This is a guest author article written by Maciej Socha, DevOps Engineer at Semantive.
Getting started with Spacelift can be transformative for your infrastructure management, and many teams are eager to showcase its powerful capabilities as quickly as possible. Platform engineers, DevOps teams, and SREs frequently face the same challenge: how to quickly establish a well-architected Spacelift foundation that showcases the platform’s capabilities while following best practices from day one.
The reality is that many teams spend weeks configuring spaces, policies, worker pools, and cloud integrations manually – time that could be better spent proving business value and accelerating their infrastructure automation journey.
Proving concept value quickly is crucial. Organizations evaluating Spacelift need to see tangible results fast – not just for technical validation, but to secure stakeholder buy-in and budget approval. However, traditional approaches to implementation often require:
- Extensive initial configuration: setting up spaces hierarchies, policies, and integrations from scratch
- Deep platform knowledge: understanding the architecture before realizing benefits
- Iterative trial and error: learning through multiple configuration cycles
- Time-to-value delays: weeks before demonstrating meaningful automation capabilities
These factors can slow proof-of-concept delivery and delay the realization of Spacelift’s core benefits: improved collaboration, enhanced security, and streamlined infrastructure operations.
By leveraging our Spacelift Core Config Accelerator, organizations have typically reduced setup time from 4 weeks down to just 3-5 days – with full workflow automation, custom policies and private workers deployed. On average, teams report a 90% decrease in time-to-value for proof-of-concept deployments, allowing them to quickly demonstrate the full potential of Spacelift.
Built on Semantive’s real‑world experience delivering Spacelift across diverse customer environments, the Accelerator addresses these challenges head-on. This repository provides a single configuration-driven approach to establishing a production-ready Spacelift foundation.
The accelerator was developed based on patterns observed across numerous Spacelift implementations, capturing best practices and common configurations that consistently deliver value. Instead of starting from a blank slate, teams can leverage proven architectures that have been refined through multiple customer deployments.
Implementation architecture
The accelerator implements infrastructure as code principles for Spacelift configuration itself. The core workflow involves:
- Single configuration source: everything defined in config.yaml
- Terraform-managed resources: all Spacelift entities created via Terraform provider
- Automated dependency resolution: proper resource ordering and referencing
- Idempotent operations: safe to run repeatedly without side effects
Accelerator components
The Spacelift Accelerator manages four critical aspects of Spacelift configuration through a unified config.yaml file:
1. Hierarchical space management
Creates a three-tier space architecture that mirrors typical organizational structure.
- Department spaces at the top level for broad organizational divisions
- Project spaces beneath departments for specific initiatives
- Environment spaces at the lowest level for e.g. development, staging, and production isolation
This hierarchy enables proper access control and resource isolation from the start, preventing the sprawl and permission issues that often emerge in organically grown Spacelift environments.
2. Parametrized policy templates
Establishes a way of configuring and reusing policies across Spaces. The accelerator includes following example policies:
- Command restriction policies to prevent dangerous operations in production environments
- Private worker enforcement for sensitive workloads requiring additional security
Additional policies can be added using the same approach and utilizing example policies shared by Spacelift – Spacelift Policies Example Library.
3. Cloud integration setup
Streamlines the configuration of secure cloud provider connections:
- AWS IAM role-based integration with proper trust policies
- Dynamic credential generation to eliminate static secrets
- Space-scoped integrations ensuring proper access boundaries
4. Private Worker Pool Provisioning
Automates the deployment of private Kubernetes-based worker infrastructure:
- EKS cluster provisioning with Auto Mode configuration for simplified management
- Worker controller deployment for seamless Spacelift integration
- Multi-pool configuration supporting different workload requirements
Key technical advantages
Declarative configuration: unlike imperative setup approaches, the accelerator treats Spacelift configuration as code, enabling version control, peer review, and repeatable deployments.
Dependency management: the Terraform implementation handles complex resource dependencies automatically, ensuring spaces are created before policies, integrations are established before worker pools, etc.
Configuration validation: built-in checks prevent common configuration errors before they reach your Spacelift environment.
The accelerator transforms the typical Spacelift implementation timeline and saves a lot of time at the beginning of the project. Below you can find implementation steps and example configuration you can use to bootstrap your Spacelift environment.
Implementation steps
- Fork repository: Fork the source repository.
- Configure your environment: Edit
config.yamlto reflect your organizational structure, policy requirements, and private worker needs. - Deploy the foundation: Create an administrative Stack in Spacelift pointing to your forked repository. The Terraform configuration handles all resource creation and dependency management.
- Iterate and extend: Use the established foundation as a launching pad for advanced configurations, custom policies, and additional integrations.
AWS environment example
Below configuration shows example AWS configuration:
# Configure Spaces
spaces:
department_spaces:
- name: department-x
- name: department-y
project_spaces:
- name: project-x
parent_space: department-x
- name: project-y
parent_space: department-y
environment_spaces:
- name: project-x-dev
parent_space: project-x
- name: project-y-dev
parent_space: project-y
# Configure Global Policies
policies:
- name: denied-task-commands
space_name: project-x-dev
parameters:
denied_commands: ["terraform state"]
labels: ["autoattach:*"]
- name: require-private-worker
space_name: project-y-dev
labels: ["autoattach:*"]
# Configure Cloud Integrations
cloud_integrations:
aws:
- name: aws-workers-integration
role_arn: role-arn
space_name: root
# Configure workers
workers:
aws: []
- id: aws-workers
repository: spacelift-core-config-accelerator
branch: main
aws_integration_name: aws-workers-integration
space_name: root
eks_cluster_config:
aws_region: eu-west-1
cluster_name: aws-shared-workers
cluster_version: 1.31
cluster_admin_role_arn: admin-role-arn
vpc_id: vpc-id
subnet_ids: [subnet-1-id, subnet-2-id, subnet-3-id]
pod_role_arn: pod-role-arn
worker_pools:
- worker_pool_name: aws-shared-worker-pool
worker_pool_size: 2
space_name: root
- worker_pool_name: department-x-worker-pool
worker_pool_size: 2
space_name: department-xAdvanced use cases and extensions
The accelerator serves as a foundation for sophisticated Spacelift architectures:
- Multi-cloud environments: extend the configuration to support multiple cloud providers with appropriate integrations and policies for each.
- GitOps integration: configure spaces and policies to support GitOps workflows with automated drift detection and remediation.
- Compliance frameworks: implement organization-specific compliance requirements through custom policies and audit configurations.
- Self-service infrastructure: enable developer self-service through Blueprint configurations and standardized project templates.
Don’t spend weeks reinventing Spacelift configuration patterns that have already been proven in production environments. The Spacelift Accelerator gives you a head start based on real-world implementations and battle-tested best practices.
Get started today:
- Fork the Spacelift Accelerator repository – Spacelift Core Config Accelerator
- Review the documentation and configuration examples
- Deploy your first accelerated Spacelift environment
Want to see how this works for your specific use case? Request a demo with Semantive to see the accelerator in action and discuss how we can help you realize Spacelift’s full potential from day one.
Whether you’re conducting a proof of concept or rolling out Spacelift across your entire organization, our partnership ensures you start with a solid foundation that scales with your needs.
Solve your infrastructure challenges
Spacelift is a flexible orchestration solution for IaC development. It delivers enhanced collaboration, automation, and controls to simplify and accelerate the provisioning of cloud-based infrastructures.
