Understand the state of your IaC, prioritize updates, and automate staying up to date.
Updating infrastructure code is hard, so most teams don't do
it until they have to.
You have to scan your Terragrunt, OpenTofu, or Terraform code for dependencies, track which versions they’re at, find new versions (if available), and safely apply those updates to each module. And as your infrastructure footprint grows, this becomes more and more untenable.
Patcher makes updates to your infrastructure seamless, and will even patch your code to make it work with backward incompatible module releases. Patcher scales to support teams of any size, helping you maintain your infrastructure with confidence.
Patcher takes the grunt work out of regular infra updates.
Run the Patcher CLI to automatically discover dependencies in your code, the versions they are at, and if new versions are available.
Choose the desired module and its corresponding version for an update. Patcher automatically modifies your code, applying any patches, and provides step-by-step instructions for any necessary manual changes.
Get automatic Pull Requests for dependency updates on your chosen schedule. Customize Pull Requests to include either one or many dependency changes, or updates for specific environments only. Sequentially "promote" updates across environments.
Patcher is designed specifically for streamlining infrastructure updates.
Patcher updates your "live" repos with the latest OpenTofu/Terraform module versions, but it also works great for module authors by automatically keeping all module dependencies up to date.
Patcher can check release notes to understand the "latest safe version" to update to, and behaves differently for non-breaking vs. breaking changes.
Patcher includes access to Terrapatch, our command-line tool for programmatically editing HCL files, allowing you to write statements like this:
terrapatch upgrade-provider --path . aws ">=v5.0.0"
With patcher report
you can get a JSON file of the current up-to-date status of your repo, allowing you to build unique visualizations and automations.
Deploy on top of production-grade infrastructure and
always stay up to date with:
We keep the Infrastructure as Code Library up to date with the latest best practices, security releases, tool versions (e.g., latest versions of Terraform providers, Kubernetes, EKS), and compliance standards (e.g., latest versions of the AWS CIS Foundations Benchmark).
Every update we make comes out as a new, versioned release. Most breaking changes include a patch to help automate the upgrade process, and Gruntwork SMEs are working to ensure that all will in the future.
Use Patcher to keep your code patched and up-to-date to minimize security vulnerabilities. All patches are executed in a sandbox with strict security controls over network and file system access.
Take it for a spin with a month-to-month contract.
Pay less on an annual plan once you’ve proven the value.
Patcher works seamlessly with other Gruntwork products.