Python infrastructure-as-code

Open-source Python projects categorized as infrastructure-as-code

Top 20 Python infrastructure-as-code Projects

  • SaltStack

    Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here:

    Project mention: Looking for a way to remote in to K's of raspberry pi's... | /r/sysadmin | 2023-12-10
  • checkov

    Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

    Project mention: A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons | | 2024-04-16

    Checkov Owner/Maintainer: Prisma Cloud by Palo Alto Networks (acquired in 2021) Age: First released on GitHub on March 31st, 2021 License: Apache License 2.0

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • octoDNS

    Tools for managing DNS across multiple providers

    Project mention: Show HN: WireHub – easily create and share WireGuard networks | | 2023-11-05
  • pytest-testinfra

    Testinfra test your infrastructures

    Project mention: The Uncreative Software Engineer's Compendium to Testing | | 2023-07-31

    Testinfra: is a testing framework for infrastructure used to test system configurations and infrastructure as code.

  • fixinventory

    Fix Inventory consolidates user, resource, and configuration data from your cloud environments into a unified, graph-based asset inventory.

    Project mention: Show HN: Fix – An open source cloud asset inventory for cloud security engineers | | 2024-03-27

    The reasoning is explained in the very section of our Github org README you quoted this sentence from. Our main open source project is Fix Inventory ( and that is very well documented ( and uses no commercial 3rd party libraries.

    The Fix SaaS frontend that you're referring to and that you find at builds upon Fix Inventory. We could have just made it closed-source like every other SaaS (think Grafana Cloud). But because I'm a big proponent of OSS we decided to open source our entire SaaS stack, frontend, backend as well as all internal tooling. The main intend here is transparency, not so you spin up your own SaaS environment.

    Essentially we develop the SaaS for ourselves first and foremost, but saw no reason to make it closed source. So that is why it might be using any number of commercial 3rd party add-ons.

    > I'm curious to know what Material UI provided that any other open-source UI library did not.

    I believe it was some MUI X table features like multi row sorting that we didn't feel like re-implementing. I'm sure there's other open source libs that would do that, but we've settled on MUI and are not going to start mixing different UI libraries for different visual elements if we don't absolutely have to.

  • ggshield

    Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.

  • eNMS

    An enterprise-grade vendor-agnostic network automation platform.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.


    Infrastructure as code generator - from visual diagrams created with to Terraform

    Project mention: Cloud asset tracking | /r/aws | 2023-12-09

    Maybe cloudcraft

  • iambic

    IAMbic is Version-Control for IAM. It centralizes and simplifies cloud access and permissions. It maintains an eventually consistent, human-readable, bi-directional representation of IAM in Git.

    Project mention: Open source IAM-as-code through IAMbic | /r/cloudsecurity | 2023-05-30

    Hello everyone! We are working on an open-source IAM-as-code solution called IAMbic, and recently added AWS Service Control Policy support (AWS guardrails, typically used for compliance). IAMbic represents your IAM in Git as YAML Files (called iambic templates). An example repository of templates managed by IAMbic is here. The goal is that you can download IAMbic, and go from your cloud to code in ~10 minutes without needing to write any code yourself. Any changes you make (via clicking in the cloud console, running `terraform apply`, etc) are captured by IAMbic and updated in Git, so you have a running Git history of all IAM changes over time, and Git is an eventually consistent, reliable source of truth for permissions. IAMbic templates are bi-directional, so when you want to manage identities in IAMbic (like cookie-cutter engineering IAM roles or AWS SSO permission sets), You go through a GitOps workflow, get approval, and instruct IAMbic to apply the changes. We have some examples in our IAMOps Philosophy docs. If you want resources to be solely managed by IAMbic, you can instruct IAMbic to prevent drift on these resources. You can also declaratively define temporary access or permissions in the format (Like: "I want userA to have access to the Salesforce app in Okta for 12 hours" or "I want to have S3 permissions to BucketA on the engineering role on the prod AWS account until DATE"). We're really looking for feedback because we want this to be a compelling solution. What are your thoughts? How can we make this better?

  • collection_opnsense

    Ansible Collection to manage OPNSense firewalls using their API

    Project mention: Ansible for OPNSense - what next? | /r/opnsense | 2023-05-14

    What OPNSense Ansible-Module(s) should be implemented next? => VOTE

  • grafana-ansible-collection

    grafana.grafana Ansible collection provides modules and roles for managing various resources on Grafana Cloud and roles to manage and deploy Grafana Agent and Grafana

    Project mention: discussion forum for Grafana roles on Ansible Galaxy | /r/grafana | 2023-12-10

    I am using the grafana role from Ansible Galaxy for the deployment on a Ubuntu bare metal server. What is the best forum to discuss this role? Opening an issue in their GitHub repo appears not the right place to me.

  • paco

    Paco: Prescribed automation for cloud orchestration (by waterbear-cloud)

  • transible

    Convert existing cloud configuration to ansible playbooks

  • sw_proxmox_mail_gw

    Role to install Proxmox Mail Gateway on a linux server

  • collection_nftables

    Ansible modules to manage NFTables via libnftables

  • infra_nftables

    Ansible Role to provision NFTables firewall

  • cardano-node-role

    Install Cardano Node as a systemd service and wrap it with Ansible to provide simplified Ops interface to mint tokens and assert certain state of the ledger.

  • cdk-magento-webshop

    This is a CDK app to provision the required resources to run a flexible, scalable, and cost-effective Magento webshop on top of AWS.

  • addons_nftables

    Ansible Role to provision Add-Ons for NFTables on Linux servers

  • cdk-demo

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-04-16.

Python infrastructure-as-code related posts


What are some of the best open-source infrastructure-as-code projects in Python? This list will help you:

Project Stars
1 SaltStack 13,821
2 checkov 6,492
3 octoDNS 2,965
4 pytest-testinfra 2,318
5 fixinventory 1,533
6 ggshield 1,514
7 eNMS 800
8 346
9 iambic 269
10 collection_opnsense 210
11 grafana-ansible-collection 71
12 paco 32
13 transible 28
14 sw_proxmox_mail_gw 9
15 collection_nftables 6
16 infra_nftables 4
17 cardano-node-role 3
18 cdk-magento-webshop 1
19 addons_nftables 1
20 cdk-demo 0
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives