12 Popular Cloud Provisioning Tools in 2026

Provisioning cloud infrastructure by hand does not scale. Click through a console to stand up a few environments and it works. Do it across dozens of accounts, regions, and teams and you get drift, snowflake environments, and a queue of tickets only you can clear.

Cloud provisioning tools fix that by defining, deploying, and maintaining infrastructure as code. The right one depends on your workflow, your team’s skills, and your governance needs, whether you care most about speed, compliance, flexibility, or deep integration with one cloud.

In this article, we’ll discuss the top 12 cloud provisioning tools with their key features and pricing models.

Cloud provisioning is the process of allocating and configuring cloud computing resources, such as virtual machines, storage, and networking, on demand. It makes sure the right infrastructure is available and set up to match each workload’s requirements.

There are three main types of provisioning:

• Manual provisioning, where administrators allocate resources through a console or API.
• Automated provisioning, where scripts or orchestration tools configure and deploy infrastructure dynamically.
• Self-service provisioning, where users request and deploy resources through a portal without involving an administrator directly.

Done well, cloud provisioning supports scalability, better performance, and cost control across your cloud environment. It underpins both Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) by making rapid, repeatable deployment possible.

A cloud provisioning tool automates tasks you would otherwise do by hand, such as allocating, configuring, and managing compute, storage, and networking resources. Instead of clicking through a console for every change, you define your infrastructure once, and the tool deploys it the same way across development, staging, and production.

Provisioning can be done in three main ways: manually, via scripts, or declaratively via infrastructure-as-code. Most cloud provisioning tools use a declarative model. You describe the desired end state, and the tool works out how to reach it and how to keep it there.

Below, we compare the best cloud provisioning tools across four categories: open-source IaC frameworks, cloud-native template services, configuration managers, and GitOps control planes.

The most popular cloud provisioning tools include:

1. OpenTofu
2. Pulumi
3. Terraform
4. AWS CloudFormation
5. AWS CDK
6. Azure Bicep / ARM Templates
7. Crossplane
8. Google Cloud Infrastructure Manager
9. Spacelift
10. Ansible
11. Puppet
12. Cloudify

OpenTofu is a fully open-source fork of Terraform, designed to preserve a developer-friendly infrastructure-as-code experience while removing licensing uncertainty. 

It lets teams define, version, and apply cloud and on-prem infrastructure in declarative code (using HCL), manage modular components, and adopt GitOps-style workflows that are all under a governance model hosted by the Linux Foundation. 

Because OpenTofu is a Terraform-compatible drop-in replacement, existing configurations, modules, and providers generally work unchanged, making migration smooth for organizations already invested in Terraform. 

Key features of OpenTofu

• True open-source licensing – Licensed under MPL-2.0, OpenTofu offers unrestricted commercial usage, redistribution, and modification
• Built-in state encryption – Supports client-side encryption of state (local and remote backends) to safeguard sensitive configuration data
• Full Terraform compatibility – You can reuse existing .tf files, modules, providers, and workflows with minimal or no changes. 
• Innovations and community-driven features – Adds enhancements like early variable evaluation, improved import capabilities, provider-defined functions, and modular backends. 
• Open governance and community ownership – Managed under the Linux Foundation, feature direction is shaped by community input rather than a single vendor. 

License/pricing model: Open source (MPL-2.0)

Website: https://opentofu.org/

OpenTofu adoption: ~29k GitHub stars as of May 2026

Read more: OpenTofu Tutorial – Getting Started, How to Install & Examples

Pulumi is a modern infrastructure-as-code (IaC) platform that lets you define, deploy, and manage cloud resources using real programming languages (TypeScript, Python, Go, C#, Java, YAML). 

Rather than inventing a domain-specific language, it embeds directly into language ecosystems, letting you use loops, functions, modules, and familiar tooling. 

Pulumi includes a CLI, an extensible deployment engine, SDKs, and an optional managed cloud service (Pulumi Cloud) that coordinates state, runs deployments, manages secrets, and enforces policies. 

You can use Pulumi entirely open-source (self-managing state, no vendor lock-in) or adopt the hosted Pulumi Cloud layer for collaboration, access controls, and audit capabilities. 

Key features of Pulumi

• Multi-language IaC – You don’t need to learn a new DSL, write infra in TypeScript, Python, Go, C#, Java, or YAML 
• State, secrets and configuration management (Pulumi Cloud / Pulumi ESC) – Pulumi provides secure state handling, secrets management, and configuration workflows as part of its managed backend, reducing your operational burden 
• Policy enforcement and governance – With Pulumi you can apply policy controls (CrossGuard, OPA-based or built-in) to enforce compliance, guardrails, and approval logic across stacks
• Automation API and CI/CD integration – Pulumi enables embedding its core operations as code via its Automation API, letting you trigger, orchestrate, or test infra workflows programmatically. It also integrates deeply with CI/CD pipelines, webhooks, and workflow tooling 
• Multi-Cloud and provider ecosystem – Pulumi supports over 150 providers across major clouds (AWS, Azure, GCP, Kubernetes, etc.) as well as custom or community providers 

Pulumi’s biggest strength is also its trap. Writing infrastructure in TypeScript or Python means your team can reach for loops, classes, and abstractions, and it also means infrastructure code can become as complex as application code, with the same review burden. 

If your team is large and IaC-fluent but not software-engineering-fluent, the readability of declarative HCL or Bicep may serve you better.

License/pricing model: Open source (Apache-2.0) for CLI/SDK; Pulumi Cloud is commercial with free and paid tiers

Pulumi ratings and reviews:

• G2: 4.8/5 (25)

Website: https://www.pulumi.com

Read more: What is Pulumi? Key Concepts and Features Overview

Terraform is a widely adopted declarative infrastructure-as-code (IaC) platform, built by HashiCorp (an IBM company since February 2025), that lets teams define and provision cloud (and on-prem) infrastructure with versioned configuration files.

Through its core engine, Terraform evaluates desired state, computes dependency graphs, and applies changes safely and predictably. Its architecture separates the IaC engine (open/available code) from collaboration and governance features delivered via Terraform Cloud / Enterprise. 

Over time, Terraform has become a de facto standard in IaC — with broad provider support, rich module ecosystems, and tooling integrations across developer pipelines and platforms. 

Key features of Terraform

• Declarative Configuration Language (HCL) – Infrastructure is described as what should exist (not how), and Terraform handles the graph and execution ordering 
• Rich provider ecosystem – Terraform supports hundreds of cloud, SaaS, and infrastructure providers, enabling consistent workflows across environments 
• State management and dependency tracking – Maintains state to track resource drift and compute incremental changes, plus dependency resolution so resources deploy in the right order
• Collaboration and policy layers (Cloud/Enterprise) – Features like remote execution, version-controlled runs, policies, RBAC, shared module registries are enabled in Terraform Cloud / Enterprise
• Workspace and multi-environment support – Ability to isolate environments (dev, staging, prod) via workspaces or distinct backends, and reuse modules across them

The 2023 move to the Business Source License changed the calculus for some teams, which is why you will see OpenTofu earlier in this list. For most organizations already standardized on Terraform, the provider ecosystem and module registry are deep enough that the license change has not forced a migration.

License/pricing model: Core is source-available under BSL 1.1; HCP Terraform (SaaS) and Terraform Enterprise are commercial

Terraform ratings and reviews:

• G2: 4.7/5 (96 reviews)
• Adoption: ~48.5k GitHub stars for hashicorp/terraform

Website: https://www.hashicorp.com/products/terraform

Read more: How to Automate Terraform Deployments and Infrastructure Provisioning

AWS CloudFormation is Amazon’s native infrastructure-as-code (IaC) service that lets you define and manage your AWS resources via declarative templates (JSON or YAML). 

Rather than manually provisioning each resource, you write a template that describes your desired infrastructure (“what”), and CloudFormation figures out the dependency graph and makes the needed calls to AWS APIs to create, update, or delete stacks accordingly. 

Since CloudFormation is tightly integrated with AWS, it supports newly released services and features immediately and works across accounts, regions, and nested stacks. 

It’s often a go-to choice when your infrastructure is primarily or exclusively in AWS, and you want deep native support, predictable lifecycle management, and minimal external dependencies.

Key features of AWS CloudFormation

• Template-based, declarative modeling – You express your resources and relationships in JSON or YAML templates, which serve as a single source of truth for your stack. 
• Change sets / preview updates – You can generate a “change set” to preview what changes will occur before applying them, reducing surprises and risk. 
• Drift detection – CloudFormation can detect when resources have diverged from the declared template state and expose drift. 
• Extensibility via Registry and custom resource types – The CloudFormation Registry lets you integrate and manage third-party or custom resources, extending beyond AWS’s built-in types. 
• Cross-account / cross-region orchestration (StackSets & exports) – You can deploy identical stacks across multiple AWS accounts or regions using StackSets, and pass values between stacks via exports/outputs. 

When to skip it?

CloudFormation only manages AWS. The moment your infrastructure spans a second cloud or a SaaS provider, you are either bolting on another tool or rewriting in something cloud-agnostic. If you are all-in on AWS and intend to stay there, the native integration is hard to beat. If multicloud is on your roadmap, start somewhere else.

License/pricing model: No additional charge for CloudFormation itself, you pay for the underlying AWS resources

CloudFormation ratings and reviews:

• G2: 4.4/5 (207)

Website: https://aws.amazon.com/cloudformation/ 

Read more: What is AWS CloudFormation? Key Concepts & Tutorial

AWS CDK (Cloud Development Kit) is an open-source development framework that allows you to define AWS infrastructure using general-purpose programming languages (TypeScript, Python, Java, C#, Go) rather than declarative templates. 

When you run your CDK app, it synthesizes your code into CloudFormation templates and deploys them through AWS CloudFormation — thus giving you the power of imperative coding with all the stability and orchestration of CloudFormation. 

CDK is particularly attractive to developers who prefer to stay within their language ecosystem, leverage constructs and abstractions, and build reusable infrastructure components with logic and sharing built in.

Key features of CDK

• Multi-language IaC with constructs – Define infrastructure using familiar languages (TypeScript, Python, Java, C#, Go), and build and compose reusable “constructs” that encapsulate AWS resources and best practices 
• Synthesis to CloudFormation – CDK transforms your code into CloudFormation templates for provisioning, so you retain compatibility with AWS’s deployment engine, rollback, drift detection, and tooling
• Rich abstractions and default best practices – Constructs provide high-level abstractions (L1, L2, L3) with sensible defaults, reducing boilerplate and helping enforce consistent patterns 
• CLI and developer tooling – CDK’s CLI (“cdk”) supports commands like synth, diff, deploy, destroy and integrates with your developer environment and continuous delivery systems 
• Composable stacks and cross-stack sharing – You can organize your infrastructure into CDK stacks, compose constructs, import exports between stacks, and manage dependencies across modules

Every CDK app compiles to a CloudFormation template before anything deploys, so you inherit CloudFormation’s deployment engine, its rollback behavior, and its AWS-only scope. What you gain is loops, conditionals, and reusable constructs instead of thousands of lines of YAML. 

Choose CDK over raw CloudFormation when your templates have grown unmanageable. Choose neither if you need to leave AWS.

License/pricing model: Open source (Apache-2.0); you pay only for AWS resources you create

AWS Cloud Development Kit ratings and reviews:

• G2: 4.4/5 (125)

Website: https://aws.amazon.com/cdk/ 

Read more: AWS CDK vs. Terraform

Azure Resource Manager (ARM) Templates are the native JSON-based declarative method Microsoft provides for defining and provisioning Azure resources. You write a JSON file describing the resources and their properties, and Azure’s Resource Manager takes care of orchestration, dependency resolution, and deployment. 

Azure Bicep is a domain-specific, higher-level language that compiles down into ARM templates. It offers a more readable, concise syntax, built-in tooling support, type safety, and modular abstraction. Bicep is Microsoft’s recommended path forward for authoring Azure infrastructure as code.

In practice, you author in Bicep (which is easier to maintain), then the system automatically synthesizes the equivalent ARM JSON for deployment.

Key features of Azure Bicep and ARM Templates

• Declarative JSON models (ARM templates) – Define “what you want” in JSON syntax; Azure handles the order, parallelism, and orchestration of resource creation 
• Readable, modular syntax (Bicep) – Bicep abstracts JSON boilerplate: modules, loops, conditionals, functions, and type safety make infrastructure code easier to read and maintain
• What-if / declarative preview – Before you apply a template or Bicep deployment, Azure can show what changes will occur (create, update, delete) so you can avoid surprises
• Drift detection and idempotent deployment – ARM ensures that repeated deployments lead to the same result (idempotency). Bicep/ARM also allow you to check whether deployed resources have drifted from declaration
• Native support for all Azure services & latest API versions – Because ARM is Azure’s own provisioning system, new resource types and versions are typically available immediately. Bicep inherits that coverage

Like CloudFormation on AWS, Bicep and ARM only speak Azure. Bicep is the clear choice over raw ARM JSON if you have committed to Azure, since it is more readable and Microsoft’s recommended path.

License/pricing model: Bicep is open source (MIT); ARM has no separate fee, you pay for the Azure resources you deploy

Azure Resource Manager ratings and reviews:

• G2: 4.2/5 (50)

Website: https://learn.microsoft.com/azure/azure-resource-manager/templates/overview

Crossplane is an open-source control plane framework built on Kubernetes that enables you to define, manage, and reconcile infrastructure and cloud services as Kubernetes-native APIs. 

Crossplane 2.0 (August 2025) broadened its scope beyond infrastructure to support applications as first-class resources for building full platform control planes.

Instead of operating as a separate CLI or tool, Crossplane extends the Kubernetes control plane via Custom Resource Definitions (CRDs), so your infrastructure assets become first-class Kubernetes objects. 

Platform and DevOps teams use Crossplane to expose higher-level abstractions (Composite Resources) to application teams, enforce standards, and build self-service infrastructure APIs. 

Key features of Crossplane

• Kubernetes-native declarative API – Infrastructure is managed through CRDs and controllers, so it behaves like any other Kubernetes object
• Composition and Custom Abstractions – You can build Composite Resource Definitions (XRDs) to encapsulate patterns (e.g. “ProductionDatabase”) and expose those to users, hiding complexity
• Continuous reconciliation / drift self-healing – Crossplane continually observes resource state and reconciles drift (if actual state diverges from desired)
• Multi-cloud and extensible provider ecosystem – Supports providers for AWS, Azure, GCP, Alibaba Cloud, SaaS tools, and more. You install providers, configure credentials, then manage resources across clouds from the same control plane
• GitOps and Kubernetes tooling integration — Since it’s Kubernetes-native, you can manage everything via the same GitOps pipelines, use kubectl, integrate with ArgoCD/Flux, etc.

Crossplane runs on Kubernetes. If you already operate a cluster and your platform team lives in kubectl and GitOps, exposing infrastructure as Kubernetes resources is elegant. If you do not run Kubernetes, adopting Crossplane means adopting and operating a cluster first, which is a large bill to provision a database.

License/pricing model: Open source (Apache-2.0)

Website: https://www.crossplane.io/ 

Crossplane adoption: ~12k GitHub stars for crossplane/crossplane, graduated CNCF project as of October 2025.

Read more: Crossplane vs Terraform – IaC Tools Comparison

Google Cloud Deployment Manager reached end of support on March 31, 2026, and is no longer available. 

Its replacement, Infrastructure Manager, takes a different approach: instead of YAML configurations with Jinja or Python templates, Infra Manager runs standard Terraform configurations in a Google-managed environment. 

If you are still running Deployment Manager, migration is no longer optional. If you are starting fresh on Google Cloud and want a native service, Infra Manager, or Terraform/OpenTofu directly, is where to look.

Key features of Google Cloud Infrastructure Manager

• Terraform-based provisioning – Instead of a proprietary template language, Infra Manager runs standard Terraform/HCL configurations, so existing modules and provider ecosystems carry over
• Google-managed execution – Deployments run in a Google-managed environment rather than on your own runners, reducing the operational burden of standing up CI for Terraform
• Managed state and locking – Infra Manager handles Terraform state storage and locking for you, instead of you wiring up a remote backend manually
• Source from version control or Cloud Storage – You point a deployment at a Git repo or a Cloud Storage bucket containing your configuration, supporting repeatable, revision-tracked deployments
• Native IAM and GCP integration – Because it’s a first-party service, it integrates with Cloud IAM and service accounts and has direct access to GCP APIs

License/pricing model: Service is included with GCP; you pay for provisioned resources

Google Cloud Deployment Manager ratings and reviews:

• G2: 4.6/5 (27)

Website: https://cloud.google.com/infrastructure-manager/docs

We’ve included ourselves so you can compare, but treat this entry as a vendor perspective, not an independent ranking.

Spacelift is an infrastructure orchestration platform that unifies provisioning, configuration, and governance across your infrastructure-as-code (IaC) workflows. It works as a control plane for cloud infrastructure: you point it at your version control, choose your IaC tool (Terraform, OpenTofu, Pulumi, CloudFormation, Ansible, Kubernetes, Terragrunt), and Spacelift manages the end-to-end lifecycle of deployments. 

It’s designed to give teams self-service for infra changes while enforcing guardrails and policy, visualizing resources, integrating with credentials and clouds dynamically, and enabling scalable, auditable workflows. 

With Intent (generally available since March 2026 as part of Spacelift Intelligence), developers describe what they need in plain language and Spacelift provisions it through cloud provider APIs, with the same policies, credentials, and audit trails as the IaC path.

Spacelift comes in both SaaS (hosted) and self-hosted variants, making it a flexible choice for organizations with stricter compliance or security mandates. 

Key features of Spacelift

• Policy as code – Codify guardrails with Open Policy Agent (OPA): restrict resources, require approvals, and gate changes by branch or merge status.
• Multi-IaC support – Terraform, OpenTofu, Pulumi, CloudFormation, Ansible, Kubernetes, and Terragrunt in one workflow, so your team isn’t locked to a single tool.
• Drift detection – Continuously monitors for drift between desired and actual state, and can automatically remediate it when you enable reconciliation.
• Stack dependencies – Chain stacks, share outputs, and manage dependency graphs across tools and repos.
• Self-service Templates and Blueprints – Platform teams expose Blueprints (one-time stack creation that developers can then edit freely) and Templates (version-pinned, centrally governed deployments) so developers provision approved infrastructure without filing a ticket for every change.

License/pricing model: Commercial SaaS with a free forever tier (up to 2 users / 1 concurrency); paid Cloud plan starts at $250/month; Enterprise and Self-Hosted plans are custom-priced.

Spacelift ratings and reviews:

• G2: 4.9/5 (12 reviews)

Website: https://spacelift.io

Read more: What is Spacelift? Key Features, Benefits & Use Cases

Ansible is an open-source automation and orchestration framework that enables you to provision, configure, and manage infrastructure (cloud, on-prem, hybrid) using human-readable YAML playbooks. 

It adopts an agentless model: the control node connects to target machines over SSH (or WinRM for Windows) and applies modules/tasks to bring them to the desired state, rather than requiring a daemon on each host. 

In cloud provisioning scenarios, Ansible is often used to bootstrap VMs, configure networks, install and configure services, orchestrate multi-tier deployments, or execute post-provisioning tasks. 

Because it often lives alongside IaC tools (Terraform, Pulumi, Crossplane, etc.), many teams use Ansible for Day-1 / Day-2 configuration and orchestration, not just raw resource creation. 

Key features of Ansible

• Agentless execution and low footprint – No persistent agents, no daemons: Ansible uses SSH / WinRM to perform tasks, so target nodes remain lean
• Declarative, idempotent playbooks (YAML) – You describe the desired state and Ansible changes only what’s needed, so re-running a playbook is safe.
• Rich module ecosystem and extensibility – Ansible ships with many built-in modules for cloud providers (AWS, Azure, GCP, OpenStack, etc.), networking, system tasks, containers, and more. You can also author custom modules. 
• Workflow and orchestration capabilities – Beyond provisioning, Ansible handles orchestration (tasks with dependencies, ordering, handlers, conditionals) across systems and services. 
• Cloud provisioning support and integration – Ansible can manage cloud instances (e.g. spin up VMs, configure VPCs, attach storage) via its provider modules, and often fits into pipelines with other IaC tools. 

Useful distinction: Most tools above provision infrastructure, whereas Ansible configures it. Many teams run both, using Terraform or OpenTofu to stand up the servers and Ansible to install and configure what runs on them. If you are choosing between Ansible and an IaC tool, you may not be choosing at all, you may need both.

License/pricing model: Open source (GPLv3) for Ansible Core; Red Hat Ansible Automation Platform is commercial

Ansible adoption:

• ~69k GitHub stars for ansible/ansible

Website: https://www.ansible.com/

Read more: How to Implement Ansible Automation Workflows

Puppet is a mature configuration management and infrastructure automation tool that enables you to declare desired system state (packages, services, files, users, etc.) and continually enforce it across servers (on-prem, cloud, hybrid). 

Puppet works via an agent/model-driven architecture, where a central server compiles catalogs of resources and agents on nodes periodically pull and apply those catalogs. 

Over time, Puppet has evolved beyond just configuration: it supports orchestration, reporting, and compliance workflows, making it relevant in the cloud provisioning context as a “last-mile” or state enforcement layer.

Key features of Puppet

• Declarative resource modeling and idempotency – You define what the system should look like (e.g. package X installed, service Y running), and Puppet ensures convergence without duplicating work
• Agent-based pull architecture (and hybrid modes) – Agents on managed nodes regularly check in, fetch compiled catalogs, and apply changes, enabling self-healing and drift correction
• Rich module ecosystem (Puppet Forge) – There are thousands of community or vendor modules covering OSs, services, cloud APIs, middleware, network devices, etc., reducing the burden of writing boilerplate
• Reporting, auditing and compliance tools – Puppet Enterprise adds dashboards, reporting, change tracking, activity logs, role-based access, and policy enforcement features
• Scalability and hybrid support – Puppet is capable of managing thousands of nodes across on-prem and cloud environments, including mixed OS fleets (Linux, Windows, etc.)

Puppet predates most of this list, and that history cuts both ways. It is battle-tested at scale across large, mixed OS fleets, and its pull-based agent model self-heals drift without you scheduling it. It also carries more operational overhead than agentless tools, and newer teams increasingly start with Ansible or an IaC-plus-config-management split instead. 

Reach for Puppet when you are managing thousands of long-lived nodes and already have the Puppet expertise to run it.

License/pricing model: Source code remains open source (Apache-2.0), but since early 2025 Perforce ships hardened Puppet binaries/packages to a private repository under an EULA, free for development and for use up to 25 nodes; beyond that requires a commercial license. Puppet Enterprise is commercial. The change prompted a community fork, OpenVox.

Website: https://www.puppet.com/ 

Puppet adoption:

• ~8k GitHub stars for puppetlabs/puppet

Read more: Top 12 Puppet Alternatives for Automation

Cloudify is an open-source multi-cloud orchestration and automation framework for modeling, deploying, and managing cloud infrastructure and application services across hybrid or multi-cloud environments. 

It works via blueprints, plugins, and workflows to orchestrate the full lifecycle (Day-0 to Day-2) of infrastructure, networks, and services via a unified control plane. 

Rather than focusing solely on resource provisioning, Cloudify is designed around “Environment as a Service” — exposing environments composed of infrastructure, networking, configurations, and dependencies that developers or teams can deploy on demand. 

It integrates with existing IaC tools (Terraform, Ansible), and layers orchestration, governance, and continuous management over them. 

Cloudify was acquired by Dell Technologies in January 2023. Since then its public development has slowed and Dell has not published a clear roadmap, so weigh its long-term momentum before adopting it for new projects.

Key features of Cloudify

• Blueprint-based orchestration & modeling – Cloudify uses YAML blueprints (often based on TOSCA) to define infrastructure, services, dependencies, workflows, and lifecycle operations
• Multi-cloud & hybrid support via plugins – Through its plugin architecture, Cloudify supports cloud providers like AWS, Azure, GCP, OpenStack, vSphere, and more 
• Day-2 operations / continuous reconciliation – It doesn’t just provision, it monitors, updates, heals, scales, and manages services after deployment
• Integration with existing IaC and toolchains – Cloudify can wrap Terraform, Ansible, Kubernetes, and legacy scripts into its orchestration flows.
• Governance, self-service, and catalog capabilities – It enables platform teams to expose environments or services via catalogs or portal-like interfaces, with controls, policies, and life-cycle rules

License/pricing model: Open source core (Apache-2.0); Cloudify Premium is commercial (EULA)

Cloudify ratings and reviews:

• G2: 4.1/5 (19 reviews)

Website: https://docs.cloudify.co/ 

Choosing a cloud provisioning tool comes down to three honest questions: what does your stack actually run on, how much governance do you need, and where does your team’s expertise already sit? A single-cloud team gets the most from native tools like CloudFormation or Bicep. A multicloud team needs something cloud-agnostic. And provisioning is only half the picture. Configuration management tools like Ansible and Puppet often run alongside IaC, not instead of it.