CDK vs CloudFormation

AWS CDK and CloudFormation are not competing tools — CDK generates CloudFormation. The question is whether to write CloudFormation directly (YAML/JSON) or use CDK (TypeScript/Python/etc.) to generate it. CDK adds a programming language layer on top of CloudFormation's deployment engine.

The CDK Advantage

L2 Constructs Reduce Boilerplate

Creating an S3 bucket with proper security in CloudFormation requires 30+ lines of YAML covering the bucket, bucket policy, encryption configuration, public access block, and logging. CDK's L2 construct:

The L2 construct applies secure defaults automatically. This pattern repeats across every AWS service, dramatically reducing template size and the chance of misconfiguration.

Real Programming Languages

With CDK, you can use loops to create resources dynamically, conditionals for environment-specific configuration, functions for reusable patterns, and type checking to catch errors before deployment. CloudFormation's Fn::If, Fn::ForEach, and macros provide some of this but are verbose and hard to debug.

When CloudFormation Direct Wins

CloudFormation YAML is declarative and transparent — what you write is what gets deployed. CDK adds an abstraction layer (synthesis) that can obscure what actually happens. When a CDK deployment fails, you need to debug both the CDK layer and the underlying CloudFormation. For simple stacks, this added complexity may not be worthwhile.

Some organizations also prefer CloudFormation for governance: YAML templates are easier for non-developers to review, and there is no risk of arbitrary code execution during synthesis.

For AWS IaC patterns, explore our concepts and system design interview guide. See interview questions and pricing.