Terraform vs Config Management

Terraform vs Config Management

I see a lot of confusion online about using terraform. I usually see this confusion when configuration management is brought up as well. There are a lot of “how do I use terraform with ansible/puppet/chef/salt” and other questions surrounding these two tools. I decided to throw together a quick outline on what Terraform is, what configuration management is, and how you can use these two together if you need to.


Terraform is an infrastructure as code (IaC) orchestration tool. This means that you can write code to deploy/orchestrate all your infrastructure and keep it in version control. Terraform has its own declarative HCL to write code in. When you use the HCL you define resources and data sources to put together your infrastructure. There is a lot to the HCL, usually you will want to focus on the “provider” you will be working with the most. For me that has been AWS, so I’ll use AWS in any examples I provide.


Though Terraform is not responsible for configuring your systems at the OS layer, it is possible to run scripts and other commands when bootstrapping something like an EC2 instance. I don’t really recommend this, I think you will make your code a cluttered mess if you’re trying to do that.

Like I mentioned before, Terraform is declarative. A state file and your cloud provider’s APIs are used to verify the desired state and current state before making any changes. You should write your code defining your infrastructure and it will figure it out for you.

Config Management

Configuration management is used for managing the configuration of your systems at the OS level, typically in code. I have written about this before but I really make the distinction here at the OS level.

Configuration Management tools

I’m sure there are a lot of you reading saying, “Hey, I use ansible/salt-cloud and they do orchestration fine.” You should still look into Terraform. The declarative nature takes care of a lot of headaches you’ll run into with tying a bunch of Ansible together. To those of you running salt-cloud, good luck.

Tying the two together

You can tie them together in a couple different ways. My preference is to use something like Ansible to build AMIs with Packer. Finally I use Terraform to deploy those images as EC2 instances in Auto-Scale Groups. You will have an easier time managing and keeping a clean code-base if you go this route. This is especially true if you’re good at maintaining separate version control repos for your infrastructure and application code. In a well maintained environment your devs will own the packer provisioning process.

Another way you can use them together is like I mentioned further above. You can use a provisioner block within your VM instance (EC2 for me) and specify the provisioner. Then you can configure instances as they come online in your cloud provider. As you can see from their own site, they aren’t huge fans of using the provisioner either.

Go forth, use Terraform

Now that you know what Terraform is and you know the difference from configuration management, go try it out. It’s a single binary to install and run. You can stand up complex enormous infrastructure and systems simply by writing a few lines and running an apply. You should be able to get some use out of Terraform pretty quickly, try it for your next project!

Comments are closed.