The Pleo DevOps team relies on AWS to deliver their best-in-class corporate spending solution to thousands of customers across Europe and in every industry. As Pleo increased their deployments and development velocity, their roughly 100 person DevOps team encountered significant scaling challenges that slowed their ability to iterate rapidly and deploy new capabilities to the business.
They needed a solution that would both help reign in control over rapidly growing Terraform IaC use, and automate drift remediation across their entire IaC codebase. Solving both challenges resulted in increased app availability to end users and customers, and freed up valuable DevOps resources by automating drift remediation.
The Pleo Challenge
Pleo’s use of the Terraform IaC framework enabled their teams to effectively configure and deploy their application components into AWS. By keeping their IaC configurations as part of their overall application codebase, Pleo:
Ensured that the deployed application and infrastructure were updated in unison to match the testing environments.
Enabled DevOps teams to more easily access new AWS capabilities.
Design scalability and redundancy into the Pleo infrastructure.
Added predictability to deployed infrastructure and applications.
Their challenge arose as they scaled their infrastructure and user base. As the DevOps team grew to 100+ people, it became harder for them to identify the source of configuration drift in their production environments. When attempting to deploy a new configuration and codebase to production, it was common for GitHub pull requests to generate an enormous difference from current production environments. This forced DevOps personnel to ask a series of questions:
What has actually changed between the code and production?
Why is production so different from the codebase?
Did something else change?
Will production break if I apply this change?
This manual process not only caused confusion, it added interrupts and additional cycles into the DevOps and SRE deployment workflows as the team members dug through multiple tools to gain a better understanding of the source of truth. This all translated into reduced productivity.
Furthermore, there have been times where issues from IaC drift have caused outages and reduced service to their customers—the worst outcome for a code push!
To solve this, Pleo needed a single source of truth and a way to establish repeatable processes. Pleo needed env0.
The env0 solution
With the limitations of unmanaged IaC causing challenges, the Pleo DevOps team implemented env0 to solve their drift management issue. env0’s built-in drift management automatically detects drift and ensures real-world cloud resources align with the code, and notifies Pleo personnel when the drift occurs.
The result is new deployments happen faster, with more reliability, and cause fewer issues and questions because it is immediately apparent which changes are caused by environment drift, and which are related to changes in their Terraform code.
We chose env0 to manage all of our AWS Terraform-based deployments. Thanks to env0, we can now collaborate and manage our environments, leveraging GitOps and governance workflows.
Radek Dors
Site Reliability Engineer
The Pleo Benefit
With env0, Pleo has drastically increased their deployment velocity, ensuring that new features and functionality are delivered to end users in a timely manner. With more effective Terraform deployment management in AWS, Pleo has also been able to safely broaden access to vital deployment capabilities to teams outside of the SREs.
Now, instead of always relying on SRE team members to manage complex deployments, developers can also manage the deployment process themselves, all while reducing risk, and improving the end user experience for Pleo customers.
About env0
env0 provides an automated, collaborative remote-run workflows management for cloud deployments on Terraform, Terragrunt and custom flows. env0 enables users and teams to jointly govern cloud deployments with self-service capabilities. env0 provides visibility into GitOps workflows of infrastructure changes. Leverage our granular RBAC permissions and limit access to IaC execution (e.g “terraform apply”), on production and other critical cloud resources. Implement any policy or check you desire with the freedom of an open standard Open Policy Agent guardrails. env0 can also help you prevent drifts with centralized remote-runs processes.