Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/terrateamio/terrateam

Terraform automation for teams. Purpose-built for GitHub.
https://github.com/terrateamio/terrateam

Last synced: about 1 month ago
JSON representation

Terraform automation for teams. Purpose-built for GitHub.

Host: GitHub
URL: https://github.com/terrateamio/terrateam
Owner: terrateamio
Created: 2023-05-15T19:46:44.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-03-26T14:23:01.000Z (6 months ago)
Last Synced: 2024-06-10T23:09:21.028Z (3 months ago)
Homepage: https://terrateam.io/
Size: 14.6 KB
Stars: 95
Watchers: 1
Forks: 0
Open Issues: 2
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        


  





  Docs - Using Terrateam - Support community - Roadmap - Bug report



Start running Terraform with cost estimation, security alerts, drift detection, access controls, and OPA policy testing. Self-hosted and cloud versions available.



## Terraform continuous delivery for GitHub

Create Terraform changes by commenting on pull requests.

Terrateam delivers self-service Terraform across your organization, visibility into cloud spend, an expressive configuration file with fine-grained access controls, drift detection, policy enforcement, security alerts, and more.

## Table of contents

- [Features](#features)

- [Get started for free](#get-started-for-free)

- [How it works](#how-it-works)

- [Cloud vs. Self-Hosted](#cloud-vs-self-hosted)

- [Docs](#docs)

- [Support](#support)

**⭐ Like us? Give us a star!**

## Features

- [Access Control](https://terrateam.io/docs/features/access-control) - Define a set of capabilities, such as `plan` and `apply`, and which users can perform those operations. GitHub Users, Teams, and Repository Collaborator policies are supported.

- [Apply Requirements](https://terrateam.io/docs/features/apply-requirements) - Specify when an `apply` operation can be performed on a pull request that has not been merged.

- [Cost Estimation](https://terrateam.io/docs/features/cost-estimation) - Cost estimates on each pull request that Terrateam runs a `plan` operation against.

- [Drift Detection](https://terrateam.io/docs/features/drift-detection) - Scheduled operations to detect drift between live infrastructure and your Terraform repository.

- [OIDC](https://terrateam.io/docs/features/oidc) - Safely and securely authenticate to your cloud provider using temporary credentials.

- [OPA Policy Testing](https://terrateam.io/docs/features/policy-testing) - Policy testing against `plan` operations with [OPA](https://www.openpolicyagent.org/) and [Conftest](https://www.conftest.dev/).

- [Static Analysis](https://terrateam.io/docs/features/static-analysis) - Static analysis against `plan` operations with [Checkov](https://www.checkov.io/).

- [Workflows](https://terrateam.io/docs/features/workflows) - Custom workflows to replace the default Terrateam steps for `plan` and `apply` operations.

## Get started for free

### Terrateam Cloud

The fastest way to get started with Terrateam is signing up for [Terrateam Cloud](https://terrateam.io/docs/getting-started).

### Terrateam Self-Hosted

This plan covers our Kubernetes and Docker compose deployment with limited usage and without guarantee. This deployment is designed for evaluating Terrateam without vendor approval. It is not designed for production use.

#### Architecture

The following diagram shows an overview of the Terrateam architecture.

> The Terrateam application server is horizontally scalable. You can run as many as you'd like as long as they all point to the same Postgres database.

```mermaid

graph LR

    gh[GitHub.com]

    ts[Terrateam Server]

    pd[(Postgres Database)]

    gh <--> ts

    ts <--> pd

```

## Deployment instructions

See the [Terrateam docs](https://terrateam.io/docs/self-hosted) for deployment instructions.

## How it works

Terrateam is a GitHub application that turns pull requests into Terraform executions using GitHub Actions. There are two major components of the Terrateam service:

- The server which receives GitHub pull request events and makes decisions using the event payload

- The Terrateam GitHub Actions runner which executes the Terraform jobs that the Terrateam server creates

> 🔒 Cloud credentials and source code never reach our servers. Sensitive information is isolated to your organization GitHub Actions runtime environment. The Terrateam GitHub Action is open-source and can be found [here](https://github.com/terrateamio/action). See our [Security](https://terrateam.io/security) page for more information.

```mermaid

graph TD

    gpr[GitHub Pull Request]

    ge[GitHub Events]

    ts[Terrateam Server]

    pd[(Postgres Database)]

    ga[GitHub Actions]

    gt[GitHub Teams]

    go[GitHub OIDC]

    gs[GitHub Secrets]

    cp[Cloud Provider]

    tr[Terraform Code Repository]

    gpr --> ge

    ge --> ts

    ts <--> pd

    ts <--> ga

    ga --> gpr

    gt --> ts

    ga <--> go

    gs --> ga

    ga --> cp

    tr --> ga

```

See our [documentation](https://terrateam.io/docs/how-it-works) to learn more about execution steps, types of operations, event evaluations, locking, and more.

## Docs

Check out our [documentation](https://terrateam.io/docs) for getting started instructions, example use cases, and tutorials.

## Support

We encourage users to submit a [GitHub Issue](https://github.com/terrateamio/terrateam/issues). Additionally, if you need help, have a feature request, or anything else, please hop onto our [Slack](https://terrateam.io/slack). This is often times the fastest way to talk to us.