When working with Terraform, it's common to need access to the state of a remote backend environment. However, since this state can contain sensitive information, it's crucial to restrict access to prevent misuse.

With env0, you can restrict the permissions of your organization's users through role-based access controls. You also have the ability to trigger Plan and Apply directly from your PR, however, one drawback is that the VCS provider sets your user's permissions. By default, anyone with comment permission on your repository can run a Plan or an Apply on your environments.

As your organization's IaC use grows, it is increasingly challenging to organize all resources. With the addition of env0 Sub Projects, you can now access additional layers of granularity to model even the most complex of deployment structures, and effectively manage your resources and configurations across different teams.

env0 Plugins make it easier to integrate a variety of software development lifecycle tooling with infrastructure as code, including notifications, security, policy enforcement, log forwarding, and more. Today we've added more

One potential side affect of empowering development teams with self-service access to cloud resources is that systems and services may be left running, and unused for long periods. This is wasteful, and potentially dangerous. env0 has already had the ability to define a Time-To-Live (TTL) for an environment, but you can now set custom TTL policies per project to ensure that no resources are left behind.

Effective communication is crucial for any team, and this is especially true when it comes to deployments. It can be difficult to understand the reasoning behind a deployment and how it fits into the bigger picture.

Centralizing Terraform execution is a great way to make sure you have effective IaC governance. While it’s preferred that teams directly use env0 to run IaC, sometimes you just need to run a terraform plan locally.

Many teams have critical infrastructure that needs to be protected from unplanned or accidental changes. Now, with env0 Environment Locking, project or organization administrators are able to lock an environment to prevent users from making changes.

Creating a workflow is a great way to have a deployment of your infrastructure and create dependencies between different parts of your infrastructure, allowing you to easily manage your infrastructure as you scale. However, you may want to have different variables and settings for each part, so today you can do it when creating or deploying a new Workflow.

Centralized log systems have been around for a long time, and in today's world, they are more than just log aggregators. Metrics, traces, analytics, and other valuable tools are all rolled up into logging systems. Today we've added integration between env0 and Google Cloud Logging. env0 can now forward your infrastructure deployment logs, giving you the ability to monitor, track and analyze logs.