I'm currently evaluating various Infrastructure as Code (IaC) platforms to integrate with Terraform/OpenTofu for managing a multi-cloud environment involving AWS and Azure, with the potential inclusion of GCP later on. I'm particularly looking for a platform that can provide a centralized policy-as-code framework and guardrails, along with effective drift detection that can trigger pull requests for any necessary remediation. Additionally, I want a self-service flow that allows application teams to request environments using Terraform modules without having to edit any raw HCL. It's also important for me to avoid unnecessary complexities—so, ideally, the platform should enable easy onboarding, simple integrations with cloud providers and version control systems, while steering clear of complex access and authentication models that could add overhead. I've been considering a few options: Firefly, which offers multi-cloud management with policies and drift remediation; Spacelift, known for its automation and flexible pipelines; and env0, which focuses more on environment management and cost control. If anyone has experience with these platforms regarding multi-cloud governance or self-service environments, I'd love to hear how they perform in those aspects.
1 Answer
If you're using GitLab or GitHub, you should definitely check out Terrateam. It offers great VCS and CI integration and is the only option with a self-hosted, open-source model if you want to steer clear of pricing concerns. They really focus on policy-as-code and once set up, it runs seamlessly without users having to learn a new UI or system. Everything is driven through your git repo, and new users just have to push their changes via PRs which Terrateam automatically handles. It's like setting it and forgetting it! Of course, I'm biased as the co-founder, but I'd suggest you look into all options including Terraform Cloud too!
I appreciate your transparency! It's nice to see someone being open about their biases. I wish I had the kind of challenges that need this kind of tooling—sounds both fun and frustrating!