HCP Terraform's Per-Resource Pricing Is a Trap
The first post in this series argued OpenTofu is the no-regrets default for new infrastructure. The previous post mapped out when to skip cloud-agnostic IaC entirely. This one is about what happens to organizations that picked Terraform years ago, built their orchestration around HCP Terraform (formerly Terraform Cloud), and are now opening renewal quotes that have doubled or tripled year-over-year.
The short version: HashiCorp’s 2024 pivot to Resource Under Management (RUM) billing penalizes the architectural patterns the DevOps community spent a decade adopting. Modular code, ephemeral environments, and granular resources are all things you were supposed to do with Terraform. They now cost real money under the new pricing model. And the legacy free tier that grandfathered teams into a more sustainable cost structure hit end-of-life on March 31, 2026.
If you’re still on HCP Terraform in 2026, you need to understand the math.
How the New Pricing Works
The 2024 RUM model bills based on the peak number of resources tracked in your terraform.tfstate files, measured hourly. The Free tier covers up to 500 resources with a single concurrent run. Above that, you’re on Pay-As-You-Go tiers:
| Tier | Per-resource cost | Concurrency | What you get |
|---|---|---|---|
| Free | $0 (first 500) | 1 | Basic VCS, remote state |
| Essentials | ~$0.10/month | 1 | Basic provisioning, no SSO |
| Standard | ~$0.47/month | 3 | Up to 5 policy checks, cost estimation, limited RBAC |
| Premium | ~$0.99/month | 10 | Full governance, unlimited policies, SSO, audit logs |
On paper, $0.47 per resource per month looks negligible. The math goes sideways quickly because of three things.
Why “Resources” Is a Footgun
1. Granularity inflation. A single logical Terraform module produces dozens of underlying resources. An AWS VPC module isn’t one billable resource. It’s the VPC plus every subnet, every route table, every route table association, every IAM policy attachment, every security group rule, every DNS record. A widely-shared Reddit post by user notoriousbpg describes a team whose HCP Terraform bill was about to jump from $0 to over $15,000 a year, because 80% of the resources under management were GraphQL operation mappings to data sources, while the actual AWS infrastructure they cared about cost only $8,000. They were paying more for orchestration than for the infrastructure being orchestrated.
2. Idle workspaces. RUM billing doesn’t distinguish between active and inactive infrastructure. The proof-of-concept workspace someone spun up last quarter and never destroyed is still on your bill. The staging environment that was deprecated in favor of ephemeral environments is still on your bill. Industry telemetry suggests 30–40% of an average organization’s RUM cost is for completely idle infrastructure nobody has bothered to terraform destroy.
3. Hourly peak billing on ephemeral resources. HCP Terraform bills based on peak hourly resource count. If your integration test pipeline spins up infrastructure that exists for five minutes and is then torn down, you’re billed as if it existed for the full hour. This is a direct tax on the modern GitOps workflow patterns Terraform itself spent years promoting. The more ephemeral environments you use, the more punitive the billing becomes.
The compounding effect is severe. Another account describes cloning a 600-resource production workspace to create a pre-production environment. The resource count doubles to 1,200. The annual cost goes from ~$122 to ~$858, a 7x increase for what’s architecturally a trivial change. Multiply that across every environment, every test fixture, every modular abstraction, and the renewal quote stops being theoretical.
The Alternative TACOs
Once organizations work through the RUM math and realize the bill is structurally unsustainable, the obvious move is to look at alternative orchestration platforms. The three serious contenders, with very different pricing models:
| Platform | Pricing Model | Entry / Mid-Tier Cost | What It Does Differently |
|---|---|---|---|
| Spacelift | Resources + runs + seats | $1,500–$3,500/mo | Multi-tool (Pulumi, K8s manifests, Terragrunt). OPA policies. Custom runners. Cross-stack dependencies. |
| env0 | Per-user | ~$50/user/mo | Predictable user-based pricing. Strong TTL/ephemeral environment story. |
| Scalr | Per-user | ~$50/user/mo | Familiar Terraform Cloud UI replacement. Lower entry price than Spacelift. |
| ControlMonkey | Fixed plan (users + assets) | $800/mo (Startup: 10 users, 5k assets, 500 deploys) | One-click Terraform import, automatic drift remediation, daily cloud-config backups, built-in compliance. |
Spacelift is the choice for complex platform engineering teams. It supports Terraform, OpenTofu, Pulumi, Terragrunt, and Kubernetes manifests in one platform, handles cross-stack dependencies, and bakes OPA policy enforcement into the runtime. The catch is that its pricing still factors in managed resources, so the bill scales with infrastructure size, just less aggressively than HCP.
env0 and Scalr both flipped to user-based pricing specifically as a response to RUM. A 15-engineer team managing 3,000 resources pays roughly the same on env0 as a 15-engineer team managing 500. The price is bounded by headcount, not infrastructure complexity. This is the right model for teams whose resource counts have ballooned because they followed the “do everything as code” advice and now have hundreds of granular Terraform-managed entities they don’t want to pay per-unit fees on.
When to Pay for Any Commercial TACO
The harder question is whether the commercial orchestration layer is worth its multi-thousand-dollar monthly bill at all. The features TACOs sell (state locking, PR-level plan output, policy enforcement, drift detection, audit logging) are all things you can build into your own CI/CD pipeline. The question is whether building and maintaining that pipeline is cheaper than paying the SaaS fee.
For most teams under ~50 engineers, the answer is no. The SaaS fee buys polish and convenience, but the underlying capabilities are available in GitLab’s native state management or in GitHub Actions with the right open-source orchestrator. For larger teams, the calculus shifts: the cost of a dedicated platform engineer maintaining a custom CI/CD pipeline starts to approach the cost of a commercial license, and the operational predictability of a managed platform becomes valuable.
But the days of HCP Terraform being the obvious default for everyone above the free tier are over. The RUM model made the math too punishing for too many real-world architectures.
The next and final post in this series gets into the actual mechanics of running Terraform/OpenTofu inside your existing CI/CD: GitLab’s native state backend, GitHub Actions with OIDC/Workload Identity Federation for secretless deploys, and the open-source orchestrators (Atlantis, Digger, Terramate) that close the gap between raw YAML and a real platform.
Sources
- Terraform Cloud / Enterprise Pricing — Tiers Overview 2026 — Spacelift
- Terraform Cloud Pricing Guide: Tiers, Costs, and Optimization Tips — ControlMonkey
- 10 Best Terraform Cloud Alternatives & Competitors In 2026 — ControlMonkey
- Continuing HCP Terraform’s enhanced free tier experience — HashiCorp
- Terraform Cloud Pricing Explained: Resource-Based Guide (2026) — Firefly
- Spacelift Software Pricing & Plans 2026 — Vendr
- Terraform Cloud Pricing: A Complete Guide (2026) — env0
I’d appreciate a follow. You can subscribe with your email below. The emails go out once a week, or you can find me on Mastodon at @[email protected].
/ DevOps / Infrastructure / Terraform / Pricing / Hashicorp