Banco Bradesco Transforms Infrastructure Delivery with Terraform
Banco Bradesco, one of Latin America’s largest banks, has significantly reduced its infrastructure provisioning time from 80 days to just 5 days. This transformation was achieved by implementing Terraform as the central control plane for its platform engineering strategy, enabling a more efficient and compliant infrastructure delivery process. The shift addresses the growing complexity and regulatory demands in the financial sector, allowing Bradesco to accelerate its digital offerings while maintaining strict governance controls.
Challenges of Traditional Infrastructure Delivery
Before the transformation, Banco Bradesco faced considerable delays in delivering fully compliant infrastructure products. Each new environment required extensive coordination among various teams, including platform engineering, security, networking, and IT service management. As cloud adoption accelerated within the bank, the complexity of managing these processes grew. Delays in infrastructure delivery not only hampered business opportunities but also increased regulatory risks.
While automation tools existed, they were fragmented and lacked cohesion. Change management processes were separate from Configuration Management Database (CMDB) registrations, leading to inefficiencies. Policy validation often depended on manual checkpoints, which further complicated the process of scaling across more than 20 internal teams contributing to a catalog of over 500 HashiCorp Terraform modules.
The Shift to Orchestration
To address these challenges, Banco Bradesco redefined its approach by positioning Terraform as the backbone of its platform engineering operations. The bank adopted orchestration—defined as the structured coordination of automated steps executed in a governed sequence—to streamline its infrastructure delivery process.
Rather than treating Terraform as an isolated provisioning engine, Bradesco integrated it into a comprehensive execution framework that connected developers with a private module registry, Sentinel policies (which enforce compliance), run tasks, self-hosted agent pools, and multiple cloud providers. This integration allowed for consolidated execution and governance within a single platform.
The transformation standardized various aspects of infrastructure requests through a consistent model that:
Validates Sentinel policies before deployment
Enforces approval requirements for production environments
Automatically integrates with ServiceNow change workflows
Registers infrastructure assets in the CMDB via automated run tasks
Makes every execution traceable with a complete audit trail
Empowering Self-Service with Built-in Governance
A key objective of Bradesco’s transformation was to reduce friction for application teams. Developers should not need deep knowledge of module composition or compliance logic to provision infrastructure efficiently. To achieve this goal, Bradesco built a curated ecosystem of modules supported by a standardized Continuous Integration/Continuous Deployment (CI/CD) pipeline.
This pipeline ensures that every module adheres to trunk-based development and semantic versioning rules. Pull requests generate temporary module versions for testing before they are promoted across environments upon approval. The pipeline incorporates static validation checks, security scans, Terraform speculative plans, and Sentinel policy evaluations prior to publication.
The outcome is a streamlined platform experience where:
Infrastructure patterns are standardized and reusable
Policy as code enforces governance automatically
The module lifecycle is managed through CI/CD processes
Application teams access consistent and productized infrastructure offerings
Simplifying Complexity Through Custom Providers
To further enhance usability, Banco Bradesco implemented a custom provider composition layer that abstracts multiple Terraform modules internally. This layer enforces naming conventions and metadata standards while standardizing project configurations.
This approach allows application teams to avoid manually chaining modules; instead, dependencies are resolved automatically through outputs. Complex architectures can now be delivered via a single no-code abstraction interface. For business stakeholders, this means that application teams can focus on delivering value rather than managing intricate infrastructure details without compromising visibility or control.
A Systemic Approach to Governance
In the financial sector, embedding governance into execution is crucial for efficiency and compliance. Through Sentinel policies and controlled CI workflows integrated with run tasks, Banco Bradesco has embedded governance directly into its infrastructure lifecycle.
This integration ensures that production workspaces require explicit approval before any changes are applied while policy validation blocks non-compliant modifications automatically. Successful executions trigger automated tasks that:
Create or validate change records in ServiceNow
Register assets in the CMDB automatically
Send execution data to internal observability systems
The Results: Speed Without Compromise
The most significant outcome of this comprehensive transformation is speed; provisioning time has plummeted from 80 days to just 5 days for new environments ready for production use. This acceleration was achieved by codifying governance rather than eliminating it.
The bank’s CMDB compliance reached full coverage since asset registration became an automatic result of successful runs. Pipeline failures decreased as fragmented scripts were replaced with coordinated orchestration efforts. Additionally, drift detection capabilities have shifted operations from reactive troubleshooting to proactive management.
Conclusion: A Model for Regulated Enterprises
Banco Bradesco’s experience illustrates that scaling cloud operations in regulated industries requires more than just implementing infrastructure as code; it necessitates an integrated platform engineering model where governance is inherently enforced through policy as code and CI/CD controls are automated.
This strategic shift has transformed infrastructure from being a bottleneck into a competitive advantage for Banco Bradesco—allowing it to deliver services faster while ensuring compliance with regulatory standards. Other financial institutions looking to enhance their cloud operations can draw valuable lessons from this journey: technology should be viewed as an enabler of business growth rather than an obstacle.
What This Means for Financial Institutions
The successful implementation at Banco Bradesco serves as a blueprint for other financial institutions aiming to scale their cloud operations securely and efficiently. By adopting similar orchestration strategies combined with robust governance frameworks, organizations can achieve faster time-to-market for new products while maintaining compliance—a critical factor in today’s highly regulated financial landscape.
For more information, read the original report here.
