Terraform Automation withGitHub Pull Requests
Make Terraform changes by commenting on GitHub Pull Requests. Install our GitHub App and start applying Terraform changes faster than a speeding bullet.
Bring your Terraform workflow to our centralized platform where everyone can plan and apply
- First-Class GitHub App
- Third-Party Integrations
- Role-Based Access Control
- Security-First Architecture
Terraform automation by commenting on Pull Requests. Leverage GitHub Secrets for sensitive data. Safe locking with approved and mergeable apply requirements.
Out-of-the-box support for Terragrunt, Infracost, Driftctl, Tfsec, and Slack. Custom add-ons using pre and post command hooks and webhooks.
Advanced role-based access control per organization, repository, directory, or workspace. Restrict access using GitHub Code Owners.
Remote state, plan, and apply data secured by end-to-end encryption. Customers hold their own private keys. Automatic workflow to rotate keys.
Terraform without leaving GitHub
Benefit from safe and effective change management
Third-Party Integrations
Enable Terraform add-ons with a flick of a switch
Cost Estimation
infracost
Infracost shows cloud cost estimates using Terraform plan files. See a cost breakdown and understand costs before making changes.
Drift Detection
driftctl
A free and open-source CLI that warns of infrastructure drift and fills in the missing piece in your DevSecOps toolbox.
Terragrunt
terragrunt
Terragrunt is a thin wrapper that provides extra tools for keeping your configurations DRY, working with multiple Terraform modules, and managing remote state.
Static Analysis
tfsec
Tfsec uses static analysis of your terraform code to spot potential misconfigurations.
File-based Configuration
Our config.yml is used to control all aspects of Terrateam. No UI necessary.
1enabled: true
2version: "1"
3when_modified:
4 file_patterns: ["**/*.tf", "**/*.tfvars"]
5 autoplan: true
6 autoapply: false
7 module_dir_fragment: ["./modules/v1", "./modules/v2"]
8 module_root_dir_file_pattern: "main.tf"
9tf_state_dir_pattern_list: ["**/*.tf"]
10automerge:
11 enabled: true
12 delete_branch: true
13checkout_strategy: merge
14default_tf_version: "1.1.9"
15apply_requirements: ["mergeable", "approved"]
16cost_estimation:
17 enabled: true
18drift_detection_schedule:
19 enabled: true
20 schedule: "daily"
21permissions: []
22hooks:
23 plan:
24 pre:
25 - type: run
26 cmd: ["./scripts/hook-pre-plan.sh"]
27 post:
28 - type: run
29 cmd: ["./scripts/hook-post-plan.sh"]
30 apply:
31 pre:
32 - type: run
33 cmd: ["./scripts/hook-pre-apply.sh"]
34 post:
35 - type: run
36 cmd: ["./scripts/hook-post-apply.sh"]
37workflows:
38 - tag_query: iam
39 plan:
40 - type: run
41 cmd: ["./scripts/workflow-iam-plan-pre-exec.sh"]
42 - type: init
43 - type: plan
44 extra_args: ["-parallelism=20"]
45 - tag_query: workspace:production
46 apply:
47 - type: init
48 - type: apply
49 - type: run
50 cmd: ["./scripts/workflow-production-workspace-successful-apply.sh"]
51 run_on: success
52dirs:
53 iam:
54 tags: [iam]
55 when_modified:
56 file_patterns: ['iam/*.tf']
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
Security-First Architecture
It's your data. You own it.
Plan Output
Sensitive data from Terraform plan output is obfuscated to ensure secrets and passwords are never displayed in clear text.
Remote State
Backend state encrypted and decrypted using customer-provided keys securely stored in trusted GitHub Secrets. Terrateam does not store customer private keys.
End-to-end Encryption
Built from the ground up with security in mind. Only customers can read and write their data. Terrateam has no access.
Customer-Managed Keys
Peace of mind that your data is secure from the start using a privately generated key. Workflow in place to rotate keys as often as you want.