为什么人们在使用 Puppet/Chef 时使用亚马逊云形成，而不是仅仅使用 CloudInit？

Is there an advantage over CloudInit? Yes, absolutely, many of them!

Sure, you can write top to bottom run once CloudInit scripts to provision a server. But what happens when you need to change a configuration file, add a user, update a package, or install a new package? You will end up logging into servers or writing scripts to do so, and inevitably an incongruous state of servers.

CloudInit is not configuration management. If you opt to begin using configuration management software, use cloud init for just one task: to bootsrap the Puppet/Chef/other agent.

Puppet doesn't just help you automate installing packages, setup ssh keys, or tune your Tomcat heap. It ensures the state of things. When a developer is troubleshooting a Java app at 3am and changes your Tomcat config, Puppet will change it back. You can rapidly change the version of Python for all or groups of nodes, and if someone installs a different version, Puppet will change it back.

When your application stack changes and you start using, say RabbitMQ, or Jetty, or a new RDBMS, you can easily test and deploy the changes across tens or thousands of servers.

There are many other reasons to use configuration management software such as back end reporting, auditing, and security compliance.

The entire point of configuration management is to spin up machines predictably and consistently. CloudFormation and cloudinit are great when you're limited purely to AWS (although debugging CloudFormation templates is a miserable experience), but what about applications that use both datacenter resources and AWS, or local testing environments, or development machines?

If you exist purely in AWS, I suppose you could get away with cloudinit and nothing else, but I'm not convinced it's realistic for applications of any scale (Netflix, for example, pre-bakes their AMIs using OSS technologies they've written and released to the world; consider this video for details). Highly available applications are trans-regional, often based in VPCs, tend to back up to datacenters across VPNs, and this doesn't even touch demo, staging, testing, or development environments. As someone who's charged with provisioning machines the last things I want to do are repeat work or get stuck debugging multiple provisioning methods.

Hence Chef or Puppet. They work just as well for AWS as they do for my datacenter, and just as well for my development machine running Vagrant as they do for the demo environments I occasionally need on the fly. I'd much rather launch Chef or Puppet from cloudinit than maintain both cloudinit and Chef or Puppet.

For throw away servers, say running behind an autoscaling group I would say cloudinit is probably enough. linux shell scripts or windows powershell scripts should do the trick.

If its a long running server you plan on managing maybe chef, puppet, or docker might give you an advantage as mentioned in the accepted answer. If you can't see the advantage after using them, then you probably do not need the tool.

In my experience, there are simple things that are easily done with the out-of-the-box GUI tools that AWS provides, but as you get into more complex things you start finding out that there are limitations to what you can do with just their tools.

At that point, you can either stop, or you can find other tools (like Chef or Puppet) that can help you achieve those more complex goals as well as doing the simpler things.

Your choice.