AWS
Terraform
Pulumi
Benjamin Kušen
December 23, 2023

Comparing Pulumi, Terraform, and AWS CDK

Find out how to make infrastructure provisioning and resource deployment for software development easier with Terraform, Pulumi, and the AWS CDK (Cloud Development Kit).

When recommending Infrastructure as Code (IaC) solutions to our clients to streamline resource provisioning, Pulumi, Terraform, and AWS CDK are frequently the top options. It is imperative that your organization choose which tool is best for infrastructure provisioning and deployment.

We frequently utilize these IaC tools across various projects. To better understand the benefits and drawbacks of each tool, we will compare Pulumi, Terraform, and Amazon's Cloud Development Kit in this post. We will also look at how they differ technically.

Understanding Terraform, Pulumi, and AWS CDK

Terraform, Pulumi, and AWS CDK are all categorized as Infrastructure as Code (IaC) solutions. These solutions play a vital role in overseeing IT infrastructure using software-defined guidelines, enabling the specification of configurations for resources. Their goal is to enable development and operation teams to effectively create, modify, and set up computing resources securely, uniformly, and automatically.

IaC serves as a key element in Agile methodology and DevOps approaches, contributing to improved source control, ongoing integration, and continuous deployment. Moreover, it simplifies the implementation of experimental changes without demanding significant time or resource commitments.

Terraform: A Tool for Infrastructure as Code (IaC)

Terraform, an open-source tool for Infrastructure as Code (IaC), allows you to describe infrastructure using easily understandable configuration files. This tool is extensively employed for automating deployments across multiple cloud platforms efficiently.

To articulate the configuration of infrastructure, you can utilize scripts written in HashiCorp Configuration Language (HCL) or, if preferred, JSON format. Terraform evaluates the scripts you create, contrasts them with the current state, and does modifications to the infrastructure.

Pulumi: A Multi-language Infrastructure Provisioning Platform

Pulumi stands out as a unique platform enabling developers to set up infrastructure using general-purpose programming languages. Like Terraform, Pulumi is open-source and independent to specific cloud providers, enabling you to specify resources across various platforms such as Azure, Google Cloud, and AWS.

AWS Cloud Development Kit (CDK): A Framework for Infrastructure Deployment

The AWS Cloud Development Kit (CDK) version 2 operates as an open-source development framework, facilitating the deployment of infrastructures through AWS CloudFormation. Comparable to Pulumi, it allows the use of multiple programming languages to define your environment.

CDK serves as a wrapper for CloudFormation. When your applications run on CDK, they compile into fully developed JSON and YAML templates for provisioning. It encompasses certain features of CloudFormation, such as automatic rollback and drift detection.

Programming Languages for Infrastructure as Code (IaC)

<table>
 <tr>
   <th></th>
   <th>Terraform</th>
   <th>Pulumi</th>
   <th>AWS CDK</th>
 </tr>
 <tr>
   <td>Supported programming languages</td>
   <td>JSON, HCL, and more with plugins</td>
   <td>TYPESCRIPT, JAVASCRIPT, PYTHON, JAVA GO, YAML, NET PLATFORM(C#, F#,VB)</td>
    <td>TYPESCRIPT, JAVASCRIPT, PYTHON, JAVA GO, C#</td>
 </tr>
</table>

Pulumi and AWS CDK provide flexibility by supporting a variety of well-established programming languages. This enables your team to leverage the familiar constructs of these languages, including functions, statements, loops, and conditionals, to craft dynamic cloud environments.

It's worth noting that AWS CDK requires the installation of a JavaScript runtime. This is because it structures its business logic in TypeScript, ensuring consistent behavior across different programming languages.

In contrast, Terraform opts for a high-level proprietary language known as HCL. This language boasts a straightforward syntax, simplifying the provisioning of infrastructure across various cloud providers and on-premise data centers. Additionally, HCL can be translated into JSON.

Terraform excels in cloud provisioning, demonstrating notable efficiency, particularly in the hands of experienced engineers. The learning curve for HCL is relatively short, making it accessible for senior engineers.

For many companies, the convenience lies in Pulumi and CDK, as these tools allow the use of widely used native languages. This approach enables the operations team to adhere to the same development methodology and standards as the development team. Furthermore, these tools facilitate the reuse of libraries across both infrastructure and application code.

Terraform and Pulumi emerge as valuable choices for companies managing a multi-cloud infrastructure. In contrast, AWS CDK is specifically tailored for use with Amazon's cloud services. Each of these options presents unique advantages based on the specific needs and preferences of your organization.

Integrated Development Environments

Terraform, Pulumi, and CDK offer robust support for a variety of Integrated Development Environments (IDEs) to streamline coding tasks. Through plugins, you can perform functions such as document validation, syntax highlighting, compile-time error checks, and incorporate other visual editing features.

These IaC tools feature plugins that seamlessly integrate with both on-premise and cloud infrastructure. They empower you to enforce logic-based and role-based policies for your infrastructure, conduct thorough audits of logs, and monitor resource operations. Certain plugins even foster collaboration among these IaC tools, promoting self-service automation.

IDEs play a pivotal role in expanding the horizons of supported programming languages. For instance, cloud development kits can be installed to provision infrastructure on Terraform using a range of languages like TypeScript, Java, Python, or C#, among others. This flexibility ensures adaptability and ease of use for diverse development teams.

Managing States in Cloud Deployment Tools

CDK and Terraform utilize state files to store essential information about your resources and configuration. Nevertheless, it is crucial for your operations team to guarantee that these states always remain synchronized with the actual infrastructure.

Terraform Cloud and Pulumi offer user-friendly web applications that automatically oversee the remote state of your infrastructure. Even if you lack a self-managed backend, the integrated service takes responsibility for state management, ensuring security, auditing, and addressing other related concerns.

In the case of Terraform and Pulumi, you have the option to manually manage the infrastructure state, either on compatible cloud storage or local file systems. However, if you opt for AWS CDK, the CloudFormation service will efficiently handle the state management process.

Enhancing Functionality Through Cloud Compatibility

<table>
 <tr>
   <th></th>
   <th>Terraform</th>
   <th>Pulumi</th>
   <th>AWS CDK</th>
 </tr>
 <tr>
   <td>Provider Support</td>
   <td>AWS, AZURE, Microsoft, Google Cloud, Kubernetes, Docker,DataDog, GitHub, Oracle, and more</td>
   <td>AWS, AZURE, Microsoft, Google Cloud, Kubernetes, Docker,DataDog, GitHub, Oracle, and more</td>
   <td>AWS, Kibernetes, Docker, DataDog, Oracle, GitHub and many more</td>
 </tr>
<tr>
   <td>Dynamic Provider Support</td>
   <td>No</td>
   <td>Yes</td>
   <td>Limited</td>
</table>

These Infrastructure as Code (IaC) tools provide the capability to augment their features by integrating with third-party cloud providers through APIs. Pulumi and Terraform seamlessly support Google Cloud, Microsoft Azure, and Amazon Web Services (AWS). Notably, CDK, being an Amazon product, offers an extensive array of AWS services but has limited third-party support.

All these tools offer the convenience of simplifying Kubernetes provisioning. Specifically, they empower you to automate the deployment of applications into your cluster on various cloud platforms.

If the IaC tools fall short in covering your third-party service, you can expand your system by incorporating custom resources. However, it's worth noting that only Pulumi provides comprehensive Dynamic Provider Support, enabling it to generate credentials for providers. This feature significantly reduces the need for your team to invest extensive time in writing intricate modules.

Validation and Testing

<table>
 <tr>
   <th></th>
   <th>Terraform</th>
   <th>Pulumi</th>
   <th>AWS CDK</th>
 </tr>
 <tr>
   <td>Unit Testing</td>
   <td>Yes</td>
   <td>Yes</td>
   <td>Yes</td>
 </tr>
<tr>
   <td>Property Testing</td>
   <td>Limited</td>
   <td>Yes</td>
   <td>Limited</td>
 </tr>
<tr>
   <td>Integration Testing</td>
   <td>Limited</td>
   <td>Yes</td>
   <td>Limited</td>
  </tr>
<tr>
   <td>Compliance Testing</td>
   <td>Limited</td>
   <td>Yes</td>
   <td>Yes</td>
 </tr>
</table>

Syntax checking and validation are supported by Terraform, Pulumi, and AWS CDK. They also enable the execution of in-memory tests that simulate external calls (unit tests) for direct debugging purposes. Before deploying any changes to the infrastructure, you need to create an execution file alongside the configuration files. Once the changes are confirmed, you can proceed to apply the execution plan.

Pulumi simplifies the process of asserting data flow across resource dependencies on the deployed infrastructure, known as property testing. Additionally, you have the option to conduct external tests on the entire IT environment, referred to as integration testing.

For AWS CDK constructs, two types of tests can be written: snapshot tests and fine-grained assertions. Snapshot tests involve comparing the synthesized CloudFormation template with a previously stored template, serving as the baseline for future tests. Assertions play a crucial role in detecting regressions when developing new features in the environment.

Furthermore, you can enhance your testing functionality by installing external libraries. For instance, Terratest for Terraform introduces a variety of testing capabilities for the Go language. Another tool integrates compliance testing into the development pipeline.

Configuration Management

Traditional configuration management tools such as Ansible, Chef, Puppet, and similar services can be employed within your computer instances. These tools are compatible with all Infrastructure as Code (IaC) platforms. While AWS CDK, Terraform, and Pulumi are not explicitly designed for configuration management, they do provide a certain level of configuration capabilities.

In Pulumi, you have the option to store secrets and stack variables in configuration files. In the case of Terraform, a file can be created to specify default values for each server, allowing you to override default configuration values. Similarly, AWS CDK allows the creation of default tags for each resource.

DevOps Tools Integration

Pulumi, Terraform, and AWS CDK seamlessly integrate with established Continuous Integration and Deployment (CI/CD) pipelines. These integrations extend to widely used solutions like Azure DevOps, AWS Code Services, Google Cloud Build, and GitHub.

Beyond third-party integrations, AWS CDK incorporates a self-updating pipelines construct library module that seamlessly integrates with continuous delivery processes. Likewise, Pulumi includes several built-in features designed to streamline your pipeline, including deployment, drift detection, and Git commit tracking.

Modularity

All Infrastructure as Code (IaC) tools enable you to elevate the level of abstraction for resources and constructors, promoting reusability.

In Terraform, modules are defined using input variables, output values, and resources. While modules can call other modular blocks, it's essential to avoid excessive use, as it may complicate configuration maintenance. Terraform Cloud supports a no-code provisioning workflow, allowing the deployment of module resources without extensive coding.

AWS CDK facilitates the reuse of infrastructure elements through CloudFormation. Similar to Terraform, CDK enables nesting these blocks into other modules, allowing the stacking of best practices into higher-level blocks. This approach allows you to establish consistent infrastructure standards across modules.

Pulumi provides the capability to abstract component resources into higher-level software resources with their own logical names and trackable states. This is achieved by leveraging your programming language. Additionally, the Pulumi Packages plug-in extends the accessibility of these modules to any of the supported languages.

Resource Naming and Tagging

Establishing consistent naming conventions for your cloud resources is possible with Pulumi, Terraform, and CDK. These tools enable the modification of logical names and tags for specific resources within modules.

All three tools support resource renaming and allow changes to their parents, including moving to other components. However, Terraform lacks support for declaratively changing the resource's underlying type or workspace.

<table>
 <tr>
   <th></th>
   <th>Terraform</th>
   <th>Pulumi</th>
   <th>AWS CDK</th>
 </tr>
 <tr>
   <td>Secrets Management</td>
   <td>Yes</td>
   <td>Yes</td>
   <td>Yes</td>
 </tr>
<tr>
   <td>Policy as Code</td>
   <td>Yes</td>
   <td>Yes</td>
   <td>Yes</td>
 </tr>
<tr>
   <td>Role-Based Control</td>
   <td>No</td>
   <td>No</td>
   <td>Yes</td>
 </tr>
<tr>
   <td>Audit Capabilities</td>
   <td>Yes(lasts 14 days)</td>
   <td>Yes</td>
   <td>Yes</td>
  </tr>
<tr>
   <td>Encryption of Values</td>
   <td>External</td>
   <td>Internal In-Transit and External</td>
   <td>External</td>
 </tr>
</table>

Various backends, natively supported by all providers, allow you to store secrets securely. These solutions often adhere to high encryption standards, such as AES 256-bit, ensuring that credentials are not stored in plain text.

Additionally, these infrastructures as Code (IaC) tools empower you to use code to manage the rules and conditions of your infrastructure. The primary distinction is that Terraform mandates the use of its proprietary language.

User-related activity tracking within your organization is feasible with all providers. Logs capture diverse events and application changes, providing timestamps and user information. However, it's worth noting that Terraform Cloud retains only the previous 14 days of logging information.

Pulumi incorporates integrated encryption for files in transit and at rest, automatically encrypting anything the secret interacts with, including state files, logs, and CLI outputs. In contrast, Terraform and AWS CDK lack built-in support for secret management.

Support and Documentation

AWS CDK, Pulumi, and Terraform provide extensive libraries of technical documentation and comprehensive guides for a variety of use cases. These resources are designed to assist you in provisioning your IT infrastructure, implementing software engineering best practices, and sharing design patterns across your teams.

Moreover, these infrastructures as Code (IaC) tools are open-source, supported by large communities that actively contribute by building plugins and libraries to enhance functionality.

However, it's worth noting that Pulumi and AWS CDK, being relatively new tools, have growing communities that are not as vast as Terraform's. For instance, there is a more extensive collection of Stack Overflow questions for Terraform and CDK compared to Pulumi.

Choosing Between Terraform, CDK, or Pulumi

When deciding between Terraform, Pulumi, or AWS CDK (v2), you face a choice. Each tool shares similarities—they are declarative, open-source Infrastructure as Code (IaC) tools compatible with major operating systems, cloud services, and Integrated Development Environments (IDEs). Additionally, all three support modularity to enable reusability.

Pulumi stands out with its additional built-in tools for testing, validation, and secret management. Nonetheless, they all offer support for third-party plugins and libraries to expand functionality. It's worth noting that Pulumi, being relatively new, has a smaller community.

The key distinction between Pulumi, Terraform, and AWS CDK lies in the programming language they use. Terraform employs a domain-specific language (HCL), while CDK and Pulumi are versatile, supporting various high-level languages.

Opting for Python, Go, or C# provides more flexibility in defining infrastructure resources. However, due to the inherent variability in environments, no two setups are identical. Terraform, with more constraints, offers greater predictability and consistency.

If your goal is to maintain your infrastructure in a desired state while minimizing management efforts, Alpacked employs modern approaches for provisioning and managing on-premise, cloud-native, and Kubernetes environments. Reach out for a consultation, and we'll assist you in identifying the optimal toolset.

Read more

Benjamin Kušen
April 1, 2024

Optimizing Kafka Consumers with Kubernetes and KEDA

Ante Miličević
March 25, 2024

Continuous Profiling Using Parca

Benjamin Kušen
March 17, 2024

Establishing Static Code Analysis Using SonarQube

SEE ALL

Facing Challenges in Cloud, DevOps, or Security?
Let’s tackle them together!

get free consultation sessions

In case you prefer e-mail first:

Thank you! Your message has been received!
We will contact you shortly.
Oops! Something went wrong while submitting the form.
Opstergo
© 2024 Opstergo d.o.o.
Privacy Policy
Cookie Preferences
info@opstergo.com
Thank you for subscribing to our newsletter!
By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information. If you wish to disable storing cookies, click here.
PreferencesDenyAccept