Atlantis, OpenTofu & Terragrunt
Over the past few weeks, I’ve had the opportunity to join a brand-new team and dive right into a critical infrastructure modernization initiative. From day one, I was assigned to help lead the transition from an existing CloudFormation-based setup to a fully automated Infrastructure as Code (IaC) strategy using Atlantis, OpenTofu, and Terragrunt, with Bitbucket as our Git provider.
This shift wasn’t just technical—it represented a strategic decision to embrace more scalable, auditable, and team-friendly workflows for managing cloud infrastructure. While the challenge was significant, the learning and growth were equally rewarding.
Joining a new team and jumping into an ongoing effort can be overwhelming, but I was fortunate to receive incredible support from a senior colleague who had already been shaping the project. Their guidance during onboarding made a huge difference, and together we managed to accomplish the initial project goals successfully.
What We Set Out to Do
Our mission was clear:
- Migrate infrastructure components from CloudFormation to OpenTofu.
- Use Terragrunt to build reusable, environment-specific modules.
- Deploy infrastructure through Atlantis, following GitOps best practices.
By introducing this stack, we aimed to:
- Reduce manual deployments and human error.
- Increase reproducibility across environments.
- Enable pull request–based workflows for infrastructure changes.
- Improve code reuse and standardization across different teams.
What We Built
- Modular architecture using Terragrunt, with clear separation of environments (dev, staging, production).
- Automated pull-request workflows with Atlantis, offering plan and apply operations controlled through Git comments.
- Backend state managed securely and remotely.
- Continuous improvement through iteration and code reviews.
Benefits of the New Approach
Adopting OpenTofu, Terragrunt, and Atlantis together unlocked a powerful, flexible infrastructure workflow:
Pros
- GitOps native: Every change goes through a PR and review cycle.
- Environment consistency: Terragrunt allows easy reuse and overrides, keeping code DRY.
- Automation by design: With Atlantis, no more applying Terraform from your local terminal.
- Onboarding clarity: New engineers ramp up faster with standardized modules and workflows.
- Separation of concerns: Modules, configurations, and deployments are neatly decoupled.
Challenges
- Initial complexity: Understanding how Atlantis, Terragrunt, and OpenTofu interact takes time.
- Learning curve: Especially for teams moving from CloudFormation or traditional Terraform.
- CI/CD design: Secret management, state handling, and permissions require careful planning.
- Debugging: Issues in automated pipelines can be harder to trace without proper observability.
Despite these challenges, the migration delivered clear wins and sets a foundation for future scalability and resilience.
Results & Reflections
This project wasn’t about swapping one tool for another. It was a mindset shift—from manually managed infrastructure to declarative, reviewable, and auditable IaC pipelines.
Even though the tooling has its learning curve, the results are real:
- Reduced deployment friction.
- Greater confidence in infrastructure changes.
- Reusable patterns and improved team collaboration.
- A solid path to onboarding new contributors faster and more safely.
The early success of this transition reflects our team’s culture of continuous improvement, collaboration, and technical evolution. We’re never static—always questioning, testing, and iterating. That’s what makes engineering exciting.
Built by a team in motion. Driven by curiosity, improvement, and bold change. 🛠