Quick take: Infrastructure as Code turns manual cloud clicks into versioned, reviewable, repeatable definitions. Terraform is the safe default, Pulumi is great for code-centric teams, and cloud-native tools are fine when you stay in one cloud.
A team provisioned resources through the cloud console. When the person who created the environment left, no one knew how it was built. Recovery from an outage took days because no one could recreate the environment. Adopting Terraform meant every resource was defined in code, reviewed in pull requests and deployed by pipeline.
The problem it solves
Manual infrastructure is undocumented, inconsistent and fragile. IaC makes infrastructure versioned, testable and reproducible.
Core concepts
| Tool | Approach | Best for |
|---|---|---|
| Terraform | Declarative HCL | Multi-cloud, large teams, mature ecosystem. |
| Pulumi | Code in TS/Python/Go | Teams that want full programming. |
| AWS CDK / Azure Bicep / Config Connector | Cloud-specific code | Teams deep in one cloud. |
| CloudFormation / ARM templates | Native declarative | Cloud-native scenarios, policy alignment. |
Architecture
How it works
You describe the desired state in code. The tool compares desired state to actual state and makes the minimum changes needed. State files track what exists so the tool knows what to create, update or delete.
Terraform uses HCL and a provider model. Pulumi uses familiar programming languages. CDK generates native templates from code.
Real-world scenario
The team standardized on Terraform for shared infrastructure and Pulumi for platform automation that needed loops and conditionals. Cloud-specific modules used Azure Bicep for Azure-only components.
- Terraform managed VPCs, subnets and IAM.
- Pulumi managed Kubernetes platform abstractions.
- Bicep handled Azure-specific policy and landing zone resources.
Advantages
- Terraform: mature, multi-cloud, large module ecosystem.
- Pulumi: familiar languages, strong typing, reusable libraries.
- CDK / Bicep: native integration and latest cloud features.
- All: version control, peer review and repeatable deployments.
Disadvantages
- Terraform: HCL learning curve, state management complexity.
- Pulumi: smaller ecosystem, potential over-engineering.
- CDK / Bicep: cloud lock-in, abstraction leaks.
- General: drift if resources are changed outside IaC.
When to use it (and when not)
Use Terraform as the default for multi-cloud or team-scale IaC. Use Pulumi if your team strongly prefers a programming language. Use cloud-native tools for cloud-specific platform work.
Do not manage production infrastructure through the console. Do not adopt IaC without state management and locking.
Best practices
- Store state remotely with locking.
- Use modules to encapsulate reusable patterns.
- Run plans in CI and apply through approved pipelines.
- Import or prevent manual changes.
- Version modules and pin provider versions.
- Use policy as code to enforce guardrails.
IaC is not just automation — it is documentation that also happens to build things.