IaC Toolbox: Best Tools and Techniques

For an introduction to Infrastructure-as-Code, we recommend reading the first part of our blog series.

When dealing with modern IT infrastructure, cloud, DevOps and Infrastructure-as-Code, it can be confusing to distinguish between the different tools and use cases such as Terraform and Pulumi, as well as configuration management tools such as Ansible, Chef or Puppet. It is therefore important to understand the difference between infrastructure-as-code, infrastructure deployment and configuration management.


First, some conceptual basics from an infrastructure point of view:

IT infrastructure consists of a combination of hardware and software components. (Server, storage, network, firewall devices, routers, etc.).

Provisioning is the process of creating infrastructure and making it available to end users.

Configuration is the process of assembling and setting up the provisioned IT infrastructure resources. For example, installing and configuring a database on a server or configuring a firewall device.

Automation refers to the process of implementing recurring tasks, processes or procedures. For example, the installation of Nginx on a server automated by code.

Orchestration is the process of coordinating multiple automations. The output of one automation can be used as input to another automation. For example, to provision a server, you need a network. So one automation will provision network resources and another will use its output to provision servers.

With the advent of cloud computing, infrastructure provisioning has become easy because most complex configurations are abstracted by cloud providers using virtualisation and software-defined networking. You can provision networks, servers and storage in minutes using APIs. All cloud providers provide APIs so you can use programming languages to manage your IT infrastructure and configure provisioned resources using code.

Using code to provision and configure infrastructure is called Infrastructure-as-Code (IaC). In simple terms, this is coding infrastructure provisioning and configuration.

Provisioning vs Configuration

The table below provides an overview of the most popular deployment tools such as Terraform, Pulumi, AWS CDK, AWS CloudFormation, Microsoft ARM, Microsoft Bicep and Google Cloud Deployment Manager. These tools support infrastructure automation for a variety of cloud environments, including AWS, Azure and Google Cloud.

From declarative languages to the use of familiar programming languages, these tools offer a wide range of features and flexibility for building and managing infrastructure. Whether you have a multi-cloud strategy or are specific to one cloud provider, there is a tool to suit your needs.

In addition to the tools shown in the table, it is important to note that there are a variety of other tools that can be counted as infrastructure-as-code. In this article, we will focus mainly on Infrastructure-as-Code tools that are designed to provide infrastructure resources. However, it is also important to understand the distinction between these tools and other types of infrastructure management tools. In addition to provisioning tools, there are also configuration management tools that focus on configuring and managing software components within the infrastructure.

Configuration management tools such as Ansible, Chef, Puppet or Salt provide mechanisms for automating the installation, configuration and updating of software on infrastructure resources. They play a critical role in managing the configuration and state of software on deployed resources.

It is important to note that both types of tools are often used in combination to provide comprehensive infrastructure automation and management. While configuration management tools focus on the software layer, infrastructure-as-code provisioning tools enable automation and management of the underlying infrastructure that runs the software.

Infrastructure-as-Code Tools Overview for AWS, Azure, and GC

The chart provides an overview of the most common infrastructure-as-code tools for deployment on the three major public cloud platforms and their programming languages. See the table for more details on each tool.


There are many popular and widely used infrastructure-as-code tools that developers and DevOps teams use to build and manage their infrastructure in an automated way. Choosing the best tool depends on specific requirements, target systems and team preferences. Here are some of the most important and widely used tools:



HashiCorp Terraform is an Infrastructure-as-Code tool that lets you define both cloud and on-premises resources in human-readable configuration files that you can version, reuse and share. As a result, you can use a consistent workflow to deploy and manage your entire infrastructure throughout its lifecycle. Terraform can manage low-level components such as compute, storage and network resources, as well as high-level components such as DNS records and SaaS capabilities.


All Cloud providers
Multi Cloud
Hybrid Cloud


HashiCorp Configuration Language (HCL)
JSON compatibleHybrid Cloud



AWS CDK is an open source framework that enables you to model and deploy AWS cloud resources using the programming language of your choice. It lets you model application infrastructure using TypeScript, Python, Java, or .NET. Behind the scenes, the framework uses AWS CloudFormation to deploy resources in a secure and repeatable manner.




TypeScript, JavaScript, Python, Java, C#, Go



Pulumi is an open source infrastructure-as-code tool that allows you to build, deploy, and manage cloud infrastructure using common programming languages and tools.
Unlike Terraform, which has its own language and syntax for defining infrastructure as code, Pulumi uses real languages. You can write configuration files in Python, JavaScript, or TypeScript. In other words, you are not forced to learn a new programming language just to manage infrastructure.


AWS, Microsoft Azure, Google Cloud Platform, Kubernetes, VMware etc. 


TypeScript, Python, JavaScript, Go, .NET (C#)


AWS Cloud Formation

AWS CloudFormation is a service for deploying AWS infrastructure with code. It allows you to model a collection of related resources, both AWS and third-party, and deploy them quickly and consistently.






Microsoft Bicep

Bicep is a domain-specific language (DSL) that uses a declarative syntax for deploying Azure resources. In a Bicep file, you define the infrastructure you want to deploy in Azure, and then use that file throughout your development lifecycle to repeatedly deploy your infrastructure. Your resources are deployed consistently.
Bicep provides concise syntax, reliable type safety, and support for code reuse. Bicep provides a best-in-class authoring experience for your Infrastructure-as-Code solutions in Azure.


Microsoft Azure


Bicep, JSON


Google Cloud Deployment Manager

Google Cloud Deployment Manager is an infrastructure deployment service that automates the creation and management of Google Cloud resources. With this service, you can create flexible templates and configuration files and use them to create multi-service deployments (cloud storage, compute engine, cloud SQL, etc.).
Google Cloud Deployment Manager also provides languages such as Jinja or Python that you can use to define the resources you want. This allows you to use a declarative language to define the resources, helping you to specify their properties and granularity.


Google Cloud Platform


Python, Jinja2

Frequently asked questions about IaC and configuration management

Can configuration management tools be used to provision resources?

Yes, they can. Configuration management tools support the provisioning of servers using their resources. However, it is recommended that you use full-fledged infrastructure provisioning tools.

What is the difference between Orchestration and Configuration Management?

Orchestration is the process of coordinating multiple automation pipelines and integrating different toolsets. Configuration management, on the other hand, configures a server with the required applications and configurations.

What is a practical example of orchestration in DevOps?

A practical example of orchestration is a Jenkins CI/CD pipeline. When a developer creates a pull request or commits code to Git, Jenkins takes care of testing, packaging, creating infrastructure resources, and deploying the applications. Jenkins orchestrates the entire process by integrating multiple DevOps tools and executing automation in the right order.

You have a question about this article: Contact our cloud expert Robert Hackenfort

Would you like to delve deeper into the topic? Florian Bemmerl, Cloud Architect and Data Engineer at PROTOS Technologie, explains:


Mit dem Laden des Videos akzeptieren Sie die Datenschutzerklärung von YouTube.
Mehr erfahren

Video laden