Building an application in the cloud can become complex quickly. There are multiple cloud providers, each with hundreds of different resources. Even the same type of resources on different providers can have their unique quirks. All of this complexity makes defining your infrastructure – and deploying it – a complex task of its own.
Over the years, two infrastructure as code (IaC) tools have become popular solutions to this problem: Terraform and Pulumi. Terraform is the more mature of the two, with a huge community and support for a lot of resource types. Pulumi is more of a newcomer, trying to make it easier for application developers to define infrastructure.
This article compares the two tools based on the following:
Basic use: focusing on programming models, the learning curve, and testing Behind the scenes: comparing their state management and performanceSupport: looking at available cloud providers, the ecosystem, and the communityUse cases and best-fit scenarios: highlighting when you should use one over the other
Basic Use
In this first section, you'll explore how day-to-day interactions with the two tools vary, and you'll begin to understand the different types of developers each tool caters to.
Programming Model
The first notable difference between Pulumi and Terraform is the programming language. Terraform uses a custom language called HashiCorp configuration language (HCL) to define infrastructure. In contrast, Pulumi offers more options, allowing you to choose from a list of popular programming languages .
The two different approaches create a trade-off between power and simplicity. Since Pulumi uses general-purpose programming languages, you can implement complex logic and abstractions. While HCL has few advanced features by comparison, its simple declarative nature allows you to look at a terraform file and easily understand what it's created.
Both Terraform and Pulumi are improving their programming models so they're more accessible. Terraform now offers CDK for Terraform , which allows you to define your infrastructure using a common programming language, and Pulumi has a YAML-based configuration option .
Learning Curve and Developer Experience
Both Terraform and Pulumi require you to understand the cloud resources you're creating. At the time of writing, AWS lists 246 services that each have multiple resource types you can create. On top of that, you need to understand how to give each of these resources permission to access other resources and how to connect them together. So if you're new to infrastructure development, there's a bit of a learning curve before you start using either tool.
If you're a software engineer familiar with cloud resources, Pulumi will be a natural fit. As mentioned, it supports multiple popular programming languages, such as TypeScript and Python, so there's likely one you're already familiar with. Pulumi also offers Pulumi AI , which allows you to describe the infrastructure you want, and it will generate the code needed to create it.
Terraform, on the other hand, has a steeper initial learning curve since you'll have to learn HCL. Creating simple configurations doesn't take long to figure out, but the syntax for dynamically creating multiple resources can take longer to get used to.
Testing and Validation
Terraform and Pulumi both offer testing to make sure you're deploying the resources that you expect to.
Pulumi supports three different types of tests : unit, integration, and property. You can write unit and integration tests for your project using the testing framework of your choice. It even offers tools to mock resources . Integration tests deploy a temporary copy of your defined infrastructure and then run your tests against the deployed resources. Unit tests mock any calls to external resources so they run much faster.
Pulumi's property tests allow you to define company-wide policies and check all your infrastructure to ensure compliance. However, these tests are only supported in a few languages and don't use standard testing frameworks.
Terraform provides a built-in testing framework to validate your project. The testing framework supports both unit and integration tests. It handles unit tests by creating a deployment plan and running the tests against that plan. While Terraform's testing framework allows you to validate basic properties, you may need to write more advanced tests to verify your virtual machines are set up correctly. You can create advanced tests using open source testing tools like Terratest and Kitchen-Terraform .
Behind the Scenes
Now that you've seen some of the trade-offs in the everyday use of the two tools, let's look at how they differ behind the scenes, focusing on their state management and performance.
State Management
Every time you change your IaC project, both Terraform and Pulumi compare the desired end state with the current state. To do this, they store the state of every resource after each deployment as a reference for the next deployment. Both Pulumi and Terraform offer multiple methods to store this state.
Pulumi offers a managed service , a self-hosted service , and the option to store the state in an object store like AWS S3 . All of these state-storage backends support state locking, which ensures only one deployment can run at a time for a specific project. The lock is checked before a deployment is started. If one is found, the deployment will wait until the lock is released. This allows you to safely execute multiple deployments at the same time by ensuring only one set of changes is applied at a time.
Terraform stores its state in a local file by default, but you can configure your project to use several different services , like AWS S3, using the `backend` block. Alternatively, if you subscribe to HashiCorp's cloud service, you can configure it using the cloud block . While Terraform offers many ways to store your state, not all of them support locking .
Performance and Scalability
Pulumi handles large updates efficiently by relying on its saved state when planning updates. When applying the updates, it runs all possible change operations in parallel .
Similarly to Pulumi, Terraform applies updates in parallel . By default, however, it will make requests to refresh the state of every resource for each plan and apply operation . If you have an exceptionally large project, Terraform can cache all resource properties in the state file and use it as the source of truth instead of constantly making calls to your cloud provider to check resource properties on every deployment.
Support
This section looks at Terraform's and Pulumi's support for different cloud providers and resources and how you can get help when you need it.
Cloud Provider Support
Terraform has been around since 2014 and has built up solid support for different providers, which have been developed by the service providers themselves, HashiCorp, and third-party developers. As of right now, there are almost 4,500 providers available in the Terraform Registry .
In contrast, Pulumi has only about 160 providers available in the Pulumi registry . However, since the major cloud providers are supported, this should be enough. If Pulumi lacks a provider for a specific resource that Terraform supports, you can create a Pulumi Terraform bridge . These bridges can adapt to any Terraform provider for use with Pulumi . While this process isn't as painless as adding a provider to your dependencies, it's easier than creating a new provider from scratch.
Pulumi is also currently testing a Terraform provider in beta testing that will automatically generate one of the Terraform bridge packages mentioned above, making the process a lot easier.
Ecosystem and Integrations
In addition to supporting a bunch of cloud providers, Pulumi has several first-party integrations that you can add to your CI/CD pipelines . These integrations not only deploy your infrastructure changes but also add comments to merge request reviews so you can easily see what will be changed when the code is committed.
As mentioned above, Terraform has many providers available. It has even more modules, about 18,000 at the time of writing . While this may seem like it makes Terraform the clear winner, remember that some of these modules already exist for your favorite programming language and don't need to be in the Pulumi registry. For example, a module to generate a UUID doesn't need to be in the Pulumi registry.
License
Pulumi is released under the Apache 2.0 license , which means you can build products using it and sell those products to customers. Terraform, on the other hand, used to be released under the Mozilla Public License but has since changed to the Business Source Licnese. This license still allows you to use Terraform internally, but if you want to build your own product on top of it, then you’re going to run into legal issues.
Community and Support
Both Terraform and Pulumi are backed by for-profit companies, which provides some assurance that they'll be able to support their products for a while. In comparison, HashiCorp is more stable since it was acquired by IBM, while Pulumi is a venture-funded startup.
Terraform is generally accepted as the de facto standard IaC solution, so it has extensive support options available. The internet is filled with years of Stack Overflow answers , blog posts , and sample projects on GitHub . If you can't find a solution in one of those places, you can probably find someone at your company with some Terraform experience.
Though it hasn't been around as long, Pulumi still has over 150,000 end users as of October 2023. While there are fewer overall resources, some of your experience in your chosen language can be used. They also have well-written documentation .
Both Terraform and Pulumi offer enterprise subscriptions that include support plans. Both charge based on the number of resources that you're managing. Terraform's Standard subscription offers support and costs about $0.10 per resource per month. To get a support plan for Pulumi, however, you have to splurge for the Enterprise subscription, which will set you back $1.10 per resource per month.
Use Cases and Best-Fit Scenarios
Now that you've seen some of the pros and cons of Terraform and Pulumi, how do you decide which one will work best in a given situation? It comes down to what kind of project you're creating.
Serverless Applications: Pulumi
If you have a TypeScript serverless application with several small functions, Pulumi is the way to go. It allows you to define your function's code in-line with the infrastructure definition , and it will handle the build step for you.
Applications with Virtual Networks: Terraform
When building a more traditional application with a lot of virtual networks and virtual machines, Terraform has a strong track record. Because it's been around for so long, it's likely that the people defining virtual networks will already be familiar with Terraform, making it a natural fit.
Custom Resources: Pulumi
Pulumi offers dynamic resource providers , which enable you to easily support custom resources by defining a few functions to perform CRUD operations. You can also use a dynamic resource provider to load test data into a developer environment.
Audited/Regulated Projects: Terraform
If you're developing a project for a regulated industry, Terraform can simplify the process of auditing your infrastructure. Due to its declarative nature, it's easier to understand what the code is doing. It also makes it more difficult for noncompliant changes to sneak in.
Quick Comparison
Here's a table that quickly summarizes each of the comparison points:
Styled Table
Pulumi
Terraform
Programming Model
Familiar languages
Custom Language, simple syntax
Learning Curve and Developer Experience
Lower for developers
Steeper, need to learn new language
Testing and Validation
Use familiar tools
Limited options
State Management
Cloud by default
More options
Performance and Scalability
Faster by default
Slower by default
Cloud Provider Support
Many providers
Extensive list of providers
Ecosystem and Integrations
CI/CD integrations
Mature, extensive ecosystem
Community and Support
Growing community, expensive support
Established community, less expensive support
Use Cases and Best Fit Scenarios
Development Teams
Operations Teams
Conclusion
In this article, you've seen that Terraform and Pulumi aren't one-size-fits-all solutions. Each has its strengths and weaknesses that need to be considered depending on your situation. Terraform is the established solution that works best for a large CloudOps team. Pulumi, on the other hand, is a great solution if your backend (or full-stack) developers need to manage a project's infrastructure.
If you use Terraform or Pulumi to create a Kubernetes cluster, it doesn't help much beyond getting the computing resources in place. To gain better visibility into your Kubernetes services across multiple environments, check out mogenius . Its free plan offers a full feature set to deploy and troubleshoot applications on any Kubernetes cluster, and it also provides intuitive onboarding.