Going to AWS Summit London? 🇬🇧🇬🇧

Meet us there →


Enabling Seamless Collaboration in IaC

Enabling seamless collaboration in IaC

Git has revolutionized the workflow as we know it today. Without it, deploying code can quickly become a nightmare. Developers deploy code that conflicts with each other, a change in one function breaks another function, security concerns multiply, manual processes abound, and so on. These issues can bring development to a complete standstill. Luckily, there are ways to improve this process.

Note: If you’re unfamiliar with Git, read this tutorial and any associated information on that page.

CI/CD tools

Tools like Jenkins, CircleCI, GitLab CI/CD, GitHub Actions, and many more help to keep everything under control when you are collaborating with others in a Git flow using GitOps.

Here is a screenshot of Jenkins taken from https://en.wikipedia.org/wiki/Jenkins


These tools vary in complexity based on the job in question.

For example, Jenkins is self-hosted, which can be a nightmare if your team needs to manage infrastructure better, but it’s convenient if they have to deal with compliance issues. Being self-hosted allows Jenkins to be air-gapped from the world and decreases the security footprint associated with connecting to an internet-enabled cloud service. 

GitLab is another example of a self-hosted option. GitLab also has a cloud version. Both versions are great, but the documentation can get confusing between the two. There are many other CI/CD tools out there, and choosing one that meets your security, velocity, and other criteria can be very difficult. 

CI/CD for applications and Kubernetes

One of the most important criteria when choosing a CI/CD tool is the workload you’re deploying. Most tools handle application workloads well; some specifically manage Kubernetes or container workloads, and some focus on any infrastructure as code (IaC). 

In most cases, choosing an all-in-one tool like Jenkins or GitLab is not your best choice when deploying different workloads. GitLab is fantastic for deploying application workloads. It has some great Kubernetes integrations, but unless you’re self-hosting it, it’s probably better to go with something more focused on Kubernetes, such as ArgoCD. For further information, see this article on managing your Kubernetes deployments

CI/CD for infrastructure

Cloud IaC deployments are similar but have some key differences. Application deployments require secret management, a build process, testing, whereas IaC deployments become even more complicated once you add cloud authentication, resource management, state management, infrastructure cost, policies, and more. 

Sure, an application deployment can cost thousands of dollars a minute if something goes very wrong or leaks a secret, but an infrastructure deployment can still cost more. One missed calculation, wrong instance size, leaked key, etc., can generate huge costs when infrastructure is involved, even if it’s serverless infrastructure. 

Luckily, several CI/CD tools are engineered explicitly for IaC. Spacelift is one of those tools, and it handles everything you need to ensure your deployments go off without a hitch. 

How does Spacelift manage IaC CI/CD and collaboration?

1. Robust access policies

The policies in Spacelift allow you to create guardrails for your engineers and ensure secure and reliable collaboration and deployments. Without these policies, engineers can deploy anything they want and potentially cause major issues. You can also create policies that manage deployment behavior.

If you want to configure a massive monorepo and only deploy when specific files are modified, you can do it. Robust push, plan, and notification policies allow you to ensure your environment is always in check. 

Robust access policies

2. SSO to your Git provider

Accessing your Git provider and repositories could not be easier, thanks to Spacelift SSO. Spacelift SSO removes the security risks of managing passwords and keys and enables a simple connection you have complete control over. Users from your Git provider are added to Spacelift, and policies can be created to manage those users and groups. 

SSO to your Git provider

3. Keyless access to your cloud provider

You must control access to your cloud provider at all costs. Major cloud providers recommend assuming temporary credentials when communicating with their API, and Spacelift makes this easy. With Spacelift cloud integrations, you can configure only the access you need and assume temporary credentials that expire based on the TTL you configure. 

keyless access to your cloud provider

4. Self-hosted workers for security

Sometimes you don’t want to manage the entire platform, but regulations require specific security measures to ensure only you have access to your deployments. Self-hosted worker pools are perfect for this use case. The Spacelift control plane is able to orchestrate and launch the workers but has no access to anything in your environment. 

worker pools

5. Spacelift Self-Hosted on AWS

If private workers aren’t enough to meet your security needs, you can even self-host the entire Spacelift platform. With Spacelift’s self-hosting ability, you can run your own Spacelift instance within your AWS environment and have complete control over all storage and traffic. This helps you achieve the highest security standards.

You don’t have to manage a Kubernetes cluster or any complicated infrastructure. Everything is packaged into a straightforward Cloudformation script. 

6. Spaces

It can be tricky to ensure developers have access to the resources they need, and only those resources.

Luckily, Spacelift Spaces create a logical separation between stacks and resources and provide a visual representation of relationships and inheritance. Spaces allow your organization to achieve more complicated configurations, such as multi-tenancy. 

spacelift spaces

7. Blueprints

Creating a secure, homogenous environment for developers to deploy is an increasingly common practice. Platform engineering is becoming very popular, and companies are working hard to make their deployments simpler and more secure.

Spacelift Blueprints facilitates platform engineering by providing a simple templating system for IaC developers to create environments for others. 

spacelift blueprints

8. Cost estimation

Spacelift knows that predictability is a vital element of accurate cost estimation. That’s why we allow you to see from the start of the month how much you will have to pay for our services. You can also have a resource cost estimate on the stack level using our native integration with Infracost.

You can see how easy it is to set up here.

9. Integrations

Custom Inputs enable easy integrations with third-party tools within Spacelift. You can integrate any tool and even define different policies for these tools. You can also integrate Spacelift with monitoring, chats, and other DevOps-related tools, using notification policies. A ready-to-use integration with DataDog can be viewed here.

Wrapping up

IaC is designed to enable infrastructure and software development teams to collaborate, but general-purpose CI/CD tools can make things complicated. Spacelift fits easily into your existing workflows to help you manage collaboration around your IaC deployments with ease. To discover just how flexible our platform is, book a demo with one of our engineers or see how it works with a free trial.  

The Most Flexible CI/CD Automation Tool

Spacelift is an alternative to using homegrown solutions on top of a generic CI. It helps overcome common state management issues and adds several must-have capabilities for infrastructure management.

Start free trial