eBOOK

The Practitioner’s Guide to

Scaling Infrastructure as Code
Accelerate infrastructure deployment with optimal security and
governance
Contents

Your options for IaC management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Applying generic CI/CD to infrastructure management . . . . . . . . . . . . . . . . . . . 4

Adopting a specialized IaC management platform . . . . . . . . . . . . . . . . . . . 5-6

The big four IaC challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Streamlining your IaC workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 - 9

Infrastructure governance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 - 12

Developer velocity and productivity . . . . . . . . . . . . . . . . . . . . . . . . . 12 - 16

Technology future-proofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 - 17

Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 - 19

IaC management platform comparison: Spacelift vs. Hashicorp Terraform Cloud . . . . 19 - 23

About Spacelift . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Author and references . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Introduction

Provisioning and managing modern cloud infrastructure is not easy. You need to provide fast,

secure, reliable infrastructure and keep pace with the intensifying technology demands of

modern applications. And you have to do all this while providing a self-serve, one-stop

infrastructure deployment platform for developers. The good news is that good infrastructure

makes huge financial sense: According to recent research by McKinsey1, the best-performing

companies in terms of developer velocity can outperform the worst-performing by a factor of

four to five in terms of revenue.

Infrastructure as code (IaC) is a key part of delivering best-in-class infrastructure and an

absolute requirement for organizations keen to adopt a platform engineering approach to

infrastructure. Parallels with traditional code inspire many DevOps teams to attempt using a

generic CI/CD platform such as Jenkins, CircleCI, GitHub CI/CD, or GitHub Actions to manage

their IaC, but that approach creates various challenges as teams look to expand IaC adoption

across DevOps, development, and cloud teams.

In this guide, we examine four common challenges associated with using a generic CI/CD

platform to scale IaC:

Streamlining your
Infrastructure Developer velocity
Technology

IaC workflow governance and productivity future-proofing

We also provide an overview of purpose-built IaC management platforms that address these

issues and present a comparison of the market-leading offerings.

Along the way, you’ll learn about the real-life experiences of DevOps professionals who have

had to wrangle with the complexity of managing IaC.

3
Your options for IaC management

Applying generic CI/CD to infrastructure management

The advent of cloud computing has increased provisioning and management requirements
exponentially, making it virtually impossible to accomplish these tasks manually. IaC helps
address this pressure by allowing you to configure and manage your infrastructure in the same
way you manage your software. New environments or infrastructure can be provisioned easily
from code, creating a repeatable, scalable, standardized process. Changes made to existing
infrastructure can be tracked, and IaC code and application source code can be held together in
your VCS. This combination of transparency, consistency, and repeatability improves
productivity.

However, IaC does present challenges. The learning curve can be quite steep: Traditional
infrastructure or operations teams within organizations will need to familiarize themselves with
version control systems, Git, and code-editing tools like Visual Studio Code. As more members
of an organization adopt Terraform, infrastructure provisioning workflows have to change and
adapt. Workflows that function well for individual practitioners may not scale to larger
enterprises.

As organizations reach this point in their growth, they often turn to general-purpose CI/CD
tools like Jenkins, CircleCI, GitLab CI/CD, or GitHub Actions to manage IaC. They soon become
painfully aware that cloud infrastructure is complex and dynamic, and maintaining an IaC setup
becomes increasingly problematic in an expanding organization. As more teams are involved
with cloud provisioning, they have to agree on the best ways to use the chosen tool and learn
the nuances of each. Using IaC extensively across the organization and across multiple teams
makes it tricky to maintain traceability and versioning for all those configs. This complexity is
often what prompts organizations to adopt specialized IaC management platforms, sometimes
known as TACOS (Terraform Automation and Collaboration Software), to help them manage
IaC at scale, improving the developer experience without increasing risk.

4
 “I tried to see if there was a way to do the centralization of

infrastructure as code using the tool we already have for continuous

integration — and it kind-of would have worked, but it would not

scale and you would run into issues in the long term.”

Luis Barrueco

Adopting a specialized IaC management platform

IaC management platforms offer a centralized, collaborative way to manage Terraform code

and infrastructure. These platforms integrate with version control systems (VCS) and provide

specialized IaC functionality like remote state management, infrastructure policy enforcement,

and secure variable storage. They make it easier for organizations to maintain efficient control

over their cloud infrastructure by enabling teams to take care of infrastructure provisioning,

compliance, and management across various cloud providers, data centers, and services.

With purpose-built IaC management platforms, infrastructure can be scaled to meet increased

business demands by adopting an automation-first focus. Deploying and managing

standardized infrastructure generates operational efficiencies by reducing the manual effort

required to deliver infrastructure, embedding security and compliance requirements into the

delivered services, and introducing opportunities for cost optimization.

5
 “We have this great pipeline where we commit code and it comes

out the other end as a deployment into production. We don’t have

to worry about fiddly, error-prone, manual deployment processes,

which used to plague us like they plague many companies.”

Alex Jurkiewicz

The best-known commercial options for managing your IaC are Hashicorp’s Terraform Cloud

(and its self-hosted version, Terraform Enterprise) and Spacelift. Later in the guide, we provide

a side-by-side comparison of these two popular offerings.

The big four IaC challenges

IaC certainly offers clear benefits when it comes to efficient scaling, but it does introduce

complexity. Organizations need to understand the challenges it creates for DevOps and

platform teams and how to select the right management solution to address these pain points.

Streamlining your IaC workflow

With IaC, you treat infrastructure the same way you treat application code, checking it into

version control, writing tests for it, and ensuring it’s consistent across multiple environments.

You have a choice of IaC tools to use for your workflow. For smaller operations requiring very

basic infrastructure, it might make sense to apply IaC locally — managing and running

Terraform code on engineers’ laptops and then deploying it.

As your operations scale, and you need to ship new applications more often, it doesn’t make

sense to manually provision and configure infrastructure for each new deployment.

6
That’s why you might turn to a generic CI/CD automation tool like Jenkins, which can be

customized to some extent for Terraform workflows. In fact, for organizations that have

adopted Jenkins for a whole range of tasks and who are still in the early stages of Terraform

adoption, implementing Terraform pipelines with Jenkins, might make sense..

“It’s much easier for the developers to synchronize releases

between the infrastructure code and the developer code. Before,

we were managing the steps to do that, but right now Spacelift

does that for us, by default or via policy.”

Kévin Lemele

However, tools like Jenkins were designed to manage continuous integration and continuous

delivery for application development and are too generalized to build a complex workflow for

infrastructure deployment and management. With CI systems generally, it's a challenge to map

multiple deployment targets to a single codebase, and the problem is exacerbated by:

The need for dynamic mapping

(i.e., new deployment targets added without code change)

Different permissions or rules for different targets

Bottlenecks occur as different stakeholders struggle to manage complex infrastructure with

intricate dependencies between resources. Platform engineers get swamped with deployment

requests and must sift through infrastructure configuration files for issues that could cause

resource overconsumption, noncompliance, or overprivileged permissions. This process slows

down delivery significantly.

7
Specialized IaC management platforms

Streamlining complex IaC workflows is where specialized IaC management platforms shine.
They work via API, CLI, and UI, so they can be integrated easily into existing CI/CD pipelines, IT
service management interfaces, and VCS processes. They offer various features for achieving
end-to-end infrastructure orchestration using Terraform and other configuration languages.
These include:

Workflow automation for end-to-end provisioning

Automating your infrastructure workflows is an efficient and secure way to provision your
infrastructure, accelerating operations and increasing productivity and reliability.

Drift detection
With infrastructure, your actual state can deviate from your configuration. Most of this drift is
caused by manual intervention, so IaC management platforms provide drift detection and
optional remediation to address it as soon as possible.

Policy-as-code support
Policy-as-code frameworks automate the enforcement of compliance and governance policies
before any changes are made via Terraform. Leveraging code-based automation to manage
policies allows teams to move more quickly and reduces the potential for missteps due to
human error.

Impact analysis
By automating IaC workflows, specialized management platforms bring clarity to the potential
effects of proposed changes, ensuring continuous delivery for your teams.

Visualization tools
Specialized IaC tools help you gain a detailed understanding of your managed resources — not
just in their current context, but also from a historical perspective.

Extensive provider and module resources

Purpose-built IaC platforms are designed so that all your resources can be easily managed
using a Terraform provider. Terraform modules are containers for multiple infrastructure
resources that are used together, abstracting away common functionality. You can browse
these providers and modules in registries. For example, Spacelift’s module registry provides CI/
CD for multiple specified versions of your Terraform modules, and it’s also deeply integrated
with other Spacelift features.

8
 “To streamline our IaC process we built a strategy around policy

and TF registry so that all modules are automatically approved

based on a scoring system, removing the manual workaround, to

free up the IaC DevOps team from reviews.”

Timur Bublik

Leveraging features such as Spacelift’s stack dependencies, for example, you can build

workflows for OpenTofu, Terraform, Kubernetes, Pulumi, Ansible, and CloudFormation.

Managing intricate dependencies is easy when you can define dependencies between stacks,

ensuring that the correct order is maintained when deploying or updating your resources. This

simplifies the process, removes bottlenecks, and facilitates the deployment of more modular

and complex infrastructure.

Infrastructure governance

Infrastructure is highly sensitive to vulnerabilities, not just because it can be targeted by

cybercriminals, but also because the way it’s designed has implications for stability and

scalability. The complexity of infrastructure increases as companies scale, making it more

difficult to ensure compliance and security. If you are operating in a sector like finance, energy,

or healthcare, you have the added burden of onerous industry regulations to comply with.

One route to a solution is to increase automation, which has the added benefit of also

preventing audit failures. The ultimate aim is to implement continuous compliance automation,

orchestrating your infrastructure to ensure end-to-end transparency and traceability of

provisioning and configuration.

9
For optimum infrastructure security, the approach you adopt needs to utilize the following

practices:

SSO and MFA

Least Privilege access model

Data encryption at rest and in transit

Scanning tools to identify code or image vulnerabilities that can be exploited

Audit and penetration testing

You can adapt general-purpose CI/CD tooling to ensure infrastructure governance from a

technical standpoint, but this results in a siloed approach and makes transparency virtually

impossible. With no visibility into the entirety of your infrastructure, it is difficult to maintain the

collaboration, communication, and understanding of the process necessary to ensure its

success.

Teams that use general-purpose CI/CD tools are fully responsible for their pipelines. Even with

shared libraries and other efforts to maintain communication, the team that establishes a new

pipeline must be aware of its configuration and confident of its security. Most generic IaC tools

lack access control models and depend on comments on pull requests to drive infrastructure

deployments, which introduces unacceptable risk the more complex your infrastructure

becomes.

Ultimately, managing security and compliance with general-purpose CI/CD tools is unwieldy

because they are not designed for infrastructure orchestration, but for the continuous

integration and delivery of application code to production systems. They approach automation

from a process perspective — they are not concerned about what code they ship.

10
Yes, it is possible to use general-purpose CI/CD tooling to orchestrate and govern your

infrastructure, but it will be a largely manual process and will require specialized expertise

from your development teams.

Specialized IaC management platforms

Performing security and compliance checks using ticket-based review processes creates

bottlenecks that do nothing to advance any ambitions of accelerating developer velocity. That’s

why specialized IaC platforms use policy-as-code frameworks to automate the enforcement of

compliance and governance policies before any changes are made via Terraform.

Purpose-built IaC platforms like Spacelift use the open-source policy framework OPA across

the cloud-native stack, allowing you to define policies for Terraform and other supported tools.

Enforcing policies across all teams and infrastructure in this way means you can:

1 Define access control at a more granular level with login policies.

2 Restrict runs based on resource parameters with plan policies.

3 Require multiple approvals for a run by leveraging approval policies.

4 Use trigger policies to control what happens when a PR or a merge occurs.

5 Define notifications for runs with notification policies.

Some IaC management platforms allow you to integrate third-party security tools into your

workflows. With Spacelift, you either install and configure them directly into your runner hooks

or bring your own Docker image with the tools installed. A feature called Custom Inputs allows

you to define custom policies for the third-party input from these tools.

11
Other security and compliance measures available from these platforms include:

Role-based access control (RBAC), so you can restrict access to specific functionality based

on a user's role

Private workers, which ensure end-to-end encryption using your private key

SAML 2.0, following the single sign-on approach with centralized access to resources

Data encryption at rest and in transit using best industry standards

SOC2 Type II certification

Developer velocity and productivity

Organizations must prioritize responsiveness to meet customer needs and adapt to market and

technology changes. This means accelerating the delivery of products and services that meet

these changing demands and requirements. Increasing developer velocity and productivity is

one way to ensure organizations can move faster. Seamless integration with existing CI/CD

pipelines, real-time monitoring and feedback, closing gaps between developers and DevOps

teams, self-service, and encouraging collaboration are some of the ways well-orchestrated

infrastructure can speed up developer productivity.

If you are applying your infrastructure through a generic CI/CD platform using a tool like

Terraform, you can see the many benefits it offers over traditional ClickOps approaches to

infrastructure management, including reproducibility, consistency, and easier rollbacks. In terms

of developer velocity, it accelerates the pace of making changes to an environment.

12
 “Once we had the Spacelift platform installed and configured, it
faded into the background of our workflow, letting us operate more
efficiently with no hassle.



The interface is easy to understand for developers with limited

infrastructure experience. Even team members who have never
touched Terraform or similar tools have no problem using Spacelift,
and it has exposed config drift in an easy-to-consume way.”

Alex Siegman

You can use generic CI/CD tools to help manage collaboration in a Git flow using GitOps — at

its most basic, through a Git repository where you share code or configuration information.

Depending on the type of data in question, you can share your data with other teams via read-

only access, but that approach means the other groups have to poll the repository for changes

because there is no notification system, and data flows one way only.

Alternatively, you could share a read/write repository and collaborate via pull requests. This is a

more authentic version of collaboration, but it requires close interaction among teams to ensure

alignment with different schedules and workflows.

With Jenkins, for example, you can coordinate pipelines on shared repositories by triggering a

job based on a change in a repo. You can also trigger the start of one job based on the

successful completion of another. This is not true collaboration, however, because when a team

completes a task that affects another, the completion of one job indicates only that it is finished;

no other information is conveyed. The triggering job must also be aware of the client job(s) that

need triggering.

13
If you are not using a specialized tool to manage your IaC operations, you are likely to
encounter the following obstacles to developer velocity and productivity:

1 Third-party plugins are required to extend Terraform's capabilities. These plugins can create
compatibility issues and require additional effort to manage.

2 Real-time monitoring and reporting are also difficult to achieve with general-purpose CI/CD tools.
They provide virtually no insights into the resource lifecycle from either a real-time or historical
perspective, but with IaC, it is vital to have a detailed understanding of managed resources, not
only each resource’s current status but also its historical context.

3 Although Terraform can be used to version control your infrastructure, it needs to be automated to
streamline conflict resolution.

4 Self-service is too risky to permit on any kind of scale if you are managing your infrastructure
through a generic CI/CD platform. IaC makes deploying infrastructure effortless, so it needs strict
guardrails to avoid costly mistakes.

The need to ensure security, accuracy, and consistency means that many organizations rely on a
small DevOps team as gatekeepers for their IaC operations. This ensures optimal protection
but it impedes collaboration and makes IaC administration very laborious. Terraform launched a
decade ago, so early adopters may have accumulated repositories spanning years' worth of
versions and approaches, adding dense layers of complexity and making it very stressful to
perform Terraform operations.

If DevOps teams have to wait for changes to take effect safely before they can move on to
anything else, productivity obviously suffers. Teams need automation and repeatable
processes. They need to be able to safely manage their own deployments and repositories
without DevOps engineers having to intervene every time a change is required. This is where
the specialized IaC management platform comes in.

14
Specialized IaC management platforms

A major driver and huge win associated with specialized IaC solutions is the way they
democratize IaC to the broader engineering organization. With the right guardrails and security
measures in place, organizations can confidently delegate much of IaC management to the
teams that own it. Teams can make the changes they need almost immediately, freeing DevOps
engineers to work on areas that benefit from their expertise — not just their value as IaC
gatekeepers.

Self-service

Enabling self-service is a powerful driver of efficiency, and purpose-built IaC platforms

offer features to ensure secure, compliant self-service, such as seamless integration with
your existing CI/CD pipelines and the capacity to preview local code changes without
committing or pushing them. Combine these with notification policies for a controlled way
to allow developers to work productively at speed, and you have a killer combination to
unlock developer velocity.

Standardized templates such as Spacelift’s Blueprints also bolster developer autonomy by

offering set patterns for environments that allow administrators to configure all the
settings for deploying infrastructure. Module registries allow you to define reusable
Terraform modules and share them with various different audiences. This includes sharing
modules within your account and also with other accounts.

Collaboration

Specialized IaC platforms encourage closer collaboration between developers and

DevOps with mechanisms such as Kubernetes operators. These allow developers to
manage their application deployment entirely within Kubernetes with the oversight of
DevOps, accelerating application development while ensuring reliable, highly performant,
secure infrastructure.

15
 Promoting collaboration is a great way to encourage efficiencies and derive maximum
value from your teams, but there needs to be control. That’s where notification policies
come in. These are essential for auditing and managing your infrastructure deployments.
Notification policies allow you to create custom notifications that can be routed to the
notification inbox, Slack, or webhooks to deliver all the required details to make informed
deployments.

Control

Role-based access controls and policy enforcement are key to the secure yet streamlined
collaboration that specialized IaC platforms facilitate. Access control mechanisms enable
those with appropriate permissions to view or edit Terraform state, so you can encourage
team members to work independently toward the same goals — but with control.

Policy as code encourages collaboration by providing a uniform, systematic way to

manage policies, so individuals can work together within the same team, and different
types of teams can also collaborate. This is particularly useful for collaboration between
developers — who are accustomed to thinking and working in terms of code — and
specialists in other areas, such as security or IT operations. It is important that the platform
you choose does not restrict the number of policies on offer because maintaining optimal
control requires policies to be in place across a range of detection points.

Technology future-proofing

Technology moves at such a blistering pace that it is important to build your infrastructure
management strategy in a way that accommodates future change to the maximum extent
possible. It’s impossible to predict how your organization or the industry you operate in will
change, but you can anticipate shifts by being prudent about the way you approach your
infrastructure management and maximizing future flexibility by using agnostic tools as much as
possible.

16
It is relatively straightforward to deploy resources using Terraform through a generic CI/CD

platform from the same machine you’re developing the code on. All you need is access to the

target provider and an installed Terraform binary. However, once you have multiple DevOps

engineers working on a project, it becomes very complex, especially if you are not using remote

state. Even if you use something like pre-commit-terraform2 to run a set of selected tools to lint

the code you’re creating before you commit it, each action is manual and must be performed

directly by the developer. This makes scaling your infrastructure management a very clunky

process.

The general-purpose CI/CD tools you may be using to manage your infrastructure simply do

not enable the kind of nimbleness you need to future-proof your tech stack. The level of effort

required for every change makes it virtually impossible to update your technology to keep pace

with a shifting competitive landscape. Worse, they work only with the tools you use now. They

will not accommodate the inevitable shift to new technologies.

Specialized IaC management platforms

The inescapable reality is that IaC tools and frameworks come and go. Terraform, Ansible, and

CloudFormation may seem unassailable now, but Chef, Puppet, and SaltStack were the tools of

choice a decade ago — and where are they now? Pulumi, Crossplane, and OpenTofu are

contenders to become the new favored technologies, and yet more frameworks and tools will

emerge in the next five years. If your platform is designed to manage Terraform only, your

options are seriously limited if and when Terraform is superseded by an alternative IaC tool, or

if you decide to integrate a third-party tool or use multiple IaC languages. To future-proof your

technology, you need to ensure that the IaC management platform you choose today will

remain agnostic to the frameworks it manages in the future.

17
Conclusion

IaC has transformed how high-performance cloud-based infrastructure is provisioned,

deployed, and managed. Tools such as Terraform drastically reduce the manual effort required

from DevOps IaC teams and accelerate the building of infrastructure.

However, as the organization scales, managing your IaC through a generic CI/CD platform

becomes impractical — and ultimately almost impossible. The stress of running multiple users

and teams intensifies, and you may start to wonder what happened to the efficiency, control,

and ease of use IaC was designed to promote. As this expansion starts to exert unbearable

pressure on your DevOps and platform teams and stretches the capabilities of generic CI/CD

tools to breaking point, you need to find a better way. That’s when you know it’s time to adopt

a specialized platform to manage your IaC.

Archipelago’s chief motivation for investigating specialized IaC

platforms was to streamline the company’s cumbersome approach

to managing Terraform — which involved manually applying their

IaC code or using an in-house tool to deploy Terraform. 


It wasn’t just the level of manual work involved in direct Terraform

applications and having to manage changes between engineers.

“We had a lot of issues with setup, access control, and coordination

problems with state files.”

Chris Schafer

18
Choosing the right IaC management platform ensures you can scale securely and with the

maximum potential for efficiency, productivity, and insulation against future shocks. It allows

services to be designed, delivered, and operated safely and efficiently across on-premises,

cloud, and edge deployments. Your platform and DevOps teams can template service creation

and management without risk, providing strategic workflow capabilities to increase the speed

and quality of infrastructure services, enhance the traceability and visibility of service delivery,

and minimize the errors and inconsistencies manual interventions create.

Your tool of choice should deliver everything you need to easily build and maintain tailored,

multi-IaC workflows that can share outputs, detect and remediate drift, build self-service

infrastructure to drive developer velocity, and put you in a position where your long-term

infrastructure needs are assured. Implement the right IaC management system and free your

teams to be the innovators you hired them to be.

IaC management platform comparison:

Spacelift vs. Hashicorp Terraform Cloud

Now that you’ve decided to move to the next level with your infrastructure, which IaC

management platform should you choose? To help you decide, we compare two leading IaC

management platforms and the features they offer to help you streamline your workflows,

manage governance and complexity, boost developer velocity and productivity, and future-

proof your technology.

19
Streamlining your IaC workflow

Why it matters

Dependencies Nested workflows Not available Tighter connection

workflow and passing outputs between stacks reduces
with stack complexity and
dependencies. accelerates change
implementation

Full workflow control Full control over your Limited Enhances visibility,
workflow consistency, and security

Multi-IaC workflow Terraform Terraform only Increases available

support options for enhanced
OpenTofu
flexibility
Terragrunt
Kubernetes
Ansible
CloudFormation
Pulumi

VCS integrations GitHub GitHub Integrates with your

choice of VCS
GitLab GitLab
BitBucket BitBucket
Azure DevOps Azure DevOps
Raw Git Raw Git

Credential-less Yes Yes Streamlines integrations

integrations with AWS,
Azure, and Google
Cloud

State management Managed Managed only Enhances flexibility

Use other backends

20
Managing governance and complexity

Why it matters

Policies across various Control almost any Plan and approval Enhances control
detection points aspect of the policies only
platform through
policies.

Drift detection Yes Yes Ensures reliability

Resource management Full inventory Resource views only Boosts visibility

management available per
solution including workspace
visualization,
lifecycle tracking,
search, and filtering

RBAC Configurable per RBAC — but not Enhances control

Space configurable (view
all projects,
workspaces, etc.)

SSO (OIDC & SAML) Yes Yes Improves security and

compliance

Credential-less Yes Yes Streamlines cloud

integrations with AWS, integration
Azure, and Google
Cloud

Shareable contexts env vars env vars Enables secure

collaboration
files
runner hooks

MFA Yes Yes — but only at Bolsters security

HCP account level

Custom policies for Yes No Maintains consistency

third-party tools

21
Developer velocity and productivity

Why it matters

Self-service Blueprints
No-code Boosts efficiency
Kubernetes Operator provisioning
(modules)

Kubernetes Operator

Custom policies for Yes No Maintains consistency

third-party tools

Shareable contexts Yes (env vars, files, Yes — but env vars Enables secure
runner hooks) only collaboration

Credential-less Yes Yes Eliminates blockers

integrations with AWS,
Azure, and Google
Cloud

Advanced scheduling Yes (tasks + stack Yes — but Removes manual

deletion) workspace deletion processes
only

Integrations Yes (you can Yes — but run tasks Makes it easier for
integrate with any only developers to work with
tool across any task their favorite tools
in the IaC lifecycle)

Resource management Full inventory Resource view only Full visibility at a glance
management available per boosts productivity.
solution including workspace
visualization,
lifecycle tracking,
search, and filtering

22
Future-proofing your IaC

Why it matters

Credential-less Yes Yes Potential to integrate

integrations with AWS, alternative clouds in the
Azure, and Google future
Cloud

Multi-IaC workflow Terraform Terraform only Increases available

support options for enhanced
OpenTofu
flexibility
Terragrunt
Kubernetes
Ansible
CloudFormation
Pulumi

VCS integrations GitHub GitHub Integrates with your

choice of VCS
GitLab GitLab
BitBucket BitBucket
Azure DevOps Azure DevOps
Raw Git Raw Git

Integrations Yes (you can Yes — but limited to Streamlines workflows

integrate with any run tasks for a wide range of
tool across any task potential use cases
in the IaC lifecycle)

23
About Spacelift

Spacelift is an infrastructure-as-code (IaC) management platform for orchestrating the full

lifecycle of your infrastructure. It integrates with your choice of VCS to access and manage your

infrastructure code across all IaC tools (e.g. Terraform, OpenTofu, CloudFormation, Pulumi).

Spacelift workflows orchestrate your infrastructure end to end — provisioning, configuration

management, observability-tool and security-tool integration, cloud resource management,

and container orchestration.

By providing developer self-service, golden paths with guardrails, and an OPA policy engine,

Spacelift empowers businesses to accelerate developer velocity while maintaining control and

governance over their infrastructure. Spacelift offers unrivaled support, no-nonsense pricing,

and a range of deployment models to fit your specific needs.

Learn more about the Spacelift platform and how it can help you overcome your IaC challenges

at Spacelift.io. Sign up for a demo, or test the platform yourself with a free trial.

Developers

Version Control Systems Cloud Providers

GitHub AzureDevOps AWS Azure

GitLab Bitbucket Google Cloud Others

Infrastructure as Code

OpenTofu Ansible Pulumi CloudFormation Terraform Kubernetes Terragrunt

24
Author
Flavius Dinu
Flavius is a passionate Developer Advocate with an Infrastructure as Code
mindset and expertise in DevOps & Cloud Engineering. He holds ITIL Foundation
Certificate in IT Service Management and Hashicorp Terraform Associate
Certification. He currently works at Spacelift, and in his free time, he blogs
at techblog.flaviusdinu.com, where he provides tutorials, tips, and tricks for all
levels of experience based on his exposure.

References
1 Developer Velocity: How software excellence fuels business performance
McKinsey & Company

2 pre-commit-terraform
GitHub - Anton Babenko

25