Standardized AWS multi-account setups at the push of a button.

Quickly create AWS accounts and infrastructure repos for new projects and teams, ready out-of-the-box with secure account baselines, networking, and CI/CD.

Built for
Trustbar LogosTrustbar LogosTrustbar Logos
Hero Image

Tame AWS account sprawl

Ensure all of your accounts are secure, standardized and centrally managed.

Managed as Code

Manage your account baselines (e.g., CloudTrail, AWS Config, GuardDuty) as code using OpenTofu modules.

Control Tower Integration

Use Control Tower as a single pane of glass to see which accounts and resources are non-compliant with your controls and guard rails.

Secure & Compliant

Leverage account baselines that meet the requirements of the CIS AWS Foundations Benchmark.

One click, many accounts

Vend sets of AWS accounts, such as dev, stage, and prod for complete SDLC configurations.

Automated end-to-end

Automate creation not just of accounts, but also GitHub repos, networking configurations, CI/CD, and more.

Fully customizable

You get 100% of the code, so you can customize the baselines and workflows to meet your needs.

End-to-end vending

Your teams need more than just a new account

Gruntwork Account Factory allows you to vend everything you need for your software development lifecycle (SDLC) in one click.

  • Sets of accounts (dev, stage, prod)

  • GitHub repos

  • CI/CD pipelines

  • Networking

  • Workflows

Using the Account Factory

Launch new projects and teams with a click

Step 1

Devs submit an account request

The dev team submits an account request, filling out the data you need in a customizable form.

Account request form
Step 2

New AWS accounts are automatically vended and baselined

  • Control Tower integration. All new accounts are automatically integrated with Control Tower, so you can use it as a single pane of glass.

  • CIS-compliant account baselines. All accounts are automatically baselined to meet the requirements of the CIS AWS Foundations Benchmark.

  • Networking configuration. All accounts are automatically provisioned with a VPC, including Transit Gateway attachments, so you have full connectivity.

  • Access controls. All accounts are automatically configured with secure access, including IAM roles, OIDC configurations, and SSO access.

Instrumental Logo
Step 3

New GitHub repos are automatically created and bootstrapped

  • Best-practices Terragrunt configuration. New GitHub repos are automatically vended with a best-practices Terragrunt configuration.

  • GitOps-driven CI / CD Pipeline. New GitHub repos are automatically configured with Gruntwork Pipelines to automatically deploy changes.

  • AWS tagging policies. New GitHub repos are automatically configured with tagging policies that ensure all resources deployed into AWS are properly tagged.

Instrumental Logo
Step 4

Devs can start deploying immediately

  • Module catalog. Your dev team can pick approved, vetted infrastructure to deploy from your company's module catalog, which is built on top of the Gruntwork Library.

  • Scaffold new infrastructure. Devs can scaffold new modules with a keystroke, with intelligent prompts for any configurations exposed in the selected template.

  • Automatic deploys. Gruntwork Pipelines is configured in new repos out-of-the-box, so devs get automatic deployments.

Instrumental Logo

Part of Gruntwork DevOps Foundations

Leverage Gruntwork Account Factory as part of an end-to-end DevOps lifecycle to enable automated deployments and developer self-service.


What our customers have to say about the Gruntwork Account Factory

  • Grunty Arm
    We’ve been truly impressed with Gruntwork, the team, the responses, the community. It probably has saved us at least mid 6 figures if we had home rolled our infrastructure ourselves.
    Testimonial Profile Image

    Solomon White


    Testimonial Profile Image
  • The quality that Gruntwork produces and maintains is outstanding. It has proven time and time again to be a huge accelerator bringing companies forward in terms of stability and quality. It also enables closer collaboration across the engineering organization.
    Testimonial Profile Image

    Markus Burger

    4 time repeat customer

    Testimonial Profile Image
  • We ended up going with Gruntwork. I highly recommend. Jim Brikman of Gruntwork was the top infrastructure engineer during my tenure at LinkedIn, so I already knew what to expect. It was fantastic to see how they delivered our awesome AWS + Terraform infrastructure on time and well under budget.
    Testimonial Profile Image

    Erem Boto

    Senior Software Engineer

    Testimonial Profile Image

    Launch new projects and teams 10x faster

    If you're tired of filing tickets and waiting weeks for new accounts, give Gruntwork Account Factory a try.