The Infrastructure as Code landscape fractured in 2023 when HashiCorp changed Terraform's license from MPL 2.0 to the Business Source License. That decision created a three-way race where previously there was a clear leader. Terraform remains the most mature and widely used IaC tool, Pulumi offers a fundamentally different approach using real programming languages, and OpenTofu preserves the Terraform experience under a community-governed open-source license.
Terraform's HCL (HashiCorp Configuration Language) is a domain-specific language purpose-built for infrastructure declaration. Its strength is constraint: HCL is expressive enough for complex infrastructure but limited enough to prevent the kind of spaghetti code that general-purpose languages enable. For teams that value readable, auditable infrastructure definitions, HCL's declarative nature is a feature, not a limitation. The provider ecosystem of 4,000+ remains Terraform's most significant moat.
Pulumi takes the opposite approach: use the programming languages you already know — TypeScript, Python, Go, C#, Java — to define infrastructure. This means full IDE support, type checking, unit testing with standard frameworks, loops and conditionals without workarounds, and the ability to share infrastructure code through standard package managers (npm, pip, Go modules). For software engineers who find HCL limiting, Pulumi removes the DSL barrier entirely.
OpenTofu is a fork of Terraform 1.5.x maintained by the Linux Foundation, keeping the HCL language, state management model, and provider ecosystem while guaranteeing MPL 2.0 licensing. For organizations that were using Terraform and need truly open-source IaC, OpenTofu provides a migration path that preserves existing configurations, modules, and team expertise. It has also introduced features not available in Terraform, including state encryption and early variable evaluation.
Provider ecosystem maturity is where Terraform and OpenTofu share an advantage over Pulumi. Both use the same Terraform provider ecosystem, meaning virtually every cloud service has a well-maintained provider. Pulumi supports Terraform providers through a bridge layer, which works but occasionally introduces compatibility edge cases. Pulumi-native providers exist for major clouds but the long tail of niche providers is thinner.
State management works similarly across all three: a state file tracks the mapping between your configuration and real-world resources. Terraform stores state in Terraform Cloud, S3, or other backends. OpenTofu supports the same backends plus adds state encryption at rest — a security feature Terraform doesn't offer natively. Pulumi manages state through Pulumi Cloud (managed) or self-hosted backends, with built-in encryption. For security-sensitive organizations, both OpenTofu and Pulumi handle state security better than Terraform by default.