Terraform pull request 
automation
Out-of-the-box Terraform Infrastructure CI/CD. Purpose-built for GitHub.

Terraform CI/CD for GitHub

  • Terraform changes with GitHub pull requests
  • Integrations for GitHub Teams, Actions, and Secrets
  • Easy GitHub application installation
f1
f1

Cloud spend visibility

  • Scan pull requests to understand cost estimates
  • View projected costs next to Terraform code changes
  • No configuration required

Fine-grained access control

  • Plan and apply controls using GitHub Teams
  • Enforce the security principle of least privilege
  • Implement granular policies against Terraform resources
f1
f1

Infrastructure in sync with code

  • Catch and report infrastructure drift
  • Quickly take action when drift is detected
  • Reduce risk of unwanted changes

OPA policy testing

  • Enforce company-level policy before the apply
  • Evaluate pull requests for security and compliance
  • Source Rego policy files from external sources
f1
f1

Security alerts

  • Identify security issues in Terraform code changes
  • Remediate with actionable findings
  • Improved infrastructure security posture
Read more

OpenID Connect (OIDC)

Short-lived credentials for Terraform plan and apply operations. Only let credentials live as long as they need to.

Apply requirements

Specify rules for when Terraform apply operations can be performed based on GitHub status checks, merge conflicts, and number of approvals.

Custom workflows

Satisfy complex workspace and directory workflow requirements with custom scripts based on plan and apply exit status.

Access controls

Granular permissions with GitHub Organization teams and members to control who can trigger Terraform operations.

Cost estimation

Visibility into cloud spend before launching resources. No extra configuration necessary.

Drift detection

Automatically detect infrastructure changes applied outside of Terraform and get alerted with GitHub Issues.

Terragrunt

Run Terragrunt on all operations or only against specific directories and workspaces.

Security alerts

Catch common misconfigurations before they are applied.

Open Policy Agent

Run conftest policies against Terraform plan files.
Terraform automation
for GitHub
Get StartedSchedule a demo