Gruntwork Pipelines is a SaaS platform designed to automate the review, approval, and deployment of cloud infrastructure changes triggered directly from GitHub Pull Requests. It is tightly integrated with Terragrunt, enabling seamless multi-unit deployments and managing dependencies intelligently. The platform supports automated drift detection, access control, and comprehensive auditing while emphasizing security through least-privilege access and GitHub OIDC authentication.

Key Features

Multi-unit changes Enables coordinated changes across multiple Terragrunt units simultaneously.

• Streamlines managing dependencies and ensures consistency.
• Supports Terragrunt run-all and stack features for large scale deployments.

Automatic plan/apply workflow Runs Terraform plan automatically upon PR creation and applies changes on merge.

• Reduces manual effort and speeds deployment cycles.
• Provides elegant, summarized logs inline with GitHub PRs.

Informative comments & centralized discussion Outputs logs and status updates directly in GitHub PR comments.

• Keeps all discussion and audit info centralized.
• Facilitates collaboration and guardrails enforcement.

Full extensibility and config as code Allows adding custom pipeline steps to suit team workflows.

• Tracks pipeline config changes systematically.
• Automates setup for new teams or repos.

Access control and security Manages AWS permissions requests through a dedicated git repo.

• Applies least-privilege principle for cloud credentials.
• Uses GitHub OIDC for secure authentication without storing secrets.

Scheduled drift detection and automatic pull requests Regularly detects infrastructure drift per environment and generates PRs to resolve it.

• Ensures live infrastructure state matches declared IaC.
• Environment-aware to maintain precise control.

Detailed audit logs Logs all actions with AWS CloudTrail integration for compliance and traceability.

Benefits

Automated infrastructure deployment pipeline Reduces manual errors and streamlines infrastructure delivery.

• Enables continuous integration and delivery for Infrastructure as Code.
• Accelerates feedback loops with automated plan/apply cycles.

Enhanced security and compliance Implements secure access control and detailed audit trails.

• Minimizes risk by limiting permissions based on least privilege.
• Uses GitHub OIDC for credential-free cloud authentication.

Improved team collaboration and governance Centralizes discussions, logs, and approvals in GitHub.

• Facilitates clear visibility and accountability.
• Enables applying guardrails within the development workflow.

Scalable management of complex infrastructures Supports multi-unit, multi-environment deployments and drift management.

• Makes scaling infrastructure changes safer and more manageable.
• Automates environment-specific drift detection and remediation.