services launch. CloudFormation's strength lies in managing resource lifecycles as a unified unit called a stack. Stack creation, updates, and deletion are executed atomically, with automatic rollback on update failures. The Change Set feature lets you preview the impact of changes before applying them. Drift detection identifies discrepancies between code and actual state caused by manual changes. StackSets enable bulk deployment across multiple accounts and Regions. These features, refined through years of operational feedback, demonstrate CloudFormation's maturity.

CDK's Multi-Language Support Revolutionizes the Developer Experience

AWS CDK (Cloud Development Kit) reached GA in 2019 as a framework for defining infrastructure in programming languages. It supports five languages - TypeScript, Python, Java, C#, and Go - allowing developers to write infrastructure in the language they already know. CDK's essential value is bringing the expressive power of programming languages to infrastructure definitions. Conditional logic, loops, function-based abstraction, static validation through type systems, and IDE features like autocompletion and refactoring support all become available for infrastructure code. The three levels of abstraction - L1 constructs (1:1 mapping to CloudFormation resources), L2 constructs (high-level abstractions with built-in best practices), and L3 constructs (multi-resource patterns) - let everyone from beginners to experts define infrastructure at the appropriate granularity. Construct Hub aggregates reusable constructs published by the community, accelerating ecosystem growth.

Comparison with Azure ARM Templates and Bicep

Azure's IaC is built on ARM (Azure Resource Manager) templates. ARM templates are written in JSON, but their verbose syntax has drawn criticism from developers. To address this, Microsoft made Bicep GA in 2021. Bicep is a DSL (domain-specific language) that transpiles to ARM templates, enabling resource definitions in a more concise syntax. Some evaluations find Bicep's syntax more concise and readable than CloudFormation's YAML. However, Bicep remains a DSL and lacks the expressive power of general-purpose programming languages like CDK offers. Conditional logic and loops are supported to a limited extent, but function-based abstraction and object-oriented design patterns are difficult to apply. Azure can also adopt a CDK-like approach through CDK for Terraform (CDKTF), but there is no Azure-native equivalent of CDK. Additionally, ARM template drift detection is not as mature as CloudFormation's, and the What-If feature (equivalent to Change Sets) was only added in 2020.

GCP Deployment Manager and Terraform's Role

GCP's native IaC tool is Deployment Manager, but Google itself has shifted toward recommending Terraform. Deployment Manager defines configurations using YAML with Jinja2 or Python templates, but it falls short of CloudFormation in resource type coverage and update frequency. There have been reports of delayed Deployment Manager support for new GCP services. Google announced Infrastructure Manager as a preview in 2023. This is a managed service that uses Terraform as its backend, clearly signaling GCP's strategy of aligning with the Terraform ecosystem. Terraform is an excellent multi-cloud IaC tool, but it can lag behind native tools in supporting provider-specific features. Even within AWS, Terraform is widely used, but features equivalent to CloudFormation and CDK's native integration (Change Sets, drift detection, StackSets) partly depend on paid Terraform Cloud/Enterprise features.

SAM - Serverless-Specific IaC

AWS SAM (Serverless Application Model) is a framework that simplifies serverless application definitions as an extension of CloudFormation. It lets you define Lambda functions, API Gateway, DynamoDB tables, and Step Functions state machines with less code than raw CloudFormation. SAM CLI supports local Lambda function execution, debugging, and testing, speeding up serverless development iterations. The sam sync command enables hot deployment, reflecting code changes to the cloud environment in seconds. Neither Azure nor GCP has a serverless-specific IaC framework, requiring developers to define serverless resources using general-purpose IaC tools. Third-party tools like the Serverless Framework offer multi-cloud support, but cannot achieve the depth of integration that AWS-native SAM provides. To systematically learn IaC design patterns, related books on Amazon are a helpful resource.

Summary

AWS's IaC ecosystem is structured in three layers: CloudFormation (the foundation for declarative definitions), CDK (high-level abstraction through programming languages), and SAM (serverless-specific tooling). CloudFormation has over a decade of operational maturity, with well-developed features including Change Sets, drift detection, and StackSets. CDK's multi-language support is a breakthrough that brings programming language expressiveness to infrastructure definitions - a flexibility that Azure Bicep and GCP Deployment Manager cannot match. Azure improved syntax conciseness with Bicep but cannot match the power of general-purpose languages. GCP is deepening its reliance on Terraform, falling behind AWS in native IaC maturity. Since IaC choices directly impact operational quality, evaluating the maturity of the entire ecosystem is essential.

Related Articles

Maturity of the AWS Well-Architected Framework - Six Pillars Guiding Best-in-Class Cloud DesignA detailed look at the six pillars of the AWS Well-Architected Framework, comparing its maturity with the Azure Well-Architected Framework and GCP Architecture Framework.The Integration Power of the AWS Observability Stack - Operational Transparency Through CloudWatch, X-Ray, and CloudTrailThis article examines the integration level of the AWS observability stack centered on CloudWatch, X-Ray, and CloudTrail, comparing it with Azure Monitor and GCP Cloud Logging to explain how the three pillars of metrics, traces, and logs drive differences in operational quality.Maturity of the AWS Serverless Ecosystem - The Integrated Architecture Advantage Centered on LambdaCompare the integration depth and maturity of the AWS serverless ecosystem built around Lambda, API Gateway, DynamoDB, Step Functions, and EventBridge against Azure Functions and GCP Cloud Functions.

More on This Topic

Amazon.com Is AWS's Biggest Customer - How Internal Dogfooding Drives Service QualityStarting from the fact that Amazon.com's e-commerce site, Prime Video, and Alexa all run on AWS, this article explores how internal dogfooding elevates service quality and how Prime Day's traffic demands have shaped AWS's architecture.The Layered Architecture of AWS AI/ML Services - Flexibility Through the Three Tiers of SageMaker, Bedrock, and API ServicesThis article organizes AWS AI/ML services into three layers - SageMaker (full control), Bedrock (managed generative AI), and Rekognition/Comprehend/etc. (API-based) - and explains AWS's flexibility through comparisons with GCP Vertex AI and Azure OpenAI Service, including custom silicon integration.AWS Data Analytics and Data Lakes - The Integrated Ecosystem of Athena, Glue, Lake Formation, and RedshiftExplore the integrated data analytics stack of AWS Athena, Glue, Lake Formation, Redshift, and QuickSight, comparing it with Azure Synapse Analytics and GCP BigQuery to highlight AWS's advantages in ecosystem integration.AWS Backward Compatibility and API Stability - The Trust Built by Never Retiring Published APIsExamine AWS's track record of never retiring published APIs, compare it with Azure's rebranding history and GCP's service discontinuation cases, and explain why API stability matters for enterprises.AWS Availability Zone Design - How Physical Separation and Fault Isolation Create a Reliability AdvantageExamine the design philosophy behind AWS AZs as physically independent data center clusters, compare them with Azure and GCP availability zones, and analyze the differences in fault isolation maturity through real-world incident examples.The Market Value of AWS Skills and the Salary Premium of CertificationsAnalyze the number of job postings requiring AWS skills, the salary premium for certification holders, and the impact on career paths, comparing with Azure and GCP to evaluate the return on investment of AWS certifications.AWS Technical Communities and Learning Resources - From re:Invent to JAWS-UGCompare the richness of AWS technical communities including re:Invent, AWS Summit, and JAWS-UG, along with localized documentation and training resources, against Azure and GCP to highlight AWS's learning ecosystem advantages.AWS Compliance - Over 143 Certifications from ISMAP to PCI DSS That Outpace the CompetitionExplore the breadth of AWS's 143+ compliance certifications, focusing on ISMAP, SOC, PCI DSS, and HIPAA, and compare the certification coverage with Azure and GCP.

Similar Articles and Services

AWS CDKAn IaC framework that lets you define AWS infrastructure using programming languages like TypeScript and PythonAWS CDKAn IaC framework that lets you define AWS infrastructure using programming languages like TypeScript and Python, deploying as CloudFormation templatesAWS CloudFormationAn IaC service that defines and provisions AWS resources as code using templatesIaC with Programming Languages Using AWS CDK - Designing Constructs and StacksLearn about defining infrastructure with TypeScript/Python using CDK, choosing between L1/L2/L3 constructs, and testing techniques.Maturity of the AWS Serverless Ecosystem - The Integrated Architecture Advantage Centered on LambdaCompare the integration depth and maturity of the AWS serverless ecosystem built around Lambda, API Gateway, DynamoDB, Step Functions, and EventBridge against Azure Functions and GCP Cloud Functions.