{"id":35133258,"url":"https://github.com/yindia/pltf","last_synced_at":"2026-04-28T10:06:54.654Z","repository":{"id":328800395,"uuid":"1116739360","full_name":"yindia/pltf","owner":"yindia","description":"The next generation of Infrastructure-as-Code. Work with high-level constructs instead of getting lost in low-level cloud configuration.","archived":false,"fork":false,"pushed_at":"2026-02-01T07:54:10.000Z","size":6775,"stargazers_count":2,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-01T13:43:31.766Z","etag":null,"topics":["golang","multicloud","selfservice","terraform","terraform-module"],"latest_commit_sha":null,"homepage":"https://yindia.github.io/pltf/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yindia.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/security/aws.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-15T10:06:06.000Z","updated_at":"2026-02-01T10:47:17.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/yindia/pltf","commit_stats":null,"previous_names":["yindia/pltf"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/yindia/pltf","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yindia%2Fpltf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yindia%2Fpltf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yindia%2Fpltf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yindia%2Fpltf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yindia","download_url":"https://codeload.github.com/yindia/pltf/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yindia%2Fpltf/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32375764,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-28T09:24:15.638Z","status":"ssl_error","status_checked_at":"2026-04-28T09:24:15.071Z","response_time":56,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","multicloud","selfservice","terraform","terraform-module"],"created_at":"2025-12-28T07:33:18.429Z","updated_at":"2026-04-28T10:06:54.648Z","avatar_url":"https://github.com/yindia.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Pltf\n\nPltf is a new kind of Infrastructure-as-Code framework built for fast-moving startups. It lets teams work with high-level concepts like microservices, environments, and databases, instead of low-level configuration such as VPC, IAM, ELB, or Kubernetes.\n\nWe've always been frustrated by the amount of manual effort required to manage infrastructure. We strongly believe in developer productivity, and empowering engineers has been our mission for the past few years.\n\nWith Pltf, we're reimagining how infrastructure should be managed in modern cloud environments. Pltf enables anyone to build automated, scalable, and secure infrastructure across AWS, GCP, and Azure. Our early users save countless hours every week and are able to scale their companies with minimal investment in DevOps.\n\nPltf gives you:\n\n- SOC2 compliance from day one\n- AWS, GCP, and Azure support\n- Continuous deployment\n- Hardened network and security configurations\n- Support for multiple environments\n- Built-in auto-scaling and high availability (HA)\n- Support for spot instances\n- Zero lock-in\n- Out-of-the-box wiring between modules\n- Out-of-the-box provider management\n- Bring-your-own modules\n- Out-of-the-box support for tfsec, tflint, infracost, and rover (https://github.com/yindia/rover)\n\n## Install\n\nHomebrew (macOS/Linux):\n```bash\nbrew install yindia/homebrew-yindia/pltf\n```\n\nInstall script (macOS/Linux/Windows via WSL or Git Bash):\n```bash\ncurl -fsSL https://raw.githubusercontent.com/yindia/pltf/refs/heads/main/install.sh | sh\n```\n\nMore options in `docs/installation.md`.\n\n## How it works\n\nThe idea is simple:\n\n1. Platform teams define the core infrastructure using either their own modules or existing CLI modules.\n2. Application teams deploy services on top of these base environments using higher-level abstractions.\n3. Services become layered components within the Pltf ecosystem.\n\nOur CLI reads these environments, services, and stacks to generate Terraform automatically. Once generated, teams can either commit the Terraform code or use our CLI to run Terraform commands directly.\n\nIn addition, Pltf integrates with infracost, tfsec, and tflint, and provides an AI-powered summary of the plan and risk assessment directly in pull requests.\n\n\n## Spec foundations\n\n```mermaid\nflowchart TB\n    svc[(service.yaml)]\n\n    subgraph PROD[Production Env]\n        prod_service[Service A]\n    end\n\n    subgraph STAGE[Staging Env]\n        stage_service[Service A]\n    end\n\n    env[(env.yaml)]\n\n    svc --\u003e prod_service\n    svc --\u003e stage_service\n\n    prod_service --\u003e env\n    stage_service --\u003e env\n```\n\n### Stack spec\n\nStacks capture reusable infrastructure modules (networking, observability, etc.) and publish outputs for services. Each stack can list required providers so environments treat every module consistently.\n\nExample (from `stacks/example-eks-stack.yaml`):\n```yaml\napiVersion: platform.io/v1\nkind: Stack\nmetadata:\n  name: example-eks-stack\nvariables:\n  cluster_name: \"pltf-data-${env_name}\"\nmodules:\n  - id: base\n    type: aws_base\n  - id: eks\n    type: aws_eks\n    inputs:\n      cluster_name: \"pltf-app-${env_name}\"\n      kms_account_key_arn: module.base.kms_account_key_arn\n      k8s_version: 1.33\n      enable_metrics: false\n      max_nodes: 15\n```\n\n### Environment spec\n\nAn environment wires stacks, backends, provider secrets, variables, and images into a workspace. Each environment can define multiple variants (`dev`, `prod`, …) and services refer to the environment by file path.\n\nExample (from `example/e2e.yaml`):\n```yaml\napiVersion: platform.io/v1\nkind: Environment\ngitProvider: github\nmetadata:\n  name: example-aws\n  org: pltf\n  provider: aws\n  labels:\n    team: platform\n    cost_center: shared\n  stacks:\n    - example-eks-stack\n# images:\n#   - name: platform-tools\n#     context: .\n#     dockerfile: Dockerfile\n#     platforms:\n#       - linux/amd64\n#       - linux/arm64\n#     tags:\n#       - ghcr.io/example/${layer_name}:${env_name}\n#     buildArgs:\n#       ENV: ${env_name}\nenvironments:\n  dev:\n    account: \"556169302489\"\n    region: ap-northeast-1\n  stage:\n    account: \"556169302489\"\n    region: ap-northeast-1\n  prod:\n    account: \"556169302489\"\n    region: ap-northeast-1\nvariables:\n  replica_counts: '{\"dev\":1,\"prod\":3}'\n  environment_settings: '{\"region\":\"us-west-2\",\"zones\":[\"us-west-2a\",\"us-west-2b\"]}'\nmodules:\n  - id: nodegroup1\n    source: ../modules/aws_nodegroup\n    inputs:\n      max_nodes: 15\n      node_disk_size: 20\n  - id: postgres\n    source: https://github.com/yindia/pltf.git//modules/aws_postgres?ref=main\n    inputs:\n      database_name: \"${layer_name}-${env_name}\"\n  - id: s3\n    type: aws_s3\n    inputs:\n      bucket_name: \"pltf-app-${env_name}\"\n    links:\n      readWrite:\n        - adminpltfrole\n        - userpltfrole\n  - id: topic\n    type: aws_sns\n    inputs:\n      sqs_subscribers:\n        - \"${module.notifcationsQueue.queue_arn}\"\n    links:\n      read: adminpltfrole\n  - id: notifcationsQueue\n    type: aws_sqs\n    inputs:\n      fifo: false\n    links:\n      readWrite: adminpltfrole\n  - id: schedulesQueue\n    type: aws_sqs\n    inputs:\n      fifo: false\n    links:\n      readWrite: adminpltfrole\n  - id: adminpltfrole\n    type: aws_iam_role\n    inputs:\n      extra_iam_policies:\n        - \"arn:aws:iam::aws:policy/CloudWatchEventsFullAccess\"\n      allowed_k8s_services:\n        - namespace: \"*\"\n          service_name: \"*\"\n  - id: userpltfrole\n    type: aws_iam_role\n    inputs:\n      extra_iam_policies:\n        - \"arn:aws:iam::aws:policy/CloudWatchEventsFullAccess\"\n      allowed_k8s_services:\n        - namespace: \"*\"\n          service_name: \"*\"\n```\n\nSecrets (AWS, GCP, Vault, etc.) attach to the environment and are injected via standard credential files. Environments describe the shared infrastructure that every service reuses.\n\n### Service spec\n\nServices declare workload-specific modules, images, and secrets while referencing one environment file. A single service can target any number of variants defined under `envRef`.\n\n```yaml\napiVersion: platform.io/v1\nkind: Service\nmetadata:\n  name: billing\n  ref: ./env.yaml\n  envRef:\n    dev: {}\nmodules:\n  - id: billing-api\n    type: helm_chart\n    inputs:\n      chart: ./services/billing/chart\n      repo: ./services/billing\n      values:\n        cluster: module.eks.cluster_name\n        replicas: var.replica_count\nimages:\n  - name: billing-api\n    context: ./services/billing\n    tags:\n      - ghcr.io/acme/billing:${env_name}\n```\n\nServices live wherever their referenced environment variants exist; variables and secrets are defined at the top level.\n\n### Custom modules\n\nBring your own Terraform modules (even ones that require non-cloud providers such as GitHub) by dropping a `module.yaml` beside the code or referencing the repo directly. When `source` is present you do not need `type`, and `source` accepts HTTP or SSH git URLs.\n\n```yaml\nmodules:\n  - id: billing-api\n    source: https://github.com/acme/custom-modules.git//modules/billing-api\n    inputs:\n      image: ghcr.io/acme/billing:${env_name}\n      replicas: 3\n```\n\npltf caches module clones per repo/commit so repeated plans avoid git overhead, and the module metadata still controls inputs/outputs/outputs. If a module pulls in a custom provider (e.g., `github`), declare that provider inside the module and reference it in the consuming environment so Terraform understands the dependency graph.\n\n## Workflow \u0026 commands\n\n- `pltf terraform plan` builds declared Docker images using the Dagger cache, renders `.tf`/`.tfvars`/`.terraformrc`, reuses provider plugins, streams tfsec/Infracost/Rover logs, and writes `.pltf-plan.tfplan`.\n- `pltf terraform apply` reuses that plan, pushes built images and runs `terraform apply -auto-approve`, while `pltf terraform destroy` skips image builds and still runs `terraform destroy -auto-approve`.\n- `pltf terraform graph/output` run after plan/apply to inspect dependency graphs or module outputs without extra wrappers.\n- `pltf preview` and `pltf validate` check wiring and run tfsec, printing both the summary timings and problem list for quick triage.\n- `pltf module list/get/init` inspect or bootstrap modules from both the embedded catalog and your Git sources.\n\nCommands render workspaces under `.pltf/\u003cenvironment_name\u003e/workspace` or `.pltf/\u003cenvironment_name\u003e/\u003cservice_name\u003e/workspace`, ensuring `plan` and `apply` operate on the same graph.\n\n## Image \u0026 Terraform caching\n\n- Image builds always go through Dagger, and the shared `pltf-image-cache` layer keeps BuildKit state between plan/apply runs. `platforms` lists in the spec drive multi-arch builds; omit them to default to the host architecture.\n- Terraform commands run on the host binary, and plugin downloads happen once per workspace inside `.terraform/plugins`. There is no `.terraform-plugin-cache` layering beyond the standard Terraform layout.\n\n## Behavior \u0026 rules\n\n- Stacks merge before generation; environment/service overrides cannot mutate stack modules.\n- Providers are explicit—if you inject custom providers such as GitHub or Datadog, declare them inside the module and register them in the consuming environment/service.\n- Variables and secrets propagate from stack → environment → service; overrides raise errors when they conflict.\n- `apply` and `destroy` always use `-auto-approve`, while plan commands accept `--scan`, `--cost`, and `--rover`.\n\n## Provider coverage\n\n| Provider | Status |\n|----------|--------|\n| AWS      | ✅     |\n| GCP      | ✅     |\n| Azure    | ✅     |\n\n## Contributing\n\n- Follow the docs in `docs/` (see `mkdocs serve` locally) before sending a PR.\n- Open issues or PRs with reproducible steps, sample specs/modules, and the `go` command output you ran.\n- Keep diffs focused; prefer updating docs in parallel with code.\n\nThis repo currently passes `go test`? Not in this environment—compiler caches are not writable and the Go toolchain version may differ from your machine.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyindia%2Fpltf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyindia%2Fpltf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyindia%2Fpltf/lists"}