Patcher
Keep IaC up to date,
even with breaking changes
even with breaking changes
Understand the state of your IaC, prioritize updates,
and automate staying up to date.
Built for:
Terraform
OpenTofu
Terragrunt
Trusted by DevOps Teams at
Automation
Automate infrastructure updates
Updating infrastructure code is hard, so
most teams don't do it until they have to.
most teams don't do it until they have to.
Manual IaC updates are painful
This is some text inside of a div block. This is some text inside of a div block. This is some text inside of a div block. This is some text inside of a div block.
Sample Headline
This is some text inside of a div block. This is some text inside of a div block. This is some text inside of a div block. This is some text inside of a div block.
How it works
Keep your infrastructure up
to date in
to date in
three easy steps
Patcher takes the grunt work out of regular infra updates.
• Step
1
Discover dependencies
Run the Patcher CLI to automatically discover dependencies in your code, the versions they are at, and if new versions are available.
• Step
2
Apply hassle-free updates and patches
Choose the desired module and its corresponding version for an update. Patcher automatically modifies your code, applying any patches, and provides step-by-step instructions for any necessary manual changes.
• Step
3
Keep code up to date, automatically
Get automatic Pull Requests for dependency updates on your chosen schedule. Customize Pull Requests to include either one or many dependency changes, or updates for specific environments only. Sequentially "promote" updates across environments.
Capabilities
Built for
infrastructure teams
Patcher is designed specifically for streamlining infrastructure updates.
Keep your modules up to date
Patcher updates your "live" repos with the latest OpenTofu/Terraform module versions, but it also works great for module authors by automatically keeping all module dependencies up to date.
Distinguish safe updates
Patcher can check release notes to understand the "latest safe version" to update to, and behaves differently for non-breaking vs. breaking changes.
Write code transformations in one line
Patcher includes access to Terrapatch, our command-line tool for programmatically editing HCL files, allowing you to write statements like this:
Build custom reports
With patcher report you can get a JSON file of the current up-to-date status of your repo, allowing you to build unique visualizations and automations.
Platform integration
Works great with Gruntwork
IaC Library
Deploy on top of production-grade infrastructure and always stay up to date with:
Latest releases
Best practices
Security patches
New tooling versions
Commercially maintained
We keep the Infrastructure as Code Library up to date with the latest best practices, security releases, tool versions (e.g., latest versions of Terraform providers, Kubernetes, EKS), and compliance standards (e.g., latest versions of the AWS CIS Foundations Benchmark).
Patches for breaking changes
Every update we make comes out as a new, versioned release. Most breaking changes include a patch to help automate the upgrade process, and Gruntwork SMEs are working to ensure that all will in the future.
Secure by design
Use Patcher to keep your code patched and up-to-date to minimize security vulnerabilities. All patches are executed in a sandbox with strict security controls over network and file system access.
