[ Platform engineering ]

Self-service infrastructure that won't page you at 2am.

Build your golden path once. Let devs ship via Git. Let PMs ship via UI. Every spin-up uses your pre-approved Terraform templates, your guardrails, your audit trail.

Get a demo See how it works
templates/web-service/main.tf 
# Tagged for the TFWeave catalog
resource "tfweave_template" "web_service" {
  name        = "web-service"
  description = "Standard web service with Postgres, ALB, autoscaling"

  policy {
    cost_ceiling_usd = 500
    require_approval = false
    allowed_teams    = ["engineering", "data"]
  }

  expose = ["github", "linear", "ui"]
}

Designed for platform teams running 50–5,000 services

stripe. vercel linear notion figma replit

[ One platform, three workflows ]

Built for the team that owns infrastructure, used by everyone who needs it.

Infra team

Define the golden path.

Write Terraform once. Tag it as a TFWeave template. Set the guardrails — policies, approvals, cost ceilings. Publish to the catalog.

  • HCL-native — no DSL to learn
  • OPA / Sentinel policies enforced
  • Versioned, reviewable in PRs

Devs

Ship from a PR.

Open a pull request in your service repo. Reference a template, fill in inputs, hit merge. TFWeave provisions the resources. Audit log captures everything.

  • Pure Git workflow
  • Status checks block bad configs
  • No new tools to learn

PMs & AMs

Self-serve in Linear or Jira.

Open a ticket with a TFWeave form. Submit. Get a Slack notification when your environment is live. Zero Terraform, zero IAM access.

  • Native Linear & Jira integrations
  • Web UI for ad-hoc requests
  • All requests audited

[ How it works ]

Three steps from your Terraform to anyone's self-service request.

01

Define templates in Terraform

Write modules the way you already do. Tag them as TFWeave templates with policy + inputs. Commit to your existing Terraform repo.

02

Publish to the catalog

TFWeave reads your repo, validates policies, and publishes the template to your catalog. Versioned. Reviewable. Rollback-able.

03

Anyone provisions safely

Devs reference templates in PRs. PMs file requests in Linear / Jira / the web UI. Every spin-up is logged and policy-checked.

[ Guardrails ]

The things that keep you employed.

Self-service stops being a liability when every action runs through your policies. TFWeave is opinionated about this.

Policy enforcement

OPA, Sentinel, or your custom rules. Every provision passes them or fails fast.

Audit log

Who requested what, when, and why. Exportable to your SIEM.

Drift detection

We watch the state. If reality diverges from declared infrastructure, you'll know.

RBAC

Role-based template access. Senior engineers see more options than interns. Configurable per-team.

Cost ceilings

Set monthly limits per template, per team, per project. Block requests that exceed them.

Approval workflows

Optional human-in-the-loop for high-risk templates (prod databases, IAM roles).

[ Integrations ]

Connects to what your team already uses.

GitHub
GitLab
Linear
Jira
Slack
Terraform Cloud
AWS
GCP
Azure
OPA
See all integrations

Stop being the infrastructure ticket queue.

Spend an afternoon building your golden path. Spend the rest of your year not getting paged.

Get a demo Talk to founder