Terraform Automation withGitHub Pull Requests

Plan and apply Terraform changes in pull requests

✔️ Unlimited usage

✔️ Access to all features

✔️ No credit card required

✔️ Free for personal use

Empower your team with Terraform. Take control of your cloud resources.

First-Class GitHub App

Third-Party Integrations

GitHub Branch Protection Rules

Security-First Architecture

Terraform without leaving GitHub

Benefit from safe and effective change management

Terraform Plan

Open a pull request and Terrateam will automatically run a plan against your changes. Plan output securely posted back to the pull request for your team to review.

Apply Requirements

Pull requests must satisfy GitHub branch protection rules before Terrateam will apply any changes.

Safety First

Terrateam will only apply a plan if and only if the pull request has the lock.

Terraform Apply

Terrateam will apply any planned changes if it has the lock and all of the apply requirements are met.

Third-Party Integrations

Enable Terraform add-ons with a flick of a switch

Cost Estimation

infracost

Infracost shows cloud cost estimates using Terraform plan files. See a cost breakdown and understand costs before making changes.

Drift Detection

driftctl

A free and open-source CLI that warns of infrastructure drift and fills in the missing piece in your DevSecOps toolbox.

Terragrunt

terragrunt

Terragrunt is a thin wrapper that provides extra tools for keeping your configurations DRY, working with multiple Terraform modules, and managing remote state.

Static Analysis

tfsec

Tfsec uses static analysis of your terraform code to spot potential misconfigurations.

File-based Configuration

Our config.yml is used to control all aspects of Terrateam. No UI necessary.

1enabled: true
2when_modified:
3  file_patterns: ["**/*.tf", "**/*.tfvars"]
4  autoplan: true
5  autoapply: false
6automerge:
7  enabled: true
8  delete_branch: true
9checkout_strategy: merge
10default_tf_version: "1.1.9"
11cost_estimation:
12  enabled: true
13  provider: infracost
14drift_detection:
15  enabled: true
16  provider: driftctl
17  schedule: daily
18static_analysis:
19  enabled: true
20  provider: tfsec
21hooks:
22  plan:
23    pre:
24      - type: run
25        cmd: ["./scripts/hook-pre-plan.sh"]
26    post:
27      - type: run
28        cmd: ["./scripts/hook-post-plan.sh"]
29  apply:
30    pre:
31      - type: run
32        cmd: ["./scripts/hook-pre-apply.sh"]
33    post:
34      - type: run
35        cmd: ["./scripts/hook-post-apply.sh"]
36workflows:
37  - tag_query: iam
38    plan:
39      - type: run
40        cmd: ["./scripts/workflow-iam-plan-pre-exec.sh"]
41      - type: init
42      - type: plan
43        extra_args: ["-parallelism=20"]
44  - tag_query: workspace:production
45    terragrunt: true
46    apply:
47      - type: init
48      - type: apply
49      - type: run
50        cmd: ["./scripts/workflow-production-workspace-successful-apply.sh"]
51        run_on: success
52dirs:
53  iam:
54    tags: [iam]
55    when_modified:
56      file_patterns: ['iam/*.tf']
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157

Security-First Architecture

It's your data. You own it.

Plan Output

Sensitive data from Terraform plan output is obfuscated to ensure secrets and passwords are never displayed in clear text.

Remote State

Backend state encrypted and decrypted using customer-provided keys securely stored in trusted GitHub Secrets. Terrateam does not store customer private keys.

End-to-end Encryption

Built from the ground up with security in mind. Only customers can read and write their data. Terrateam has no access.

Customer-Managed Keys

Peace of mind that your data is secure from the start using a privately generated key. Workflow in place to rotate keys as often as you want.

GitHub Secrets

Leverage GitHub Secrets to safely store passwords, tokens, certificates, and other sensitive information in a trusted environment.

Customer-Only Decryption

In the event of an unlikely compromise, third-parties are unable to view encrypted customer-data. Terrateam does not have access to customer-managed keys.

GitHub App Install to Terraform Apply 🚀