# Native AWS IaC decision matrix (CDK vs CloudFormation vs Blocks vs Composer)

Pick **CloudFormation**, **CDK**, **Application Composer**, or **AWS Blocks** by team skill, governance layer, and whether you need application runtime code or infrastructure templates only.

> Reflects **July 2026** patterns: CDK v2 only (v1 EOL June 2023), CloudFormation Express mode + pre-deployment validation (June 30, 2026), Application Composer AI generation in VS Code, AWS Blocks public preview (June 16, 2026).

All paths deploy through **CloudFormation** — CDK and Blocks synthesize to CFN; Composer generates CFN/SAM templates.

## 1. "What is the primary constraint?"

| Constraint | Default tool | Escalate when |
|------------|--------------|---------------|
| Org-wide baseline (Hooks, GuardDuty, Config) | **CloudFormation StackSets** | Single-account startup |
| Application team daily deploys with loops/constructs | **AWS CDK** | Team refuses programming languages — use raw CFN or Composer spike |
| Greenfield TypeScript full-stack, local-first dev | **AWS Blocks** (preview) | Org mandates non-TypeScript or Terraform-first governance |
| Rapid serverless spike / inherited template docs | **Application Composer** | Production governance — port to CDK or reviewed CFN |
| Audit-friendly declarative templates only | **Raw CloudFormation** | Team already ships CDK — synth output is still CFN |
| Multi-cloud or third-party providers in same stack | **Link out: Terraform** | AWS-only shop — stay native |

**Opinionated default:** **StackSets (CFN)** for platform baseline; **CDK** for application stacks; **Composer** for spikes and visualization; **Blocks** for greenfield TypeScript SaaS at preview only.

## 2. "When NOT to use CDK"

| Situation | Use instead |
|-----------|-------------|
| Platform team owns org-wide Hooks via StackSets | Raw CFN templates in StackSets — no CDK bootstrap per account for baseline |
| Team cannot operate CDK bootstrap stacks | Raw CFN or Composer → reviewed CFN |
| Simple static 5-resource stack, no reuse | Raw CFN — CDK indirection adds no value |
| Regulatory mandate for human-readable YAML in repo | Raw CFN — commit synth output if CDK is used elsewhere |

## 3. "When NOT to use raw CloudFormation"

| Situation | Use instead |
|-----------|-------------|
| 50+ resources with shared patterns across services | CDK L2/L3 constructs |
| Complex conditionals and loops | CDK (TypeScript/Python) |
| Full-stack TypeScript with auth, DB, APIs | AWS Blocks (preview) or CDK |
| Need visual onboarding for inherited 600-line template | Application Composer visualization mode |

## 4. "When NOT to use Application Composer"

| Situation | Use instead |
|-----------|-------------|
| Production deployment without human IAM review | CDK + cdk-nag, or reviewed CFN |
| Need CDK or Terraform output | Composer outputs CFN/SAM only — port manually |
| Complex cross-stack references and computed values | CDK |
| Org-wide StackSets baseline | Raw CFN in StackSets |

## 5. "When NOT to use AWS Blocks (preview)"

| Situation | Use instead |
|-----------|-------------|
| Org Terraform-first with approved module registry | Terraform for infra; Blocks not a drop-in |
| Non-TypeScript primary language | CDK (Python/Java) or raw CFN |
| Production roadmap cannot absorb preview API changes | CDK until Blocks GA |
| Complex multi-account landing zone | CFN StackSets + CDK app stacks |
| Fine-grained VPC topology day one | CDK with explicit VPC constructs |

## 6. Hybrid pattern (common at enterprise scale)

```
Platform team:     CFN StackSets → baseline (Config, GuardDuty, Hooks, CloudTrail)
App teams:         CDK → synth → CFN stacks per service
Spikes / docs:     Application Composer → SAM/CFN draft → port to CDK
Greenfield TS SaaS: AWS Blocks (preview) → CDK escape hatch in index.cdk.ts
```

## 7. Quick pick by role

| Role | Start here |
|------|------------|
| Platform / security engineer | CloudFormation StackSets + Hooks |
| Backend / full-stack TypeScript team | CDK or Blocks (preview) |
| Solution architect exploring patterns | Application Composer spike → CDK |
| Compliance auditor | Raw CFN or CDK synth artifacts in Git |

## Related posts

- [AWS CDK vs CloudFormation vs Blocks enterprise guide](/blog/aws-cdk-vs-cloudformation-vs-blocks-enterprise-decision-guide-2026/)
- [CloudFormation best practices](/blog/aws-cloudformation-best-practices-infrastructure-as-code/)
- [Terraform vs CloudFormation enterprise guide](/blog/terraform-vs-cloudformation-aws-enterprise-decision-guide-2026/)
- [AWS Blocks preview guide](/blog/aws-blocks-application-backends-preview/)
- [Application Composer guide](/blog/aws-application-composer-iac-generator/)
