env0 Cheat Sheet
"Clase de la hoja" id="copy-btn" class="copy-btn" onclick="copyAllCommands()" Copiar todos los comandos id="pdf-btn" class="pdf-btn" onclick="generatePDF()" Generar PDF seleccionado/button ■/div titulada
Sinopsis
env0 es una plataforma de gestión de Código (IaC) que automatiza y gobierna Terraform, Pulumi, CloudFormation y otras herramientas de IaC. Proporciona flujos de trabajo colaborativos, ejecución de políticas, gestión de costos y detección de la deriva para ayudar a los equipos a gestionar la infraestructura de la nube a escala con confianza y control.
NOVEDAD Nota: Tier gratis disponible para pequeños equipos. Los planes pagados comienzan en $4/usuario/mes para características avanzadas.
Comienzo
Configuración de la cuenta
# Sign up process:
# 1. Visit env0.com
# 2. Create account with email or SSO
# 3. Connect your cloud providers
# 4. Link version control repositories
# 5. Create your first project
# Initial configuration:
# - Organization settings
# - User roles and permissions
# - Cloud provider credentials
# - VCS integration (GitHub, GitLab, Bitbucket)
# - Notification preferences
Creación de proyectos
# Project setup workflow:
# 1. Create new project
# 2. Select IaC framework (Terraform, Pulumi, etc.)
# 3. Connect repository
# 4. Configure deployment settings
# 5. Set up environments
# 6. Define approval workflows
# Project types supported:
# - Terraform
# - Pulumi
# - CloudFormation
# - Terragrunt
# - Kubernetes manifests
# - Helm charts
Environment Management
# Environment hierarchy:
# Organization → Projects → Environments
# Environment types:
# - Development: Testing and experimentation
# - Staging: Pre-production validation
# - Production: Live infrastructure
# - Sandbox: Isolated testing environments
Terraform Integration
Estructura del repositorio
# Recommended Terraform structure
project-root/
├── main.tf # Main configuration
├── variables.tf # Variable definitions
├── outputs.tf # Output definitions
├── versions.tf # Provider versions
├── terraform.tfvars # Default variable values
├── environments/
│ ├── dev/
│ │ └── terraform.tfvars
│ ├── staging/
│ │ └── terraform.tfvars
│ └── prod/
│ └── terraform.tfvars
└── modules/
├── vpc/
├── compute/
└── database/
Configuración del medio ambiente
# env0.yml configuration file
version: 1
deploy:
before:
- echo "Pre-deployment setup"
- terraform --version
- aws --version
after:
- echo "Post-deployment cleanup"
- terraform output -json > outputs.json
destroy:
before:
- echo "Pre-destroy validation"
- terraform plan -destroy
after:
- echo "Infrastructure destroyed"
variables:
- name: AWS_REGION
value: us-west-2
scope: environment
- name: INSTANCE_TYPE
value: t3.micro
scope: project
terraformVersion: "1.5.0"
Gestión variable
# Variable types in env0:
# - Environment variables
# - Terraform variables
# - Project-level variables
# - Organization-level variables
# Variable scopes:
# - Organization: Available to all projects
# - Project: Available to all environments in project
# - Environment: Specific to single environment
# Variable sources:
# - Manual input
# - AWS Parameter Store
# - HashiCorp Vault
# - Azure Key Vault
# - Environment files
Corrientes de trabajo de despliegue
Despliegues automatizados
# Trigger types:
# - Git push to branch
# - Pull request creation
# - Manual deployment
# - Scheduled deployment
# - API trigger
# - Webhook trigger
# Deployment process:
# 1. Code checkout
# 2. Environment preparation
# 3. Pre-deployment hooks
# 4. Terraform plan generation
# 5. Approval workflow (if required)
# 6. Terraform apply
# 7. Post-deployment hooks
# 8. Notification and reporting
Flujos de trabajo aprobados
# Approval configuration
approvals:
- type: manual
users:
- admin@company.com
- devops-lead@company.com
required_approvals: 2
- type: policy
conditions:
- cost_increase > 100
- resource_count > 50
- contains_production_data: true
# Auto-approval conditions
auto_approve:
- branch: develop
environment: development
- cost_change: < 10
resource_change: < 5
Políticas de despliegue
# OPA (Open Policy Agent) policy example
package env0.deployment
# Deny deployment if cost increase is too high
deny[msg] {
input.cost_estimation.monthly_cost_change > 1000
msg := "Monthly cost increase exceeds $1000 limit"
}
# Require approval for production deployments
require_approval[msg] {
input.environment.name == "production"
msg := "Production deployments require manual approval"
}
# Enforce resource tagging
deny[msg] {
resource := input.planned_resources[_]
resource.type == "aws_instance"
not resource.tags.Environment
msg := sprintf("Instance %s missing Environment tag", [resource.name])
}
Gestión de gastos
Estimación de costos
# Cost estimation features:
# - Pre-deployment cost preview
# - Monthly cost projections
# - Cost comparison between environments
# - Historical cost tracking
# - Budget alerts and limits
# Cost policies:
# - Maximum monthly cost per environment
# - Cost increase thresholds
# - Resource-specific cost limits
# - Team budget allocation
Controles presupuestarios
# Budget configuration
budgets:
- name: "Development Environment"
limit: 500
period: monthly
alerts:
- threshold: 80
recipients:
- dev-team@company.com
- threshold: 95
recipients:
- finance@company.com
- devops@company.com
- name: "Production Environment"
limit: 5000
period: monthly
auto_destroy: false
alerts:
- threshold: 90
recipients:
- all-hands@company.com
Optimización de costos
# Cost optimization features:
# - Resource rightsizing recommendations
# - Unused resource detection
# - Reserved instance recommendations
# - Spot instance suggestions
# - Idle resource identification
# Cost reporting:
# - Daily cost breakdown
# - Weekly cost summaries
# - Monthly cost reports
# - Cost attribution by team/project
# - Trend analysis and forecasting
Detección de derivación
Vigilancia de la derivación
# Drift detection setup:
# 1. Enable drift detection for environment
# 2. Configure detection schedule
# 3. Set up notification channels
# 4. Define drift resolution policies
# Drift types detected:
# - Resource configuration changes
# - Resource additions outside Terraform
# - Resource deletions
# - Tag modifications
# - Security group changes
Resolución de derivación
# Drift resolution configuration
drift_detection:
enabled: true
schedule: "0 */6 * * *" # Every 6 hours
resolution:
auto_fix:
- type: tag_changes
action: revert
- type: security_group_changes
action: notify_and_revert
manual_review:
- type: resource_additions
- type: resource_deletions
- type: configuration_changes
notifications:
slack:
webhook: "https://hooks.slack.com/services/..."
channel: "#infrastructure-alerts"
email:
recipients:
- devops@company.com
- security@company.com
Drift Remediation
# Drift remediation options:
# 1. Auto-revert: Automatically fix detected drift
# 2. Import: Import drifted resources into Terraform state
# 3. Update code: Modify Terraform code to match current state
# 4. Manual review: Require human intervention
# 5. Ignore: Mark drift as acceptable
# Remediation workflow:
# 1. Drift detected and categorized
# 2. Policy evaluation
# 3. Automatic remediation (if configured)
# 4. Notification to relevant teams
# 5. Manual review (if required)
# 6. Resolution tracking and reporting
Seguridad y cumplimiento
Política como Código
# Security policy examples
package env0.security
# Require encryption for S3 buckets
deny[msg] {
resource := input.planned_resources[_]
resource.type == "aws_s3_bucket"
not resource.server_side_encryption_configuration
msg := sprintf("S3 bucket %s must have encryption enabled", [resource.name])
}
# Enforce security group restrictions
deny[msg] {
resource := input.planned_resources[_]
resource.type == "aws_security_group"
rule := resource.ingress[_]
rule.cidr_blocks[_] == "0.0.0.0/0"
rule.from_port <= 22
rule.to_port >= 22
msg := sprintf("Security group %s allows SSH from anywhere", [resource.name])
}
# Require specific tags
required_tags := ["Environment", "Owner", "Project"]
deny[msg] {
resource := input.planned_resources[_]
resource.type in ["aws_instance", "aws_rds_instance"]
tag := required_tags[_]
not resource.tags[tag]
msg := sprintf("Resource %s missing required tag: %s", [resource.name, tag])
}
Marcos de cumplimiento
# Compliance configuration
compliance:
frameworks:
- name: "SOC 2"
policies:
- encryption_at_rest
- access_logging
- network_security
- name: "PCI DSS"
policies:
- data_encryption
- network_segmentation
- access_controls
- name: "HIPAA"
policies:
- data_protection
- audit_logging
- access_management
reporting:
frequency: weekly
recipients:
- compliance@company.com
- security@company.com
Control de acceso
# Role-based access control (RBAC):
# - Organization Admin: Full access
# - Project Admin: Project-level management
# - Environment Admin: Environment-specific control
# - Developer: Read access and limited deployments
# - Viewer: Read-only access
# Permission matrix:
# - View environments
# - Deploy to environments
# - Approve deployments
# - Manage variables
# - Configure policies
# - Access cost data
# - Manage users and roles
API y CLI
env0 CLI Instalación
# Install env0 CLI
npm install -g @env0/cli
# Alternative installation methods
curl -L https://github.com/env0/env0-cli/releases/latest/download/env0-cli-linux -o env0
chmod +x env0
sudo mv env0 /usr/local/bin/
# Verify installation
env0 --version
CLI Autenticación
# Authenticate with API key
env0 auth login --api-key YOUR_API_KEY
# Authenticate with interactive login
env0 auth login
# Set default organization
env0 config set organization YOUR_ORG_ID
# Verify authentication
env0 auth whoami
CLI Comandos
# Project management
env0 projects list
env0 projects create --name "My Project" --repository "https://github.com/user/repo"
env0 projects delete --id PROJECT_ID
# Environment management
env0 environments list --project-id PROJECT_ID
env0 environments create --name "staging" --project-id PROJECT_ID
env0 environments deploy --id ENV_ID
env0 environments destroy --id ENV_ID
# Variable management
env0 variables list --environment-id ENV_ID
env0 variables create --name "AWS_REGION" --value "us-west-2" --environment-id ENV_ID
env0 variables update --id VAR_ID --value "us-east-1"
env0 variables delete --id VAR_ID
# Deployment management
env0 deployments list --environment-id ENV_ID
env0 deployments cancel --id DEPLOYMENT_ID
env0 deployments approve --id DEPLOYMENT_ID
API Integration
# REST API examples
API_BASE="https://api.env0.com"
API_KEY="your-api-key"
# Get organizations
curl -H "Authorization: Bearer $API_KEY" \
"$API_BASE/organizations"
# Create project
curl -X POST \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "My Project",
"repository": "https://github.com/user/repo",
"organizationId": "org-id"
}' \
"$API_BASE/projects"
# Trigger deployment
curl -X POST \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-d '{
"environmentId": "env-id",
"userRequiresApproval": false
}' \
"$API_BASE/deployments"
Integración
Sistemas de control de versiones
# Supported VCS providers:
# - GitHub
# - GitLab
# - Bitbucket
# - Azure DevOps
# Integration features:
# - Automatic webhook setup
# - Branch-based deployments
# - Pull request integration
# - Commit status updates
# - Deployment comments
Proveedores de cloud
# Supported cloud providers:
# - AWS (IAM roles, access keys)
# - Azure (Service principals, managed identity)
# - Google Cloud (Service accounts)
# - Alibaba Cloud
# - DigitalOcean
# Authentication methods:
# - Static credentials
# - Dynamic credentials (OIDC)
# - Cloud provider IAM roles
# - Cross-account role assumption
Canales de notificación
# Notification configuration
notifications:
slack:
webhook_url: "https://hooks.slack.com/services/..."
channels:
- name: "#deployments"
events: ["deployment_started", "deployment_completed"]
- name: "#alerts"
events: ["deployment_failed", "drift_detected"]
email:
smtp:
host: "smtp.company.com"
port: 587
username: "notifications@company.com"
recipients:
- email: "devops@company.com"
events: ["all"]
- email: "management@company.com"
events: ["deployment_failed", "cost_exceeded"]
webhook:
url: "https://api.company.com/webhooks/env0"
headers:
Authorization: "Bearer webhook-token"
events: ["all"]
Herramientas de terceros
# Integration ecosystem:
# - Monitoring: Datadog, New Relic, Grafana
# - Security: Snyk, Aqua Security, Prisma Cloud
# - Cost management: CloudHealth, Cloudability
# - ITSM: ServiceNow, Jira Service Management
# - Communication: Microsoft Teams, Discord
Características avanzadas
Flujos de trabajo personalizados
# Custom workflow configuration
workflows:
pre_deployment:
- name: "Security Scan"
type: "script"
script: |
#!/bin/bash
tfsec .
if [ $? -ne 0 ]; then
echo "Security scan failed"
exit 1
fi
- name: "Cost Validation"
type: "policy"
policy: |
package env0.cost
deny[msg] {
input.cost_estimation.monthly_cost > 1000
msg := "Monthly cost exceeds budget"
}
post_deployment:
- name: "Health Check"
type: "script"
script: |
#!/bin/bash
curl -f http://$(terraform output -raw load_balancer_url)/health
- name: "Update Documentation"
type: "webhook"
url: "https://api.company.com/docs/update"
payload:
environment: "{{ env.name }}"
resources: "{{ deployment.resources }}"
Gestión de múltiples niveles
# Multi-cloud deployment strategies:
# 1. Single project, multiple providers
# 2. Provider-specific projects
# 3. Hybrid cloud architectures
# 4. Cross-cloud resource dependencies
# Example multi-cloud configuration:
# - AWS for compute and storage
# - Azure for AI/ML services
# - GCP for data analytics
# - On-premises for sensitive data
GitOps Integration
# GitOps workflow configuration
gitops:
enabled: true
pull_request:
auto_plan: true
auto_apply: false
require_approval: true
plan_comment: true
apply_comment: true
branch_protection:
required_reviews: 2
dismiss_stale_reviews: true
require_code_owner_reviews: true
continuous_deployment:
branches:
- name: "main"
environment: "production"
auto_apply: false
- name: "develop"
environment: "development"
auto_apply: true
Vigilancia y observabilidad
Supervisión del despliegue
# Monitoring capabilities:
# - Real-time deployment logs
# - Resource creation tracking
# - Performance metrics
# - Error detection and alerting
# - Deployment duration tracking
# Metrics collected:
# - Deployment success rate
# - Average deployment time
# - Resource provisioning time
# - Cost per deployment
# - Policy violation frequency
Logging and Auditing
# Audit configuration
audit:
events:
- user_login
- deployment_started
- deployment_completed
- deployment_failed
- policy_violation
- cost_threshold_exceeded
- drift_detected
- approval_granted
- approval_denied
retention: 365 # days
export:
- type: "s3"
bucket: "company-audit-logs"
prefix: "env0/"
- type: "elasticsearch"
endpoint: "https://logs.company.com"
index: "env0-audit"
Performance Analytics
# Performance metrics:
# - Infrastructure provisioning time
# - Policy evaluation duration
# - API response times
# - Resource utilization
# - Cost efficiency metrics
# Analytics dashboards:
# - Deployment trends
# - Cost optimization opportunities
# - Security compliance status
# - Team productivity metrics
# - Resource utilization patterns
Solución de problemas
Cuestiones comunes
# Deployment failures
# 1. Check deployment logs
env0 deployments logs --id DEPLOYMENT_ID
# 2. Verify credentials
env0 credentials test --environment-id ENV_ID
# 3. Validate Terraform configuration
terraform validate
terraform plan
# 4. Check policy violations
env0 policies evaluate --environment-id ENV_ID
# State file issues
# 1. Check state file location
# 2. Verify state file permissions
# 3. Resolve state conflicts
# 4. Import existing resources if needed
Modo de depuración
# Enable debug logging
env0 deployments create --environment-id ENV_ID --debug
# Verbose API responses
env0 --verbose projects list
# Export deployment logs
env0 deployments logs --id DEPLOYMENT_ID --output deployment.log
Apoyo y diagnósticos
# Generate diagnostic report
env0 diagnostics generate --environment-id ENV_ID
# Check system status
env0 status
# Validate configuration
env0 config validate
# Test connectivity
env0 test connection --provider aws
Buenas prácticas
Repository Organization
# Recommended structure:
organization/
├── terraform-modules/ # Reusable modules
│ ├── vpc/
│ ├── compute/
│ └── database/
├── infrastructure/ # Environment-specific configs
│ ├── development/
│ ├── staging/
│ └── production/
└── policies/ # OPA policies
├── security/
├── cost/
└── compliance/
Environment Strategy
# Environment promotion strategy:
# 1. Development: Rapid iteration and testing
# 2. Staging: Production-like validation
# 3. Production: Stable, approved changes only
# Branch mapping:
# - feature/* → development environment
# - develop → staging environment
# - main → production environment
# Approval gates:
# - Development: Auto-approve
# - Staging: Team lead approval
# - Production: Multi-level approval
Prácticas óptimas de seguridad
# Security recommendations:
# 1. Use dynamic credentials (OIDC) when possible
# 2. Implement least-privilege access
# 3. Enable audit logging
# 4. Regular policy reviews
# 5. Automated security scanning
# 6. Secrets management integration
# 7. Network security controls
# 8. Regular access reviews
Optimización de costos
# Cost management strategies:
# 1. Set budget alerts and limits
# 2. Regular cost reviews
# 3. Resource rightsizing
# 4. Automated cleanup policies
# 5. Reserved instance planning
# 6. Spot instance utilization
# 7. Resource scheduling
# 8. Cost attribution and chargeback
Migración y adopción
Migración de otras herramientas
# Migration from Terraform Cloud:
# 1. Export Terraform state files
# 2. Import state into env0
# 3. Configure variables and settings
# 4. Set up approval workflows
# 5. Test deployments
# 6. Update CI/CD pipelines
# Migration from Jenkins/GitLab CI:
# 1. Analyze existing pipelines
# 2. Map workflows to env0 features
# 3. Configure environments
# 4. Set up policies and approvals
# 5. Migrate secrets and variables
# 6. Update team processes
Equipo a bordo
# Onboarding checklist:
# 1. Account setup and role assignment
# 2. Training on env0 concepts
# 3. Repository access configuration
# 4. First deployment walkthrough
# 5. Policy and approval training
# 6. Cost management overview
# 7. Troubleshooting resources
# 8. Regular check-ins and feedback
Adopción gradual
# Adoption strategy:
# Phase 1: Pilot with development environments
# Phase 2: Expand to staging environments
# Phase 3: Production environment migration
# Phase 4: Advanced features and optimization
# Success metrics:
# - Deployment frequency
# - Deployment success rate
# - Time to deployment
# - Policy compliance rate
# - Cost optimization achieved
# - Team satisfaction