Authors: Rolf Kluge, Mohamad Ravaei, Aidin Azimi, Christian German
Understanding Pulumi and Terraform
Pulumi is a modern IaC tool that allows developers to define and manage infrastructure using general-purpose-programming languages like TypeScript, Python, Go, and .NET. Being able to use familiar programming environments enhances our development process, makes it more (cost-)efficient and integrates seamlessly within our existing tech-stack. Pulumi was founded in 2017 and has rapidly gained traction for its innovative approach. Companies like Snowflake, Mercedes-Benz, and Tableau are known to use Pulumi.
Terraform, developed by HashiCorp and first released in 2014, provides a declarative approach to infrastructure management. It specifies the desired end state without listing the steps to achieve it, making it particularly effective in environments requiring detailed, predictable setups. Its extensive ecosystem supports a wide range of infrastructure services. This is invaluable for projects that require integration with various systems or specific, repeatable configurations. Companies such as GitHub, Slack, and Starbucks use Terraform to manage their infrastructure.
Both tools play a crucial in Appsfactorys Tech-Stack, enabling our teams to manage complex infrastructure demands efficiently and reliably. They ensure our solutions are agile and robust, meeting diverse client requirements with precision.
Comparing Pulumi and Terraform
Language
Terraform: Uses HCL2 (YAML)
- Pros: Simple syntax is preferred by some DevOps professionals.
- Cons: Lacks the flexibility of full programming languages, which can limit complex logic implementations.
Pulumi: Supports TypeScript, Go, Python, and C#
- Pros: Allows natural logic constructs like loops and if statements, which are more familiar to developers.
- Cons: Can introduce complexity, especially for those without programming backgrounds.
Pulumi wins from a developer’s perspective, but Terraform’s simplicity can be appealing for pure DevOps teams.
Terraform: Limited official support
- Pros: Stable with broad community support.
- Cons: Tooling and validation while typing are major downsides.
Pulumi: Best-in-class tooling for each language, and compatible with VS Code, WebStorm, PyCharm, etc
- Pros: Excellent tooling and validation while typing.
- Cons: This may require additional setup and learning for teams using simpler tools.
Pulumi excels in tooling and validation, but Terraform’s simplicity in tooling can be easier for some teams.
Platform Support
Terraform: Extensive support via modules for almost everything
- Pros: Broad platform support.
- Cons: May have slower adoption of new services compared to Pulumi.
Pulumi: Supports major providers (almost 45) and uses Terraform under the hood for many providers
- Pros: Rapid integration of new providers and technologies.
- Cons: Slightly fewer providers but can extend via Terraform Pulumi bridge with Go knowledge.
Terraform has a slight advantage in platform support, but Pulumi’s flexibility and rapid integration are strong points.
Secret/State Management
Terraform: Secrets are stored in plain text in state files
- Pros: Straightforward management.
- Cons: Security risks with secrets management.
Pulumi: Secures secrets via pluggable secret providers (Azure KeyVault, AWS Vault, etc.)
- Pros: Better security practices.
- Cons: Complexity in setup and potential cost for advanced features.
Pulumi has better security practices, but this comes with added complexity.
Extra Features
Terraform: No significant extra features were noted in the free version
- Pros: Focuses on core infrastructure management.
- Cons: Lacks advanced features without additional tools.
Pulumi: Offers Policy as Code (CrossGuard), live in-line updates, and direct deployment of serverless functions
- Pros: Additional innovative features and faster adoption of new technologies.
- Cons: Additional features can add complexity and require learning new paradigms.
Pulumi provides more extra features and innovation, but this can introduce complexity.
Why we prefer Pulumi at Appsfactory
We found Pulumi to be a more efficient and practical choice for Appsfactory. It supports familiar languages like TypeScript and Python, offering the flexibility to handle more complex tasks, such as loops and conditions, which is essential for managing our infrastructure.
While Pulumi may introduce some complexity compared to Terraform, its stronger tooling, enhanced security, and quicker adoption of new technologies provide the agility we need. Overall, Pulumi offers a more tailored and future-ready solution, making it a better fit for our requirements.
Our Custom PowerShell Module for Pulumi
To boost our efficiency with Pulumi, we developed a custom PowerShell module. This module is specifically tailored to enhance our use of Pulumi by automating repetitive tasks and managing project configurations efficiently.
Key Features of the PowerShell Module
- Automated Environment Setup: Our PowerShell module automates the creation of basic resources needed for Pulumi to operate, such as Azure Resource Groups, Storage Accounts, and Key Vaults. This automation prevents security risks associated with manual setups and centralises resource management.
- Seamless Project Switching: With the Import-AfPulumiEnvironment command, developers can easily switch their working environment to match different projects without manually adjusting environment variables. This feature is vital for maintaining productivity when managing multiple client projects.
- Initial Resource Provisioning: The New-AfPulumiResources command initializes required resources and settings for a new Pulumi project. This includes setting up the necessary permissions and environment variables, ensuring projects start on a solid foundation.
Impression So Far
For developers, Pulumi scales much better: it allows the use of familiar tooling with code completion and the ability to extend typing (e.g., non-mistakable region strings). Pulumi provides strong Kubernetes support making it a forward-looking tool that embraces the future of infrastructure management.
Delivering Value to Our Clients
Pulumi and Terraform allow us to offer quicker deployments and more reliable infrastructures. Our clients benefit from faster time-to-market and reduced issue potential, which are crucial in today’s fast-paced business environment. Moreover, our ability in automating and managing infrastructures through code ensures scalability and adaptability as our clients’ needs evolve.
Conclusion
At Appsfactory GmbH, we are committed to adopting advanced technology solutions. For Infrastructure as Code (IaC) we like the options Pulumi and Terraform provide. Leveraging our expertise we can stay ahead in the competitive landscape of software development. Whether through speeding up deployments or ensuring stable and scalable infrastructure setups, our focus is on delivering the best results for our clients. While both tools described here have their strengths, Pulumi’s developer-friendly approach and innovative features make it our preferred choice for most projects. Terraform offers unique benefits as well, and its implementation is more use-case specific. We are fully aware of the complexities and prepared to manage the unique project-specific challenges that come with choosing either of these platforms.