The Ops Community ⚙️

Cover image for Comprehensive IaC comparison: Terraform vs Pulumi vs CloudFormation

Posted on • Originally published at

Comprehensive IaC comparison: Terraform vs Pulumi vs CloudFormation

AWS CloudFormation, Pulumi, and Terraform are the most popular IaC options cloud developers use to provision AWS cloud resources. Like most stack choices, picking the right tool comes down to the resources and services you require, the support you’re looking for, and the price you’re willing to pay.

AWS CloudFormation and Terraform are mature and widely adopted systems, whereas Pulumi, a relatively new entrant, brings additional features and takes a comprehensive approach to cloud engineering. We compared the tools based on features and the user experience, so you can pick the one that suits you the best.

How does IaC help my startup?

As a startup, being agile is often the top priority. From having lean teams to using open-source and free dev tools, it’s all about moving fast. One thing that is often overlooked and yet takes a considerable chunk of your dev team’s time is infra overheads. Replicating infra and having clear visibility into what is running at any point in time is essential. Setting up an infrastructure that meets your customer's needs, is reliable, and can be scaled takes a lot of effort. This valuable time is taken away from developing your core application.

We compare AWS CloudFormation and Terraform based on their core offerings, developer experience, integrations and extensibility, testing and deployment, and pricing.

Core features

Provisioning infra as code is the common goal among these tools. Here’s how they do it differently. Understanding their state management, what configuration languages are supported, and what makes them unique are the first steps in getting to know these tools.

AWS CloudFormation Terraform Pulumi
State management No state file Self-managed (local, remote)/ managed Self-managed / Pulumi Service
Language JSON / YAML JSON / HCL Python, Java, Node.js, Go, or .NET Core
Paradigm Declarative Declarative Imperative code turned into a declarative graph
AWS Features support Supports most new AWS services at launch Often supports new AWS services faster Supports all AWS services
Multi cloud support AWS Only All public clouds, other resources. Often supports new AWS services faster Supports all AWS services
Unique feature(s) CloudFormation designer, more languages using AWS CDK Provision of third-party and custom apps Remote deployments, automation API, Policy as code, secret encryption

Developer experience

The three IaC tools have ecosystems of varying maturity. This also can be seen in the type and number of resources covered. Things like time to learn, modularity, and secret management can be seen below.

AWS CloudFormation Terraform Pulumi
Ease of use/learning curve Very easy. Similar to other AWS tools. The designer makes it visual Very easy. Human readable HCL, multi-cloud, and 3p support Extremely easy. Use familiar languages, integrates with existing CI/CD
Modularity Yes, nested stacks with automatic dependency management Yes, modules, automatic and manual Yes, class, function, or package, in Pulumi files
Integrated logging Yes Yes Yes
Resource coverage All AWS and 3rd party AWS vendors AWS, GCP, Azure, k8s, & 100s more AWS, GCP, Azure, k8s, ~60 more
Community Active community. 7,600 Qs on Stackoverflow A mature tool with a massive community. 15,275 Qs Stackoverflow. Yes, active. 379 Qs on Stackoverflow.
Existing templates CloudFormation registry Terraform registry Pulumi registry
Secret management Yes. Use secret as a resource. No. Managed using another product, Vault. Yes. Secrets are encrypted in transit and in the state file.
Support Included with AWS support Paid 24x7 enterprise support Paid for enterprise and critical
Target user DevOps Engineer DevOps Engineer Platform Engineer
When to avoid Staying away from vendor lock-in. Need to deploy multiple cloud resources. If you have dynamically changing environments and items like IAM users. Need secure storage of sensitive info like secrets. If you plan to use the latest functionalities from cloud providers.

Integrations and extensibility

IaC templates are the blueprints of your infra; thus, having extensibility is vital to support third-party and dynamically add custom resource types. We also see how soon they support new AWS resources and services.

AWS CloudFormation Terraform Pulumi
Extensibility Limited to AWS resources and services. Yes. Providers are extensible. Dynamic providers for a custom resource type
Resource coverage All AWS, 3rd party AWS, GCP, Azure, k8s, & 100s more AWS, GCP, Azure, k8s, ~60 more
AWS Features support Supports most new AWS services at launch Often supports new AWS services faster Supports all AWS resources
Latest version 10 Nov 2022 v1.3.4 3.46.1
Application Code With AWS CodeDeploy2 Limited. Use TF’s Go as a package in your application Fully embed Pulumi with Automation API

Testing and deploying

IaC tools simplify testing and can be deployed quickly with your existing CI/CD pipelines. Tools like AWS CloudFormation also offer automatic and manual rollback capabilities.

AWS CloudFormation Terraform Pulumi
Testing TaskCat custom testing pipeline Integration testing support. 3rd party tools Terratest, Kitchen-Terraform External automated tests
Policy as code Yes Yes Yes
Rollback capability Yes, automatic & manual Yes, manual Yes, manual
CI/CD integration TaskCat, CodePipeline GitHub Actions and CircleCI AWS Code Services, Jenkins, CircleCI, and more


Pricing is often the most important decision factor for most startups. Here’s how they compare. They all offer paid support and enterprise version with additional features which can come in handy as your startup scales. Terraform is often the better choice for enterprise teams.

AWS CloudFormation Terraform Pulumi
Cost Free tier* Free*, Open-source Free-tier, and Open-source
Free version Yes, up to 1,000 handler operations/mo/acc Yes. (OSS) Yes. Individual, free credits, & open-source.
Support Included with AWS support Paid 24x7 enterprise support Paid for enterprise and critical
Enterprise version Yes Terraform Cloud, with additional collaboration and governance Yes, with SSO, RBAC, and improved support.

*Though the tools are free to use, the resources provisioned will cost you money. Spend less by leveraging the 100+ AWS services in their free tier.

Here’s the ultimate list of AWS free credit deals for your startup.

Deploying AWS resources using IaC

To give you an idea of what the code looks like, we have examples of deploying an S3 bucket using AWS CloudFormation, Terraform, and Pulumi.

S3 bucket using AWS CloudFormation

As the only platform-specific tool on the list, AWS CloudFormation is limited deploying AWS resources. Almost all AWS CloudFormation functionality can also be achieved using their UI.

AWSTemplateFormatVersion: "2010-09-09"
Description: Simple cloud formation for bucket creation and configuration

    Type: 'AWS::S3::Bucket'
    DeletionPolicy: Retain
      BucketName: my-bucke
        Status: Enabled
Enter fullscreen mode Exit fullscreen mode

S3 bucket using Terraform

Terraform uses the Hashicorp Configuration Language, which is very intuitive to use. There is also excellent documentation available for all the AWS resources.

resource "aws_s3_bucket" "my-bucket" {
   bucket = "test-s3"
   acl = "private"
   versioning {
      enabled = true
   tags = {
     Name = "My bucket"
     Environment = "Dev"
Enter fullscreen mode Exit fullscreen mode

S3 bucket using Pulumi

Pulumi’s packages make it easy to create and manage an s3 bucket easily and in the language of your preference. The below example shows the code in YAML format.

  bucket: test-s3
    type: aws:s3:Bucket
      acl: private
        Environment: Dev
        Name: My bucket
Enter fullscreen mode Exit fullscreen mode

Further reading

Here are some informative articles that touch on this topic.


Get started

Top comments (0)