What is AWS CloudFormation, and how does it compare to Terraform?
AWS · Advanced level
Answer
CloudFormation is AWS-native IaC; Terraform is multi-provider IaC with external state. I choose based on ecosystem, governance, provider scope, module maturity, state model, and team standardization.
Technical explanation
Terraform state security and locking are operational responsibilities; CloudFormation stack state lives inside AWS.
Infrastructure as code should use reviewable plans/change sets, reusable modules, policy checks, drift detection, and controlled rollout pipelines.
Architecture reviews should produce prioritized risk remediation with owners and dates, not just high-level best-practice statements.
State, stack outputs, secrets, and deployment permissions must be secured because IaC pipelines often have powerful privileges.
Hands-on example
1. Model the resource or architecture through CloudFormation or Terraform rather than console changes.
2. Review the plan/change set for replacements, deletes, security exposure, and cost-impacting changes.
3. Apply in non-production, run validation tests, then promote through approval to production.
4. Run drift detection or state comparison afterward and remediate manual changes through code.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More AWS interview questions
- What is the AWS shared responsibility model, and where is the line between AWS and the customer?
- Explain the difference between a Region, an Availability Zone, and an Edge Location.
- What is a VPC, and what are its core components (subnets, route tables, IGW, NAT)?
- Difference between a public and a private subnet, and how does each reach the internet?
- What is the difference between a Security Group and a Network ACL?
- Are Security Groups stateful or stateless? What about NACLs?
- What is an Internet Gateway versus a NAT Gateway, and when do you need each?
- How does a NAT Gateway differ from a NAT instance?