TL;DR
- Pulumi is an open-source infrastructure-as-code framework that uses general-purpose languages — TypeScript, Python, Go, C#, and Java — instead of HCL or YAML.
- Apache 2.0 licensed, founded in 2017 by ex-Microsoft engineers (Joe Duffy, Eric Rudder), Seattle-based; commercial Pulumi Cloud SaaS for state/secrets/RBAC is optional.
- Same operating model as Terraform — declarative resources, imperative apply step — but with full programming-language ergonomics: loops, conditionals, abstractions, unit tests.
- Distinctive features in 2026: Pulumi ESC (Environments, Secrets, Configuration), AI-generated infrastructure (Pulumi Copilot), and Pulumi Insights for resource inventory across estates.
Why Pulumi Exists#
Terraform's HCL is intentionally limited — no general loops, no functions in the traditional sense, no first-class abstraction. The Terraform team made those choices for predictability, but they push engineers into copy-paste or external code generators as soon as the infrastructure grows non-trivial.
Pulumi's bet is that infrastructure benefits from the same language features as applications: types, packages, IDEs, debuggers, unit tests. A Pulumi program is a TypeScript (or Python/Go/etc) program that constructs resource objects; the Pulumi engine then diffs the resulting graph against state and applies changes the same way Terraform does.
Anatomy of a Pulumi Program#
import * as aws from "@pulumi/aws";
import * as eks from "@pulumi/eks";
// One declarative EKS cluster with H100 nodes
const cluster = new eks.Cluster("yobitel-h100", {
version: "1.31",
instanceType: "p5.48xlarge",
desiredCapacity: 4,
minSize: 0,
maxSize: 8,
nodeAmiId: aws.ec2.getAmi({ filters: [{ name: "name", values: ["amazon-eks-gpu-node-1.31-*"] }], owners: ["602401143452"] }).then(a => a.id),
});
export const kubeconfig = cluster.kubeconfig;State and Secrets#
Like Terraform, Pulumi maintains state per stack. Three options:
- Pulumi Cloud (default) — managed SaaS with versioned state, secrets encryption, and RBAC.
- Self-managed backends — S3, Azure Blob, GCS, or a local file. Free, no SaaS dependency.
- Pulumi ESC (Environments, Secrets, Configuration) — managed secrets and environment composition, separate from state.
Component Resources#
Pulumi's killer feature for large estates is Component Resources — first-class abstractions that bundle child resources and expose a cleaner interface. A `YobitelGpuCluster` component could wrap VPC + EKS + node group + Crossplane install + monitoring stack, exposing only `region`, `size`, and `complianceProfile`. Engineers consuming the abstraction get IDE autocompletion and type safety.
This is the equivalent of Terraform modules, but expressed in a real type system. Refactoring a Component Resource means renaming a class — IDE-supported across the whole codebase — rather than a search-and-replace through HCL.
Pulumi vs Terraform vs Crossplane#
| Aspect | Pulumi | Terraform | Crossplane |
|---|---|---|---|
| Language | TS/Py/Go/C#/Java | HCL | YAML / KCL |
| License | Apache 2.0 | BUSL since 2023 | Apache 2.0 |
| Model | Imperative apply | Imperative apply | Continuous controller |
| State | SaaS or backend | Backend or SaaS | etcd in cluster |
| Testing | Native unit tests | Plan + integration | Kubernetes-native |
| Best for | Logic-heavy IaC | Conventional IaC | Platform abstractions |
Adoption and Ecosystem#
Pulumi has a growing user base — Snowflake, Mercedes-Benz.io, BMW, Lemonade — but Terraform's installed base is far larger. The 2023 Terraform licence change to BUSL prompted some migrations to Pulumi (and to OpenTofu, the MPL-licensed Terraform fork). For greenfield projects in 2026, the choice often hinges on team language preference: a TypeScript-fluent platform team picks Pulumi; a team that already runs Terraform pipelines tends to stay there.
Pulumi can import existing Terraform state and projects via `pulumi import` and `pulumi convert`. Migration is incremental, not big-bang.
References
- Pulumi Documentation · Pulumi
- pulumi on GitHub · GitHub