While Terraform has reigned as the king of the Infrastructure-as-Code tool hill for many years, its supremacy is now being challenged. Below is a brief look at why I have switched camps and now recommend Pulumi as my IaC tool of choice.
What to look for in an IaC tool?
I think it’s safe to assume that everyone wants to use the best Infrastructure as Code/Infrastructure as Software (IaC/IaS) tool available, given that it’s secure, collaboration safe (for multiple collaborators on a single infra stack), and free. For some years now, that’s been Terraform.
In my opinion, Pulumi is the most serious contender for the throne.
Pulumi vs. Terraform history
I think Pulumi has already been superior to Terraform for a while in many respects. I will not dive into the differences here, as Pulumi does a stellar job explaining why their tool is superior.
Up to now, the main issue with Pulumi has been the dependence on the commercial Pulumi service. While custom state backends (like AWS S3 buckets or Azure blob storage) are supported, they haven’t provided state locking, so they weren’t collaboration safe or recommended for production scenarios. The SaaS offering, on the other hand, can’t easily be trusted to be secure (because it’s storing your data), and it certainly isn’t free.
So what has changed?
To make it very brief, here it is: Pulumi custom state backends now support state locking, and it’s enabled by default.
My new recommendation
It’s now possible to use Pulumi in a collaborative environment, in scale, securely, and for free.
Up to this point, I’ve had a compelling reason to recommend Terraform over Pulumi, even though it’s inferior in many ways and probably not the future of IaC.
However, with the arrival of state locking, I now recommend using Pulumi unless a new compelling reason appears. If you know one, please let me know!
Published: Apr 5, 2022
