We Solved the Hardest Problem First
IaC + Monorepos. While others built simple workflows, we engineered for thousands of workspaces, complex dependencies, and enterprise chaos.
Built for monorepos with thousands of workspaces. Not another YAML generator.
The scale challenge
Built from day one to handle thousands of workspaces without breaking a sweat
The reality of modern infrastructure at scale
Hundreds of teams, thousands of workspaces, endless dependencies
Environments
Teams & Services
Infrastructure Layers
The Challenge:
How do you manage access control, apply requirements, workflows, and policies across this complexity without creating a bureaucratic nightmare?
The architecture that makes it possible
One revolutionary concept: Tag-based configuration that turns complexity into simplicity
Configuration as Code That Actually Scales
While others hard-code rules for specific directories, we built a declarative tagging system that creates infinite flexibility with zero complexity
Define Directories & Assign Tags
Use glob patterns to match directories and assign semantic tags:
# .terrateam/config.yml
dirs:
production/**:
tags: [production, critical]
workspaces:
us-east-1:
tags: [us-east]
eu-west-1:
tags: [europe]
teams/payments/**:
tags: [payments, pci]
when_modified:
file_patterns:
- "${DIR}/*.tf"
- "modules/payment-gateway/**"
staging/**:
tags: [staging, non-prod]
shared/networking/**:
tags: [networking, shared]Semantic Organization
Tags create meaning, not just structure
Express Rules with Tag Queries
Access Control
access_control:
policies:
- tag_query: "production"
plan: ['*']
apply: ['team:sre']Only SRE can apply to production
Workflows
workflows:
- tag_query: "staging"
plan:
engine: opentofu
version: 1.8.0Staging uses OpenTofu 1.8
Apply Requirements
apply_requirements:
policies:
- tag_query: "pci AND production"
approved_count: 2
status_checks: ["security-scan"]PCI + prod needs 2 approvals
Scale Without Limits
Complex Queries, Simple Rules
production AND (payments OR platform)Production resources owned by payments or platform teams
database AND critical AND NOT replicaCritical primary databases only
app in dirResources with 'app' as a fragment in their path
Infinite Combinations
Add new rules without touching existing config. Reorganize directories without breaking policies. Scale teams without scaling complexity.
Why Tag-Based Configuration Changes Everything
Declarative, Not Imperative
Define what you want, not how to get there. Rules apply automatically based on tags.
Composable Rules
Combine simple tags into complex policies. Changes in one area don't break others.
Future-Proof
Add new environments, teams, or policies without rewriting your configuration.
Features that unlock monorepo mastery
Tools that let you encode complex workflows and organizational rules directly into Terrateam
Tag Queries Everywhere
Target any subset of your monorepo with surgical precision
Use in access control, workflows, apply requirements, and more
Smart Apply-Only Locking
Plans run freely, locks only when you apply. Perfect for busy monorepos.
Config Builder
Generate .terrateam/config.yml dynamically from any data source
Pull from APIs, databases, CSVs, or any source you can script
Self-Service with Tree Builder
Deploy self-service workflows, scaffolding, and infrastructure templates
Platform provides guardrails, teams move fast within them
Layered Runs
Express complex dependencies between infrastructure layers
dirs:
network:
# Base layer
database:
depends_on: "dir:network"
app:
depends_on: "dir:database"Encode your infrastructure hierarchy into Terrateam
Module Indexer
Automatically detects modules and triggers dependent infrastructure
Zero config needed - Terrateam understands your module graph
Ready for infrastructure without limits?
See how Terrateam can transform your infrastructure operations