Now this is how Terraform testing should be done

Deliver infrastructure as code using Terraform to AWS with confidence
Cloud Twin
Find and fix misconfigurations as early as they are created,
save time, unnecessary cycles and stress for everyone.
Up to



Review faster with context

“With tfRails, we are able to review, troubleshoot and act on each IaC PR between 4x to 10x faster.”

VP Cloud Engineering,
SaaS Company



Shift left

“Getting a complete understanding of the impact of each change on our environments and adding automatic testing for resilience, security & cost before deployment– all while shifting left ownership, made the decision a no-brainer.”

DevOps Manager,
Communications Company



Connect AWS accounts

"With tfRails we know every change we do will meet best practices and will reduce unnecessary cycles of fixes post depolyment"

DevOps Director,
Cloud Security Company
Understanding what a Terraform config change will do to your cloud posture can be challenging and confusing
Reviewing plain text config changes and not knowing how these will impact the posture is risky (and boring!).
Reduce the time it takes to review Terraform changes.
Lower downtime risk, security issues and unwanted costs.

Now you can fully understand
the real impact of any change against the running config.

Identify the availability, security, and connectivity impact of proposed cloud configuration changes before you deploy. Validate each change meets resilience and cost best practices as well as organizational standards.
tfRails mimics AWS behavior and simulates all resources that will be created post apply,
such as EC2 instances, ENIs, and EBS volumes for an ASG created with a launch template.
See how changes to an IAM policy can impact a K8s pod that is already running.
Observe the effects of the modification with a topology graph.
If you're using traditional Terraform Infrastructure as Code (IaC) scanners, you may be missing one critical aspect:

The context of your environment.

With traditional IaC scanners, changes/resources are scanned at the block level without context and the runtime state. Analyzing these results is time-consuming and requires a lot of manual effort. DevOps, SRE and Cloud Security teams need to analyze the impact radius and the actual severity of the alerts.

If a fix is required, your teams need to consider what will happen to all the related resources that utilize the problematic resource, which is a very difficult task with native or legacy tools.

Don't Scan.


Identify deviations from best practices before they become harder to remedy.
Investigate deviations within the context of the entire cloud posture to troubleshoot effectively.
Shift-left Cost, Resilience, Security and Compliance!
tfRails covers your terraform PRs
with over 400 context-aware policies.
Cloud Costs
Validate each change is optimized for cost best practices and your organizational standards.
Make sure your architecture is resilient before deployment while Terraform changes are still easy to fix.
Security & Compliance
Shift left Compliance, CSPM and CIEM to the PR stages, tfRails is the only tool that merges your runtime state to the build stage with the full posture.
Easily tune controls and enforce custom-made posture based architectural standards.
AWS guardrails
Example #1

Expect only the billing microservices to access billing DynamoDB table.

Example #2

Connectivity across regions should be via TGW and not VPC Peering.

Make config changes
without breaking things.

Accelerate and simplify the complex Terraform plan analysis.
Identify high-risk changes that are otherwise hard to predict on a Terraform plan.
Predict potential availability issues that may break things and cause downtime.

How does it work?

tfRails Simulation engine merges the current configuration state of your cloud in a combination with the Terraform code proposed change, to determine how your cloud is going to be impacted if the code gets deployed, Learn more.
Dashboard mockup

Integrate into

any workflow

Easily connect tfRails into your existing CI/CD flow or run it as you develop in your favorite IDE.
Deploy terraform infrastructure changes with confidence. Troubleshoot faster with the complete context of your cloud environment.
Try for free

Pay directly via your AWS cloud bill with a private offer matching your needs and size.

Secure by design.

Security is always our top priority. We're SOC 2 Type II certified, our teams continuously implement security best practices and the highest security standards.