Orchestrating infrastructure involves far more than simply developing your code in your infrastructure-as-code tools and preparing your configuration management templates. It encompasses everything related to provisioning, configuring, governing, and implementing the security mechanisms required to improve your workflows and your overall developer velocity.
In this post, we will explore how Spacelift can help you with every aspect of your infrastructure orchestration and the mechanisms it uses for this purpose.
What we’ll cover:
Spacelift is an infrastructure orchestration platform that helps you provision, configure, and govern all your infrastructure orchestration workflow. It supports Terraform, OpenTofu, Pulumi, CloudFormation, Terragrunt, Ansible, and Kubernetes, making it a one-stop shop for your infrastructure needs.
Spacelift helps you with the following use cases:
- Managing infrastructure at scale (infrastructure as code, configuration management, and container orchestration) – You can easily build control mechanisms, split your workflows into smaller ones to better identify where issues originate, and integrate dynamically with your cloud providers.
- Infrastructure governance – You rapidly provision and configure infrastructure in a single integrated workflow while giving you the control to manage risk and meet compliance requirements.
- Developer velocity – It reduces the burden of your infrastructure team to satisfy developer’s infrastructure requirements by enabling them to self-service in a secure way
- Collaboration – With Spacelift, infrastructure orchestration is multiplayer; you have an easy mechanism to collaborate, share ideas, approve/deny runs, and more.
How much does Spacelift cost?
Spacelift’s pricing is transparent and predictable: It offers an always-free plan, available for up to two users, with one API key; the Starter plan starts from $399/mo and can be used by up to 10 users; the Starter+ plan offers everything from Starter, but you get unlimited users and one private worker. The price depends on your needs.
The Business plan starts with three private workers and has custom pricing that adapts to your organization’s needs; The Enterprise plan is best for companies that have special compliance needs. It starts with five private workers and has custom pricing.
Let’s take a look at a pricing breakdown:
| Tier | Best for | Key Features | Price |
| Free | Individuals or small teams: 2 users, 1 API key | – IaC Support
– VCS integration – Dependencies – Resource – Visualization |
$0 |
| Starter | Growing Teams: 10 Users | Everything in Free +
– 2 Public Workers – Policy as Code engine – OIDC integrations |
$399/mo |
| Starter + | Growing Teams: Unlimited Users | Everything in Starter +
– 1 Private Worker – Drift detection |
Request a quote |
| Business | Organizations that need orchestrating infrastructure at scale | Everything in Starter Plus +
– 3+ private workers – Advanced Scheduling – Blueprints – Silver Support SLAs |
Request a quote |
| Enterprise | Companies that need SaaS/Self-hosted and have special compliance needs | Everything in Business +
– 5 private workers – Concurrent VCS connections – MFA – Gold support SLAs |
Request a quote |
Let’s take a look at some of Spacelift’s core concepts before diving into how it works:
- Stacks – These are building blocks for your infrastructure that combine your source code, the tool you are using, and the environment in which you deploy your code
- Run – All the jobs that modify your infrastructure are called runs.
- Stack runs
- Tracked run – a form of deployment
- Proposed run – a preview of changes
- Task – an arbitrary command that you can execute on your infrastructure
- Module runs
- A module test case, very similar to a tracked run
- Stack runs
- Spaces – These are logical containers for your Spacelift resources. Most Spacelift resources are spaced in the same way K8s resources are namespaced. They can be used to implement RBAC, and they offer partial admin rights to your users.
- Worker – Similar to the runner in CI/CD, workers are used by stacks to carry on your workflows. They can be either public or private, and they progress through multiple stages for performing your workflow.
- Lifecycle hooks – This mechanism helps you control what happens before and after every worker phase.
- Contexts – These are logical containers for your environment variables, mounted files, and lifecycle hooks that can be reused by any number of stacks.
- Policy – Different types of policies based on OPA let you implement governance and compliance.
- Cloud integrations – These enable dynamic credentials for AWS, Azure, and Google Cloud.
- Drift – This describes changes made outside your IaC processes.
- Blueprints – These are yaml templates for your stacks that enable you to self-serve infrastructure.
Spacelift works pretty straightforwardly. You connect your VCS to Spacelift, create stacks based on your repositories, and choose your preferred tool. Spacelift handles the deployment for you.
Watch this video to understand everything you can configure related to your stacks.
Here are some of the key features that Spacelift offers:
- Multi-infrastructure tool support – Terraform, OpenTofu, Kubernetes, Ansible, Pulumi, CloudFormation, Terragrunt
- Governance and compliance through policy as code (based on Open Policy Agent)
- Plan policies – ability to restrict resources or certain resource parameters
- Approval policies – require multiple approvals for runs
- Push policies – control what happens when a PR is open or merged
- Notification policies – control where to send notifications
- Policy library – Open Policy Agent uses Rego to write policies, but getting Rego right can be hard, so we offer a library of pre-existing policies that you can easily leverage.
- Dependencies workflows – You can create dependencies between your workflows and even share outputs between them. This works with different tools on as many nested levels as you want. This mechanism allows you to keep your state files small, easily identify issues, and build an end-to-end workflow.
- Resource and configuration management view – This is a unified view of all the resources Spacelift deploys and all the Ansible tasks and roles run on your hosts.
- Self-service infrastructure – You can use Blueprints as self-service templates, integrate with ServiceNow, and use Spacelift’s K8s Operator to provision resources from Kubernetes.
- Native integrations with the major cloud providers – Spacelift offers dynamic and short-lived credentials for AWS, Azure, and Google Cloud.
- Integrate with any tools you want – Leveraging lifecycle hooks and bringing your own runner image enables you to integrate with any tools you want. You can also use Spacelift’s custom inputs to easily implement policies for your third-party tools.
- Terraform provider for Spacelift – Spacelift is an API-first company, so whatever you can do from the UI, you can do from the API. To make it even easier, Spacelift has its own Terraform provider, which supports all the resources.
- Advanced scheduling
- Drift detection and remediation – Detect infrastructure drift and optionally remediate it.
- Tasks – Run custom tasks against your stacks on a predefined schedule.
- Stack deletion – Delete stacks on a schedule.
- Runs – Run your stacks on a predefined schedule.
- Module and provider registry – Host your modules and providers.
Spacelift offers several benefits, such as:
- Out-of-the-box workflows for your favorite infrastructure tools – With Spacelift, you don’t need to worry about writing complex pipelines or taking care of dependencies between your workflows
- Infrastructure scaling – Build scalable workflows that respect all the standards your organization imposes, enabling you to deploy, scale, and manage your infrastructure easily
- Increased security – Spacelift’s security-first development approach ensures that everything you do with the product stays safe (learn more about Spacelift’s security architecture and features)
- Eliminates collaboration bottlenecks – You can easily preview the implications of applying a change to your infrastructure while deciding as a team if the changes make sense.
- Powerful observability– Get insights into all your resources and their drift status in a single view
- Amplified developer velocity – Easily build self-service templates that free up your developers’ time, and let them focus on implementing new features for your applications
- Meets you where are – Spacelift’s integration with ServiceNow lets your developers spin up infrastructure directly using ServiceNow’s Service Catalog.
To get started with Spacelift, go to our website and click on the Free trial button.
Next, select the way you want to create the account:
For this example, we will choose GitLab.
Next, add a name for your account:
Then authorize Spacelift to access your GitLab account:
As soon as you authorize Spacelift, you will see a form that will help us better understand your use case and how we can support you better:
After you click on Get started, you will be redirected to your Spacelift account in the LaunchPad.
LaunchPad will help you get started with your checklist.
The first step is to integrate your Source code, so click on that in Launchpad. Then, click on Set up integration and choose your VCS provider. For this example, we will use GitLab.
Add the information required to set up the GitLab integration. If you don’t have a token, you will need to create one, as shown here.
After you finish adding the details, click on Set up.
Now, you should see your integration inside your Spacelift account. Test it to ensure that everything runs smoothly.
Now, let’s create a stack. To do that, we will go to our Stacks on the left-hand side of the menu and select Create Stack.
First, we add a name for our Stack and select a Space for it. Then, we can add other details, such as descriptions and labels.
After we have done this, we can select Continue and proceed to the next step. We should be able to see our repositories getting automatically populated:
We will choose the random_pet repository, which will create five random pets using Terraform.
In the next screen, we will choose what tool we will use, and for this one, let’s select Terraform as mentioned before:
Then we can select Create & continue, then Skip to Summary, and finally Confirm.
Our stack has been created successfully, so we will now trigger a run:
First, we can see a plan of what our stack will create:
Next, we can apply the code and wait for the resources to be created:
As you can see, the process of setting up your Spacelift account is straightforward, and you can reap the benefits from the beginning. We didn’t have to build any complex workflows for state management or deployment to be able to run our code.
Spacelift has more parallels with generic CI/CD pipelines than with Terraform or Ansible. It supports Terraform and Ansible workflows, and you can easily integrate them into a single workflow. You can even share the inventory as an output from Terraform to your Ansible stack.
It is similar to a generic CI/CD pipeline because it helps you with the actual CI and CD for your infrastructure tools.
However, there are many differences between Spacelift and generic CI/CD tools:
| Features | Spacelift | Generic CI/CD tools |
| Maintenance | ✅No maintenance is required for SaaS; you are in charge of updates for self-hosted. | ⚠️Depends on what generic CI/CD tool you are using |
| Dependencies workflow | ✅Yes – works out of the box | ⚠️Requires complex configuration – you need to change your code configuration and pipeline(s) to accommodate a use case like this. |
| Self-service workflows | ✅Yes – works out of the box | ⚠️Requires complex configuration – build dedicated pipelines for self-service that can be hard to maintain |
| State management | ✅Yes – works out of the box | ⚠️This falls under the user’s responsibility |
| Advanced scheduling | ✅Yes – works out of the box | ⚠️Requires complex configuration – dedicated pipelines required |
| Observability | ✅ Built-in for both IaC and Configuration Management | ❌No, you need a third-party tool for that |
| Dynamic credentials | ✅Yes – works out of the box | ❌No |
| Ease of use | ✅ Easy to use — you don’t need to learn a new language. | ⚠️Depending on what generic CI/CD you are using, the process can be really hard |
| Policy as code | ✅Yes – works out of the box | ⚠️Yes – you need to implement the policy + the pipeline logic. |
| Drift detection and remediation | ✅Yes – works out of the box | ⚠️Yes – not supported natively but can be configured using third-party tools (hard process) |
With generic CI/CDs, you won’t get state management and drift detection out of the box, and this makes your systems vulnerable. This means your DevOps teams will have difficulties solving issues, resulting in downtime and reduced customer retention.
Without policy as code, the chances of breaking compliance are high, and the chances of misconfigurations and cost spikes are even higher.
Spacelift can also be used with generic CI/CD pipelines, especially if you are using Spacelift’s Terraform provider to spin up all the Spacelift resources required by your organization. This approach ensures that your Spacelift configuration is version-controlled and easy to reproduce.
Spacelift is a one-stop solution for provisioning, configuring, and governing your infrastructure. It supports many different tools and has many mechanisms for security, observability, governance, collaboration, and self-service, giving organizations a mature and powerful solution for all their infrastructure needs.
If you want to learn more about Spacelift, book a demo with one of our engineers.
Solve your infrastructure challenges
Spacelift is a flexible orchestration solution for IaC development. It delivers enhanced collaboration, automation, and controls to simplify and accelerate the provisioning of cloud-based infrastructures.
