Infrastructure as Code (IaC) Cost Analysis: Terraform vs Pulumi vs CloudFormation

Critical Pricing Changes - March 2025

IBM HashiCorp Acquisition Impact:

• Eliminated Terraform free tier affecting 500,000+ developers
• Now charges $0.00013-$0.00135 per resource per hour (24/7 billing)
• All resources in state file count as billable, including data sources

Tool Pricing Structure

Terraform (IBM HCP)

• Free Tier: None (eliminated March 2025)
• Essentials: $0.00013/hour per resource ($0.09/month per resource)
• Standard: $0.00064/hour per resource ($0.47/month per resource)
• Premium: $0.00135/hour per resource ($0.98/month per resource)
• Critical Issue: Data sources count as billable resources
• Billing Gotcha: Terraform 1.6.0+ creates duplicate state entries (bug costs money)

Pulumi

• Individual: 500 resources free (150k credits = 205 resources max/month)
• Team: $40/month + $0.1825/resource/month
• Enterprise: $400/month + $0.365/resource/month
• Credits expire if unused (unlike actual storage)
• Secrets cost extra: $0.50/secret/month beyond free limits

CloudFormation

• Always free for AWS resources
• Third-party resources: $0.0009 per handler operation (1,000 free/month)
• Hidden cost: Failed deployments create/destroy expensive resources multiple times
• No vendor lock-in - easiest to migrate away from

Resource Count Reality Check

What counts as billable resources:

• All AWS resources (EC2, S3, RDS, etc.)
• Data sources (AMI lookups, VPC references, availability zones)
• Provider configurations
• Local and null resources
• Import operations create temporary state entries

Command to check: terraform state list | wc -l

Real example: Developer counted 47 resources manually, but terraform state list showed 63 due to uncounted data sources.

Real-World Cost Scenarios

Small Team (50 Resources: VPC + EKS + RDS)

• Terraform Standard: $23.50/month
• Pulumi Team: $49.12/month
• CloudFormation: $0/month
• Winner: CloudFormation (cost), Pulumi (productivity)

Medium Team (200 Resources: Multi-environment)

• Terraform Standard: $94/month
• Pulumi Team: $76.50/month
• CloudFormation: $0/month
• Winner: CloudFormation (cost), depends on team skills for productivity

Enterprise (1000+ Resources)

• Terraform Premium: $470-990/month
• Pulumi Enterprise: $765/month
• CloudFormation: $0/month
• Critical Factor: Team scaling difficulty with HCL vs programming languages

Hidden Costs and Training Requirements

Training Time Investment

• Terraform: 2-3 weeks per developer (HCL learning curve), $25,000+ lost productivity for 5-person team
• Pulumi: 1 day if team knows TypeScript/Python, 2-3 weeks for infrastructure engineers to learn object model
• CloudFormation: 3-4 weeks for everyone to memorize AWS resource syntax

State Management Disasters

• Terraform: State corruption costs $0.64/hour per resource during rebuild
• Pulumi: State corruption repair costs $500/hour support
• CloudFormation: Stack protection prevents most disasters, but AWS support starts at $400/month

Migration Costs

• From Terraform: $45,000 consulting for 400 resources (complex setups require manual recreation)
• From Pulumi: $200/hour consulting minimum (proprietary state format)
• From CloudFormation: Easiest - delete stacks, resources remain, import to new tool

Production Impact on Architecture Decisions

Cost-driven bad practices:

• Reusing IAM roles across services instead of proper per-service roles (security compromise)
• Consolidating dev/staging/prod environments (debugging production issues increases)
• Reducing proper testing environments due to state management costs

3-Year Total Cost of Ownership (200 Resources)

Terraform Standard

• Tool costs: $3,384
• Training: $90,000 (5 developers × 3 weeks)
• State management overhead: $21,600
• Total: $114,984

Pulumi Team

• Tool costs: $2,754
• Training: $30,000 (5 developers × 1 week)
• Development velocity gain: -$108,000 (saves money)
• Total: -$75,246 (net savings)

CloudFormation

• Tool costs: $0
• Training: $120,000 (5 developers × 4 weeks)
• Template maintenance overhead: $43,200
• Total: $163,200

Multi-Cloud Considerations

• Terraform: Only viable multi-cloud option, but 3× state management costs
• Pulumi: Multi-cloud works, but secrets across clouds cost $50-100/month extra
• CloudFormation: AWS only, requires multiple IaC tools for multi-cloud

Secrets Management Costs

Typical production requirements:

• Database passwords: 10-15 secrets
• API keys: 5-20 secrets
• SSL certificates: 3-10 secrets
• Service account keys: 5-15 secrets

Costs for 70 secrets:

• Terraform + Vault: $72.92/month minimum
• Pulumi ESC: $35/month ($0.50/secret)
• CloudFormation + Systems Manager: $0 (first 10,000 parameters free)

Compliance and Governance Costs (500 Resources)

• Terraform Premium: $590/month
• Pulumi Enterprise: $400/month
• CloudFormation + AWS Config: $67.50/month

Critical Decision Factors

Choose Terraform if:

• Multi-cloud requirement is non-negotiable
• Team already knows HCL
• Complex provider ecosystem needed
• Can absorb IBM pricing increases

Choose Pulumi if:

• Team uses TypeScript/Python/Go
• Development velocity is priority
• Can justify higher tool costs for productivity gains
• Need strong compliance features

Choose CloudFormation if:

• AWS-only infrastructure
• Cost minimization is critical
• Avoiding vendor lock-in is important
• Team can handle YAML complexity

Immediate Action Items

If using Terraform:

1. Run terraform state list | wc -l to count billable resources
2. Export state before losing access: terraform state pull > backup.tfstate
3. Evaluate resource consolidation opportunities (carefully)
4. Budget for IBM pricing model going forward

If evaluating migration:

1. Calculate actual resource count across all environments
2. Factor in 2-4 weeks engineering time for migration
3. Consider team skill overlap with target tool
4. Plan migration during low-activity periods

Cost optimization strategies:

1. Remove unnecessary data sources
2. Consolidate similar resources where safe
3. Use resource targeting for partial deployments
4. Monitor state file growth over time

Warning Signals

• Terraform: Unexpected resource count increases (check for 1.6.0+ duplicate state bug)
• Pulumi: Credit consumption faster than expected (data sources count)
• CloudFormation: Failed deployments leaving expensive resources running
• All tools: Team velocity decreasing due to tool complexity

Vendor Lock-in Risk Assessment

• Terraform: Total (IBM controls pricing, HCL knowledge non-transferable)
• Pulumi: High (VC-funded, pricing will likely increase, proprietary state)
• CloudFormation: Minimal (AWS native, standard formats, easy migration)