Editorial

November 12, 2024

Pulumi vs. Terraform: Choosing the Best Infrastructure as Code Solution

Ben Force

Jan Lepsky

Building an application in the cloud can become complex quickly. There are multiple cloud providers, each with hundreds of different resources. Even the same type of resources on different providers can have their unique quirks. All of this complexity makes defining your infrastructure – and deploying it – a complex task of its own.

‍

Over the years, two infrastructure as code (IaC) tools have become popular solutions to this problem: Terraform and Pulumi. Terraform is the more mature of the two, with a huge community and support for a lot of resource types. Pulumi is more of a newcomer, trying to make it easier for application developers to define infrastructure.

‍

This article compares the two tools based on the following:

‍

‍Basic use: focusing on programming models, the learning curve, and testing
Behind the scenes: comparing their state management and performance
Support: looking at available cloud providers, the ecosystem, and the community
Use cases and best-fit scenarios: highlighting when you should use one over the other

‍

Basic Use

In this first section, you'll explore how day-to-day interactions with the two tools vary, and you'll begin to understand the different types of developers each tool caters to.

‍

Programming Model

The first notable difference between Pulumi and Terraform is the programming language. Terraform uses a custom language called HashiCorp configuration language (HCL) to define infrastructure. In contrast, Pulumi offers more options, allowing you to choose from a list of popular programming languages.

‍

The two different approaches create a trade-off between power and simplicity. Since Pulumi uses general-purpose programming languages, you can implement complex logic and abstractions. While HCL has few advanced features by comparison, its simple declarative nature allows you to look at a terraform file and easily understand what it's created.

‍

Both Terraform and Pulumi are improving their programming models so they're more accessible. Terraform now offers CDK for Terraform, which allows you to define your infrastructure using a common programming language, and Pulumi has a YAML-based configuration option.

‍

Learning Curve and Developer Experience

Both Terraform and Pulumi require you to understand the cloud resources you're creating. At the time of writing, AWS lists 246 services that each have multiple resource types you can create. On top of that, you need to understand how to give each of these resources permission to access other resources and how to connect them together. So if you're new to infrastructure development, there's a bit of a learning curve before you start using either tool.

‍

If you're a software engineer familiar with cloud resources, Pulumi will be a natural fit. As mentioned, it supports multiple popular programming languages, such as TypeScript and Python, so there's likely one you're already familiar with. Pulumi also offers Pulumi AI, which allows you to describe the infrastructure you want, and it will generate the code needed to create it.

‍

Terraform, on the other hand, has a steeper initial learning curve since you'll have to learn HCL. Creating simple configurations doesn't take long to figure out, but the syntax for dynamically creating multiple resources can take longer to get used to.

‍

Testing and Validation

Terraform and Pulumi both offer testing to make sure you're deploying the resources that you expect to.

‍

Pulumi supports three different types of tests: unit, integration, and property. You can write unit and integration tests for your project using the testing framework of your choice. It even offers tools to mock resources. Integration tests deploy a temporary copy of your defined infrastructure and then run your tests against the deployed resources. Unit tests mock any calls to external resources so they run much faster.

‍

Pulumi's property tests allow you to define company-wide policies and check all your infrastructure to ensure compliance. However, these tests are only supported in a few languages and don't use standard testing frameworks.

‍

Terraform provides a built-in testing framework to validate your project. The testing framework supports both unit and integration tests. It handles unit tests by creating a deployment plan and running the tests against that plan. While Terraform's testing framework allows you to validate basic properties, you may need to write more advanced tests to verify your virtual machines are set up correctly. You can create advanced tests using open source testing tools like Terratest and Kitchen-Terraform.

‍

Behind the Scenes

Now that you've seen some of the trade-offs in the everyday use of the two tools, let's look at how they differ behind the scenes, focusing on their state management and performance.

‍

State Management

Every time you change your IaC project, both Terraform and Pulumi compare the desired end state with the current state. To do this, they store the state of every resource after each deployment as a reference for the next deployment. Both Pulumi and Terraform offer multiple methods to store this state.

‍

Pulumi offers a managed service, a self-hosted service, and the option to store the state in an object store like AWS S3. All of these state-storage backends support state locking, which ensures only one deployment can run at a time for a specific project. The lock is checked before a deployment is started. If one is found, the deployment will wait until the lock is released. This allows you to safely execute multiple deployments at the same time by ensuring only one set of changes is applied at a time.

‍

Terraform stores its state in a local file by default, but you can configure your project to use several different services, like AWS S3, using the `backend` block. Alternatively, if you subscribe to HashiCorp's cloud service, you can configure it using the cloud block. While Terraform offers many ways to store your state, not all of them support locking.

‍

Performance and Scalability

Pulumi handles large updates efficiently by relying on its saved state when planning updates. When applying the updates, it runs all possible change operations in parallel.

‍

Similarly to Pulumi, Terraform applies updates in parallel. By default, however, it will make requests to refresh the state of every resource for each plan and apply operation. If you have an exceptionally large project, Terraform can cache all resource properties in the state file and use it as the source of truth instead of constantly making calls to your cloud provider to check resource properties on every deployment.

‍

Support

This section looks at Terraform's and Pulumi's support for different cloud providers and resources and how you can get help when you need it.

‍

Cloud Provider Support

Terraform has been around since 2014 and has built up solid support for different providers, which have been developed by the service providers themselves, HashiCorp, and third-party developers. As of right now, there are almost 4,500 providers available in the Terraform Registry.

‍

In contrast, Pulumi has only about 160 providers available in the Pulumi registry. However, since the major cloud providers are supported, this should be enough. If Pulumi lacks a provider for a specific resource that Terraform supports, you can create a Pulumi Terraform bridge. These bridges can adapt to any Terraform provider for use with Pulumi. While this process isn't as painless as adding a provider to your dependencies, it's easier than creating a new provider from scratch.

‍

Pulumi is also currently testing a Terraform provider in beta testing that will automatically generate one of the Terraform bridge packages mentioned above, making the process a lot easier.

‍

Ecosystem and Integrations

In addition to supporting a bunch of cloud providers, Pulumi has several first-party integrations that you can add to your CI/CD pipelines. These integrations not only deploy your infrastructure changes but also add comments to merge request reviews so you can easily see what will be changed when the code is committed.

‍

As mentioned above, Terraform has many providers available. It has even more modules, about 18,000 at the time of writing. While this may seem like it makes Terraform the clear winner, remember that some of these modules already exist for your favorite programming language and don't need to be in the Pulumi registry. For example, a module to generate a UUID doesn't need to be in the Pulumi registry.

‍

License

Pulumi is released under the Apache 2.0 license, which means you can build products using it and sell those products to customers. Terraform, on the other hand, used to be released under the Mozilla Public License but has since changed to the Business Source Licnese. This license still allows you to use Terraform internally, but if you want to build your own product on top of it, then you’re going to run into legal issues.

‍

Community and Support

Both Terraform and Pulumi are backed by for-profit companies, which provides some assurance that they'll be able to support their products for a while. In comparison, HashiCorp is more stable since it was acquired by IBM, while Pulumi is a venture-funded startup.

‍

Terraform is generally accepted as the de facto standard IaC solution, so it has extensive support options available. The internet is filled with years of Stack Overflow answers, blog posts, and sample projects on GitHub. If you can't find a solution in one of those places, you can probably find someone at your company with some Terraform experience.

‍

Though it hasn't been around as long, Pulumi still has over 150,000 end users as of October 2023. While there are fewer overall resources, some of your experience in your chosen language can be used. They also have well-written documentation.

‍

Both Terraform and Pulumi offer enterprise subscriptions that include support plans. Both charge based on the number of resources that you're managing. Terraform's Standard subscription offers support and costs about $0.10 per resource per month. To get a support plan for Pulumi, however, you have to splurge for the Enterprise subscription, which will set you back $1.10 per resource per month.

‍

Use Cases and Best-Fit Scenarios

Now that you've seen some of the pros and cons of Terraform and Pulumi, how do you decide which one will work best in a given situation? It comes down to what kind of project you're creating.

‍

Serverless Applications: Pulumi

If you have a TypeScript serverless application with several small functions, Pulumi is the way to go. It allows you to define your function's code in-line with the infrastructure definition, and it will handle the build step for you.

‍

Applications with Virtual Networks: Terraform

When building a more traditional application with a lot of virtual networks and virtual machines, Terraform has a strong track record. Because it's been around for so long, it's likely that the people defining virtual networks will already be familiar with Terraform, making it a natural fit.

‍

Custom Resources: Pulumi

Pulumi offers dynamic resource providers, which enable you to easily support custom resources by defining a few functions to perform CRUD operations. You can also use a dynamic resource provider to load test data into a developer environment.

‍

Audited/Regulated Projects: Terraform

If you're developing a project for a regulated industry, Terraform can simplify the process of auditing your infrastructure. Due to its declarative nature, it's easier to understand what the code is doing. It also makes it more difficult for noncompliant changes to sneak in.

‍

Quick Comparison

Here's a table that quickly summarizes each of the comparison points:

‍

Styled Table

	Pulumi	Terraform
Programming Model	Familiar languages	Custom Language, simple syntax
Learning Curve and Developer Experience	Lower for developers	Steeper, need to learn new language
Testing and Validation	Use familiar tools	Limited options
State Management	Cloud by default	More options
Performance and Scalability	Faster by default	Slower by default
Cloud Provider Support	Many providers	Extensive list of providers
Ecosystem and Integrations	CI/CD integrations	Mature, extensive ecosystem
Community and Support	Growing community, expensive support	Established community, less expensive support
Use Cases and Best Fit Scenarios	Development Teams	Operations Teams

Conclusion

In this article, you've seen that Terraform and Pulumi aren't one-size-fits-all solutions. Each has its strengths and weaknesses that need to be considered depending on your situation. Terraform is the established solution that works best for a large CloudOps team. Pulumi, on the other hand, is a great solution if your backend (or full-stack) developers need to manage a project's infrastructure.

‍

If you use Terraform or Pulumi to create a Kubernetes cluster, it doesn't help much beyond getting the computing resources in place. To gain better visibility into your Kubernetes services across multiple environments, check out mogenius. Its free plan offers a full feature set to deploy and troubleshoot applications on any Kubernetes cluster, and it also provides intuitive onboarding.

‍

Ready to get started?

Jump right in with our free plan or book a demo with a solution architect to discuss your needs.

START FOR FREE Book a demo

FAQ

Pulumi vs. Terraform, which one is better?

Pulumi and Terraform are both Infrastructure as Code (IaC) tools, but they differ in approach. Terraform uses HashiCorp Configuration Language (HCL), while Pulumi supports general-purpose programming languages like Python, TypeScript, and Go. Terraform is more widely adopted and declarative, whereas Pulumi offers more flexibility with imperative programming.

Pulumi vs. Terraform vs. CDK?

AWS CDK (Cloud Development Kit), Pulumi, and Terraform are IaC tools with different approaches:

Pulumi supports multiple clouds and allows using real programming languages.
Terraform is declarative and widely used for multi-cloud environments.
AWS CDK is specific to AWS and lets developers define infrastructure in familiar programming languages.

If you need multi-cloud support, Terraform or Pulumi is better. If you're AWS-focused, CDK may be a strong choice.

Pulumi vs. Terraform vs. Ansible?

Pulumi and Terraform focus on infrastructure provisioning, while Ansible is primarily a configuration management tool.

Terraform/Pulumi: Best for defining and managing infrastructure (e.g., servers, databases, networking).
Ansible: Best for post-deployment configuration, automation, and orchestration (e.g., software installation, updates, security patches).

Pulumi vs. Terraform vs. Crossplane?

Crossplane, Pulumi, and Terraform all manage cloud infrastructure, but Crossplane integrates deeply with Kubernetes.

Pulumi: Uses real programming languages and supports multi-cloud environments.
Terraform: Declarative HCL-based, strong ecosystem, and state management.
Crossplane: Kubernetes-native, using Kubernetes CRDs to manage infrastructure as code.

If you are Kubernetes-centric, Crossplane is a great choice. If you need broader multi-cloud IaC, go with Pulumi or Terraform.

What language is Pulumi written in?

Pulumi is primarily written in Go, but it supports multiple programming languages for defining infrastructure, including:

TypeScript / JavaScript – Common among frontend and full-stack developers.
Python – Frequently used in DevOps and data engineering.
Go – Preferred by backend and cloud engineers.
C# / .NET – Well-suited for Microsoft Azure and enterprise applications.

Pulumi’s flexibility allows developers to use familiar languages instead of learning a domain-specific language like Terraform’s HCL.

Interesting Reads

Best practices

Jan Lepsky

September 24, 2024

A guide to Kubernetes troubleshooting

Facing Kubernetes issues? This guide offers practical steps to fix k8s application failures, manage logs, and improve performance and security in your cluster.

Best practices

Cameron Pavey

Jan Lepsky

October 10, 2024

Introduction to Helm for Kubernetes

Explore core concepts, features, and benefits for DevOps, with a practical workflow example to simplify deployments and boost efficiency.

Platform

Solutions

Company

Resources

Support

Pulumi vs. Terraform: Choosing the Best Infrastructure as Code Solution

Ready to get started?

FAQ

Pulumi vs. Terraform, which one is better?

Pulumi vs. Terraform vs. CDK?

Pulumi vs. Terraform vs. Ansible?

Pulumi vs. Terraform vs. Crossplane?

What language is Pulumi written in?

Interesting Reads

A guide to Kubernetes troubleshooting

Introduction to Helm for Kubernetes

Platform

Solutions

Company

Resources

Support

Platform

Solutions

Company

Resources

Support

Pulumi vs. Terraform: Choosing the Best Infrastructure as Code Solution

Ready to get started?

FAQ

Pulumi vs. Terraform, which one is better?

Pulumi vs. Terraform vs. CDK?

Pulumi vs. Terraform vs. Ansible?

Pulumi vs. Terraform vs. Crossplane?

What language is Pulumi written in?

Interesting Reads

A guide to Kubernetes troubleshooting

Introduction to Helm for Kubernetes

The latest on DevOps and Platform Engineering trends