In a recent webinar, “Terraform at Scale: 5 Things Terraform Cloud Doesn’t Provide,” Boris Isakov, DevOps Lead at Rapyd, shared how his team scaled their Terraform operations, what challenges emerged over time, and what led them to move beyond Terraform Cloud.

Below are key insights from that conversation.

When Terraform Cloud Meets Real Scale

As cloud infrastructure rapidly expands, fueled by the proliferation of AI, organizations are rethinking how they use Terraform to manage cloud at scale. At Rapyd, what began as a structured Terraform Cloud setup became increasingly complex as more teams, environments, and resources scaled alongside this growth.

With multiple DevOps teams operating globally, maintaining visibility, consistency, and control across environments became significantly more challenging. It became  clear with time that a solution like Terraform Cloud could not cut it.

Challenges that many see with Terraform Cloud

In this webinar, Boris and other cloud leaders have spoken about:

1. Limited Visibility Beyond Terraform

The first major gap was visibility.

This meant teams were operating with only a partial view of their infrastructure – a growing risk in a regulated fintech environment.

2. Cost Becomes Difficult to Predict

As the number of managed resources increased, cost became harder to control.

“As our environment grew, the bill increased significantly… the model charges per managed resource.”

In practice, this led to unexpected outcomes:

This created a mismatch between logical infrastructure and billing, making cost forecasting more complex.

3. Control Over State and Security

State management also became a concern as the environment matured. “Having Terraform states in a third-party platform wasn’t ideal from a security perspective.” For a fintech company, maintaining tighter control over infrastructure data became increasingly important.

Migration Without Disruption to Controlmonkey

At this point, the team stepped back.

“We made a list of real problems we wanted to solve — not just replace features, but actually improve our situation.”

They weren’t looking to replace Terraform Cloud feature-for-feature.They focused on what was missing:

1. Visibility across all cloud resources — not just what Terraform manages
2. A pricing model that doesn’t break at scale
3. Control over where state is stored
4. Consistency across teams and environments

This was the shift – from managing Terraform Cloud to putting structure around how infrastructure is actually governed at scale.

The Turning Point: Seeing What Was Missing

After connecting their environments, the team experienced a ‘Eureka’ , that changed the way they looked at their infrastructure.

Up until that point, they were operating based on what Terraform Cloud showed them. All of a sudden, Rapyd could understand all of the resources that were managed outside of Terraform code.- resources that had been created manually over time, never tracked, never governed. That visibility immediately turned into action.

First, they started cleaning up. Resources that were no longer in use were identified and removed. This wasn’t just about reducing cost,  it was about simplifying the environment and removing unknowns.

At the same time, they focused on the resources that were still active but not managed through Terraform. Those needed to be brought under control.

While that work is still ongoing, there is a  clear direction: move towards full infrastructure-as-code coverage and eliminate any unmanaged resources.

What Changed

With full visibility and a more structured approach, the team moved from reacting to issues, to proactively managing their environment.

They were able to identify and remove unused resources, bring unmanaged infrastructure under Terraform, and create more consistency across teams and environments. Over time, this gave them stronger control over how infrastructure is deployed and maintained.

What Rapyd experienced isn’t unique

It’s what happens when Cloud environments grow beyond a certain point. Lack of visibility becomes a weakness. Costs become harder to predict. Resources accumulate outside of Terraform without anyone noticing. And over time, control starts to slip.

The shift isn’t just about tooling. It’s about moving from managing Terraform to managing the infrastructure itself — with visibility, ownership, and consistency across the board.

Request a demo to see how it works:

Keyrock is a global crypto market maker and liquidity provider, operating critical trading infrastructure across digital asset markets. The business runs a multi-account cloud environment on AWS, alongside additional cloud providers and SaaS systems. At this scale, infrastructure needs to be delivered with speed, governance, and clarity – without relying on a centralized team to manage every change

Keyrock used Terraform Cloud to manage infrastructure delivery. As Keyrock grew and its cloud infrastructure scaled, Terraform Cloud became harder to operate with confidence. Drift and manual changes introduced risk, and permissioning couldn’t keep up with how Keyrock needed to scale access across teams. The infra team ended up absorbing too much of the day-to-day change load. 

Keyrock Challenges: infrastructure bottlenecks, limited control & drift 

Terraform Cloud did the job early on, but as Keyrock scaled, infrastructure became harder to manage with confidence. Legacy Terraform code, drift, and unmanaged-by-IaC resources introduced operational risk, while workspace sprawl made it difficult to enforce ownership at scale.  

Keyrock needed a model that could scale access across engineering teams while enforcing segregation and least privileged operations.

Rob Dudley, Head of Infrastructure at Keyrock, described the business impact:

“We were introducing significant risk through drift and unmanaged-by-IaC resources. This lack of confidence then impacts your delivery cadence and velocity.”

Rob Dudley

Head of Infrastructure

Keyrock began looking for a Terraform Cloud alternative. The goal wasn’t just to fix drift – it was to democratize infrastructure access without losing control.  Keyrock needed a solution that was reliable enough to safely hand infrastructure ownership to engineering teams across the business.

Keyrock Solution: replacing Terraform Cloud with ControlMonkey

Keyrock adopted ControlMonkey as a Terraform Cloud replacement to build a more scalable infrastructure delivery model – one that delivers full visibility into discrepancies between cloud vs. code, enforces permissioned access across teams, and supports audit-ready automation across the cloud estate.

First win: visibility into IaC vs. real infrastructure

Keyrock’s first win with ControlMonkey was visibility – surfacing the gap between Terraform code and real cloud infrastructure, including drift and ClickOps. The DevOps Team gained clear visibility across the estate.

Compliance-ready governance

Keyrock operates under strict regulatory and security requirements, including DORA, MiCA, and SOC 2. At this scale, compliance depends on infrastructure delivery that is locked down, auditable, and clearly owned across teams. ControlMonkey gave Keyrock the foundation to enforce segregation and responsibility, so the business can move fast while staying secure and audit-ready.

Democratizing IaC: shifting infrastructure ownership beyond a central team

As Keyrock grew, infrastructure delivery couldn’t stay centralized within the infrastructure team. The team needed a way to expand infrastructure access across engineering teams while keeping delivery controlled, auditable, and safe. ControlMonkey enabled that shift – making infrastructure a shared workflow rather than something handled only by a small group.

Rob described the impact ControlMonkey has had on his Team:

As part of this shift:

• Stakeholders contributing to Infrastructure changes grew 8× –  from ~5 people to ~40 active contributors
• ~70–80% of infra change management contributors are now from outside the infrastructure team
• Engineers gained the context they need to make safe changes, even when access is read-only — including full plan visibility

The Results

With ControlMonkey, Keyrock gained clear visibility into the gap between infrastructure in code and infrastructure running in the cloud –  including drift and manual ClickOps changes. What started as a Terraform Cloud replacement quickly became a foundation for scaling infrastructure delivery across engineering teams, without losing governance or auditability.

Already, the platform has delivered meaningful impact – Keyrock now have 0 drift & clickops on their best practice cloud estate.

More importantly, infrastructure is no longer something that is “done to teams.” It has become a shared workflow and a common point of conversation across the engineering org:

Ready to eliminate ClickOps, and scale IaC across your engineering org?

ControlMonkey helps engineering teams ship infrastructure with confidence — with full ClickOps visibility, drift control, and org-wide IaC participation.

Request a demo to see how it works:

UBIQ Education delivers a school website platform, helping schools worldwide deliver personalized experiences. The company serves hundreds of institutions across multiple regions. It onboards 10–20 new schools every month and deploys workloads across dozens of Azure regions. This ensures reliable, local delivery at scale.

UBIQ Challenge: Scaling Cloud Operations While Staying Compliant

As UBIQ’s customer base expanded, its cloud operations struggled to keep pace. The company initially used Terraform Cloud (TFC) but quickly hit limitations around environment separation, stack flexibility, and private agent pricing. The initial infrastructure was set up manually by developers. This created a ClickOps culture. As a result, there was Terraform drift, compliance gaps, and long deployment cycles.

Provisioning each new school site required 4 people in the loop. This added overhead and slowed a process that needed to keep pace with UBIQ’s rapid global growth.

At that point, Ed Haynes joined UBIQ as Principal Platform Engineer. He has over 15 years of experience in infrastructure roles. Ed worked at Lloyds Banking Group and Landmark Information. He has strong skills in Azure and Terraform. He understood that the company needed a scalable model for its growth.

The Results – Provisioning at Scale

Provisioning at Scale

With ControlMonkey, UBIQ transformed its cloud operations. Provisioning effort dropped by 75% – from four people to one. By removing handoffs between teams, UBIQ cut overhead and reduced ticketing. Developers gained more time to focus on innovation instead of repetitive provisioning tasks. 

ControlMonkey’s auto-stack creation ensured new environments could be spun up instantly. Moreover, the Azure DevOps PR integration provided contextual feedback. This helped reduce provisioning time and back-and-forth code reviews.

Providing such robust automation also eliminated ClickOps. Engineers felt more confident provisioning and updating infrastructure through Terraform. They no longer needed to bypass the golden pattern by using the Azure console.

UBIQ SOC 2 Compliance Gains

ControlMonkey also strengthened compliance. Before, manual provisioning and drift incidents made it harder and slower. It was difficult to keep up with  SOC 2 requirements, especially around encryption defaults and public-facing configurations. Through policy enforcement, Ed established rules to maintain a zero-tolerance approach for secrets and API keys in production. Additionally, drift detection promptly identified any misconfigurations.

The result: Achieving a 100% SOC 2 compliance acceptance rate in the infrastructure delivery process. This gave the company confidence to scale securely without losing agility.

Migration off Terraform Cloud

Ubiq decided to migrate from Terraform Cloud after seeing ControlMonkey in action. They realized the benefits of an IaC platform that supports infrastructure delivery, AI-powered Terraform code generation, and cloud integration beyond the code.

Migration from Terraform Cloud took just 1 day thanks to ControlMonkey’s automated migration tool.

Next phase: Self-service Terraform templates for non-tech users

With provisioning streamlined and compliance risks eliminated, Ed is now focusing on taking automation even further. UBIQ plans to adopt ControlMonkey’s self-service templates, which will allow non-technical teams to provision new customer environments without engineering involvement.

This next step will extend automation beyond DevOps. It will further reduce overhead and enable faster business growth. It will help UBIQ onboard 10 to 20 new schools each month without the cloud operations team becoming a bottleneck or slowing down the business.