Terraform benefits include the following:
When using Chef, Salt, Puppet, or Ansible, any software update must be done where it is installed. Thus, over time, each server acquires its own unique configuration and software update history. This leads to the so-called “configuration drift” when minor differences in the software used in the cloud ecosystem lead to the emergence of potential access points for hackers and system vulnerabilities. Terraform works on the concept of immutable infrastructure, where every change to a component (software update, removal or addition of components, etc.) leads to the creation of a separate state of the infrastructure, that is, to building a new system and removing the previous configuration.
This means that the software update process is quick and easy throughout the entire system simultaneously and is protected from possible errors. At the same time, returning to any previous system configuration is as simple as selecting the required configuration from the list and creating a new environment according to the required parameters.
When using Chef or Ansible, you are forced to write step-by-step procedural instructions to achieve the desired system state. In contrast, Terraform prefers to write out the final states of the system, leaving the configuration to the utility.
Why is this so cool? Because a fairly limited library of code templates can satisfy any infrastructure configuration requests, and built-in primitives allow you to write modular code that is quite complex in terms of the level of impact, but very easy to read. When using procedural code, you need to remember all current processes in the system and recent events in order to create a simple and unambiguous statement. When using Terraform, you simply tell the utility what changes to make to the current system state, allowing you to get by with a fairly compact and very simple code template library.
Terraform uses APIs provided by a cloud hosting provider. With their help, the utility builds the infrastructure, which means avoiding unnecessary security checks, no need for a separate server for configuration management, or the allocation of resources for the operation of numerous agent programs. Ansible achieves a similar result by working over SSH, but the possibilities of this method are rather limited. Due to the fact that Terraform works through the API, this tool provides literally unlimited freedom of action and possible configuration options. This approach is much better in terms of security, reliability, and overall ease of use of the system.