Bicep vs Terraform vs Pulumi

Transcript

1. @erwin_staal 1 Bicep vs Terraform vs Pulumi Erwin Staal @erwin_staal

   Infrastructure as Code on Azure:

2. @erwin_staal 2 2 Erwin Staal AZURE ARCHITECT DEVOPS CONSULTANT

3. @erwin_staal 3 3 Erwin Staal AZURE ARCHITECT DEVOPS CONSULTANT

4. @erwin_staal

5. @erwin_staal “Bicep is a domain-specific language (DSL) that uses declarative

   syntax to deploy Azure resources.” “Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.” “Pulumi provides the industry’s only automation workflow capability that allows software engineering to be applied to solve and manage cloud infrastructure at scale.” › Created by Microsoft, GA in May 2021 › Open Source › The replacement of ARM Templates › Uses a DSL › Created by HashiCorp in 2014 › Open Source › Uses a DSL (HCL = HashiCorp Configuration Language) › * Terraform CDK (Cloud Development Kit) › Created by Pulumi in 2018 › Open Source › Write you IaC in your favorite language: TypeScript, JavaScript, Python, Go, .NET, Java, and YAML

6. @erwin_staal DEMO

7. @erwin_staal Deploy Bicep 7 az deployment group create -g rg-bicep-tst

   -f demo.bicep

8. @erwin_staal Deploy Bicep 8 az deployment group create -g rg-bicep-tst

   -f demo.bicep --what-if

9. @erwin_staal Deploy Terraform 9 terraform apply

10. @erwin_staal Deploy Pulumi 10 pulumi up

11. @erwin_staal Deploy with a plan 11

12. @erwin_staal Deploy with a plan 12

13. @erwin_staal Single or Multi Cloud? 13 Control Plane vs Data

    plane

14. @erwin_staal › Groups resources in logical units per cloud service

    › Official and Community providers › Distributed as plugins › For Pulumi: Native or Terraform Terraform and Pulumi Providers

15. @erwin_staal › Terraform and Pulumi must store state about your

    managed infrastructure and configuration › Bicep does not have state › Terraform: by default, in a local file named "terraform.tfstate” › Can also be stored remotely, which works better in a team environment › Pulumi: by default, in their SaaS offering › State can make things difficult Terraform state example State

16. @erwin_staal State and secrets › State can contain sensitive data:

    password, private keys, etc. › Terraform state is stored in plain-text JSON files › Pulumi: state is encrypted with a per stack key › You need to ensure encryption at rest, IAM, TLS connection, IP whitelisting Terraform state example

17. @erwin_staal DEMO

18. @erwin_staal Server vs Client-side execution

19. @erwin_staal Ecosystem › Azure DevOps / GitHub Actions › Checkov

    › TFSec › TFLint › Terratest › Terradocs › Git pre-commit › Azure DevOps / GitHub Actions › Checkov › Linter with a lot of built-in rules (ARM TTK) › PSRule › Azure DevOps / GitHub Actions › Test frameworks › SonarCloud etc.

20. @erwin_staal Community - stackoverflow This is all Azure This is

    not all Azure

21. @erwin_staal Community - stackoverflow

22. @erwin_staal Community – Google Search Trends Terraform Bicep Pulumi Searched

    for: terraform, azure bicep and Pulumi, last year

23. @erwin_staal Community – Google Search Trends Bicep Pulumi Searched for:

    azure bicep and Pulumi, last 5 years

24. @erwin_staal So, what is the best tool? Simplicity +++ ++

    + Power of DSL / Language + ++ +++ Multi Cloud - ++ +++ Developer Experience +++ + +++ Deployment ++ +++ +++ Providers - ++ +++ Community ++ +++ + Ecosystem ++ +++ + Build your own workflow + + +++

25. @erwin_staal 26 https://www.erwinstaal.nl - https://www.github.com/staal-it Thanks! @erwin_staal Erwin Staal 26

    26 @erwin_staal