Terraform/OpenTofu

Overview

Terraform and OpenTofu packages are purpose-built for managing infrastructure as code (IaC) within Bluebricks. These artifacts let you define, plan, and provision infrastructure resources declaratively using standard Terraform or OpenTofu configurations, while leveraging Bluebricks’ orchestration engine for consistent, auditable execution across environments.

By encapsulating your IaC module as an artifact, you can integrate infrastructure changes directly into deployment pipelines, apply environment-specific inputs, and ensure controlled, versioned rollouts.

Expanded Capabilities:

built-in capabilities that streamline the operational lifecycle of your Terraform/OpenTofu workloads:

• Managed state by default, with the option to bring your own remote backend

• Automatic state migration tooling to simplify backend transitions

• Support for both OpenTofu and Terraform within the same workflow, enabling mixed or incremental adoption

• State segmentation at the module level, producing smaller, more targeted state files for safer and clearer change management

Package Dependencies and Data Flow

Packages expose inputs (properties) and outputs, enabling them to participate in flexible, modular dependency chains orchestrated through a directed acyclic graph (DAG).

Inputs define the parameters a package requires and can be statically defined or dynamically derived using expressions that reference other packages, blueprint properties, or secrets. These expressions create explicit dependencies between packages, allowing the orchestrator to determine the correct execution order. Inputs also support conditional expressions, enabling packages to be included or excluded based on runtime context.

Outputs represent values produced during package execution—such as resource identifiers, endpoints, or computed configurations—and become available for consumption by downstream packages. This creates a bidirectional dependency flow where packages can safely reference one another’s results.

This design enables unified orchestration across multiple infrastructure-as-code technologies—Terraform, Helm, Bicep, and CloudFormation can coexist within a single blueprint, sharing data and dependencies seamlessly. The orchestrator provides a single plan, single execution flow, and unified state management regardless of the underlying IaC tool. Packages can be sourced from artifacts or directly from Git repositories, allowing complex systems to be built from small, reusable, independently versionable units. The dependency graph is calculated at plan time, ensuring deterministic execution order and enabling parallel execution where dependencies allow.