11 tools for cloud provisioning and infrastructure automation

AWS CloudFormation: Comprehensive cloud resource management

AWS CloudFormation empowers systems administrators to model, provision and manage various AWS and third-party resources throughout their lifecycles. By defining templates that describe desired resources and their dependencies, CloudFormation automates the provisioning and configuration of infrastructure. Recent enhancements have significantly expanded its capabilities, enabling users to seamlessly manage AWS and third-party resources.

Key features

• Automated provisioning and infrastructure updates with rollback triggers and ChangeSet previews.
• Ability to deploy and manage resources across multiple regions for enhanced scalability and geographic distribution.
• Security through integration with AWS Identity and Access Management.
• Compliance with industry standards, including System and Organization Controls (SOC), Payment Card Industry Data Security Standard, Federal Risk and Authorization Management Program, Department of Defense Cloud Computing Security Requirements Guide and HIPAA.
• Centralized management via AWS Management Console and template-based infrastructure deployment.
• Cost estimation features to help predict resource costs before stack creation and integration with AWS Cost Explorer for postdeployment cost analysis.
• CloudFormation registry and resource provider for extended third-party resource management.
• Up to 40% faster stack creation and a new CONFIGURATION_COMPLETE event for improved resource provisioning.
• Enhanced ChangeSets that provide more detailed previews of deployment actions, including before-and-after values of resource properties.
• New validation checks that identify invalid resource property errors upfront, accelerating the development and testing cycle.
• Simplified resource discovery and template review in the IaC generator.

Pricing

CloudFormation is free when used with AWS resource providers. Organizations only pay for the provisioned resources. For third-party resource providers, there's a free tier of 1,000 handler operations per month, per account. Beyond that, Amazon charges $0.0009 per handler operation and an additional $0.00008 per second for operations lasting longer than 30 seconds.

Note that certain advanced features, like AWS CloudFormation StackSets, might incur additional charges.

Support and training

AWS offers a free tier for hands-on learning, comprehensive documentation, tutorial videos and sample templates. Paid support plans -- Developer, Business, Enterprise On-Ramp and Enterprise -- are available for additional assistance.

Key takeaway

CloudFormation enables consistent provisioning of AWS resources across multiple accounts and regions. Its ability to model an organization's entire cloud infrastructure in text files and automatic dependency management makes it a good tool for cloud resource orchestration.

Chef Automate: Cross-team collaboration engine

Chef Automate from Progress Software is an on-premises enterprise dashboard and analytics tool for infrastructure automation. It consists of three core engines: Chef Infra, Chef InSpec and Chef Habitat. Chef Automate enables cross-team collaboration through a human-readable language and provides an auditable history of infrastructure changes.

Key features

• Comprehensive cloud infrastructure automation with Chef Infra, security automation via Chef InSpec and application automation through Chef Habitat.
• Enhanced multi-cloud management capabilities with native resources for major cloud providers, introduced in Chef Infra Client 18.
• Single backup and restore functionality for product data.
• Advanced identity and access management with automatic security issue detection and correction.
• Agentless compliance scans using predefined security validation profiles.
• Unified interface featuring multiple dashboards for streamlined infrastructure automation and observation.
• Detailed event feed and dashboard reports that provide operational visibility and actionable insights.
• Role-based access control (RBAC) that lets organizations manage user permissions and access to different features and data within the platform.

Pricing

Chef Automate is part of Chef Effortless Infrastructure Suite for Cloud Security and Chef Enterprise Automation Stack. For the most current pricing information, please refer to the official Chef website, or contact a Progress Software sales representative. Pricing might vary based on your organization's specific needs and the scale of your implementation.

Support and training

Progress offers a 60-day free trial and three types of training: public instructor-led courses, online tutorials and private training. It also offers various support tiers, including Standard and Premium support options. These might include 24/7 support, dedicated technical account managers and priority issue resolution.

Key takeaway

Chef Automate provides operational visibility across multiple data centers and cloud providers, with filterable dashboards to view configuration and compliance information. Its auditing capabilities scan servers, VMs, cloud architecture and SaaS offerings while providing insights based on real-time data.

CircleCI: Cloud-native CI/CD

CircleCI is an application and infrastructure deployment platform that offers automation capabilities. Its cloud-native architecture and extensive feature set make it a good tool for DevOps practices.

Key features

• Cloud-native architecture supporting containerized workflows.
• Parallel execution for optimized build and test cycles.
• Customizable workflows for complex deployment scenarios.
• Orbs that provide reusable configuration packages for simplified setup.
• Built-in caching mechanisms for improved performance.
• Extensive API enabling seamless integration with other tools.
• GPU resource classes that offer up to 75% faster builds for AI applications in the Scale plan.
• CircleCI runner that offers enhanced control over build environments and improved compliance support.
• Up to a 40% improvement in compilation time.

Pricing

CircleCI uses a credit-based system for pricing. Pricing is flexible, based on factors such as the number of users, compute resources used and additional features required. CircleCI Server pricing might require contacting CircleCI for a quote.

Support and training

CircleCI's documentation, available through the support center, covers everything from basic setup to advanced configurations and billing information. Free interactive webinars, community support through forums and the CircleCI knowledge base are also provided to users. Tiered support plans range from a Starter plan with 8/5 support to premium options with 24/7 coverage, dedicated Slack channels and assigned customer engineers.

Key takeaway

CircleCI's cloud-native approach, pricing model and recent enhancements in GPU support and performance optimization make it a strong contender for organizations looking to tightly integrate infrastructure automation with their CI/CD processes, especially those prioritizing scalability and performance in cloud environments.

Google Cloud Deployment Manager: YAML-driven cloud resource orchestration

Google Cloud Deployment Manager helps organizations create, manage and orchestrate Google Cloud resources as cohesive units using the YAML declarative language. This tool lets administrators define infrastructure stacks through configuration files, employing templates as reusable building blocks for consistent deployments.

Key features

• Declarative YAML configurations to define the desired state of cloud resources.
• Parameterized templates that enable automated, repeatable deployments at scale.
• Ability to configure and deploy Google Cloud services with built-in replication and failover capabilities.
• Security through progressive identity and access management layers and compliance with SOC, HIPAA and GDPR standards.
• Centralized management via the Google Cloud console offers a unified view of the deployment hierarchy.
• Seamless integration with Cloud Monitoring for resource discovery, monitoring and usage analysis.

Pricing

Deployment Manager is a free service, but users pay for any Google Cloud resources deployed and managed.

Support and training

Google Cloud offers documentation, tutorials and example deployments for Deployment Manager. New Google Cloud customers can also take advantage of a free tier with limited usage credits.

Key takeaway

Google Cloud Deployment Manager lets customers define their desired infrastructure state, leaving the implementation details to Google Cloud. This enables parallel resource deployment, clear dependency definition and control over implementation order, streamlining cloud infrastructure management.

Jenkins: Extensible automation server

Jenkins, primarily known for CI/CD, has evolved into a versatile tool for infrastructure automation, seamlessly integrating infrastructure management into development pipelines. Its key features make it a good choice for organizations seeking comprehensive automation solutions.

Key features

• Extensive plugin ecosystem that supports new technologies and workflows.
• Support for distributed builds and test execution, including improved pipeline visualization through the new Pipeline Graph View.
• Pipeline as Code features that let users define pipeline processes with code from a source repository.
• Built-in SCM-Manager integration for version-controlled infrastructure definitions that ensures consistency and traceability.
• Extensible architecture to customize automation scripts and tools, including a new builds widget.
• Web interface for job management and monitoring, including refined controls, updated language and an improved color palette.

Pricing

Jenkins is open source and free to use, but organizations might incur hosting, maintenance and potential enterprise support services costs. Commercial versions, like CloudBees CI, are available for enterprise-level solutions, which offer additional features and support.

Support and training

Jenkins relies on community support through forums, mailing lists and chat channels. For enterprises requiring dedicated support, several third-party vendors offer commercial support packages. Training options include community-driven resources, official documentation and third-party training providers offering Jenkins certification courses.

Key takeaway

Jenkins' extensive plugin ecosystem makes it an attractive option for organizations looking to integrate infrastructure automation into their existing CI/CD pipelines, especially those already invested in the Jenkins ecosystem. Recent updates focus on improving UX and visualization, as well as modernizing the codebase, with more enhancements planned.

Microsoft Azure Automation: Cross-cloud orchestration

Microsoft Azure Automation provides an automation and configuration service that offers control over deployments and operations in Azure, on-premises and with other cloud providers, like AWS. Admins can write runbooks to automate Azure tasks or use Hybrid Runbook Worker to manage tasks outside Azure.

Key features

• Cross-environment deployment orchestration and CD support.
• Azure Arc-enabled Kubernetes -- not a direct feature of Azure Automation, but integrates with the service to extend Azure's management capabilities to Kubernetes clusters across environments.
• Management of on-premises and other cloud environments through Hybrid Runbook Worker, though capabilities might be more limited compared to native Azure resource management.
• High availability that guarantees at least 99.9% of jobs begin within 30 minutes of their scheduled start time.
• Built-in security controls, real-time global cybersecurity and RBAC.
• Microsoft Purview Compliance Manager for compliance management.
• Azure portal management with runbook job status visibility.
• Monitoring for update compliance, machine configurations and OS resource inventory.

Pricing

Azure Automation pricing is based on process automation and configuration management. Process automation is free for the first 500 minutes of job run time per month and then $0.002 per minute; watchers are free for the first 744 hours in a month and then charged $0.002 per hour after that.

Support and training

Microsoft offers a free Azure account with a $200 credit valid for 30 days and a selection of always-free tools, quick-start tutorials and comprehensive documentation. Four Azure support plans are available: Basic (free), Developer, Standard and Professional Direct. The Basic plan primarily provides access to documentation, community support and the Azure portal.

Key takeaway

Azure Automation lets organizations manage any online service with a viable API, integrate management systems using serverless runbooks and automate infrastructure at scale across hybrid cloud setups. Its consistent management across Windows and Linux OSes and integration possibilities with Azure AI services open up new avenues for intelligent automation and data-driven decision-making in complex IT environments.

Puppet Enterprise: Comprehensive configuration management

Perforce's Puppet Enterprise is on-premises software for infrastructure and workflow management and configuration. As a commercial version of the original Puppet, it includes additional components that support comprehensive configuration management. Recent enhancements have expanded its capabilities, particularly in security compliance and CD.

Key features

• Puppet orchestrator for controlled configuration change rollouts.
• Backup and restore operations with Git-based automation content storage.
• RBAC and secure communications using HTTPS and X.509 certificates.
• Federal Information Processing Standards 140-2 support and Center for Internet Security (CIS) Benchmark compliance assessment.
• Web console for node request management, Puppet class assignment and inventory data viewing.
• Performance and health metric tracking with service status monitoring and summary reporting.
• Compliance scanning, assessment and monitoring against custom policies and CIS Benchmarks.
• Automatic drift remediation and enforcement of compliant configurations aligned to CIS Benchmarks and Defense Information Systems Agency Security Technical Implementation Guides are available as a premium add-on.
• Ability to build, test and deploy Puppet code across environments.
• Preview of Puppet code deployments before merging -- available as a premium add-on.

Pricing

Puppet Enterprise typically uses a per-node licensing model based on the number of nodes managed. It offers pricing options for multiyear purchases, larger volumes and academic institutions. Organizations should contact Perforce for pricing information.

Support and training

Puppet provides the Puppet Learning VM interactive tutorial for up to 10 nodes and a containerized version for Docker testing. More than 7,000 free, prebuilt Puppet modules are available. Two support service levels are offered: Standard and Premium. Puppet also offers official certification programs, such as Puppet Certified Professional.

Key takeaway

Puppet Enterprise combines model- and task-based capabilities for scalable multi-cloud infrastructure management, supporting DevOps methodologies, like IaC. Recent enhancements in security compliance and CD, along with prebuilt patching task automation for Windows and Linux, make it a comprehensive solution for IT environments. It also integrates with popular DevOps tools, like Jenkins, GitLab and Jira.

Red Hat Ansible Automation Platform: Scaling automation enterprise-wide

Red Hat Ansible Automation Platform offers tools to implement enterprise-wide automation. Building on the original Ansible project, it adds features to achieve automation at scale, including prepackaged content collections and the Ansible automation hub.

Key features

• Human-readable playbooks to configure, deploy and orchestrate resources.
• Backup and restore capabilities for automation controller.
• RBAC with Lightweight Directory Access Protocol integration and advanced security monitoring and response capabilities.
• Compliance checking and automation governance to meet requirements.
• Web interface for centralized management with a fully discoverable and searchable REST API.
• Usage analysis, uptime monitoring and deployment status reporting.
• Services catalog providing additional automation resources.
• Private Automation Hub for content collaboration within an organization.
• Integration with Red Hat OpenShift Container Platform that enables seamless automation of containerized environments and hybrid cloud infrastructures.
• Ansible Lightspeed with IBM Watsonx Code Assistant for AI-assisted automation content creation.
• Callback feature that lets nodes request on-demand configuration.

Pricing

Available in Standard and Premium editions, with discounts for multiyear purchases, larger volumes and academic institutions. Contact Red Hat or its partners for a price quote.

Support and training

A 60-day free trial is available. Red Hat offers courses, videos, technical guides, reference architectures and other documentation. Standard and Premium plans offer web and phone support, varying support levels by plan.

Key takeaway

Red Hat Ansible Automation Platform provides tools for enterprise-wide automation, with recent integrations and features enhancing its capabilities.

Terraform: Cloud-agnostic IaC

HashiCorp's Terraform has gained traction as a cloud-agnostic IaC tool. It lets teams define and provision infrastructure across multiple cloud providers and on-premises environments. Recent improvements to Terraform Cloud Agents have further solidified its position in the IaC landscape.

Key features

• Declarative language to define infrastructure.
• Support for a wide range of cloud providers and services.
• State management to track real-world resources.
• Planning and application of workflow to preview changes before implementation.
• Modular architecture for reusable infrastructure components.
• Extensive provider ecosystem for third-party integrations.
• Enhanced Terraform Cloud Agents that let operations run within an organization's infrastructure, improving security and compliance.
• Enhanced Free tier features in Terraform Cloud, including single sign-on, policy as code and cloud agent.

Pricing

Terraform Cloud has Free, Standard, Plus and Enterprise tiers. The Free tier offers up to 500 managed resources per month. The Standard tier is available through monthly credit card billing or as part of an annual contract. The Plus tier offers additional capabilities for continuous infrastructure management. Pricing for paid tiers is based on the number of resources under management, with the first 500 resources included free in the Standard tier.

Support and training

HashiCorp provides community support for the open source version and dedicated technical support for Terraform Cloud and Enterprise customers. Official training includes online courses, instructor-led workshops and certification programs. Public training courses are held virtually throughout the continental United States and Europe, focusing on specific HashiCorp tools. Private trainings are multiday programs customized for an organization's specific interests. Extensive documentation and a community forum are also available.

Key takeaway

Terraform's cloud-agnostic approach and ecosystem make it a good choice for organizations managing multi-cloud or hybrid cloud environments, especially those prioritizing infrastructure portability and consistency.

VMware Cloud Foundation Automation: Multi-cloud infrastructure management

VMware Cloud Foundation Automation, formerly Aria Automation, offers cloud infrastructure automation for private and multi-cloud environments. The product integrates several components: Aria Automation Assembler (formerly Cloud Assembly) for provisioning, Aria Automation Service Broker (formerly Service Broker) for managing catalog items and Aria Automation Pipelines (formerly Code Stream) for application and infrastructure automation.

Key features

• Streamlined network tenancy and management with enhanced virtual private cloud integration in vCenter server management software and VCF Automation.
• Self-service infrastructure provisioning through the Cloud Consumption Interface.
• Enhanced VMware Private AI infrastructure consumption, including support for GPU-enabled Tanzu Kubernetes Grid clusters.
• Improved SDDC infrastructure consumption with Day 2 actions for onboarded VMs.
• New cloud admin launchpad for quick setup of cloud services.
• Kubernetes-based, desired state IaaS APIs available in the vSphere platform.
• Unified governance and compliance framework for private cloud infrastructures.
• Enhanced native Kubernetes integration for managing container-based applications alongside traditional infrastructure.

Pricing

Organizations should contact VMware for the most current pricing information.

Support and training

VMware Cloud Foundation Automation comes with Broadcom's Essential Software Maintenance from VMware's parent company. It includes software updates, tech support, a customer support portal and other types of assistance. For a fee, customers can add professional services, such as training and certification programs and expert consulting for implementation, optimization and user adoption. VMware provides product documentation and free hands-on labs for users to try products in a virtual environment.

Key takeaway

VMware Cloud Foundation Automation's multi-cloud management capabilities, enhanced Kubernetes integration and AI-driven optimization position it as a good solution for organizations seeking to manage complex, hybrid cloud environments. Its pricing model, training options and tiered support packages make it adaptable to various organizational needs.

VMware Tanzu Salt: Event-driven infrastructure automation

Tanzu Salt is an infrastructure automation and configuration management platform that uses Salt, an open source engine built by the Salt Project. It uses a unique event-driven approach to manage and orchestrate IT environments.

Key features

• Event-driven architecture for real-time infrastructure management.
• Agentless and agent-based management options for flexibility.
• Remote execution capabilities for large-scale deployments.
• State management for consistent configuration across environments.
• Built-in security features, including encrypted communications and fine-grained access controls.
• Extensible plugin system for custom module development.
• Integration with HashiCorp Vault, improved token lifecycle management and support for new OSes.

Pricing

Tanzu Salt can only be purchased as part of VMware's Tanzu platform for cloud-native applications. Organizations should contact VMware for enterprise pricing. The Salt Project community offers its open source version for free.

Support and training

VMware offers comprehensive support for Tanzu Salt customers, including technical support, product updates and access to knowledge bases. Training options include self-paced online courses, instructor-led virtual classes and custom on-site training programs.

Key takeaway

Tanzu Salt's event-driven approach and SecOps capabilities make it well suited for organizations looking to automate infrastructure management and security operations in a unified platform. Its ability to handle large-scale deployments and integrate security automation makes it a good tool for IT environments.

Editor's note: This article was updated in October 2024 to include additional cloud provisioning and infrastructure automation tools, update product information and improve the reader experience.

Adam Bertram is a 20-year veteran of IT and an experienced online business professional. He's an entrepreneur, IT influencer, Microsoft MVP, blogger, trainer and content marketing writer for multiple technology companies.

Robert Sheldon is a freelance technology writer. He has written numerous books, articles and training materials on a wide range of topics, including big data, generative AI, 5D memory crystals, the dark web and the 11th dimension.