Terraform Automation withGitHub Pull Requests
Plan and apply Terraform changes in pull requests
✔️ Unlimited usage
✔️ Access to all features
✔️ No credit card required
✔️ Free for personal use
Empower your team with Terraform. Take control of your cloud resources.
- First-Class GitHub App
- Third-Party Integrations
- GitHub Branch Protection Rules
- Security-First Architecture
Terraform without leaving GitHub
Benefit from safe and effective change management
Third-Party Integrations
Enable Terraform add-ons with a flick of a switch
Cost Estimation
infracost
Infracost shows cloud cost estimates using Terraform plan files. See a cost breakdown and understand costs before making changes.
Drift Detection
driftctl
A free and open-source CLI that warns of infrastructure drift and fills in the missing piece in your DevSecOps toolbox.
Terragrunt
terragrunt
Terragrunt is a thin wrapper that provides extra tools for keeping your configurations DRY, working with multiple Terraform modules, and managing remote state.
Static Analysis
tfsec
Tfsec uses static analysis of your terraform code to spot potential misconfigurations.
File-based Configuration
Our config.yml is used to control all aspects of Terrateam. No UI necessary.
1enabled: true
2when_modified:
3 file_patterns: ["**/*.tf", "**/*.tfvars"]
4 autoplan: true
5 autoapply: false
6automerge:
7 enabled: true
8 delete_branch: true
9checkout_strategy: merge
10default_tf_version: "1.1.9"
11cost_estimation:
12 enabled: true
13 provider: infracost
14drift_detection:
15 enabled: true
16 provider: driftctl
17 schedule: daily
18static_analysis:
19 enabled: true
20 provider: tfsec
21hooks:
22 plan:
23 pre:
24 - type: run
25 cmd: ["./scripts/hook-pre-plan.sh"]
26 post:
27 - type: run
28 cmd: ["./scripts/hook-post-plan.sh"]
29 apply:
30 pre:
31 - type: run
32 cmd: ["./scripts/hook-pre-apply.sh"]
33 post:
34 - type: run
35 cmd: ["./scripts/hook-post-apply.sh"]
36workflows:
37 - tag_query: iam
38 plan:
39 - type: run
40 cmd: ["./scripts/workflow-iam-plan-pre-exec.sh"]
41 - type: init
42 - type: plan
43 extra_args: ["-parallelism=20"]
44 - tag_query: workspace:production
45 terragrunt: true
46 apply:
47 - type: init
48 - type: apply
49 - type: run
50 cmd: ["./scripts/workflow-production-workspace-successful-apply.sh"]
51 run_on: success
52dirs:
53 iam:
54 tags: [iam]
55 when_modified:
56 file_patterns: ['iam/*.tf']
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
Security-First Architecture
It's your data. You own it.
Plan Output
Sensitive data from Terraform plan output is obfuscated to ensure secrets and passwords are never displayed in clear text.
Remote State
Backend state encrypted and decrypted using customer-provided keys securely stored in trusted GitHub Secrets. Terrateam does not store customer private keys.
End-to-end Encryption
Built from the ground up with security in mind. Only customers can read and write their data. Terrateam has no access.
Customer-Managed Keys
Peace of mind that your data is secure from the start using a privately generated key. Workflow in place to rotate keys as often as you want.
GitHub Secrets
Leverage GitHub Secrets to safely store passwords, tokens, certificates, and other sensitive information in a trusted environment.
Customer-Only Decryption
In the event of an unlikely compromise, third-parties are unable to view encrypted customer-data. Terrateam does not have access to customer-managed keys.