Take full control of your infrastructure automation

Terrateam's flexible and expressive workflows let you customize every step with no brittle scripts and no limits. Just reliable GitOps orchestration.

Start for FreeBook a Demo

The Terrateam way

Layered Runs

Dependency-aware execution

Run networking before databases, databases before apps. Terrateam handles the ordering automatically.

Parallel execution where possible

Independent components run in parallel, cutting deployment time by 50-80% for complex stacks.

Dependency-Aware Execution

networking/vpc
networking/subnets
networking/security
database/primary
database/replica
app/frontend
app/backend
app/cache

Apply Requirements

Granular approval controls

Different rules for dev vs. prod, networking vs. apps. Use your existing GitHub teams for permissions.

Multi-approver workflows

Require sign-off from multiple teams for critical changes. Security, platform, and app teams can all have a say.

Approval Workflow

Dev Environment
1 Developer
Staging Environment
1 Platform Engineer
Production Environment
2 Platform + 1 Security
Approvals → Validation → Apply

Gatekeeper

Policy with override capability

Block changes that violate policy, but allow authorized overrides with proper approvals and audit trail.

Real-world compliance

Enforce security without blocking legitimate work. Perfect for SOC 2, ISO 27001, and other compliance frameworks.

Gatekeeper Override Flow

Policy Violation
Override Request
Approved Exception
All overrides are logged with full audit trail for compliance

Tag-Based Routing

Flexible targeting

Route changes to the right teams and environments using tags, directories, or branch patterns.

Multi-team orchestration

Segment infrastructure by team, environment, or service. Perfect for complex organizations with many stakeholders.

Tag-Based Workflow Routing

team:platform
→ platform-team approval
env:production
→ requires 2 approvals
security:high
→ security-team approval
cost:high
→ finance-team approval

Drift Detection

Catch unauthorized changes

Automatically detect when infrastructure drifts from the desired state, whether from manual changes or external factors.

Proactive remediation

Create issues or trigger workflows to fix drift automatically. Keep your infrastructure in the desired state.

Drift Detection Workflow

Scheduled Check
Detect Drift
Alert Team
Auto-Create PR

Unlimited Parallelism

Scale without limits

Run hundreds of applies in parallel. Skip the queuing and scale without compromise.

Efficient resource usage

Optimize your CI/CD pipeline with parallel execution that respects dependencies.

Parallel Execution

Sequential
Terrateam
Module 1
Module 2
Module 3
Module 4
4x runtime
Module 1
Module 2
Module 3
Module 4
2x runtime

Flexible Configuration

Centralized or distributed

Use `.terrateam/config.yml` or centralize behavior across repos. Supports dynamic config builders for complex workflows.

Adaptable to your structure

Works with any repo organization, from monorepos to microservices, without forcing a specific pattern.

Configuration Options

Per-Repository
.terrateam/config.yml
Centralized
config_url: "https://..."
Dynamic Builder
config_builder: "./build.sh"
Template-Based
template: "standard-app"

Built-in Cost Estimation

Prevent cost surprises

See cost impact before you apply. Integrates cleanly into every PR workflow.

Budget enforcement

Set cost thresholds and automatically block changes that would exceed your budget.

Cost Estimation Example

💰 Cost Changes for PR #123
⚠️ This change will increase costs by $291.40/month
+ aws_eks_cluster.main
└─ Control plane: $73.00/month
+ aws_eks_node_group.workers (x3)
├─ Instance (t3.large): $67.20/month
├─ EBS volume (100 GB): $10.00/month
└─ Total per node: $77.20/month
📊 Summary
├─ Current monthly cost: $1,245.30
├─ Estimated new cost: $1,536.70
└─ Delta: +$291.40 (+23%)

How Terrateam orchestrates infrastructure

1. Pull Request

Infrastructure changes proposed

2. Plan

Terraform plan generated

3. Policy Check

Security & compliance validation

4. Approval

Team-based review

5. Apply

Changes deployed

git commit
git push
PR created

terraform init
terraform plan
plan.out

opa eval
conftest
policy.rego

RBAC check
team approval
gatekeeper

terraform apply
plan.out
state updated

Terrateam orchestrates the complete GitOps workflow for infrastructure changes

Your workflow, not ours

Terrateam doesn't force a new model. It wraps around your repo structure, branching model, team approvals, and tagging strategy. No vendor lock-in, no opinionated rewrites.

Terrateam adapts to your workflow

Your Repository
Terrateam
Your CI/CD
Your Cloud
Supported Structures
Monorepo
Multi-repo
Any directory structure
Terrateam Features
Orchestration
Policy Enforcement
Approval Workflows
GitHub Supercharged
GitHub Actions
GitHub Secrets
GitHub Teams & Permissions
Cloud Support
AWS
Azure
GCP & Others

Terrateam integrates with your existing tools and processes without disruption

Still wrestling with custom Terraform scripts?

See how Terrateam replaces brittle CI with GitOps-native automation in a 30-minute demo. No sales pitch, just practical solutions for real infrastructure teams.

Schedule 30-min Demo

Terrateam is built for real orchestration, not just execution

We handle targeting, approval, security, and drift. All through a flexible Git-native configuration that integrates with your existing tools and processes.

No platform migration, no workflow redesign, no learning curve. Terrateam enhances your pull request workflow with the enterprise controls you need, without disrupting how your team works.

GitOps Orchestration

Terrateam lives where your code lives. Pull requests trigger plans, comments show results, and merges trigger applies. All with proper locking, targeted workflows, and security.

Declarative Configuration

Define your entire workflow in a simple YAML file. No custom scripts, no complex CI pipelines, just clear, version-controlled configuration.

Dependency-Aware Execution

Run independent components in parallel while respecting dependencies. Define execution layers and dependencies to ensure proper ordering.

Terrateam Configuration

# .terrateam/config.yml

# Auto-apply Terraform changes after merge to main branch
when_modified:
  autoapply: true

# Enable automatic dependency detection
indexer:
  enabled: true

# Define directory dependencies to control apply order
dirs:
  environments/production/database:
    when_modified:
      depends_on: 'dir:environments/production/network'
  environments/production/application:
    when_modified:
      depends_on: 'dir:environments/production/database'

# Apply approvals to enforce team-based gatekeeping
apply_requirements:
  checks:
    - tag_query: "dir:environments/production/**"
      approved:
        enabled: true
        any_of: ["team:platform"]
    - tag_query: "iam in dir"
      approved:
        enabled: true
        all_of: ["team:security"]

# Custom workflow with policy enforcement during plan
workflows:
  - tag_query: "dir:environments/production/**"
    plan:
      - type: init
      - type: plan
      - type: conftest
        gate:
          token: denied-resources
          any_of: ["team:platform"]

Control and speed shouldn't be at odds

Most tools promise 'Terraform automation' but leave the hard parts like approval logic, dependency ordering, targeting, and RBAC up to you. That leads to brittle CI logic and risky deploys.

Common infrastructure workflow challenges

Developer Changes
CI Pipeline
Manual Approval
Infrastructure
Brittle Scripts
State Conflicts
Bottlenecks
No Audit Trail

Traditional infrastructure workflows create bottlenecks and security risks at each stage

When workflows lack expressiveness, teams pile on the technical debt

Engineers copy scripts across repos. Drift bypasses CI. Module updates accidentally apply to prod.

You shouldn't rebuild workflows or switch platforms for proper orchestration. Terrateam adds security and control to your existing GitHub processes.

The Real-World Pain

Wasted Engineering Time

"We spent 3 months building custom CI pipelines just to handle our Terraform workflow needs."

Security Gaps

"Our approval process is a GitHub comment that says 'LGTM'. There's no actual enforcement."

Merge Conflicts

"We have no way to know if one PR will conflict with another until it's too late."

The Brittle CI Approach

# Typical CI script that tries to handle orchestration
name: Terraform

on:
  pull_request:
    paths:
      - 'terraform/**'

jobs:
  terraform:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      
      - name: Check if prod directory
        id: check_prod
        run: |
          if [[ "${{ github.event.pull_request.base.ref }}" == "main" &&                 "${{ contains(github.event.pull_request.files.*.filename, 'prod/') }}" == "true" ]]; then
            echo "::set-output name=is_prod::true"
          else
            echo "::set-output name=is_prod::false"
          fi
      
      - name: Check approvals
        if: steps.check_prod.outputs.is_prod == 'true'
        run: |
          # Brittle approval check that breaks easily
          APPROVALS=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}"             "https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews" |             jq '[.[] | select(.state == "APPROVED")] | length')
          
          if [[ $APPROVALS -lt 2 ]]; then
            echo "Error: Production changes require at least 2 approvals"
            exit 1
          fi

      # More brittle logic...
Marko Kuljanski
"We now have more confidence in our deployments, better security with our service accounts, and an overall improved workflow that our entire team appreciates."

Marko Kuljanski, Engineering at Patients Know Best

The most expressive infrastructure orchestration engine

Stop compromising on your infrastructure workflows. Configure any deployment pattern, integrate with any tool, deploy anywhere. All through simple pull requests.

Get StartedSchedule a Demo