Pulumi
Pulumi is an Infrastructure as Code platform that challenges Terraform's HCL-based approach by letting you write infrastructure definitions in languages you already know. Instead of learning a new DSL, you write a TypeScript program that creates an S3 bucket, configures IAM roles, and deploys an EKS cluster, with full access to loops, conditionals, functions, and packages.
How Pulumi Differs from Terraform
| Feature | Pulumi | Terraform |
|---|---|---|
| Language | TypeScript, Python, Go, C#, Java | HCL (domain-specific) |
| Logic | Full programming (loops, functions, classes) | Limited (for_each, count, modules) |
| Reuse | npm/PyPI packages | Terraform Registry modules |
| State | Pulumi Cloud or self-hosted backend | Terraform Cloud, S3, local |
| Provider coverage | 150+ providers (shares Terraform providers) | 3000+ providers |
Basic Example
import * as aws from "@pulumi/aws";
const bucket = new aws.s3.Bucket("my-bucket", {
website: { indexDocument: "index.html" },
});
export const bucketName = bucket.id;
export const websiteUrl = bucket.websiteEndpoint;
This creates an S3 bucket with website hosting. The exported values are printed after pulumi up and can be consumed by other stacks.
Stacks and State
Pulumi manages state (what resources exist) in a backend, Pulumi Cloud, an S3 bucket, or Azure Blob Storage. Stacks are isolated deployments of the same program (dev, staging, prod) with different configuration values. pulumi up diffs the desired state (your code) against the current state (backend) and applies changes.
Pulumi ESC
Pulumi Environments, Secrets, and Configuration (ESC) is a secrets management layer that integrates with Hashicorp Vault, AWS Secrets Manager, and 1Password. It allows pulling secrets into Pulumi stacks without hardcoding credentials in config files.
When to Choose Pulumi vs Terraform
Choose Pulumi when: your team is strong in a general-purpose language, you need dynamic infrastructure generation (many similar resources with varying configs), or you want to share infrastructure components as library packages. Choose Terraform when: you have an existing HCL investment, need the widest provider coverage, or prefer declarative configs with no programming concepts.
Related Terms
- Argocd, GitOps delivery for Kubernetes; Pulumi handles the infra that ArgoCD deploys onto
- Helm, Kubernetes package manager; Pulumi can deploy Helm charts via the Helm provider
- Hashicorp Vault, secrets management that integrates with Pulumi ESC
- Kubernetes, common target for Pulumi infrastructure definitions
Discussion in the ATmosphere