Terraform has long been the Infrastructure as Code (IaC) tool of choice, leading many organizations to choose Terraform Cloud as their go-to platform for IaC management.

However, recent events have prompted companies to rethink their options, primarily due to the impending IBM acquisition of HashiCorp and the subsequent changes to Terraform licensing, as well as TFC's pricing model.

At this critical moment, let’s take a closer look at TFC – explore its features, limitations, and pricing model, and also review potential alternatives that might better meet your IaC needs.

What is Terraform Cloud?

Terraform Cloud – recently renamed HCP Terraform – is a commercial SaaS offering from HashiCorp, designed to provide a managed set of services for implementing Terraform.

Terraform's community edition is a powerful tool for defining and provisioning infrastructure, but managing and scaling it can present challenges. 

Terraform Enterprise (TFE) and Terraform Cloud (TFC) were developed to address these issues, offering enhanced features such as remote state management, collaboration, and governance, which are either absent or less robust in the source-available community version.

TFC Capabilities

Terraform Cloud offers a wide range of capabilities that help organizations manage their infrastructure more efficiently:

• VCS integration: Uses version control systems like GitHub, GitLab, and Bitbucket to enable code reviews and workflows.
• Remote state management: Ensures that your state file is stored securely and can be accessed by team members.
• Collaboration and governance: Facilitates teamwork with shared workspaces and team-based access control (RBAC).
• Private module registry: Allows organizations to share and reuse modules internally.
• Policy as Code: Enforces compliance and best practices using Sentinel or OPA policies.
• Runs and notifications: Manages Terraform runs using managed or self-hosted runners and sends notifications on their status.
• Cost estimation: Provides insights into the cost implications of  changes before applying.

TFC Limitations

Despite its strengths, Terraform Cloud also has several limitations that can be a hindrance for organizations of all sizes:

• Terraform only: The only supported IaC tool in TFC is Terraform. If your organization uses CloudFormation, Helm, or Pulumi, you won't be able to use Terraform Cloud.
• Limited customization: The predefined workflows and integrations can be restrictive for some advanced use cases.
• Feature Gaps: Compared to other platforms, advanced features may be lacking, less mature, or unavailable on lower tiers.
• Robust access controls: Access control in TFC is configured by assigning team permissions directly at the organization, project, or workspace level. Roles, strictly speaking, are not a separate construct in TFC, but rather a function of team assignment.
• Scaling concerns: While there is no upper limit of projects orresources you can manage with TFC, there are limitations in permissions, policy, and hierarchy management that can make scaling difficult.
• Pricing model: The recent switch to a Resources Under Management (RUM) pricing model has been controversial and is not cost-effective for certain organizations.

The switch to Resources Under Management pricing in particular has given some organizations cause to reevaluate their use of TFC, so let's take a closer look at how the new RUM pricing model works.

How Does Terraform Cloud Pricing Work?

HashiCorp adopted the Resources Under Management (RUM) pricing model for TFC in the autumn of 2023. 

The model bases costs on the number of resources being managed by the platform, whereas the previous model was based on the number of licensed users. 

To clarify this a bit further, for a resource to be considered "managed", it appears in the state data with the mode equal to managed, like so:

And so, the new RUM model scans the resources under management on an hourly basis, from the moment a resource is created until it is destroyed. 

The first 500 resources in an organization are free, and additional resources are billed at approximately $0.00014/hour or $0.10/month.

Depending on your organization, the move from per-user to RUM pricing could have led to an increase, decrease, or negligible change in cost. The primary factors are the number of active users and the scale of your infrastructure environments.

Pros

• Unlimited users: You can provide access to TFC without incurring additional costs.
• Low introductory pricing: The costs only scale with the number of resources, allowing small teams to start affordably, especially with the first 500 resources being free.
• Unlocked features: All tiers of TFC now include advanced features like SSO, policy-as-code, and Cloud Agents.

Cons

• Price creep: As one would expect with RUM prices, the costs escalate quickly for larger deployments or deployments that require many individual resources.
• Predictability: Tracking resource usage and forecasting costs can become cumbersome, in contrast with the simplicity of per-user pricing.

For more details on the structure and impact of Terraform Cloud's pricing model change, check out this post: A Complete Guide to Terraform Cloud Pricing.

Selecting a Terraform Cloud Alternative

If pricing changes or other factors have prompted you to consider moving to another IaC automation platform, there are several things you should consider before making the switch.

At a bare minimum, any platform you consider should meet Terraform Cloud’s features, and at the very least these seven:

1. State management
2. Access controls
3. Workflow automation
4. Version control integration
5. Policy and governance
6. Reporting and auditing
7. Secure credential and value management

Beyond these baseline features, you will also want to address the concerns that are prompting the hunt for Terraform Cloud alternatives:

• Lack of customization
• Some missing features
• Single IaC framework
• Limited RBAC
• RUM pricing model

While not all considerations may apply to your specific use case, some – like customization and pricing – are broad concerns. Therefore, any platform you consider should surpass these limitations to make the migration worthwhile.

To illustrate the process of due diligence and the various factors you should take into consideration in your decision-making, let's see how Terraform Cloud (TFC) with env0.

Key env0 Capabilities

env0, like TFC, provides capabilities to augment Terraform’s community edition, such as remote state management, VCS integration, cost estimation, and policy-as-code. 

However, there are key distinctions that might make it a better fit for certain organizations, including:

• Multi-framework support: Unlike TFC, env0 is platform agnostic, offering seamless support for multiple IaC frameworks like OpenTofu, Terragrnunt, Cloudformation, Pulumi and more. 
• Pay-by-deployment pricing: Instead of tracking resources under management, env0 pricing focuses on the number of successful deployments with allotments for a number of users and run minutes. This makes costs much more predictable and manageable at scale.
• Unlimited concurrent runs: env0 places no limitation on the number of parallel, concurrent runs executing in your organization, which could be a game changer for cutting down on lead time for changes.
• Scalable organization: env0 offers multiple levels of hierarchy that offer additional layers of organization and control.
• Advanced RBAC: Built-in and custom roles can be assigned at the team and user levels, (and across every level of the hierarchy) providing more granular and consistent control.
• Cost management: In addition to providing cost estimation, env0 also actively monitors the ongoing cost of managed resources and can alert on budget overruns.
• Developer environments: Environments can be configured with a TTL or schedule to ensure idle cloud resources aren't left running, and limits can be imposed on developers to prevent cost overruns in non-production environments.
• Advanced workflows: env0 includes several workflow customization options and advanced features to match your desired automation process instead of forcing you into an opinionated pattern.

Here is a quick comparison table:

Let’s zoom in on each of the key differentiators:‍

Multi-framework Support

Unsurprisingly, Terraform Cloud supports automating infrastructure management with Terraform, and only Terraform. Meanwhile, most organizations aren't only using Terraform to deploy and manage infrastructure. 

For instance, it’s fairly common to use CloudFormation to bootstrap accounts in AWS, or to use Helm to deploy applications to a Kubernetes cluster. The use of multiple IaC frameworks is also prevalent in most large organizations that have acquired (or have been acquired by) other companies. 

env0’s framework-agnostic nature solves this problem, allowing companies to automate and manage cloud infrastructure using Terraform, OpenTofu, Terragrunt, Ansible, Pulumi, CloudFormation, Kubernetes, Helm, etc. 

By doing so, env0 can be used to standardize and unify IaC operations across multiple teams using different IaC tools, while also serving as a single source of truth (SSOT) for all IaC-related metrics, audit logs, etc.

Pay-by-Deployment Pricing

To bring things back around to the question of pricing, env0 does not base costs on the number of resources managed or the number of users associated with an organization. 

Instead, the central component of pricing is the number of deployments (successful apply runs) performed per month. Whether an environment has 100 or 10,000 resources, env0 is only interested in successful deployments and updates of that environment.

This pricing scheme has the clear benefit of making costs both predictable and scalable. For instance, adding 100 resources to an existing (or new) environment will not increase your env0 bill, so you can expand without concerns. And of course, tracking deploys is also much easier, than keeping track of resources, for most mid and large-scale organizations.

Case in point: you can easily track the growth of environments and deployment frequency through the env0 dashboard to see the total number of deployments per month, per day, and by the environment, down to an individual user. 

This means that you can always know what to expect and also have costs tied to the usage of the env0 platform and not your cloud resource consumption.

Unlimited Concurrent Runs

As your organization grows in its use of IaC automation, multiple teams will want to deploy and update their infrastructure at the same time. env0 allows for unlimited parallel, concurrent runs across the organization. This includes both plan and apply runs for environments.

Unlimited concurrent runs prevent one team from blocking others when trying to test new code changes or deploy critical updates. This is especially true for larger environments that may have hundreds of resources; a [.code]plan[.code] or [.code]apply[.code] run may take an hour or more. 

With capped concurrency (which is the norm for most cloud infrastructure management tools), a handful of large environments can effectively block progress for all other teams in the organization. For instance, even at its top tier, Terraform Cloud will be limited to 10 concurrent runs.

Having unlimited concurrent runs accelerates developer velocity and removes potential blockers for your infrastructure and application teams.

Scalable Organization

The env0 platform works with five layers for configuring permissions, organizing deployments, and storing variable values. 

Similar to Terraform Cloud, env0 includes the concept of projects and environments (workspaces), but it also adds templates, Workflows, and sub-projects.

‍Templates define a type of environment that can be deployed. They are created at the organization level and made available to projects within the organization. Templates carry with them not only the configuration but also variable values and secrets. 

A platform engineering team can design templates for the organization and make them available to development teams to ensure consistency and enhance productivity.

Workflows are a structured approach to defining the relationships and settings of multiple environments in a single group. 

Within a workflow, downstream environments can reference values from their upstream dependencies, and changes in one sub-environment can trigger a run in dependent environments.

Workflows are essential for complicated deployments that require sophisticated orchestration across multiple environments.

You can combine multiple frameworks into a single deployment with workflows. For instance, in a single workflow, you could deploy a Kubernetes cluster with OpenTofu, bootstrap the cluster with Helm, and deploy an application onto the cluster with a Kubernetes manifest.

Sub-projects create an additional layer of hierarchy below the project level. The sub-project inherits the roles assigned to the parent project, and can also have additional permissions and settings assigned directly.

Existing projects and environments can be seamlessly moved to sub-projects without causing disruption, enabling your organization to grow and shift as needed.

Advanced Role-based Access Control

Permissions within env0 are granted using role-assignments. An individual user or a team can be assigned a role, and that role is granted permissions within a scope. 

The scope can be at the organization, project, or sub-project level, allowing administrators a wide latitude for making assignments.

env0 includes built-in roles for each scope, as well as support for custom roles providing more granular control. 

Rather than having to update permissions on each scope when a change is required, administrators can simply update the permissions for a role and it will take effect everywhere the role is applied.

Cloud Cost Management

env0 provides cost estimations when an environment is deployed or updated, which can help you decide whether to proceed with a given deployment. 

This cost estimation is similar to what you would get with TFC, and it’s based on the consumption cost for a given resource, without taking into account usage costs such as network egress or storage IOPS.

Cost monitoring is where env0 takes things a step further, providing real-time cost calculations by accessing the billing API of your cloud service provider. Moreover, the platform enables to granularly define budgets for teams (and even projects) and receive notifications when the cost of a is approaching the budget threshold. 

Not only does this help with reporting, but it can also alert when infrastructure resources unexpectedly overrun their budget because of outside forces.

env0 also supports Infracost integration for those organizations that are already leveraging Infracost to monitor their cloud usage. Using its Custom Flows, env0 also integrates with FinOps tools (e.g., CloudHealth) and can be used to extend directives and policies from these tools into IaC workflows.

Read here to learn more about env0 IaC Cost Controls

Developer and Ephemeral Environments

Testing and development environments are great for trying out new features, testing updated applications, and developing new architectures. 

However, these environments can sit idle and unused, racking up costs without providing value. env0 includes several features that make it easy for development teams to set up temporary or development environments without breaking the bank.

Ephemeral environments have a time-to-live (TTL) associated with them. When the TTL is up, the environment will automatically be destroyed.

Scheduling can be set on environments to automatically execute a deployment or destruction run on a regular schedule. State-less development environments can be torn down every night and re-deployed in the morning, saving money on resource costs on nights and weekends.

Projects can also be configured to restrict the maximum number of environments per project and per user to keep development teams in check and reduce sprawl.

Advanced Workflows

PR comments: Every organization has its own unique requirements and preferences for automation patterns and workflows. Rather than constraining you to a single, rigid deployment pattern, env0 is highly customizable and offers additional flexibility.

One of the most common workflows for deployment is to execute a [.code]plan[.code] run on pull request and [.code]apply[.code] after merge. However, some organizations prefer to apply the configuration prior to merging the pull request. 

This is especially true for organizations coming from an Atlantis-style automation background. env0 supports enabling environments to be controlled via PR comments.

When an environment is enabled for PR comment control, several actions become available from within the context of the pull request. Using comments, users can list the impacted environment, run a plan on some or all of the environments, and execute an application for some or all of the environments.

Remote play and apply: Another common pattern is for developers to kick off plan runs from their local workstations to view the impact of their changes.

env0’s state backend allows for this workflow, which accelerates the feedback loop when developers are working on code updates. The plan will execute remotely on env0 and include variable values configured for the environment and logging the results remotely. Remote [.code]apply[.code] runs are also supported, but must be enabled separately.

GitOps flow: Lastly, env0 includes a unique feature called environment discovery. This feature allows you to define, create, and destroy environments through your chosen VCS using a predefined folder structure. env0 can monitor the folder contents of your repository and automatically create and manage new environments as needed without having to log into the management console.

Other Terraform Cloud Alternatives

Apart from env0, several other platforms can serve as viable alternatives to Terraform Cloud. Each has its unique strengths and weaknesses, which we will briefly explore.

Spacelift

Spacelift is designed to provide robust CI/CD capabilities for infrastructure as code:

• Strengths: Advanced CI/CD features, strong policy management, and excellent scalability.
• Weaknesses: May have a steeper learning curve, enhanced job concurrency costs extra, and remote plan and apply capabilities are not fully supported.

Scalr

Scalr is another Terraform Cloud alternative that offers a flexible and scalable approach to cloud infrastructure management:

• Strengths: Strong multi-cloud support, extensive policy management, and flexible workflows.
• Weaknesses: Pricing can be high for smaller teams, and some users report a complex initial setup.

Jenkins

Jenkins, primarily a CI/CD tool, can be adapted for Infrastructure as Code workflows:

• Strengths: Highly customizable, extensive plugin ecosystem.
• Weaknesses: Requires significant configuration and maintenance, less out-of-the-box support for Terraform.

Visit here to learn more about  Terraform and Jenkins.

Azure DevOps

Azure DevOps provides integrated CI/CD and version control:

• Strengths: Tight integration with Azure, strong CI/CD capabilities.
• Weaknesses: Best suited for Azure environments, less flexibility for multi-cloud.

GitHub Actions

GitHub Actions offers CI/CD capabilities integrated with GitHub, making it one of the Terraform Cloud alternatives.

• ‍Strengths: Seamless integration with GitHub, easy to use for existing GitHub users.
• ‍Weaknesses: Limited compared to dedicated infrastructure as code platforms, can become complex for large-scale use.

Visit here to learn more about  Terraform and GitHub actions.

TFC Migration with env0

Many factors need to be considered when contemplating a migration. A critical concern is the switching cost of moving your existing data and workloads to a new platform. After all, time is not free and a long, drawn-out migration process has been the death of many promising projects.

Fortunately, the migration process from Terraform Cloud to env0 is streamlined with the new migration tool offered by env0. 

This tool simplifies the process, allowing users to switch platforms with minimal disruption. A detailed guide and video tutorial on how to use the migration tool can be found here or in the video down below:

‍

Additionally, env0 provides dedicated migration support, with technical and customer success teams working closely with enterprise customers to ensure a smooth transition. This includes assistance during the proof of concept (POC) phase and throughout the entire migration project.

Conclusion

Choosing the right platform for managing your Infrastructure as Code is crucial for maintaining efficiency, scalability, and cost-effectiveness. 

While Terraform Cloud offers many valuable features, its limitations and pricing changes have led many to explore alternatives. 

Platforms like env0, Spacelift, Scalr, Jenkins, Azure DevOps, and GitHub Actions are popular Terraform Cloud alternatives, each offering unique benefits that may better align with your organization's needs.

By understanding the capabilities and limitations of each option, you can make an informed decision that ensures your cloud infrastructure management processes are optimized for success. 

If you're considering a switch, tools like env0's migration tool can facilitate a smooth transition, backed by dedicated support to help you every step of the way.