Gruntwork Pipelines

A security-first approach to a CI/CD pipeline for infrastructure.

The most secure way to do CI / CD for app and infrastructure code

Gruntwork Pipelines is a code framework and approach that enables you to use your preferred CI tool to set up an end-to-end pipeline for infrastructure code (Terraform) and app code (Docker, Packer, Kubernetes).

Pipelines includes first-class support for governance, GitOps, automated Terraform tests, promotion workflows, approval workflows, and auditing, all built with security in mind from day one. And as with most Gruntwork products, all configuration is defined as code.

Features

Set up a Terraform pipeline based on best practices

Gruntwork engineers carefully designed a Terraform pipeline code framework and approach based on best practices for workflow, long-term infrastructure code maintainability, and security. Adopt those best practices for your own Terraform team.

Adopt a security-first approach

It's all too common to give your CI server admin-level permissions needed to launch arbitrary infrastructure, a dangerous security posture. Gruntwork Pipelines enables a secure infrastructure pipeline by granting the sensitive permissions solely to a Fargate Task that exposes a limited, locked down interface and only allows running pre-defined commands such as terraform apply in pre-defined git repos/branches/folders that require peer review to change.

Run your pipeline on any CI tool

Run Gruntwork pipelines on any CI tool you want, including both managed and self-hosted varieties. There's no need to set up a new tool, or share sensitive cloud credentials with another third party.

Run an infrastructure code pipeline for Terragrunt or Terraform

Gruntwork Pipelines is designed to give a first-class experience with either Terragrunt or Terraform. In addition, you have full control over the build environment by selecting any Docker image of your choice.

Notify Slack when key events occur

Slack users can receive notifications when a terraform plan is ready for review, when a human needs to approve a terraform apply, or in other scenarios you configure.

Use the same pipeline for infra and app code

Gruntwork Pipelines has first-class support for application deployments, allowing you to use the same pipeline configuration for both infrastructure and application code.

Add your own features. Or benefit from our new ones.

Gruntwork Pipelines is a code framework and approach. Like all Gruntwork products, we take primary responsibility for updates and new features, and you get access to 100% of the code, leaving you free to add any customizations you want or contribute them back to our mainline branch.