My opinion? Because CloudFormation is full of shit regarding "always being able to rollback". After dealing with a 100+ failed CF rollbacks, I stopped caring about that phantom feature. That's around the same time I started using Terraform. At this point I only use CF for things I can not put in TF directly - namely ASGs.
Regarding IaC "rollback" capabilities - I don't think it really exists in a way that makes it reasonable for people to depend on. The path forward is to stand up new infrastructure, canary test, etc - then steer via load-balancers the traffic to your new nodes, and then finally destroy the old ones. I loathe trying to maintain a fleet of nodes that can drift into various states of dis-repair. I love the idea of blowing everything away and having a 100% clean and predictable environment again. It makes me happy.
</end rant>
Hope that helps - I really have fallen in love with Terraform after having to cobble down N number of CLI tools for various cloud providers, hypervisor providers, etc. Terraform at least gives an easy to use language and abstracts me above recursive API call logic that I would otherwise need to write for basic things.
That does help. I’ve never heard about CF not working as expected.
Hmm, I’ll have to look into it some more. I really like the idea of layering my application into dynamo set up, lambdas, polices, etc. and being able to update a specific layer, pull it down and put the new one up.
Regarding IaC "rollback" capabilities - I don't think it really exists in a way that makes it reasonable for people to depend on. The path forward is to stand up new infrastructure, canary test, etc - then steer via load-balancers the traffic to your new nodes, and then finally destroy the old ones. I loathe trying to maintain a fleet of nodes that can drift into various states of dis-repair. I love the idea of blowing everything away and having a 100% clean and predictable environment again. It makes me happy.
</end rant>
Hope that helps - I really have fallen in love with Terraform after having to cobble down N number of CLI tools for various cloud providers, hypervisor providers, etc. Terraform at least gives an easy to use language and abstracts me above recursive API call logic that I would otherwise need to write for basic things.