The what, where and how of the cloud-concierge tool.

cloud-concierge is an OSS container that allows you to layer functionality on top of an existing Terraform workflow. Namely:

  • Cloud Codification

  • Drift Detection

  • Flag the accounts making cloud changes outside of your Terraform workflow

  • Cloud-wide cost estimation, powered by infracost

  • Cloud-wide security scans, powered by tfsec (checkov integration coming soon)

cloud-concierge delivers all of these features directly as a Pull Request to a version control repository of your choice. It currently supports AWS, Azure, and GCP, and integrates with GitHub as a version control system.


Many teams build their own Terraform management "stacks" using major cloud provider state backends and tools like Atlantis for running plan and apply and state-locking.

For more sophisticated tooling, some may turn to tools like Terraform Cloud, Scalr, Spacelift and Firefly. We find, however, that these tool's pricing can become particularly onerous (or features simply don't exist) to allow self-hosted runners or access the most desired features like drift detection, cloud codification, security scanning, etc. for an entire cloud environment.

Get started locally in minutes!

Last updated