In the rapidly evolving landscape of cloud automation, the choice of infrastructure-as-code (IaC) tools plays a pivotal role in achieving scalability, consistency, and operational efficiency. Terraform, a widely adopted tool for declarative infrastructure management, has long been the industry standard. However, the emergence of OpenTofu—a fork of Terraform under the Cloud Native Computing Foundation (CNCF)—has introduced new opportunities for organizations seeking to align with open-source ecosystems while reducing technical debt. This article explores Fidelity Investments’ journey to migrate from Terraform to OpenTofu, highlighting the strategic approach, technical considerations, and lessons learned in transitioning a large-scale cloud infrastructure.
Terraform is an open-source IaC tool that enables users to define and provision infrastructure using declarative configuration files. It supports multiple cloud providers and offers features like state management, resource dependency tracking, and modularization. However, its proprietary nature and lack of community-driven development have led to the creation of OpenTofu, a community-led fork that aims to preserve Terraform’s functionality while fostering open-source innovation under CNCF.
Cloud Automation refers to the use of tools and processes to automate the provisioning, management, and scaling of cloud resources. Effective tooling is critical to achieving consistency, reducing human error, and enabling rapid deployment cycles.
Fidelity Investments, a global financial services firm with over 2,000 applications and 50,000 state files managing 4 million resources, embarked on a large-scale migration from Terraform to OpenTofu. The migration was driven by two core objectives: supporting the open-source community and unifying CLI tools to eliminate the maintenance overhead of dual versions. The process was divided into five strategic phases:
A pilot project was conducted to validate OpenTofu as a complete replacement for Terraform. A high-impact internal platform application was selected for deployment in production, ensuring that existing CI/CD pipelines and governance mechanisms could support the transition without disruption.
Leadership and DevOps committees were engaged to align on the migration goals. Emphasis was placed on demonstrating OpenTofu’s advantages, such as its open-source governance model and reduced vendor lock-in, while addressing potential risks. High-usage Terraform teams were prioritized to build early support.
Tools, documentation, and support were made available to facilitate the migration. After validating the tools in the POC, they were rolled out to the broader development team. Transparent progress reports were introduced to encourage early adopters and track adoption rates.
Collaboration with core partners accelerated the migration, achieving a 70% adoption rate within multiple quarters. Data transparency was leveraged to build confidence, showcasing success metrics such as reduced maintenance costs and improved governance.
The organization transitioned to using OpenTofu CLI as the default tool, with only a few exceptions. Automated governance mechanisms were implemented to phase out Terraform, ensuring version consistency across all teams.
The migration focused on replacing Terraform CLI commands with OpenTofu equivalents, rather than rewriting infrastructure code. Shared CI/CD pipelines required minimal modifications to support both tools, enabling a scalable rollout across teams.
Prioritizing uniform CLI versions across the organization minimized migration risks. Early adopters’ experiences were critical in building trust, as they demonstrated the feasibility of the transition.
Migration progress was tracked through centralized dashboards, with success stories highlighted to motivate teams. Transparent data also provided actionable insights for refining the migration strategy.
To streamline the migration, Fidelity developed an internal platform called Bento, which provided:
Teams used a mix of tools (PowerShell, Pulumi, Terraform, OpenTofu), complicating the migration. The solution was to establish Bento as a unified platform, centralizing resources and pipelines.
Without a centralized infrastructure, managing the migration became fragmented. Bento addressed this by providing a single source of truth for all IaC operations, reducing duplication and improving governance.
Prioritize CLI Replacement: Focus on updating CI/CD pipelines and CLI commands rather than rewriting infrastructure code. This minimizes disruption and accelerates adoption.
Ensure Version Consistency: Align teams on a unified CLI version early in the migration to reduce variability and technical debt.
Leverage Data Transparency: Use progress tracking and success metrics to build team confidence and drive participation in the migration.
Migrating from Terraform to OpenTofu requires a strategic, phased approach that balances technical execution with organizational alignment. By focusing on CLI unification, version consistency, and data transparency, Fidelity Investments achieved a seamless transition at scale. The lessons from this case study underscore the importance of tooling in cloud automation and the value of open-source ecosystems in driving innovation and operational efficiency.