At Banco Bradesco, one of the largest banks in Latin America, delivering a fully compliant infrastructure product could take up to 80 days from request to production readiness. Every new environment required coordination across platform engineering, security, networking, and IT service management teams. Governance controls were strict. Cloud adoption was accelerating. Complexity was growing.
In a sector where infrastructure delivery delays mean lost business opportunities and amplified regulatory risk, reducing provisioning time is not merely a technical achievement — it is a direct competitive advantage.
Automation existed, but it was fragmented. Change management and CMDB registration were separate processes. Policy validation often relied on manual checkpoints. Scaling across more than 20 internal producer teams contributing to a curated catalog of more than 500 HCP Terraform modules required a structured governance model, not just shared repositories.
The bank did not need more scripts. It needed orchestration.
By positioning Terraform as the control plane for its platform engineering strategy, Bradesco transformed infrastructure delivery into a governed, scalable, and self-service operating model. The result was a dramatic reduction in provisioning time from 80 days to just 5.
In practice, this means new digital products and services reach the market in a fraction of the previous time. Initiatives that once waited weeks for approved infrastructure can now go to production in days, accelerating the innovation cycle without compromising mandatory controls.
»From automation at scale to orchestration at scale
Internally, Bradesco defined orchestration as the structured coordination of automated steps executed in a predefined and governed sequence — from validation through provisioning to post-installation workflows.
Rather than allowing Terraform to operate as an isolated provisioning engine, the bank embedded it into a broader execution framework. Terraform became the centralized backend for platform engineering orchestration, connecting developers, the private module registry, Sentinel policies, run tasks, self-hosted agent pools, and multi-cloud providers.
This shift enabled Bradesco to consolidate execution, governance, and visibility into a single coordinated platform.
Bradesco not only used Terraform for running plans and applies, but also to standardize the platform structure itself. Organizations were segmented by environment. Projects grouped workloads by domain and cost center. Workspaces followed strict naming conventions and metadata standards. Policy sets and variable sets were consistently applied across environments.
Every infrastructure request now flows through a consistent model that:
Validates Sentinel policies before deployment
Enforces approval requirements for production
Integrates automatically with ServiceNow change workflows
Registers infrastructure assets in the CMDB via run tasks
Maintains a complete audit trail of every execution
Terraform became the execution engine that coordinates people, policies, and processes.
Terraform orchestrating end-to-end infrastructure delivery by connecting developers, CI/CD, policies, and multi-cloud provisioning in a single governed workflow.
»Enabling self-service with governance built in
A core objective of the transformation was to reduce friction for application teams. Developers should not need to understand module composition, backend configuration, or compliance logic to provision infrastructure. For a large financial institution, this challenge is not just operational — it directly affects the speed at which new products and features can be delivered to customers.
To enable this, Bradesco built a curated module ecosystem supported by a standardized CI/CD pipeline. Every module follows trunk-based development and semantic versioning rules. Pull requests generate ephemeral module versions for safe testing. Once approved, modules are promoted consistently across environments.
The pipeline includes static validation, security scans, speculative plans in Terraform, and Sentinel policy evaluation before publication. Versioning is automated using conventional commits, ensuring controlled minor, patch, or major releases.
The result is a curated platform experience where:
Infrastructure patterns are standardized and reusable
Policy as code enforces governance automatically
Module lifecycle is controlled through CI/CD
Application teams consume consistent, productized infrastructure
Self-service no longer meant loss of control. It meant controlled acceleration.
»Abstracting complexity with a custom provider
To further simplify consumption, Bradesco implemented a custom provider composition layer. This abstraction orchestrates multiple Terraform modules internally, enforces naming and metadata standards, and standardizes project and workspace configuration.
Instead of requiring application teams to chain modules manually, the provider resolves dependencies through outputs and composes infrastructure stacks behind a simplified interface. Complex multi-module architectures can be delivered through a single no-code abstraction.
For business stakeholders, this means application teams can focus on delivering value rather than managing infrastructure complexity — without the platform team losing visibility or control over how resources are provisioned.
This approach ensures consistency while preserving flexibility, allowing the platform team to evolve internal patterns without changing the developer experience.
»Governance embedded into execution
In financial services, governance must be intrinsic to execution — not a separate gate that slows delivery.
Through Sentinel policies, controlled CI workflows, and run tasks, Bradesco embedded governance directly into the infrastructure lifecycle. Production workspaces require explicit approval before apply. Policy validation blocks non-compliant changes automatically.
Successful executions trigger run tasks that:
Open or validate change records in ServiceNow
Register assets automatically in the CMDB
Send execution data to internal observability systems
This integration ensures CMDB coverage because asset registration is tied directly to successful Terraform runs rather than external scripts.
For a bank subject to Brazil’s Central Bank regulations and financial sector audit requirements, having full and automatic traceability of every infrastructure execution represents a concrete reduction in compliance risk — and a faster, more confident response to regulatory audits and inspections.
Drift detection strengthens operational control. Infrastructure health is continuously evaluated against declared configuration, and deviations can automatically generate incidents in ServiceNow.
Governance became systemic rather than procedural.
»Improving visibility and efficiency
Centralizing orchestration in Terraform created new visibility across the platform. Engineering teams gained insight into:
Module publishing and version evolution
Workspace utilization
Execution success and failure rates
Policy compliance trends
Agent health and scaling behavior
Ephemeral environments reduce idle infrastructure costs by automatically destroying temporary resources after defined windows. Self-hosted agents scale according to demand, aligning operational cost with usage. Infrastructure delivery became measurable and continuously improvable.
The no-code model also democratized module development. Producer teams can introduce enhancements or fix bugs without impacting existing environments, since changes are versioned and promoted through controlled pipelines.
Consumers are not forced to upgrade immediately. They can choose the right maintenance window to update their workspace versions. This gives teams confidence and control over their infrastructure lifecycle, balancing flexibility with governance.
»Delivering speed without sacrificing control
The most visible outcome of the transformation was speed. Infrastructure provisioning that once required up to 80 days was reduced to just 5 days from request to production-ready environment. This acceleration was achieved by codifying governance, not removing it.
CMDB compliance reached full coverage because registration became an automatic outcome of successful runs. Pipeline failures decreased as fragmented scripts were replaced with coordinated orchestration. Drift detection shifted operations from reactive troubleshooting to proactive management.
Onboarding new cloud providers now follows the same standardized workflow, making project configuration, workspace creation, and policy attachment transparent to application teams. Internal teams gained a repeatable, scalable model to deliver infrastructure across environments without increasing risk.
»A platform operating model for regulated enterprises
Bradesco’s journey demonstrates that scaling cloud in regulated industries requires more than infrastructure as code. It requires a platform engineering model where:
The platform itself is managed as code
Governance is enforced through policy as code
Module lifecycle is controlled through CI/CD
CMDB and ITSM integration are automated
Orchestration is centralized in a control plane
By making Terraform the backbone of its platform engineering strategy, Banco Bradesco transformed infrastructure from a bottleneck into a strategic capability. When orchestration becomes systemic, speed becomes sustainable.
For financial institutions looking to scale cloud operations with security and governance, Bradesco’s experience offers a replicable model: technology as a business enabler, and compliance as an accelerator, not a barrier.
