Why look beyond Terraform

Terraform, developed by HashiCorp, is widely used for defining, provisioning, and managing infrastructure as code (IaC) across multiple cloud providers and on-premises environments. Its declarative HashiCorp Configuration Language (HCL) allows users to describe the desired state of their infrastructure, with Terraform handling the execution plan to reach that state. The tool provides a consistent workflow for managing infrastructure lifecycle, promoting idempotency and reducing manual errors. Its extensive ecosystem of providers supports a broad range of services, making it a versatile choice for multi-cloud strategies.

However, organizations may seek alternatives due to specific requirements or architectural preferences. Some teams prefer to use general-purpose programming languages for IaC, which can enable greater flexibility, reusability of existing code, and integration with standard development toolchains. Others might prioritize solutions native to a particular cloud provider for deeper integration and optimized performance within a single cloud environment. For highly dynamic or configuration-centric operations, tools with strong configuration management capabilities might be preferred. Additionally, teams already heavily invested in Kubernetes might look for IaC solutions that align with Kubernetes-native principles, treating infrastructure components as custom resources.

Top alternatives ranked

  1. 1. Pulumi — Infrastructure as Code with familiar programming languages

    Pulumi allows developers to define cloud infrastructure using standard programming languages such as TypeScript, JavaScript, Python, Go, C#, Java, and YAML. This approach enables leveraging existing software development practices, including testing, dependency management, and code reuse, for infrastructure provisioning. Pulumi supports a broad range of cloud providers, including AWS, Azure, Google Cloud, and Kubernetes, offering a multi-cloud and multi-language experience. It manages infrastructure state and provides a platform for team collaboration, policy enforcement, and audit logging. The ability to express infrastructure logic programmatically can simplify complex deployments and integrate IaC more tightly with application codebases. Pulumi's open-source core and commercial SaaS platform offer flexibility for various use cases.

    • Best for: Teams preferring general-purpose programming languages for IaC, complex infrastructure logic, integrating IaC with existing development workflows, multi-cloud environments.

    Learn more on the Pulumi overview page or visit the official Pulumi website.

  2. 2. AWS CloudFormation — Native AWS infrastructure provisioning

    AWS CloudFormation is an Amazon Web Services (AWS) native service that helps model and provision AWS resources declaratively. Users define their AWS infrastructure in JSON or YAML templates, and CloudFormation handles the provisioning and updating of those resources. It supports a comprehensive range of AWS services, ensuring deep integration with the AWS ecosystem. CloudFormation enables creating, updating, and deleting entire stacks of resources in a controlled and predictable manner, facilitating environment consistency and reproducibility. Its change sets feature allows users to preview the impact of changes before applying them to the live infrastructure. While primarily focused on AWS, its direct integration with AWS services makes it a strong choice for AWS-centric organizations.

    • Best for: Organizations primarily using AWS infrastructure, deep integration with AWS services, managing complex AWS resource stacks, ensuring consistency within AWS environments.

    Learn more on the AWS CloudFormation overview page or visit the official AWS CloudFormation website.

  3. 3. Ansible — Automation engine for provisioning, configuration management, and application deployment

    Ansible is an open-source automation engine that automates software provisioning, configuration management, and application deployment. It operates agentlessly, using SSH for Linux/Unix hosts and WinRM for Windows hosts, simplifying setup and maintenance. Ansible playbooks are written in YAML, describing desired states or procedural steps for automation tasks. While primarily known for configuration management, Ansible can also provision infrastructure on various cloud platforms, hypervisors, and bare-metal servers through its extensive module ecosystem. Its simple, human-readable syntax makes it accessible for operations teams, and its push-based architecture can be advantageous in certain network environments. Ansible is part of Red Hat's automation portfolio.

    • Best for: Configuration management, orchestration of multi-tier deployments, agentless automation, teams preferring YAML-based automation for provisioning and configuration.

    Learn more on the Ansible overview page or visit the official Ansible website.

  4. 4. Azure Resource Manager — Native Azure infrastructure deployment and management

    Azure Resource Manager (ARM) is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure subscription. Users define their Azure resources and their dependencies in declarative JSON templates, which ARM then processes to deploy the resources consistently. ARM templates support various resource types and configurations within Azure, allowing for complex infrastructure deployments. Key features include role-based access control (RBAC) for managing permissions, tagging for organizing resources, and monitoring capabilities. Similar to AWS CloudFormation, ARM is tightly integrated with its native cloud platform, making it the primary IaC tool for Azure-centric environments. It also supports Bicep, a more concise domain-specific language for deploying Azure resources.

    • Best for: Organizations primarily using Microsoft Azure, native integration with Azure services, managing complex Azure resource groups, consistent deployments within Azure environments.

    Learn more on the Azure Resource Manager overview page or visit the official Azure documentation.

  5. 5. Crossplane — Kubernetes-native control plane for managing external resources

    Crossplane is an open-source Kubernetes add-on that enables users to provision and manage infrastructure from multiple cloud providers and on-premises environments directly from Kubernetes. It extends Kubernetes to include custom resource definitions (CRDs) for external resources, allowing infrastructure to be defined and managed using familiar Kubernetes APIs and tooling. This approach treats external infrastructure components (like databases, message queues, and object storage) as if they were native Kubernetes resources. Crossplane supports a wide range of providers, including AWS, Azure, Google Cloud, and many others, transforming Kubernetes into a universal control plane for infrastructure. It promotes GitOps workflows for infrastructure management and can significantly simplify operations for teams already using Kubernetes extensively.

    • Best for: Kubernetes-centric organizations, managing external cloud resources via Kubernetes APIs, GitOps-driven infrastructure, multi-cloud environments with a Kubernetes focus.

    Learn more on the Crossplane overview page or visit the official Crossplane website.

  6. 6. Chef — Automation for configuration management and infrastructure orchestration

    Chef is an automation platform that helps define infrastructure as code, automate server configuration, and manage application deployment. It uses a Ruby-based domain-specific language (DSL) to create "cookbooks" and "recipes" that describe the desired state of infrastructure components. Chef operates in a client-server architecture, where Chef Workstation authors recipes, Chef Server stores them, and Chef Client runs on target nodes to enforce the desired state. While primarily a configuration management tool, Chef can also provision infrastructure through integration with cloud providers. Its procedural approach allows for detailed control over configuration steps, which can be beneficial for complex and highly customized environments. Chef offers both open-source and commercial solutions.

    • Best for: Detailed configuration management, managing server fleets, environments requiring procedural control over infrastructure setup, integrating configuration with application deployment.

    Learn more on the Chef overview page or visit the official Chef website.

  7. 7. Google Cloud Deployment Manager — Native Google Cloud infrastructure deployment

    Google Cloud Deployment Manager is an infrastructure deployment service on Google Cloud Platform (GCP) that automates the creation and management of Google Cloud resources. It uses declarative configuration files written in YAML or Python to define the desired state of your infrastructure. Deployment Manager supports all Google Cloud services, allowing users to define complex deployments, including virtual machines, networks, storage, and application services. It provides features for templating, allowing for reusable configurations, and supports previewing changes before deployment. Like its AWS and Azure counterparts, Deployment Manager is deeply integrated with its native cloud environment, making it a robust choice for organizations primarily operating within Google Cloud.

    • Best for: Organizations primarily using Google Cloud Platform, native integration with Google Cloud services, managing complex GCP resource stacks, ensuring consistency within GCP environments.

    Learn more on the Google Cloud Deployment Manager overview page or visit the official Google Cloud documentation.

Side-by-side

Feature/Tool Terraform Pulumi AWS CloudFormation Ansible Azure Resource Manager Crossplane Chef Google Cloud Deployment Manager
Primary Language(s) HCL TypeScript, Python, Go, C#, Java, YAML JSON, YAML YAML JSON, Bicep YAML (Kubernetes CRDs) Ruby DSL YAML, Python
Cloud Agnostic / Native Agnostic Agnostic AWS Native Agnostic Azure Native Agnostic (Kubernetes-native) Agnostic GCP Native
Paradigm Declarative Declarative (imperative logic possible) Declarative Procedural/Declarative Declarative Declarative (Kubernetes) Procedural Declarative
State Management Yes (local/remote) Yes (local/remote) Yes (managed by AWS) No (can integrate with state management tools) Yes (managed by Azure) Yes (Kubernetes etcd) Yes (Chef Server) Yes (managed by GCP)
Agentless Yes Yes Yes Yes Yes No (Kubernetes Kubelet) No (Chef Client) Yes
Primary Focus Infrastructure Provisioning Infrastructure Provisioning AWS Resource Provisioning Configuration Management, Provisioning Azure Resource Provisioning Kubernetes-native Cloud Resource Management Configuration Management GCP Resource Provisioning
Extensibility Providers Providers, SDKs Custom Resources, Macros Modules, Plugins Deployment Scripts, Bicep Providers, Compositions Cookbooks, Recipes Templates, Type Providers

How to pick

Selecting an Infrastructure as Code (IaC) tool involves evaluating your team's skill set, existing cloud strategy, and specific automation requirements. Consider the following decision tree:

  1. Are you primarily operating within a single cloud provider (AWS, Azure, GCP)?

  2. Does your team prefer to use general-purpose programming languages (e.g., Python, TypeScript, Go) for defining infrastructure?

    • If Yes, Pulumi allows writing IaC in familiar languages, enabling advanced logic and integration with existing development workflows (Pulumi documentation).
    • If No, and you prefer declarative configuration languages or a more operational approach, proceed.
  3. Are you heavily invested in Kubernetes and seek a Kubernetes-native way to manage external cloud resources?

    • If Yes, Crossplane extends Kubernetes to become a universal control plane, managing infrastructure via Kubernetes APIs and CRDs (Crossplane documentation).
    • If No, and your primary focus is broader infrastructure provisioning and configuration management outside of a Kubernetes-centric model, proceed.
  4. Is configuration management for servers or virtual machines a primary concern, alongside or instead of initial provisioning?

    • If Yes, consider tools with strong configuration management capabilities:
      • Ansible is agentless and uses YAML playbooks for both provisioning and configuration, often favored for its simplicity (Ansible documentation).
      • Chef uses a Ruby DSL for detailed, procedural configuration management, suitable for complex environments (Chef documentation).
    • If No, and your main need is declarative, multi-cloud infrastructure provisioning, Terraform remains a strong choice, but the other alternatives offer specific advantages.

Ultimately, the best choice aligns with your team's expertise, existing cloud architecture, and the desired level of control and abstraction for your infrastructure management workflows.