What is Infrastructure as Code (IaC)?

Infrastructure as Code software lets engineering teams define cloud and on-premises infrastructure in version-controlled configuration files that can be applied, modified, and rolled back with the same rigor as application code.

When does building IaC infrastructure make sense?

Self-hosting OpenTofu or Pulumi makes sense when your resource footprint is large enough that per-resource billing on managed platforms becomes material, when security requires state to stay on-premises, or when your team has strong IaC expertise and appetite to own the collaboration layer.

When does buying an IaC platform make sense?

Buying makes sense when the managed collaboration layer — state locking, access control, policy enforcement, audit trails — would otherwise require significant engineering time to build correctly. Alternative platforms like Spacelift and Scalr now offer this at lower cost than Terraform Cloud.

What are the main IaC vendors?

Representative vendors include HashiCorp Terraform Cloud, env0, Spacelift, Pulumi. B4 Pro scores the full set.

What happened with HashiCorp's Terraform pricing?

HashiCorp shifted Terraform Cloud to resource-usage-based pricing, which significantly increased costs for mid-market teams and accelerated adoption of OpenTofu (the community fork) and alternative managed platforms like Spacelift and Scalr. Most documented savings came from switching vendors, not self-hosting from scratch.

Dev & Engineering · Engineering, IT & AI

Should you build or buy Infrastructure as Code (IaC)?

Infrastructure as Code (IaC) software lets engineering teams define cloud and on-premises infrastructure — networks, servers, databases, security groups — in version-controlled configuration files that can be applied, modified, and rolled back with the same rigor as application code.

The build-vs-buy decision for Infrastructure as Code turns on whether the managed collaboration layer (state locking, access control, policy enforcement) justifies its cost relative to self-hosting an OSS engine, and how much HashiCorp's repricing has changed the math for your specific resource footprint.

Domain: Dev & Engineering
Function: Engineering, IT & AI
Industries: Cross-industry

Last assessed June 2026 · re-scored quarterly via The Continuum.

Build it, buy it, or bridge?

	Build it	Buy it	Bridge (buy, then extend)
Cost shape	OpenTofu self-hosted at $0 license; infra cost only beyond config management	HashiCorp RUM pricing scales sharply with resource count; mid-market sticker shock	Spacelift or Scalr as managed collaboration layers over OpenTofu — 60–80% cheaper
Time to value	Weeks to configure state backend, locking, RBAC, and team workflows	Terraform Cloud has workspaces, runs, and state management on day one	Start with OSS engine; add managed collaboration layer for team workflows
Differentiation captured	Full control over deployment patterns, security policies, and network topology	Vendor-enforced workflows; Sentinel policies and run tasks require commercial tier	Own infrastructure definitions; buy the run coordination and audit layer
AI feasibility today	OpenTofu, Pulumi, Crossplane, Cdk8s are mature OSS engines with active communities	Terraform Cloud and Pulumi Cloud add drift detection and AI-assisted config generation	Backstage-based IDP with OSS IaC engine and cloud-managed state
Who it fits	Large footprints where per-resource billing hurts; on-prem security requirements	Teams wanting managed state, collaboration, and policy without ops overhead	Cost-sensitive orgs switching from Terraform Cloud to Spacelift/Scalr on OpenTofu

The B4 call

B4 has a verdict for Infrastructure as Code (IaC).

Build, Buy, Bridge, or Beware, with the five-dimension scorecard and the reasoning behind it. Unlock the call, and every other category, with B4 Pro.

Unlock the verdict in B4 Pro →

When building Infrastructure as Code (IaC) makes sense

Building — in this category, self-hosting an IaC engine like OpenTofu, Pulumi, or Crossplane rather than paying for Terraform Cloud — makes the most sense when your infrastructure footprint is large enough that per-resource billing becomes material. HashiCorp's resource-usage-based repricing for Terraform Cloud generated documented sticker shock across the mid-market, with 20-user teams paying well over double their prior bills. OpenTofu, the community fork with Apache licensing, covers the core Terraform workflow without the licensing change and runs in production at a growing number of organizations. The infrastructure definitions themselves are inherently company-specific: your network topology, security groups, service configurations, and scaling policies encode your actual architecture. Self-managing the execution layer gives you full control over that logic without vendor constraints on what's valid. The tradeoff is real: state locking, access control, team collaboration workflows, and audit trails don't come free with self-hosting — they require engineering time to implement and maintain. Organizations with strong Terraform expertise, a platform team willing to own the collaboration layer, and a security posture that keeps state on-premises are the natural fit.

When buying Infrastructure as Code (IaC) makes sense

Buying a managed IaC platform makes sense when the operational cost of self-hosting the collaboration layer is the constraint. Terraform Cloud and Pulumi Cloud handle state management, workspace isolation, run queuing, and policy enforcement out of the box — and those functions are genuinely non-trivial to replicate correctly. Drift detection, access controls that satisfy auditors, and team-level run visibility are capabilities that take real engineering time to build on top of a bare OSS engine. For organizations that want to adopt IaC practices without hiring a platform engineer to wire the guardrails, the time-to-value is meaningful. The documented savings from HashiCorp's repricing backlash have come mostly from switching to alternative managed platforms — Scalr, Spacelift, env0 — rather than from pure self-hosting, which suggests that the managed layer has real value. The practical question is which managed platform prices reasonably for your resource count, not whether to use one at all.

HashiCorp's resource-usage-based repricing for Terraform Cloud created documented sticker shock across the mid-market and accelerated adoption of alternatives. OpenTofu, the community fork, is production-ready and covers the core Terraform workflow without the licensing change. Scalr and Spacelift offer managed collaboration layers at lower price points. Most of the documented savings from the pricing shift have come from switching between vendors rather than building from scratch.

The self-managed path makes sense when your infrastructure footprint is large enough that per-resource billing becomes material, your security posture requires state to stay on-premises, or your team has strong Terraform expertise and appetite to run the collaboration layer themselves. Pulumi and Crossplane are worth evaluating if your team is already strong in a general-purpose language. The tradeoff is real: state locking, access control, and team collaboration don't come free with self-hosting, and they require engineering time to implement well.

Representative vendors

HashiCorp Terraform CloudPulumi and 3 more, scored in B4 Pro

B4 Pro

Get B4's actual call on Infrastructure as Code (IaC)

→ B4's call for Infrastructure as Code (IaC): Build, Buy, Bridge, or Beware
→ The five-dimension scorecard and the scoring rationale
→ All 5 vendors with pricing and positioning
→ Quarterly re-scores that feed the MCP live, so your agents always query the current call
→ MCP server plus API and SDK access, and CSV/JSON export

Upgrade to B4 Pro

Prefer to read first? The book covers the framework end to end.

Frequently asked

What is Infrastructure as Code (IaC)?: Infrastructure as Code software lets engineering teams define cloud and on-premises infrastructure in version-controlled configuration files that can be applied, modified, and rolled back with the same rigor as application code.
When does building IaC infrastructure make sense?: Self-hosting OpenTofu or Pulumi makes sense when your resource footprint is large enough that per-resource billing on managed platforms becomes material, when security requires state to stay on-premises, or when your team has strong IaC expertise and appetite to own the collaboration layer.
When does buying an IaC platform make sense?: Buying makes sense when the managed collaboration layer — state locking, access control, policy enforcement, audit trails — would otherwise require significant engineering time to build correctly. Alternative platforms like Spacelift and Scalr now offer this at lower cost than Terraform Cloud.
What are the main IaC vendors?: Representative vendors include HashiCorp Terraform Cloud, env0, Spacelift, Pulumi. B4 Pro scores the full set.
What happened with HashiCorp's Terraform pricing?: HashiCorp shifted Terraform Cloud to resource-usage-based pricing, which significantly increased costs for mid-market teams and accelerated adoption of OpenTofu (the community fork) and alternative managed platforms like Spacelift and Scalr. Most documented savings came from switching vendors, not self-hosting from scratch.

The B4 Index scores every software category on two axes, strategic differentiation and AI feasibility, to classify it Build, Buy, Bridge, or Beware. See the full methodology.

More in Dev & Engineering

Build or buy DevOps Platform? Build or buy CI/CD? Build or buy Version Control? Build or buy Low-Code / No-Code? Build or buy iPaaS? Build or buy API Management? Build or buy SAST? Build or buy DAST? Build or buy Code Quality Analysis? Build or buy Container Registry? Build or buy Release Orchestration? Build or buy Application Portfolio Management?

The Build Report

Bi-weekly analysis of software categories through the B4 Framework. What to build, what to buy, and how to use AI to make better decisions for your company.