If you’re deploying public cloud infrastructure at scale in your organization, you’ve likely encountered challenges when addressing issues such as security, policy governance, drift control, and operational efficiency. How do you support infrastructure deployments for numerous decentralized teams while maintaining security and policy governance centrally and managing other risks? That’s where infrastructure-as-code tools and the DevOps framework come into play.

By 2025, Gartner analysts project more than 85% of organizations will embrace a cloud-first principle and will not be able to fully execute on their digital strategies without the use of cloud-native architectures and technologies. We’re at a point where centralized workload operation teams are having to rapidly adapt their security, governance, and operational controls (which took decades to mature) as they move to decentralized workload models leveraging public cloud providers.

This rapid shift can reintroduce business risks without the right toolbox. Deploying infrastructure as code (IaC) at scale using Terraform and the DevOps framework should become the common platform of tools, approaches, and best practices that cloud administrators use to automate and standardize cost, compliance, security, and operations controls across the distributed workload model.

Based on our experience helping organizations deploy IaC at scale, we present an overview of the infrastructure-as-code tools we recommend, and why.

Start with Native Terraform for Infrastructure-as-Code Tools

For many DevOps teams, using Terraform to deploy IaC seems simple and obvious. Native Terraform supports codified interaction with a vast array of hardware platforms, cloud providers, cloud services, and development products. The added plus is that it’s a declarative language and is meant to be easy to use.

Moreover, we see increasing market demand and trust in the tool. Not only are early adopter companies increasingly doubling down with Terraform for their IaC deployments, but public cloud providers and software companies are investing in it, too.

If you haven’t lived through an IaC-at-scale implementation, you may not know of the painful lessons that come with choosing the wrong products to pair with Terraform. You’ll need a suite of tools to enable the at-scale automation needed for operational and security governance. Be aware – choosing the wrong kinds of tools will restrict your ability to implement IaC at scale.

The Limitations of Terraform Accelerators and Wrappers

Increased market demand spurred the introduction of many Terraform accelerators and wrappers. These tools aim to make it easier for developers and cloud administrators to develop and execute Terraform within their continuous integration/continuous delivery (CI/CD) pipeline. You’re likely familiar with some of these tools, like Terragrunt and Pretf, which abstract Terraform code creation, and Terraform execution wrappers like Atlantis and RubyTerraform.

These products—available for free—help mid-market and enterprise customers with the potential for an accelerated IaC adoption ramp-up or lower IT transformation hurdles to climb. They help DRY (Don’t Repeat Yourself) out code, allow organizations to scale beyond Terraform open source, and help with teams larger than one to two people.

However, rarely do these tools used early in an IaC adopter’s journey meet the long-term needs of the organizations that adopt them. Accelerators, wrappers, and shortcuts may introduce concepts and technologies leveraged in IaC—like Terraform—but you may encounter issues when using them to support IaC-at-scale approaches. By abstracting access to native Terraform functions, these tools introduce unnecessary complexity and restrict scale.

Organizations that have adopted these tools have encountered issues such as the following:

• Lack of ability to scale well
• Organizations needing to decentralize workspace deployment and operations
• Siloed talent exposed to the wrapper technology can become a single point of failure or limit growth
• Increased risk to governance controls without centralized policy management
• Inability to manage sprawling security profiles across platforms and roles
• Excessive IaC drift at scale with the ability to manage centrally controlled state files and test configurations through native Terraform application programming interfaces (APIs)
• Lack of access to native Terraform APIs and features

We recommend pursuing native Terraform and tools that support it wherever possible. You’ll also want to invest in training for your teams to understand how to work with Terraform in a structured CI/CD pipeline.