Short-lived credentials for Terraform plan and apply operations. Only let credentials live as long as they need to.
Specify rules for when Terraform apply operations can be performed based on GitHub status checks, merge conflicts, and number of approvals.
Satisfy complex workspace and directory workflow requirements with custom scripts based on plan and apply exit status.
Granular permissions with GitHub Organization teams and members to control who can trigger Terraform operations.
Visibility into cloud spend before launching resources. No extra configuration necessary.
Automatically detect infrastructure changes applied outside of Terraform and get alerted with GitHub Issues.
Run Terragrunt on all operations or only against specific directories and workspaces.
Catch common misconfigurations before they are applied.
Run conftest policies against Terraform plan files.