8 IaC tools comparison for automated deployments

What are IaC tools and why should you use one?

IaC tools are software tools designed to assist with the provisioning and configuration of IT resources using code rather than manually deploying resources. Typically, such tools generate declarative template files in formats such as JSON, XML or YAML. These files programmatically deploy IT resources, such as VMs.

IaC tools are commonly categorized as declarative, imperative or hybrid. A declarative tool lets users define the desired outcome, and then it figures out how to achieve that outcome. Conversely, an imperative tool requires users to provide the exact steps and commands to achieve their desired outcome. A hybrid tool combines the two previous approaches, giving users maximum flexibility.

Sometimes, an IaC tool writes all necessary code on the user's behalf. Even if they use an imperative tool that requires them to write the code themselves, it likely includes assistive features that make the process easier and less error-prone. IaC tools also help with version control and integration into IT pipelines.

1. AWS CloudFormation

The AWS CloudFormation IaC service enables users to model, provision and manage related AWS and third-party resources in the AWS Partner Network throughout their lifecycle. Developers use CloudFormation templates to describe the desired resources and their configurations. CloudFormation then uses the template code to provision and assemble the resource stacks, which administrators can deploy across multiple AWS accounts and regions.

Key features

• Developers can build resource providers using the CloudFormation CLI, an open source tool that streamlines development.
• CloudFormation automates the provisioning and updating of infrastructure processes and enables admins to roll back stack-related operations to a previous state in response to triggered CloudWatch alarms.
• Developers can model a cloud environment entirely in text files, using open source declarative languages, such as JSON or YAML. AWS Cloud Development Kit also enables developers to define a cloud environment using TypeScript, Python, Java and Microsoft .NET.
• Developers can build serverless applications using AWS Serverless Application Model, an open source framework that provides shorthand syntax for application definitions.
• CloudFormation enables users to preview how changes might affect running infrastructure and decide whether to implement the changes. For example, users can verify that CloudFormation will not accidentally delete or modify any of their critical resources before executing a change set.

Integrations

CloudFormation integrates with other AWS offerings, such as AWS Service Catalog and AWS Identity and Access Management. Admins can also use CloudFormation Registry to model and provision third-party application resources and AWS resources. In addition, AWS CloudFormation on GitHub offers open source projects that extend the platform's capabilities.

Pricing

CloudFormation is billed based on the number of handler operations performed. Handler operations include CREATE, UPDATE, DELETE, READ and LIST. Use AWS Pricing Calculator to estimate the cost of using CloudFormation.

Support

Amazon offers four paid support plans: Developer, Business, Enterprise On-Ramp and Enterprise. Amazon also offers comprehensive online documentation for CloudFormation and all the other AWS services. Amazon Q, Amazon's generative AI (GenAI) assistant, can answer questions about the various AWS services.

2. Chef Infra

The Chef Infra automation platform transforms infrastructure into code. It enables organizations to automate how they configure, deploy and manage infrastructure across their networks, whether operating on-premises, in the cloud or within hybrid environments. Organizations can use Chef Infra to ensure their systems are configured correctly and consistently, even as workload requirements change.

Key features

• Chef Infra makes infrastructure configurations testable, portable and auditable, and it ensures infrastructure changes are consistent and repeatable.
• Chef Infra can continuously configure systems against a desired state, while automating infrastructure validation and configuration.
• Developers and admins can use simple declarative definitions to carry out common administrative tasks.
• Chef Infra can automatically correct configuration drift without impacting properly configured systems.

Integrations

Chef Infra Server provides a REST API that enables admins to access server objects, including nodes, roles, environments, users and cookbooks. Chef Infra can also configure a variety of cloud-based services, as well as integrate cloud provisioning APIs and third-party software.

Chef Infra also works with other Chef products. Chef Workstation, for example, works with Chef Infra and enables organizations to test policy changes prior to enforcing them. Similarly, Chef Automate can validate states of systems throughout an organization.

Pricing

Chef has made all its products open source and covered by the Apache 2.0 license. However, commercial and enterprise customers must purchase a subscription to use Chef products in a production environment.

Support

A paid subscription is necessary to get support for Chef Infra and other Chef products. The Chef Enterprise subscription includes 24/7 enterprise support.

3. Google Cloud Deployment Manager

Google Cloud Deployment Manager is an infrastructure deployment service that is part of Google Cloud. The service uses template and configuration files to automate the creation and management of Google Cloud resources, such as Cloud Storage, Cloud SQL and Compute Engine. Deployment Manager treats infrastructure like software, enabling admins to provision, configure and deploy many resources in a single operation.

Key features

• Deployment Manager supports the use of parallel deployments, meaning that large-scale deployments are completed quickly since multiple deployment operations occur simultaneously.

• Deployment Manager takes a declarative approach to infrastructure, using the YAML language. This approach enables users to specify what the configuration should look like and then lets the platform determine what steps to take.
• Developers can use JSON to create parameterized templates to define resources that commonly deploy together. Python and Jinja2 templates are supported.
• Deployment Manager provides a preview mode admins can use to view an operation's impact before committing the changes.
• One resource definition can reference other definitions to create dependencies and control the order of resource deployments.

Integrations

Customers can register third-party APIs with the Deployment Manager service and then use Deployment Manager to deploy resources as types in the infrastructure configuration. Deployment Manager includes its own API for facilitating access to resource types.

Pricing

Deployment Manager is available at no additional charge to Google Cloud customers. As with Azure Resource Manager, charges are based on the provisioned resources. However, Google offers 20-plus Google Cloud services in its free tier.

Support

Google Cloud general support offers four support packages. Basic support is free to all Google Cloud customers. Standard support costs $29 per month, or 3% of monthly charges. Enhanced support costs $100 per month, or 10% of monthly charges for up to $10,000 per month of spending. There is a support fee for amounts over $10,000 per month of spending, but the percentage gradually decreases for higher spending amounts. Premium support costs $15,000 per month, or 10% of monthly charges for up to $150,000 per month of spending. There is a support fee for amounts over $150,000 per month of spending, but the percentage gradually decreases for higher spending amounts.

4. HashiCorp Terraform

Terraform is available for Windows, macOS and Linux. There is also a cloud-based version. It enables users to build, change and version infrastructure. The platform can manage low-level resources, such as compute instances, as well as high-level components, such as DNS entries.

Key features

• Terraform generates an execution plan that shows the changes that will be applied to the infrastructure before committing those changes.
• The platform uses execution plans and resource graphs to apply complex changesets to infrastructures with minimal human interaction.
• Terraform can determine changes in a configuration and create incremental execution plans that users can apply.
• The multi-cloud compliance and management capabilities enable users to provision and maintain public cloud, private infrastructure and cloud services with a single workflow.
• The platform provides self-service capabilities that enable users to provision infrastructure on demand from a library of approved resources.

Integrations

Terraform can integrate with a variety of systems, including cloud, DevOps, databases, network, source control, IT tools and infrastructure software. The platform can integrate with GitHub, AWS, Microsoft Azure, Brightbox, Skytap, Linode, MongoDB, Splunk, Densify and Cisco networks.

Pricing

Although Terraform was once open source, HashiCorp is now a Business Source License. However, most of the company's APIs, SDKs and libraries continue to be freely available. The company offers a free Terraform version that enables up to 500 resources per month. The Standard version price starts at $0.00014 per hour per resource. HashiCorp offers Plus and Enterprise editions but does not disclose pricing for those editions.

Support

HashiCorp offers community support for all four of its pricing tiers. Premium support services are available for the Standard, Plus and Enterprise tiers.

5. Microsoft Azure Resource Manager

Azure Resource Manager is a deployment and management service for Microsoft Azure resources. The service provides users with a management layer to create, update and delete resources. It also offers features such as access control, locks and tags to secure and organize resources after deployment. Users implement infrastructure using templates, which are JSON files that define the resources and configurations necessary to support a project.

Key features

• Resource Manager enables users to deploy resources together and easily repeat deployment tasks, while ensuring they implement resources consistently.
• Developers define the infrastructure and its dependencies in a single declarative template that they can use in multiple environments, such as testing, staging or production.
• Resource Manager offers role-based access control that enables organizations to determine who can perform actions on their resources.
• Developers can use Azure Resource Manager Tools for Visual Studio Code to simplify the template creation and validation process.

Integrations

Resource Manager provides integration with other Azure services, such as Azure Policy or Azure DevOps, for CI/CD.

Pricing

Resource Manager is a free service, so any charges incurred are based on the provisioned resources. Microsoft encourages customers to apply tags to resources or to group resources together to make it easier to determine their collective costs.

Microsoft offers more than 20 additional Azure services for free as a part of its free tier. Plus, Microsoft provides new users with a $200 credit to try Azure for 30 days. This enables an organization that's new to Azure to get a good sense of how Resource Manager works with various Azure services.

Support

Support for Resource Manager is part of Azure support, which offers four plans, each one building on the next. The Basic plan is free to all Azure customers. The Developer plan runs $29 per month and is ideal for trial and nonproduction environments. The Standard plan is $100 per month and is suitable for production workload environments. The top-tier support plan, Professional Direct, is $1,000 per month and is appropriate for business-critical workloads.

6. Puppet Enterprise

Puppet Enterprise is an integrated platform that organizations can use to manage and automate infrastructure and complex workflows. The platform enables admins to manage infrastructure at a global scale.

Key features

• Puppet Enterprise continuously enforces the desired infrastructure state to ensure security and compliance requirements are being met.
• Organizations can build or reuse existing code or integrate shared content from Puppet Forge to orchestrate complex tasks and deploy applications.
• Automate Windows and Linux server patching from within the Puppet Enterprise console, which makes it easier to maintain the health and security of each host.
• Puppet Enterprise enables organizations to scale their automations across teams without having to sacrifice consistency or safety.
• Organizations can authorize federated teams through role-based access control to view, author, operate and deliver objects.

Integrations

Puppet Enterprise can integrate with various vendor products, including AWS, Google, HashiCorp, Microsoft, ServiceNow, Splunk and VMware. In addition, Puppet Server exposes multiple services through its HTTP API. For example, organizations can use the API to manage node configurations. Many development tools also provide integrations with Puppet.

Pricing

Puppet doesn't publish pricing information for Puppet Enterprise. Organizations interested in the product should contact Puppet sales. Those who wish to learn more about Puppet Enterprise prior to making a purchase can take a free online course or try out Puppet for free with a 10-node trial.

Support

Puppet Enterprise offers two levels of support. Standard support, which is available during local business hours, is best suited for use by customers who are not using Puppet Enterprise to perform mission-critical tasks. Those with more demanding support requirements should consider the Premium support option.

7. Red Hat Ansible Automation Platform

Red Hat Ansible Automation Platform helps admins build and operate automation services at scale. The platform includes the Red Hat Ansible automation controller, which acts as the control plane; automation mesh, an overlay network used for workload distribution; Private Automation Hub, which enables developers to publish their own automation code; and Event-Driven Ansible, which supplies the platform's event handling capabilities.

Key features

• Users create YAML-based Ansible playbooks to describe automation jobs in a human-readable language that can be understood by different types of users. Red Hat also supplies Ansible validated content -- a collection of prebuilt YAML files that can be used for common automation tasks.
• Red Hat offers Ansible Lightspeed, a GenAI tool, that acts as a coding assistant. By using this tool, developers can create code easier.
• Event-Driven Ansible can receive signals from third-party tools, thereby enabling Ansible to take automated action based on those signals. By doing so, developers can construct advanced, fully automated, end-to-end tasks.
• Automation Hub offers a centralized portal for discovering content collections that provide customers with precomposed roles and modules, making it easier for them to move forward on their projects.

Integrations

Ansible includes hundreds of modules that provide extensive integration capabilities with support for a variety of OSes, virtualization platforms, storage systems, network components, cloud platforms, DevOps tools and security measures.

Pricing

Ansible pricing is based on how an organization decides to deploy Ansible. Ansible can be purchased as a managed service through AWS or Red Hat. It is available as a managed application through Red Hat or Microsoft Azure. There is also a self-managed option that can be deployed on-premises or on the AWS, Microsoft Azure or Google clouds. Pricing can vary widely from one deployment option to the next, although Red Hat does not publish its pricing.

Support

Ansible is available in two editions, which differ by support and features. The Standard edition offers support only during regular business hours. The Premium edition offers 24/7 support and responds faster. Each support issue is assigned a priority level, as defined by the terms of service.

8. Tanzu Salt

Tanzu Salt is based on an open source automation engine, Salt, which is licensed under the Apache 2.0 license. Salt was acquired by VMware and is now a part of VMware Tanzu. Today, Tanzu Salt is VMware's product for automation and remediation.

Key features

• Tanzu Salt can scan an organization's infrastructure, discover its applications and identify common vulnerabilities associated with those applications.
• The platform can deploy IaC and is able to automatically ensure that infrastructure adheres to a desired state configuration.
• Tanzu Salt can self-heal IT resources by automatically detecting and remediating configuration drift.
• The software can help organizations keep their IT resources up to date by using event-driven patch management.

Integrations

Tanzu Salt is designed to work with many other commonly used management tools, including Terraform, Ansible, Puppet, Bamboo, Splunk, CloudHealth, Tenable and Rapid7.

Pricing

VMware does not publish the price for Tanzu Salt. Users can get a price quote from a VMware partner or through VMware Marketplace.

Support

VMware offers community support and technical documentation through the Broadcom Support portal. Those who require a higher level of support can subscribe to VMware Production Support, which enables 24/7 remote support of your production environment.

Editor's note: This piece was updated in December 2024 to adjust vendor product information, such as integration, pricing and support. Vendors are listed in alphabetical order.

Robert Sheldon is a freelance technology writer. He has written numerous books, articles and training materials on a wide range of topics, including big data, generative AI, 5D memory crystals, the dark web and the 11th dimension.

Brien Posey is a former 22-time Microsoft MVP and a commercial astronaut candidate. In his more than 30 years in IT, he has served as a lead network engineer for the U.S. Department of Defense and a network administrator for some of the largest insurance companies in America.