Support for running environments across any cloud platforms the organization uses, including on-premise / private clouds.

Support for Terraform or GitOps first approaches, including private Git repos and Crossplane

Centrally orchestrate environment updates en-masse or in a phased manner (staged roll out), or safely delegate to the downstream teams

Use centralized dashboards across accounts and clouds to track environment use, minimizing waste

Turnkey integration with existing customer tools (Terraform Cloud, Terraform Enteprise) for secure storage of state files, agents etc.

Log “who did what?” (across platform teams and downstream users), and export audits to an external system to track compliance

Use native / first class guardrails (access, policy enforcement, add-on management, cluster lifecycle management etc.)

Automate the E2E provisioning workflow for a new team, including creating an account, credentials, VPC, security groups, and more

Automate actions to run either before or after environment provisioning or updates, such as TF code scans or cost estimation.

Enforce policies such as scheduled environment creation, or automatic deprovisioning after TTL expiration

Ability to scan and proactively flag environments that have drifted from the specified TF configuration

Ability to destroy / deprovision unused environments to reduce cloud sprawl and spend

Ability to consume the platform through the preferred interface: UI, Backstage, GitOps or CMDBs (e.g. ServiceNow)

No time consuming ticket driven process where the Platform team has to manually provision clusters

Ability for end users to quickly look at resources in the environments and perform operations via the UI. This is especially useful for non savvy users

Which environments are running? Which environments have been shut down because of a configured policy (e.g. TTL, Schedule etc.)

“Substitution variables” leverage o/p parameters of an environment resource to be used as i/p variables to the application being deployed

Enforce network policies so that namespaces belonging to different teams cannot communicate with each other

Implement RBAC at scale with your Identity Provider, without implementing expensive solutions (bastion, VPN, etc.) so users access only their namespaces.

Centrally define templates, and share them selectively with downstream users (Developers, SREs) in a consistent manner

Permit end users to override environment template configurations selectively, as deemed permissible by the platform team

Self-hosted airgapped option may be necessary for highly regulated industries