Infrastructure as Code

Infrastructure as Code (IaC) in ops0 lets you define, deploy, and manage cloud infrastructure using declarative configuration files. Write code with AI assistance, validate with policies, estimate costs, and deploy with approval workflows.

Why IaC with ops0?

How It Works

Supported IaC Engines

Key Features

AI-Powered Coding

Describe infrastructure in plain English and get production-ready code:

"Create a VPC with public and private subnets,
NAT gateway, and proper security groups for a
3-tier web application"

The AI produces complete, best-practice Terraform code with proper naming, tagging, and security configurations — for example:

# main.tf — VPC with public/private subnets and NAT gateway
resource "aws_vpc" "main" {
  cidr_block           = "10.0.0.0/16"
  enable_dns_hostnames = true
  enable_dns_support   = true

  tags = {
    Name        = "my-app-vpc"
    Environment = "production"
    ManagedBy   = "ops0"
  }
}

resource "aws_subnet" "public" {
  count             = 3
  vpc_id            = aws_vpc.main.id
  cidr_block        = cidrsubnet(aws_vpc.main.cidr_block, 4, count.index)
  availability_zone = data.aws_availability_zones.available.names[count.index]
  map_public_ip_on_launch = true

  tags = {
    Name = "public-subnet-${count.index + 1}"
    Tier = "public"
  }
}

resource "aws_subnet" "private" {
  count             = 3
  vpc_id            = aws_vpc.main.id
  cidr_block        = cidrsubnet(aws_vpc.main.cidr_block, 4, count.index + 3)
  availability_zone = data.aws_availability_zones.available.names[count.index]

  tags = {
    Name = "private-subnet-${count.index + 1}"
    Tier = "private"
  }
}

resource "aws_internet_gateway" "main" {
  vpc_id = aws_vpc.main.id
  tags   = { Name = "my-app-igw" }
}

resource "aws_eip" "nat" {
  domain = "vpc"
}

resource "aws_nat_gateway" "main" {
  allocation_id = aws_eip.nat.id
  subnet_id     = aws_subnet.public[0].id
  tags          = { Name = "my-app-nat" }
}

data "aws_availability_zones" "available" {}

Deployment Scheduling

Schedule deployments for specific times or recurring intervals:

Scheduled deployments run plan + apply at the configured time with all policy checks enforced.

Project Replication

Replicate an existing IaC project across cloud providers or regions:

The Replication Wizard supports cross-cloud replication (e.g., AWS to GCP) with intelligent resource mapping.

Variable Graph

Visualize Terraform variable and resource dependencies as a directed acyclic graph (DAG):

• Navigate to IaC → Variable Graph for a project
• See how variables flow into resources and modules
• Identify dependency chains and potential blast radius
• Interactive ReactFlow-based visualization with zoom and pan

Vulnerability Scanning

ops0 scans IaC code for security vulnerabilities using Checkov:

• Automatic scanning during plan
• Findings categorized by severity
• Links to remediation guidance
• Policy recommendations based on scan results

Cost Estimation

Before deploying, see estimated monthly costs:

Real-Time Collaboration

Multiple team members can work on the same project simultaneously:

• Presence tracking shows who is viewing the project
• Changes sync in real-time between collaborators
• Conflict-free collaboration on different files

Blueprints

Save project configurations as reusable blueprints:

• Save any project as a blueprint template
• Create new projects from blueprints with pre-configured code
• Share blueprints across the organization
• Update blueprints as best practices evolve

Configuration Approvals

Require approval before deployments execute:

• Configure approval policies per project
• Designated approvers receive notifications
• Approval history tracked in audit logs

State Backend Configuration

Each project stores Terraform state in a configured backend:

Quick Start

Related Capabilities

ops0 extends beyond IaC authoring and deployments. These capabilities work alongside your IaC projects:

Section Pages