Overview:
Terrateam is an open-source tool that automates Terraform plan and apply operations directly within pull requests. It is designed to manage infrastructure at scale, handling thousands of workspaces across monorepos or multiple repositories with complex dependencies. The project is built for teams and platform engineers who need a GitOps workflow that can scale with their infrastructure. It supports multiple IaC tools including Terraform, OpenTofu, Terragrunt, CDKTF, and Pulumi, and can be self-hosted with your own runners, state, and secrets.
Core Features:
GitOps Pull Request Automation: Automates Terraform and OpenTofu planning and applying within the pull request lifecycle.
Tag-Based Configuration: Defines workspace rules using tags, enabling management of 10 to 10,000 workspaces from a single configuration file.
Smart Locking: Implements apply-only locks, allowing unlimited parallel plan executions while preventing conflicts during applies.
Policy Engine: Enforces infrastructure rules using OPA/Rego, Checkov, or built-in policies, with support for approval workflows based on team or role.
Cost & Drift Detection: Automatically detects infrastructure drift and provides cost estimates without requiring manual intervention.
Full Visibility UI: Includes an open-source user interface for tracking runs, viewing execution logs, and debugging workflows.
Use Cases:
Platform teams managing large monorepos: Using tag-based configuration to control thousands of workspaces with consistent rules.
Developers automating infrastructure changes in pull requests: Getting automated plans and applies as part of the standard review process.
Self-hosting infrastructure automation: Running a stateless server and private runners to keep Terraform state and secrets within the user's own environment.
Enforcing compliance policies on infrastructure: Using OPA/Rego to require team or role-based approvals before changes are applied.
Why It Matters:
Terrateam is a self-hostable, stateless Terraform automation tool that scales to thousands of workspaces without requiring a complex architecture. Its tag-based configuration and apply-only locking design enable efficient parallel operations, which differs from simpler alternatives that may limit concurrent plans. The inclusion of an OSS UI for run tracking and debugging makes it practical for teams managing infrastructure at scale, while its support for multiple IaC tools (Terraform, OpenTofu, Terragrunt, Pulumi) provides flexibility for teams with diverse tooling.
