Spacelift Accelerator

A production-ready, configuration-driven Spacelift foundation that reduces setup time from weeks to days. Built by Semantive - certified Spacelift partners based on real-world implementations across diverse customer environments.

Overview

This accelerator provides a single config.yaml-driven approach to establish a well-architected Spacelift environment following best practices from day one. Skip the weeks of manual configuration and start demonstrating value immediately.

What's Included

• Hierarchical Space Management - Three-tier architecture (department → project → environment)
• Parametrized Policy Templates - Command restrictions, private worker enforcement, and more
• Cloud Integration Setup - AWS IAM role-based integration with dynamic credentials
• Private Worker Pools - Automated EKS-based worker infrastructure provisioning

Key Features

✅ Declarative configuration as code
✅ Automatic dependency management
✅ Built-in validation and error prevention
✅ Idempotent operations
✅ Production-tested patterns

Quick Start

1. Fork this repository
2. Edit config.yaml with your organizational structure, an example configuration can be found here
3. Create an administrative Stack in Spacelift pointing to your fork
4. Deploy - Terraform handles the rest

Need Expert Guidance?

As certified Spacelift partners, we're here to accelerate your infrastructure automation journey.

Contact our Head of Cloud Services - Marcin Grzesiek!

Configuration

Spaces configuration

Creates a three-level hierarchy of Spaces resources within the account: department spaces at the top level, project spaces beneath them, and environment-level spaces at the lowest level. Only Spaces defined in this section, along with the root Space, can be referenced in other sections of this config.

spaces:
  department_spaces:
    - name: dep-name             # Space name
      inherit_entities: false    # Whether space inheritance is enabled (default: true)
  project_spaces:
    - name: project-name         # Space name
      parent_space: dep-name     # Parent Space name (from `spaces.department_spaces` section)
      inherit_entities: false    # Whether space inheritance is enabled (default: true)
  environment_spaces:
    - name: project-name-dev     # Space name
      parent_space: project-name # Parent Space name (from `spaces.project_spaces` section)
      inherit_entities: false    # Whether space inheritance is enabled (default: true)

Policies configuration

Enables the creation of Policy resources within the account and their association with Spaces. The same Policy can be created multiple times, for example, with different parameters or linked to different Spaces.

policies:
  - name: policy-name      # Fixed Policy name (see supported Polices below)
    space_name: space-name # Policy space (from `spaces` section)
    labels: [label_name]   # Policy labels (a special label "autoattach:*" or "autoattach:stack" can be used)
    parameters:            # Policy parameters (default: empty)
      param: value

Supported Policies:

• denied-task-commands - Denies usage of specific commands in Tasks

  name: denied-task-commands
  space_name: project-x-dev
  labels: ["autoattach:*"]
  parameters:
    denied_commands: ["rm", "kill", "shutdown"]
  

• require-private-worker - All Runs must be executed on private workers

  name: require-private-worker
  space_name: project-y-dev
  labels: ["autoattach:*"]
  

Cloud Integrations configuration

Creates Cloud Integrations within the account and associates them with Spaces.

AWS integrations

Make sure that specified IAM role has correct Trust Policy.

cloud_integrations:
  aws:
    - name: aws-integration                # Integration name
      role_arn: role-arn                   # IAM role ARN associated with the integration
      generate_credentials_in_worker: true # Whether credentials are generated by worker (default: false)
      space_name: space-name               # Integration space (from `spaces` section)

Workers configuration

Enables the deployment of private Kubernetes workers and configures them for use with Spacelift Worker Pools.

AWS workers

Below configuration deploys 3 Spacelift Stacks:

• EKS cluster with Auto Mode configuration
• Deployment of Spacelift worker controller
• Deployment of Worker Pools

workers:
  aws:
    - id: worker-id                         # Unique worker identifier used as a prefix and label for all Stacks
      repository: repository_name           # Stacks repository (set to current repository name after forking)
      branch: main                          # Stacks branch (set to main repository branch after forking)
      aws_integration_name: aws-integration # Stacks AWS integration (from `cloud_integrations.aws` section)
      space_name: root                      # Stacks space (from `spaces` section)
      eks_cluster_config:
        aws_region: eu-west-1               # EKS cluster region
        cluster_name: cluster-name          # EKS cluster name
        cluster_version: 1.31               # EKS version
        cluster_admin_role_arn: role-arn    # IAM role ARN added as EKS cluster administrator
        vpc_id: vpc-id                      # EKS cluster VPC
        subnet_ids: [subnet-1, subnet-2]    # EKS cluster subnets
        pod_role_arn: role-arn              # IAM role ARN associated with EKS pods
      worker_pools:
        - worker_pool_name: pool-name       # Spacelift Worker Pool name
          worker_pool_size: 2               # Spacelift Worker Pool size
          space_name: space-name            # Spacelift Worker Pool space (from `spaces` section)