Before using Terraform I tried to use Puppet to manage AWS infrastructure. It was a fun but short adventure. The idea of having all your configuration in one tool is nice but Puppet just isn't that tool. The one thing I found lacking the most, which made Terraform the tool for the job, is awareness of state. Having the triangle of what configuration you want (HCL), what configuration you expect to have (state) and what configuration you actually got (real world), with the tools to observe the differences between these and the ability to make careful changes is just what you need for important infrastructure changes. With Puppet every change felt like Fire-and-pray. Sure you can run a 'noop', but if anything changes in between that and the actual run that could trigger another resource you would be catch by surprise. On OS/App level the impact can often be contained, but on infra, not so much as you would have reduce the powerful features of Puppet to much as to it not being a benefit anymore.

You are implying that people who use Terraform are not aware of Puppet. Puppet is a terribly complicated thing compare to Terraform. We use both on a daily basis and everybody agrees that we need to move away from Puppet. Terraform + Ansible is the way for us to go.

It is nice that puppet defines a graph of dependencies compared to doing this in ansible. What I find tough is that you have another indirection when using puppet to configure your tools. So you first have to figure out the puppet module’s configuration and how it maps onto the actual tools configuration

Wonder why you got downvoted, as someone who has been using ansible for years to accomplish what was said and what you accomplish with puppet I wonder what I am missing out of terraform

There's a lot of overlap but, in general, Terraform is focused on orchestrating things while Puppet is more about configuration management.

Plus, the different philosophies of mutable/immutable infrastructure that the different capabilities/limitations in each tool encourage.

The nice thing about Terraform (and Ansible) imo is that they don't require a daemon but just run locally (or on CI), with some shared state in a object store.

Here's how Lyft used "Masterless SaltStack at Scale" https://youtu.be/7ffHKH9H5_Q and the getting started documentation https://docs.saltstack.com/en/latest/topics/tutorials/quicks...

Neither does Puppet. Many people run it in a masterless "one-shot" configuration.

What would be your comparison between the solutions? As in, why would I pick Puppet over Ansible or Terraform for a masterless use-case?

Doesn't puppet only support success/changed/error status for resources? How does it work with AWS infrastructure where you may need to possibly remove dependencies before the change, update the resource in place, or update other resources to point at what you just created? You need at least 5 states, I believe? (That depend on properties, not resources, so notification is not enough)