Imagine your Lego city is now a mega‑project with dozens of engineers working together. Without rules, someone might accidentally demolish the hospital while another is adding a park.

Terraform Cloud provides collaboration tools (team roles, run history, notifications) and governance features (policies, compliance checks) to keep teamwork safe, transparent, and aligned with organizational standards. This chapter explains how teams collaborate effectively and how governance ensures infrastructure stays compliant.

Key Concepts

1. Team Collaboration Features

• Role‑based access control (RBAC): Assign roles like admin, operator, or viewer.
• Run history: Track every plan and apply with logs.
• Notifications: Integrate with Slack, email, or webhooks for updates.
• Concurrency control: Prevent multiple conflicting applies.
• Auditability: Every change is logged for compliance.

2. Governance with Sentinel

• Sentinel = Policy‑as‑Code framework.
• Enforce rules before changes are applied.
• Example policies:
  • All S3 buckets must have encryption enabled.
  • No EC2 instance larger than t3.medium in dev.
  • Only approved regions can be used.
• Policies run during the plan phase, blocking non‑compliant changes.

3. Collaboration Workflow Example

1. Developer pushes code to GitHub.
2. Terraform Cloud runs plan automatically.
3. Sentinel policies check compliance.
4. Team lead reviews and approves the run.
5. Terraform Cloud applies changes, updating remote state.
6. Notifications sent to Slack channel for visibility.

Hands‑On Lab / Demo

Lab: Setting Up Collaboration & Governance

1. Create a new organization in Terraform Cloud.
2. Add team members with roles (admin, operator, viewer).
3. Connect workspace to GitHub repo.
4. Push code → Terraform Cloud runs plan.
5. Policy blocks non‑compliant buckets.

Write a Sentinel policy:

import "tfplan"
main = rule {
  all tfplan.resources.aws_s3_bucket as _, bucket {
    bucket.encryption.enabled is true
  }
}

Pro Tips & Best Practices

• Use RBAC to limit destructive actions to admins.
• Document team workflows for clarity.
• Write Sentinel policies for compliance early in the project.
• Review run history regularly for auditing.
• Integrate notifications with Slack/email for visibility.

Summary & Cheatsheet

• Collaboration: RBAC, run history, notifications, concurrency control.
• Governance: Sentinel policies enforce compliance.
• Workflow: Push → Plan → Policy check → Approval → Apply → Notify.

Quick mnemonic: Teams Collaborate, Policies Govern

The Hackers Notebook

Team collaboration and governance in Terraform Cloud ensure that infrastructure changes are safe, compliant, and transparent. Collaboration features empower teams to work together without conflict, while Sentinel policies enforce organizational standards.