Pulumi vs. CDK for Terraform (CDKTF)
What is CDKTF?
CDK for Terraform (CDKTF) is a tool that allows you to define infrastructure using general-purpose programming languages like TypeScript, Python, Go, C#, and Java. Like AWS CDK, CDKTF is primarily a transpiler — it converts your code into an intermediate format (specifically Terraform JSON) that is later deployed by the Terraform CLI.
Pulumi vs. CDKTF: Similarities
In addition to supporting general-purpose languages, both CDKTF and Pulumi organize cloud resources into stacks, encourage the use of higher-level abstractions (called constructs in CDKTF, components in Pulumi), and track resource state similarly, with local, remote, and cloud-hosted options available. Both tools also support deploying to multiple clouds through open-source resource providers.
Also, because many of Pulumi’s most popular providers are derived from open-source Terraform provider schemas, their resource models are typically identical to CDKTF’s. Compare, for example, the following declaration of an Amazon S3 bucket in CDKTF:
import { S3Bucket } from '@cdktf/provider-aws/lib/s3-bucket';
const bucket = new S3Bucket(this, 'my-bucket', {
bucket: 'my-example-bucket',
versioning: { enabled: true },
acl: 'private',
});
to the equivalent declaration in Pulumi:
import * as aws from '@pulumi/aws';
const bucket = new aws.s3.Bucket('my-bucket', {
bucket: 'my-example-bucket',
versioning: { enabled: true },
acl: 'private',
});
Moreover, Pulumi also supports referencing Terraform modules directly. To learn more, see Using a Terraform Module in Pulumi.
Pulumi vs. CDKTF: Key differences
The main difference between CDKTF and Pulumi is in how the two tools deploy infrastructure. As mentioned, CDKTF transpiles your program code into Terraform JSON before passing it on to the Terraform CLI for deployment. By contrast, Pulumi uses its own deployment engine to resolve the resource graph at runtime, and provisions cloud resources directly. This typically results in faster deployments and enables more flexible workflows.
Feature comparisons
| Feature | Pulumi | CDKTF |
|---|---|---|
| Language support | TypeScript, JavaScript, Python, Go, C#, F#, VB.NET, Java, and YAML | TypeScript, Python, Go, C#, Java |
| Provider support | Over 250 cloud and SaaS providers, with support for any Terraform provider | Terraform providers only |
| Dynamic resource providers | Yes | No |
| Terraform module integration | Yes | Yes |
| Modes of execution | Pulumi CLI or embedded within application code | Terraform CLI only |
| State management | Local, remote, and cloud-hosted options | Local, remote, and cloud-hosted options |
| Secrets management | Built-in encryption for secrets in transit and at rest | No built-in support |
Language support
While Pulumi and CDKTF both support writing infrastructure code with general-purpose languages, Pulumi supports additional languages that CDKTF does not, such as F#, VB.NET, and YAML.
Provider support
Both CDKTF and Pulumi support the full Terraform provider ecosystem, though in slightly different ways. Where CDKTF supports Terraform providers through project-specific SDKs built on demand, Pulumi supports them through native binaries and SDKs that are built in advance (from open-source Terraform provider schemas) and distributed through standard package managers. Hundreds of providers are listed on the Pulumi Registry, and Pulumi can also generate typed SDKs on demand for any Terraform provider.
Dynamic provider support
In addition to standard pre-built providers, Pulumi also supports dynamic resource providers, which allow you to extend the Pulumi resource model by building and distributing lightweight, custom providers of your own. CDKTF does not support this capability.
Terraform module integration
Like CDKTF, Pulumi allows you to reference Terraform modules directly in program code by generating language-specific SDKs on demand. See Using a Terraform Module in Pulumi for details.
Modes of execution
Unlike CDKTF, which provisions and manages exclusively through the Terraform CLI, Pulumi can be invoked in multiple ways, including programmatically. With the Automation API, you can import Pulumi into any program — native app, web service, custom CLI — and reference it as you would any other library, enabling much more dynamic and flexible IaC workflows.
State management
Both CDKTF and Pulumi track deployment state similarly, with local, remote, and cloud-hosted options available.
Secrets management
Pulumi has built-in support for secrets management that encrypts sensitive data in state files and protects secret values from exposure in CLI output. Beyond this foundational support, Pulumi ESC also offers additional capabilities, including centralized secrets management for teams, integration with third-party services, dynamic retrieval of cloud credentials with OpenID Connect, and more. CDKTF has no built-in support for secrets management.
Migrating from CDKTF to Pulumi
For teams interested in migrating from CDKTF, Pulumi has several options, including automated tooling that can convert your CDKTF code to Pulumi and import your existing Terraform state. To learn more, see Migrating from CDKTF to Pulumi.
Get Started with Pulumi
Use Pulumi's open-source SDK to create, deploy, and manage infrastructure on any cloud.
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.
