Infrastructure as Code

8 open source tools compared. Sorted by stars — scroll down for our analysis.

Tool	Stars	Velocity	Language	License	Score
Ansible Radically simple IT automation	68.4k	+20/wk	Python	GNU General Public License v3.0	77
terraform Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.	48.0k	+29/wk	Go	BSL 1.1	87
OpenTofu Open Terraform fork for declarative cloud infra	28.3k	+58/wk	Go	Mozilla Public License 2.0	76
Pulumi Infrastructure as Code in any programming language	24.9k	+17/wk	Go	Apache License 2.0	79
Packer Machine image builder	15.6k	—	Go	BSL 1.1	69
Semaphore Modern UI for Ansible, Terraform, and other DevOps tools	13.4k	+16/wk	Go	MIT License	79
Crossplane Cloud native control plane	11.6k	+17/wk	Go	Apache License 2.0	79
lift	943	+1/wk	TypeScript	MIT	63

Our Analysis

Ansible68.4k★

Ansible lets you configure servers, deploy applications, and automate IT tasks across dozens or thousands of machines by describing what you want in YAML, not writing shell scripts. No agents installed on target machines; it connects over SSH and runs commands. That simplicity is why it became the default automation tool. GPL v3, Python. Red Hat owns it. You write 'playbooks' (YAML files describing desired state) and Ansible connects to your servers and executes them. Thousands of community modules handle everything from AWS provisioning to Cisco router configuration. The open source CLI is fully free. Red Hat sells Ansible Automation Platform (AAP), a web dashboard, RBAC, audit trails, execution environments, and certified content. AAP starts around $13,000/year for a standard subscription. Solo or small team: the free CLI does everything you need. Write playbooks, run them from your laptop or a CI server. Medium teams (10-50): you'll want AWX (the free upstream of AAP's web UI) for centralized execution and credential management. Large orgs: AAP's enterprise features (RBAC, compliance, certified modules) justify the cost when you have 50+ people touching infrastructure. The catch: YAML-as-code hits a wall. Complex logic in playbooks is painful. Jinja2 templating inside YAML is ugly and hard to debug. And the agentless SSH model, while simple, is slower than agent-based tools at scale. If you have 1,000+ nodes, Ansible gets slow without careful tuning.

terraform48.0k★

Terraform lets you define all of it in code files instead of clicking through AWS/GCP/Azure consoles. Write what you want, run `terraform apply`, and it creates everything. Change the file, run it again, and it updates only what changed. What's free: The CLI tool is free to download and use. You can manage any cloud provider, any scale, no limits. The language (HCL), the state management, the plan/apply workflow. All free. Terraform is THE infrastructure-as-code tool. Used by everyone from startups to Fortune 500s. Every cloud provider has an official Terraform provider. The ecosystem of modules and providers is unmatched. The catch: HashiCorp changed Terraform's license from open source (MPL) to source-available (BSL 1.1) in 2023. You can still use it freely, but competitors can't build commercial products on it. This spawned OpenTofu, a community fork under the Linux Foundation. The state file management is also a real pain point. You need remote state storage (S3, GCS, or Terraform Cloud) for any team usage, and state file corruption can ruin your day.

OpenTofu28.3k★

OpenTofu is the community fork of Terraform that stays truly open source. It's a drop-in replacement for Terraform, maintained by the Linux Foundation. MPL-2.0 licensed. You take your existing Terraform configs (.tf files), point them at OpenTofu instead, and everything works. Same HCL language, same provider ecosystem, same state management. The migration is almost trivial for most setups. Fully free. No paid tier from the project itself. Companies like Spacelift, env0, and Scalr offer managed OpenTofu platforms, but the CLI tool is free forever. The catch: OpenTofu tracks behind Terraform on new features: HashiCorp has more engineers. Some newer Terraform features (like the testing framework improvements) take time to land in OpenTofu. The provider ecosystem is shared, but if HashiCorp ever changes how providers work in an incompatible way, OpenTofu has to adapt. For most teams, this doesn't matter; infrastructure code doesn't need cutting-edge features. But if you're on the Terraform bleeding edge, check feature parity before switching.

Pulumi24.9k★

Pulumi lets you define infrastructure using real programming languages: TypeScript, Python, Go, C#, Java. Same concept as Terraform, but instead of learning a DSL, you use the language you already know with loops, conditionals, functions, and your IDE's autocomplete. Go, Apache 2.0. Supports AWS, Azure, GCP, Kubernetes, and 150+ providers. The state management works like Terraform: tracks what's deployed and diffs against your code. Pulumi AI can generate infrastructure code from natural language prompts. The CLI and engine are free and open source. You can self-manage state in an S3 bucket or local file, truly $0. Pulumi Cloud (managed state + team features) has a free tier for individual use: 1 user, unlimited stacks, 200 resources. Pulumi Cloud Team: $50/user/month: adds RBAC, audit logs, CI/CD integrations. Enterprise: custom pricing for SAML SSO, self-hosted options, and policy-as-code. Solo developers: free, self-manage state or use the free Pulumi Cloud tier. Either way, $0. Small teams: self-managed state works fine until you need collaboration features. $50/user/month for Cloud Team is steep if you're just managing a few stacks. Medium to large: Pulumi Cloud starts making sense for RBAC and audit trails. The catch: the ecosystem is smaller than Terraform's. Fewer blog posts, fewer Stack Overflow answers, fewer example configs. And using a real programming language is a double-edged sword: you CAN write bad abstractions and over-engineer your infrastructure code. Terraform's simplicity is a constraint that prevents some of that.

Packer15.6k★

Packer builds identical machine images for AWS, Azure, GCP, and VMware from the same configuration, defined in code. Packer does that. Instead of manually configuring a server and hoping you remember every step, you write a template that says "start with Ubuntu, install these packages, configure these settings" and Packer builds the image automatically. The entire tool is free under the BSL license (business source license, free for most use cases, restricted for competing managed services). No paid features, no cloud tier from HashiCorp specifically for Packer. You download the binary and run it. There's nothing to host; it's a CLI tool that runs on your machine and talks to cloud APIs. Install it, write a template in HCL or JSON, run `packer build`. It creates the image in your cloud provider and exits. Ops burden is trivial. Solo developers: useful if you're automating infrastructure. Otherwise, a manual AMI snapshot works fine. Small teams: Packer templates in version control mean everyone builds the same image. Growing teams: this is where it shines: golden images across multiple clouds, baked into your CI/CD. The catch: Packer solves one problem well but it's only the image layer. You still need Terraform or similar to deploy those images. And the BSL license change in 2023 upset the open source community; if you're philosophically opposed, look at alternatives.

Semaphore13.4k★

Semaphore gives you a web UI to manage and trigger your Ansible playbooks and shell scripts. It's a control panel for your DevOps automation. The open source version is useful: you get task scheduling, inventory management, team access controls, and a clean dashboard to see what ran and what failed. For a solo dev or small team managing a handful of servers, this is more than enough. Self-hosting is straightforward: single Go binary, throw it behind a reverse proxy, point it at a Postgres or MySQL database. Semaphore Pro adds LDAP/AD integration, audit logs, and priority support starting at $99/mo. Worth it if you're a growing team that needs enterprise auth. For everyone else, the free version handles the core workflow. Solo devs: use the free version. Small teams (2-10): free version covers you. Growing teams needing LDAP: evaluate Pro. Large orgs: you probably already have AWX or Terraform Cloud. The catch: it's not a CI/CD platform. If you need build pipelines and artifact management, look at Woodpecker CI or Jenkins. Semaphore is specifically for running automation tools through a UI instead of SSH sessions.

Crossplane11.6k★

You define an S3 bucket or RDS instance the same way you define a Kubernetes deployment, with a manifest. Completely free and open source under Apache 2.0. A CNCF incubating project, so it has serious backing. You get providers for all major clouds, the ability to compose custom APIs (called Compositions) that abstract infrastructure for your team, and drift detection built in. If someone changes something in the console, Crossplane reverts it. The catch: the learning curve is steep. You need to understand Kubernetes well before Crossplane makes sense. The abstraction layers (Providers, Managed Resources, Compositions, Claims) are powerful but feel over-engineered for simple infrastructure. If you just need to spin up a few AWS resources, Terraform is simpler. Crossplane shines when you want to offer self-service infrastructure to developers through a Kubernetes-native API. Solo: use Terraform instead. Crossplane is overkill. Small teams: still probably Terraform. Platform teams at growing companies: this is where Crossplane starts to make sense. Large orgs building internal platforms: Crossplane's sweet spot.

lift943★

Lift provides pre-built constructs that plug into your serverless.yml. It's essentially higher-level building blocks for AWS infrastructure alongside your Lambda functions. MIT license, TypeScript. Lift adds constructs like 'website' (S3 + CloudFront), 'queue' (SQS), 'storage' (S3), 'database' (DynamoDB), and 'webhook' with sensible defaults. Instead of 50 lines of CloudFormation, you write 3 lines of YAML. Fully free and open source. No paid tier. However, the Serverless Framework itself has gone through licensing changes; Serverless Framework v4 requires a paid subscription for organizations above a certain size. Lift is an MIT plugin, but it only works with the Serverless Framework. Solo developers on Serverless Framework: useful time-saver. Everyone else: look at SST or AWS CDK instead. The catch: Lift's value is tied entirely to the Serverless Framework ecosystem. If you're not using Serverless Framework, this does nothing for you. And with the Serverless Framework's licensing changes pushing larger teams toward alternatives like SST, CDK, or Terraform, Lift's future relevance is uncertain. The project appears to be in maintenance mode.