Is securing your cloud infrastructure getting you all hot and bothered? In this edition of Mission Infrastructure, we ease you into summer with guidance on managing access to your Terraform, locking down your enterprise cloud security, and ensuring your Terraform is compliant. You’ll also find highlights of other popular recent articles, covering everything from CI-CD metrics and Terraform disaster recovery to the latest OpenTofu release.
With event season in full swing, we tell you where you can meet the Spacelift team. And we also bring you our latest videos and product updates.
With Terraform, you can manage role-based access control (RBAC) as code across AWS, Azure, and Google Cloud by defining roles, policies, and assignments as declarative resources that are version-controlled and repeatable. In this article, Mattias Fjellström explains how to implement built-in (sometimes called managed) roles and custom roles in the various cloud providers and provides best practices for managing RBAC with Terraform
Enterprise cloud security (ECS) covers how large organizations safeguard their data, workloads, and cloud infrastructure against misconfigurations, insider threats, compliance failures, and external attacks. James Walker’s article discusses the main threats you need to combat, the common challenges organizations face at scale, and best practices for consolidating security across your cloud environment.
Terraform compliance and governance involves ensuring Terraform-managed infrastructure complies with external regulatory frameworks, as well as internal organizational rules around cost, tagging, naming, and access. The key mechanism is policy as code (PaC), and the most popular PaC frameworks for Terraform are Open Policy Agent (OPA), HashiCorp Sentinel, and Checkov. Mattias Fjellström’s article discusses best practices for Terraform compliance and governance.
Terraform disaster recovery involves various strategies for using infrastructure as code to rebuild or fail over production environments during regional outages. Those strategies include backup and restore, pilot light, warm standby, and multi-site active/active, with the one you choose depending on how much downtime (RTO) and data loss (RPO) your business can tolerate. Flavius Dinu’s article discusses best practices for Terraform disaster recovery.
Regularly monitoring your continuous integration and continuous delivery (CI/CD) pipelines using precise metrics enables you to analyze performance and identify inefficiencies. Monitoring a mix of pipeline performance metrics and DevOps outcome metrics allows you to benchmark your CI/CD health against DORA standards. In this article, James Walker lists 15 of the most important CI/CD metrics and KPIs to track and discusses best practices to follow when implementing CI/CD monitoring systems.
OpenTofu 1.12.0 landed on May 14, and it continues OpenTofu’s history of building features that address real, recurring pain points that teams hit in their day-to-day workflows. Tim Davis’s article outlines the most important features in this release.
It’s all about AI + observability at DataDog Dash, two packed days of practical learning and insights for builders, engineers, and security teams. We’ll be at Booth # 732, so drop by and talk to us about how integrating Spacelift with DataDog allows you to monitor infrastructure pipelines, track stack statuses, and more.
In this live session, the Spacelift team will demonstrate how platform engineers can orchestrate infrastructure provisioning, configuration, and governance through a single IaC workflow, without rebuilding everything. We’ll cover:
Spacelift stacks, the building blocks of GitOps workflows and centralized state management
Spacelift policies, guardrails for every stage of your IaC workflow
Drift detection, automatic alerting and remediation
Scaling, modernizing, networking — whatever your reason for attending AWS Summit NYC, be sure to stop by Booth #913 to chat with the Spacelift team. We’ll be there to answer your questions and show you how we can help make infrastructure safer, smarter, and more scalable.
AWS Community Day Midwest 2026
June 24, 2026
Hyatt Regency Downtown Indianapolis
This year marks the 8th annual AWS Community Day | Midwest, where AWS users connect and share knowledge. Meet the Spacelift team and explore new solutions for your cloud infrastructure challenges.
Our team will be on the ground to show you how Spacelift can enhance your platform engineering experience.
You can also catch us virtually at 9AM EDT/6AM PDT, when Joey Stout will take you through Tofu in plain English: Live with Spacelift Intent, a live demo of how to use Spacelift Intent to transform natural language descriptions into production-ready OpenTofu code in real time.
Discover the latest in cloud innovation in Washington D.C. this summer at this free two-day event. Spacelift will be on the ground to answer your questions and help you make the most of our powerful integration with AWS.
Terraform drift is rarely evident — until it sparks a security, compliance, or production issue. In this video, we cover what drift is, why it happens, and why manual checks are not a reliable way to stay on top of it. We also walk through how Spacelift turns drift detection into a scheduled, repeatable operational process with optional reconciliation that respects your existing approval workflows and policies
Managing governance across AWS, Azure, and Google Cloud involves addressing three different identity systems, permission models, and audit trails. In this video, we walk through how Spacelift solves multicloud governance end-to-end. We cover secure cloud authentication with short-lived credentials, organizing infrastructure with spaces and granular role-based access control, enforcing policy as code with OPA, scheduled drift detection across all providers, private workers for regulated environments, and unified audit trails for SOC2, HIPAA, and GDPR compliance.
You can now connect your preferred LLM directly to Spacelift using the new Remote MCP Server, which works with any LLM or agent that supports the Model Context Protocol. WHen connected to Spacelift, it enables your existing tools to create and manage runs, query stack status, trigger deployments, and work with your infrastructure the same way you do in the UI or CLI.
Spacelift now supports SCIM 2.0 (System for Cross-domain Identity Management). Your identity provider becomes the single source of truth for who has access to Spacelift, automatically syncing users and groups, so you never have to manually invite or remove anyone again.
