Orchestration

Stategraph Orchestration brings GitOps workflows to Terraform. Run infrastructure changes through pull requests with automatic plans, policy enforcement, cost estimates, and drift detection.

Powered by Terrateam.

Features

PR-Based Workflows

Infrastructure changes flow through your normal Git workflow:

1. Open a PR - Push your .tf changes to a branch
2. Auto Plan - Orchestration runs terraform plan and posts results as a PR comment
3. Review - Team reviews the plan, cost estimate, and policy checks
4. Merge to Apply - Approve and merge—Orchestration applies the changes

Policy Enforcement

Run OPA/Conftest policies on every plan:

# .terrateam/config.yml
workflows:
  - tag_query: "dir:environments/production/**"
    plan:
      - type: init
      - type: plan
      - type: conftest

Block non-compliant changes before they reach production.

Cost Estimates

See the dollar impact of every change with Infracost integration:

cost_estimation:
  enabled: true
  currency: "USD"

Set cost thresholds that require additional approval.

Drift Detection

Scheduled scans detect when infrastructure drifts from code. Get notified and remediate before it becomes a problem.

RBAC & CODEOWNERS

Control who can apply changes to which directories:

apply_requirements:
  checks:
    - tag_query: "dir:environments/production/**"
      approved:
        enabled: true
        any_of: ["team:platform"]
    - tag_query: "iam in dir"
      approved:
        enabled: true
        all_of: ["team:security"]

Automatic approval routing based on file ownership.

Supported Tools

Orchestration works with:

• Terraform
• OpenTofu
• Terragrunt
• CDKTF
• Pulumi

Configuration

Orchestration is configured via a YAML file in your repository:

# .terrateam/config.yml

# Enable cost estimation in PRs
cost_estimation:
  enabled: true
  currency: "USD"

# Apply requirements for production
apply_requirements:
  checks:
    - tag_query: "dir:environments/production/**"
      approved:
        enabled: true
        any_of: ["team:platform"]

# Custom workflows
workflows:
  - tag_query: "dir:environments/production/**"
    plan:
      - type: init
      - type: plan
      - type: conftest

Getting Started

Orchestration is available now through Terrateam:

1. Sign up at terrateam.io
2. Install the GitHub App on your repository
3. Configure your workflows in .terrateam/config.yml
4. Open a PR with Terraform changes to see it in action

Stategraph Integration

Use Orchestration with Stategraph Backend for a complete infrastructure platform:

• Backend stores your state with full transaction history
• Orchestration automates your Terraform workflows
• Inventory provides visibility into all your resources
• Insights enables dependency analysis and blast radius

# Use Stategraph as your backend with Orchestration
terraform {
  backend "http" {
    address  = "https://stategraph.example.com/api/v1/states/backend/<state-id>"
    username = "session"
    password = var.stategraph_api_key
  }
}

Resources

• Terrateam Documentation - Full Terrateam documentation
• Pricing - See pricing options
• Product Overview - Learn more about Orchestration