Terraform Alternatives That Don't Suck to Migrate To

HashiCorp changed their license in 2023 and basically said "fuck you" to anyone using Terraform in production. The change took effect August 10, 2023, switching from Mozilla Public License 2.0 to the Business Source License v1.1 starting with Terraform 1.6.0. Now you're paying ridiculous money for HCP Terraform or wondering if you're violating their Business Source License every time you deploy infrastructure.

Meanwhile HCP Terraform costs spiral out of control. What started as "just $20/user" becomes $2,000/month once you factor in their per-resource pricing bullshit and premium features you actually need in production.

Migration Reality: Most Alternatives Are Garbage

Most Terraform alternatives fall into these painful categories:

Complete Rewrites (Avoid These): Pulumi wants you to rewrite everything in TypeScript. AWS CDK forces you into their proprietary nonsense. Great if you enjoy throwing away two years of infrastructure work. Here's why rewrites usually fail.

Cloud Vendor Lock-in: CloudFormation only works on AWS. Azure Resource Manager templates only work on Azure. Congratulations, you've traded HashiCorp lock-in for Amazon lock-in.

Academic Bullshit: Crossplane requires a PhD in Kubernetes and YAML to configure a load balancer. Perfect if you want to explain custom resource definitions at 2am when production is down.

The real question isn't "what's the best alternative" - it's "what won't make me want to quit programming."

What Actually Works for Migration

You need something that doesn't break your existing shit:

1. Import your state files without data corruption
2. Same provider ecosystem so your AWS configs still work
3. Same HCL syntax so you don't rewrite everything
4. Keep your CI/CD without learning new deployment patterns
5. Migrate gradually instead of big-bang migrations that fail spectacularly

Migration Horror Stories (Learn From My Pain)

Story #1: We tried migrating to Pulumi for 4 months. Spent 2 engineer-months rewriting modules just to provision the same EC2 instances. Gave up when we hit provider compatibility issues with our custom networking. Went back to Terraform and just accepted the license risk.

Story #2: Another team tried CloudFormation because "it's free." Three months later they're debugging YAML template hell and can't figure out why their stack updates fail randomly. They're stuck because half their infrastructure is in CloudFormation now.

Story #3: We attempted a gradual Terraform → OpenTofu migration. Worked great until we hit some obscure provider bug that only affected OpenTofu - specifically the AWS provider 5.24.0 threw InvalidInstanceType.NotFound errors for m6i.large instances that worked fine in Terraform. Took 3 days to debug because the error message was identical to actual AWS API failures. We learned the hard way that "100% compatible" isn't always 100%, especially with edge cases in newer provider versions.

The real lesson: test everything in staging first and have a rollback plan that doesn't involve recreating your entire infrastructure.

OpenTofu: Terraform Without the License Bullshit

OpenTofu is literally Terraform from before HashiCorp decided to screw everyone over. It's a fork of Terraform 1.5.x that works exactly like Terraform but without the licensing drama. The project launched in September 2023 and joined the Linux Foundation, later moving to CNCF sandbox status in April 2025.

Migration reality:

• Drop-in replacement until it isn't
• Same HCL syntax means your configs work unchanged
• State file migration with tofu init -migrate-state
• Same providers from the Terraform Registry (for now)

Migration process that actually works:

1. Install OpenTofu binary (actually works)
2. Update CI/CD scripts from terraform to tofu (breaks something unexpected)
3. Run migration in staging first (critical - don't skip this)
4. Fix the random thing that broke (there's always something)

Current issues I've hit:

• Some newer providers assume Terraform and fail with OpenTofu - specifically AWS provider 5.26.0+ has edge cases
• CI/CD caching systems cache the old terraform binary path, causing mysterious "command not found" errors
• State migration works fine but some team members forget to switch tools and get weird state lock conflicts
• Provider version constraints sometimes behave differently - ran into this with the Kubernetes provider 2.24.0 where constraint resolution failed
• Docker images with hardcoded /usr/local/bin/terraform paths break when you switch to tofu

The big unknown: OpenTofu and Terraform are diverging. Today's 100% compatibility won't last forever. New Terraform features won't appear in OpenTofu and vice versa.

Spacelift: Actually Good (But Expensive)

Spacelift doesn't replace Terraform - it wraps it with enterprise features that actually work. Your Terraform code stays the same, but you get policies, approvals, and drift detection that doesn't suck.

What works:

• Imports existing state files without breaking anything
• VCS integration that mostly works (GitHub/GitLab)
• Policy engine using OPA (when you figure out how to write policies)
• Cost estimation before applies (usually accurate)

What breaks:

• Custom workflow requirements need their proprietary syntax
• Documentation assumes you already know their platform
• Pricing calculator lies - actual usage costs more
• API docs are terrible if you need custom integrations

Real pricing experience:
Their $25/user pricing becomes $80/user once you add the features you actually need (policies, multiple environments, compliance features). Budget 50% more than their calculator suggests.

Migration gotcha: You're locked into their workflow system. If you want to leave, you take your Terraform code but rebuild all your workflows from scratch.

Atlantis: Free Until It Breaks at 2am

Atlantis runs Terraform through pull requests. It's free, self-hosted, and works great until something breaks and you're the one who has to fix it. The workflow automation integrates directly with GitHub/GitLab PRs.

Why people use it:

• Complete control over your infrastructure
• No vendor lock-in or usage limits
• State files never leave your environment
• Actually free (just infrastructure costs)

What you'll debug at 2am:

• Webhook configuration that randomly stops working - usually GitHub webhook delivery failures with 502 errors because your load balancer is misconfigured
• Kubernetes networking issues (if you run it on k8s) - ingress controller timeouts, service mesh proxy issues, or pod-to-pod communication failures
• GitHub/GitLab authentication that breaks during updates - token expiration, scope changes, or API rate limiting
• Resource limits when your Terraform plans get large - we hit memory limits at around 50MB plan files and CPU limits with parallel applies
• Database connection pool exhaustion when multiple PRs trigger concurrent plans - Atlantis uses SQLite by default which doesn't handle high concurrency well

Migration process:

1. Deploy Atlantis (take 2-3 attempts to get networking right)
2. Configure webhooks (this will break twice before working)
3. Add atlantis.yaml to repos (straightforward)
4. Fix the random permission issues that pop up

The hidden cost: You're responsible for everything. Updates, security patches, monitoring, fixing it when it breaks. Great if you have spare ops capacity, nightmare if you don't.

When it's worth it: You have strong ops team, hate vendor lock-in, and don't mind being on call for your CI/CD system.

Now here's the part nobody talks about: when these "better" alternatives will completely fuck you over, and what they'll actually cost once you factor in the hidden bullshit.