Help Center← Back to Dashboard
Getting Started
What is Aithroyz?Quickstart: First EnvironmentCloud CredentialsPlans & Approvals
Environments
OverviewLifecycle PhasesTTL Auto-DestroyExtending TTLDestroying an Environment
Tools Reference
OverviewElastic Stack (SIEM)Wazuh (XDR)MITRE CalderaTheHive & DFIR-IRISVelociraptorOpenCTIGrafana + PrometheusShuffle SOARn8nUptime KumaLLM GatewayOpen WebUIFlowiseOpenClawOllamaQdrantLangfusePortainerGiteaSonarQubeCode ServerMattermostMinIOMetabaseHashiCorp VaultKeycloak SSONetBoxLocalStack
Access & Security
Google SSOTenant IsolationPasskeys & MFATeam Members
API & Integrations
API KeysMCP Tools (Clevername)Terraform ExportWebhooks & Callbacks
Stack Presets
SOC PlatformIR / DFIR LabThreat HuntingQuick Sandbox
Settings
Cloud KeysAPI KeysBillingAudit Log
Troubleshooting
Common IssuesDeployment FailuresDNS & ConnectivityTool Health Checks
Aithroyz Help
Help CenterGetting StartedPlans & Approvals

Plans & Approvals

Every Aithroyz deployment starts with a plan — a detailed preview of what will be provisioned. Nothing is created in your cloud account until a plan is explicitly approved.

The approval gate is a core safety feature. It prevents accidental deployments and ensures the team reviews resource and cost implications before cloud spend begins.

What a plan contains

Environment name
The slug used for all subdomain addresses (e.g. acme-soc → elastic.acme-soc.ops.aithroyz.com)
Selected tools
The full list of tools to deploy with their versions
Cloud region
Where the VMs will be provisioned (e.g. us-east1)
Resource estimate
Number of VMs, total vCPUs, RAM, and disk allocation
Cost estimate
Approximate hourly GCP cost based on current pricing for selected instance types
TTL
Optional auto-destroy time (e.g. 8h, 24h). Can be extended or removed after deployment.
Generated HCL
The actual OpenTofu configuration that will be applied — reviewable before approval

Approval flow

Draft
Plan generated but not submitted. You can edit or discard it. No cost, no cloud calls.
Queued
Plan submitted for operator review. The operator sees it in their request queue. Still no cloud resources created.
Pending SA Approval
If SignedApproval is connected, the plan waits for iOS approval with cryptographic signature.
Approved & Applying
Operator clicked Approve & Apply. OpenTofu is now running. Cloud resources are being created.
Rejected
Operator rejected the plan. No resources were created. You can create a new plan with modifications.
ℹ
Operators are team members with approval permissions. The account owner is always an operator. You can grant operator rights to additional team members in Settings → Team.

Reviewing the generated HCL

On the plan detail page, click View Terraform to see the exact OpenTofu HCL that will be applied. This is the same code that gets passed to the provisioner — no hidden steps. If you want to self-host the infrastructure outside of Aithroyz, use the Export button to download the full module set.

Related Articles
Lifecycle PhasesRead article →Terraform ExportRead article →QuickstartRead article →