The IaC & automation tool landscape
Provisioning, config, templating, policy, GitOps.
The IaC and automation ecosystem has many tools, and they are not competitors so much as pieces that fit different jobs. Knowing which category a tool belongs to tells you what it is for and when to reach for it. There are five broad groups: provisioning, configuration management, Kubernetes templating, policy & scanning, and GitOps delivery — and a real platform usually uses one from several of them together.
Provisioning: build the infrastructure
Provisioning tools create cloud and infrastructure resources. Terraform is the de facto standard — declarative, cloud-agnostic, huge provider ecosystem; OpenTofu is its open-source fork (covered later); Pulumi lets you write IaC in real programming languages; CloudFormation is AWS’s native tool; and Crossplane provisions cloud resources through Kubernetes. This course centers on Terraform because its concepts (providers, resources, state, plan/apply) transfer to almost all of them.
Everything else, briefly
Configuration management (Ansible, Chef, Puppet, Salt) configures machines after they exist. Kubernetes templating (Helm, Kustomize) turns raw manifests into reusable, per-environment deployments. Policy-as-code and scanning (OPA/Conftest, Sentinel, Checkov, tfsec/Trivy, Terrascan, KICS) automatically enforce rules and catch misconfigurations in your IaC before it is applied — the security layer. And GitOps tools (Atlantis, Argo CD, Flux) apply your IaC automatically from Git, making the repository the source of truth. Each has its own lessons ahead; the point now is knowing the map.