Great Stack to Doesn't Work — Bonus
Terraform vs Pulumi vs CloudFormation: IaC Showdown 2026
Three tools, one job, very different trade-offs.
Terraform: The Industry Default
HashiCorp's Terraform uses HCL (HashiCorp Configuration Language), a declarative DSL. You describe what you want, Terraform figures out how to get there.
Strengths: Multi-cloud support is unmatched. AWS, GCP, Azure, Cloudflare, Datadog, PagerDuty — if it has an API, there's probably a Terraform provider. The ecosystem is massive. State management is battle-tested (with remote backends like S3 + DynamoDB). OpenTofu exists as an open-source fork after Terraform's license change.
Weaknesses: HCL is limited. Loops, conditionals, and dynamic blocks work but feel clunky compared to a real programming language. Complex logic (generating resources based on data from another resource) often requires awkward workarounds. Modules help but have their own complexity — versioning, input validation, passing outputs between modules.
Best for: Multi-cloud environments. Teams that want a declarative approach with a huge community. Organizations that already have Terraform expertise.
Pulumi: The Programmer's Choice
Pulumi lets you write infrastructure in TypeScript, Python, Go, C#, or Java. Real programming languages. Real IDEs. Real type checking.
Strengths: If your team is already writing TypeScript, writing infrastructure in TypeScript means no new language to learn. You get loops, functions, classes, error handling, testing frameworks — everything your programming language provides. Complex conditional logic that's painful in HCL is trivial in code.
Weaknesses: The freedom of a general-purpose language means you can write terrible, unmaintainable infrastructure code. HCL's constraints are also guardrails. Pulumi's community is smaller than Terraform's. Fewer examples, fewer blog posts, fewer Stack Overflow answers. Provider parity is close but not identical — some Terraform providers don't have Pulumi equivalents.
Best for: Teams with strong programming backgrounds who find HCL limiting. Complex infrastructure that needs real programming constructs. Organizations standardizing on one language across application and infrastructure code.
CloudFormation: The AWS Native
AWS CloudFormation is AWS-only. JSON or YAML templates. No state file management — AWS handles state internally.
Strengths: Zero state management overhead. No S3 buckets for state, no locking with DynamoDB. It just works. Deep AWS integration — new AWS services get CloudFormation support first, sometimes exclusively for weeks. Stack policies, drift detection, and change sets are built in.
Weaknesses: AWS only. The YAML/JSON syntax is verbose and error messages are famously unhelpful. No loops in native CloudFormation (AWS SAM and CDK wrap CloudFormation to add programmability). Large templates become unreadable. CDK (Cloud Development Kit) addresses the syntax problem by letting you write TypeScript/Python that compiles to CloudFormation, but it adds a compilation step and its own abstractions.
Best for: AWS-only shops that want the simplest possible state management. Teams already invested in the AWS ecosystem. Organizations where compliance requires using AWS-native tools.
The Honest Verdict
If you're multi-cloud or might be: Terraform (or OpenTofu). The ecosystem advantage is real.
If you're a programming-first team and HCL frustrates you: Pulumi. The productivity gain is significant for complex infrastructure.
If you're all-in on AWS and want zero state management: CloudFormation with CDK for the programming interface.
The worst choice is switching tools every year because a new comparison article convinced you the grass is greener. Pick one. Learn it deeply. The deep knowledge of any IaC tool is worth more than the shallow knowledge of all three.
Over to You
Terraform, Pulumi, or CloudFormation — what's your IaC weapon of choice? Anyone who switched tools mid-project, how painful was it?
If you enjoyed this, I write about production engineering, AI systems, and the messy reality of building software at scale.
Follow me:
This is part of the **Great Stack to Doesn't Work* series — a survival guide for when everything goes wrong in production. Follow the series to catch every episode.*
Top comments (0)