Why You Need Self-Service Infrastructure

As collaboration between teams becomes more complex in scaling organizations, it is vital to enable autonomy for development teams and reduce bottlenecks in platform teams. And this is why the self-service approach is a game-changer.

Self-service infrastructure is also a core capability of today’s platform engineering teams. They provide Golden Paths that enable stream-aligned teams to move quickly, while maintaining consistency in standards, security, and governance.

We will cover:

1. What is self-service infrastructure?
2. Self-service infrastructure does not equate to no guardrails
3. What are the benefits of self-service infrastructure?
4. A self-service maturity model
5. How does Spacelift enable self-service infrastructure?

Self-service infrastructure is a type of IT infrastructure system that enables users, typically developers or IT teams, to provision, configure, and manage resources independently, without requiring intervention from operations teams. It is commonly implemented in cloud environments and modern platform engineering practices, where automation tools and APIs allow users to request and deploy infrastructure on demand.

Self-service enhances development teams’ autonomy by giving them tools and processes to create and maintain the infrastructure resources they rely on. A dedicated team manages these tools and processes through a service (usually a web service). 

As Matthew Skelton and Manuel Pais describe in their book, Team Topologies, this platform team works to deliver reusable components to stream-aligned teams, enabling them to deliver business value to the customer.

In practice, these reusable components often take the form of paved roads and templates that remove guesswork and reduce cognitive load for delivery teams.

Self-service infrastructure extends the self-service approach to cover all aspects of infrastructure management, creating a process in which the platform team “sells” their services to the development teams by providing the internal Infrastructure management SaaS platform that all the development teams need to function.

It can be used for both simple and complex use cases, including defining a database cluster or creating an entire development process with a Git repository, CI/CD pipeline template, a service in the cloud, and monitoring systems.

Read more: What is Developer Self-Service?

Self-service only works when it is safe by default. If teams have autonomy without guardrails, the organization risks sprawl, inconsistent security posture, and fragile environments that are hard to support. If teams have guardrails without autonomy, the work becomes a series of tickets and delays, and self-service becomes a label rather than a capability.

The goal is to provide freedom within clear boundaries. That usually means standard templates, clear ownership, and automated checks that enforce policies consistently. It also means visibility into what was provisioned, why it was provisioned, and who approved it when approvals are required.

Self-service infrastructure should also include an operational feedback loop. Drift and out-of-band changes are a fact of life in many environments, so teams need a way to detect drift early and respond before it becomes a production incident.

Establishing a self-service culture is not easy, but the benefits repay the effort in a very short time. As the organization scales, a strong self-service culture facilitates collaboration and enhances the quality of solutions delivered to both internal and external clients.

Here are the main benefits:

• Organizational lens:
  • Increase autonomy. The team (i.e., development team) decides what infrastructure should be created. Their decision is based on available templates, guidelines, and collaboration with the self-service infrastructure team (i.e., platform team).
  • Decrease waiting times. The development team is not waiting for infrastructure resources to become available. 
  • Increase productivity. With increased autonomy and decreased waiting times, the development team can reduce waste during work.
  • Leverage knowledge-sharing. By enabling teams with self-service, the organization can share best practices and standards more widely.
  • Respond to a shortage of infrastructure, network, system, SRE, or DevOps engineers. IT talent is in high demand. Having a structured and organized team of experts who act as a platform team helps the organization avoid over-hiring and allows enables effective management of people and resources.
  • Improve developer experience. A good self-service platform reduces cognitive load by giving teams clear defaults, predictable workflows, and documented golden paths.
• Processes and engineering lens:
  • Control and decrease the costs of infrastructure 
  • Unify stacks and used technologies
  • Implement and control security throughout the organization
  • Control integrations, i.e., authentication services
  • Reduce configuration drift risk by standardizing workflows and detecting changes early.
    
  • Increase audit readiness by making provisioning and changes visible and repeatable.

Self-service infrastructure is usually adopted in stages. Here is a simple model you can use to assess where you are today and what to improve next:

1. Ticket-driven provisioning. Infrastructure changes are handled through requests and manual steps.
2. Standardized modules and patterns. Reuse improves, but delivery is still bottlenecked by reviews and coordination.
3. Catalog and templates. Teams provision through a consistent workflow with guardrails, permissions, and documentation.
4. Policy-driven orchestration. The platform enforces standards automatically, integrates with existing workflows, and continuously improves based on usage and feedback.

How to know self-service infrastructure is working

Self-service should be measured like a product. These metrics help you see whether you are reducing friction without losing control.

• Time to provision for common requests, including the long tail
• Infrastructure request ticket volume and top recurring categories
• Policy violation rate and the most common reasons for failure
• Drift incidents detected, and how quickly they are resolved
• Cost variance for standardized components and environments

Spacelift is an infrastructure orchestration platform for infrastructure-as-code workflows, enabling the implementation of self-service infrastructure with built-in guardrails. It delivers all the features the platform team may need to provide their services to internal and external development teams.

1. Maximizes reusability

A key benefit of self-service infrastructure is the potential to use predefined, widely available templates for different use cases. Spacelift implements this functionality through Blueprints. 

Blueprints are templates for a stack and its configuration, with variables that can be added through inputs when creating a stack from the Blueprint. Blueprints can also define additional resources and configurations that should be in place from the outset.

The platform team defines the Blueprints and uses Spaces and Policies to allow other teams to use them. These Blueprints can range from simple tasks, such as creating an EC2 instance in AWS, to more complex setups, including the establishment of a network using a virtual private cloud (VPC) and its connection to other existing networks via a transit gateway or virtual private network (VPN). 

Blueprints can include stack settings, VCS configuration, environment variables, mounted files, attached Contexts, attached Policies, cloud integrations, dependencies, and schedules for drift detection, tasks, or deletion. This helps platform teams publish reusable building blocks without relying on manual configuration steps.

With parametrization of blueprints through Inputs, platform teams receive a powerful toolset to deliver flexible solutions tailored to business needs that are fully in their control.

Published Blueprints can also be shared through a link, so teams can fill in a form and create a stack without needing access to the Blueprint editor.

2. Prioritizes security

One of the benefits of self-service is enhanced security. Allowing multiple teams to use a vulnerable infrastructure template creates unacceptable risk. However, expecting every team to create and deploy their own infrastructure leaves you open to deploying vulnerable infrastructure.

You can mitigate both risks by implementing the Spacelift platform using a self-service approach. The platform team designs and prepares Blueprints, which should be subject to extensive testing before publishing. 

Spaces help to ensure that the blueprints will be deployed on permitted environments only. For example, if the organization uses a CI/CD account, all templates related to CI/CD should be deployed there, not in the Production account. Spaces can be used to represent the cloud setup, for example, accounts, subscriptions, or environments.

Policies form another layer of security for Blueprints. They can be attached and enforced in published blueprints, allowing the platform team to ensure specific behavior and use of the templates. This is especially important for guardrails, such as access rules, approval flows, and allowed patterns, because enforcement remains consistent even as more teams are onboarded.

3. Enhances efficiency

Blueprints are also a key concept to remove the blockers that can make teams less efficient. The development team doesn’t need to focus on acquiring additional skills within the team, such as expertise on Terraform or OpenTofu, cloud infrastructure deployments, and self-service tooling. Instead, they can use Blueprints to deploy specific infrastructure to specific environments.

4. Enables CLI and API

The ability to use CLI tools (or API calls) facilitates the building of wider solutions, where a specific component is triggered by an overarching service. This might happen when the platform team delivers not only self-service infrastructure but also more complex solutions. 

Spacelift offers a CLI called spacectl. The flexible tool is easy to install. We also provide the GitHub Action to install and configure it inside the CI/CD pipeline.

But that’s not all! Many engineers prefer to use APIs in certain cases. Spacelift offers the GraphQL API, which allows users to interact with a service in a programmatic way.

5. Boosts usability

Creating the best possible approach to self-service infrastructure often raises a dilemma. Cloud setup in modern organizations is complex and tailored to specific needs. Use of templates reduces this adaptability, so the platform team has two options: Create complex templates and push teams to use the single solution, or create many small templates and ensure that teams are able to construct complicated solutions with them. The latter requires the team to have at least an understanding of IaC and self-service technologies.

Spacelift solves this dilemma with stack dependencies. This approach allows platform teams to deliver well-designed, single-purpose solutions. Their clients select the Blueprints that best fit their needs and connect them into logical chains, using stack dependencies.

6. Enforces best practices

One of the purposes of platform teams is to implement and enforce best practices. This remains true when you apply a self-service infrastructure approach. By combining Spaces, Blueprints, policies, and the module registry with a modern self-service approach to manage the dependencies between stacks, it becomes easier to ensure best practices are followed.

A compelling feature of Spacelift is the ability to manage the entire platform setup. Spacelift has published its own Terraform provider, which means the process of managing the platform governs all processes in the organization, such as infrastructure coding (and creation), version control, CI/CD, security scans, governance, etc. This approach allows the organization to achieve next-level quality and cooperation.

Spacelift also maintains a policy example library that can help teams get started quickly and standardize enforcement across the organization.

7. Supports modern tooling choices

Self-service infrastructure is easier to standardize when platform teams can support the tools teams already use. Spacelift supports OpenTofu workflows, so organizations can offer self-service templates without being locked into a single IaC ecosystem.

8. Fits into existing request workflows

Self-service does not always start in a new UI. In many enterprises, teams already request services through IT service management tooling. Spacelift integrates with ServiceNow so platform teams can connect catalog items to Blueprints and provide a familiar request experience.

9. Adds an AI-assisted entry point for self-service

Some self-service requests begin as a description of what a team needs, rather than a search for the right template. Spacelift Intent enables teams to provision and manage infrastructure in natural language, while keeping the work within Spacelift, allowing policies, permissions, state, and audit trails to remain in effect. 

Instead of generating OpenTofu or Terraform configuration, Intent interprets the request and creates resources by calling cloud provider APIs through provider schemas. 

Intent fits best for rapid prototyping and short-lived environments like QA, demos, and experiments. For stable, repeatable needs, teams can promote the proven pattern into a Blueprint so it becomes a standard, reusable golden path.

Spacelift’s platform aligns with all the criteria for a self-service infrastructure approach, and it supports the practical requirements that make self-service sustainable. It enables organizations to create, manage, and utilize infrastructure in a modern manner, while prioritizing security, scalability, reusability, and guardrails.

From the platform team’s perspective, Spacelift provides all the tools necessary to launch and manage self-service infrastructure, as well as control its usage within the organization. Development teams can be onboarded easily and start using the self-service infrastructure in no time. And when help is needed, the platform team is there to simply check the status, logs, and behavior of the problematic stack and provide guidance quickly.

Our approach to self-service infrastructure delivers the features you need to build a robust self-service culture with measurable outcomes, including better developer experience, clearer standards, and safer automation. Find out how you can benefit from this approach with a free trial or book a demo with our engineering team to discuss your options in more detail.