Enterprise Internal Developer Platform

GTP InfraSentinel

A unified, self-hosted IDP for infrastructure provisioning, configuration management, security hardening, and AI-powered observability — modular, production-ready, and security-first. Built for platform engineers who need full control.

Product Overview

One Platform. Four Integrated Modules.

GTP InfraSentinel unifies four critical platform engineering capabilities into a single, cohesive IDP — from multi-cloud infrastructure provisioning with OpenTofu, through Ansible configuration management, automated CIS DISA and CSF security hardening, to a React-powered AI insights dashboard with Prometheus and Grafana observability.

Multi-cloud provisioning across AWS, Azure, GCP, and on-premises via OpenTofu (Terraform-compatible)
Ansible-driven configuration management with drift detection and on-demand playbook execution
Automated CIS Level 1 & 2 security hardening with nightly audit cycles
AI-powered anomaly detection and capacity forecasting via FastAPI + Prometheus + Grafana
Platform at a Glance
4

Integrated Modules

3

Cloud Providers Supported

CIS/DISA/CSF

Hardening Supported

AI

Anomaly & Forecasting

Module 1

Infrastructure Provisioning

Multi-cloud and on-premises infrastructure provisioning powered by OpenTofu — fully Terraform-compatible. Define, preview, and apply infrastructure changes across AWS, Azure, and GCP from a single unified interface, with all state tracked in the InfraSentinel database.

OpenTofu 1.6+ (Terraform-compatible) — toggle AWS, Azure, GCP independently via feature flags
UI-triggered provisioning runs — API queues jobs, OpenTofu applies state, resources registered in DB
Resource metrics collected and fed to the AI observability layer automatically
Typed confirmation guard on tofu-destroy — prevents accidental infrastructure destruction

Supported Cloud Targets

AWSEC2, VPC, RDS, S3, EKS — full AWS provider
AzureVMs, AKS, Blob, SQL — Azure Resource Manager
GCPCompute Engine, GKE, Cloud SQL — GCP provider
On-PremVMware, bare-metal, private cloud
Module 2

Configuration Management

Enterprise-scale OS and application configuration at scale with Ansible 2.15+. Run playbooks on demand or on schedule, detect configuration drift in real time, and surface results directly in the InfraSentinel compliance dashboard.

Ansible 2.15+ playbooks — inventory-driven, idempotent, and fully auditable
Real-time drift detection — compliance state updated after every playbook run
On-demand or scheduled execution via the unified dashboard and FastAPI control plane
Run history logged to infra_snapshots table — full configuration audit trail

Config Management Workflow

Host inventory definition (hosts.ini)
Connectivity test — make ansible-ping
Full playbook apply — make ansible-apply
Results reported to API → compliance state updated
Dashboard visualises drift and remediation status
Module 3

Security Hardening

Automated, continuous security hardening aligned to CIS Benchmarks Level 1 and Level 2. Nightly audit playbooks scan every host, AI models analyse compliance patterns, and security findings surface in the dashboard with one-click remediation playbooks available.

CIS Benchmark Level 1 & 2 — dry-run audit and automated apply modes
UFW firewall rules managed as code — no manual firewall changes
Nightly CIS audit cycles — findings stored in security_scans table for trending
Non-root containers (UID 1001), TLS termination, Bearer-token metrics endpoint, full API audit log

Security Hardening Coverage

CIS Level 1 — baseline OS hardening for all hosts
CIS Level 2 — advanced hardening for production systems
DISA CSF - Other Maojr Cybersecurity Frameworks
UFW firewall rule management as code
Compliance scoring — CIS pass rates tracked over time
Anomaly-flagged findings surfaced by AI engine
Module 4

Dashboard & AI Insights

A React 18 frontend backed by a FastAPI (Python 3.11) control plane, with Prometheus metrics ingestion and Grafana dashboards — all enriched by ML models that detect anomalies and forecast capacity trends across every infrastructure resource.

AI anomaly detection — ML models ingest Prometheus metrics and surface deviations in the ai_anomalies table
Capacity forecasting — predictive models project resource utilisation before thresholds are breached
Alertmanager integration — tiered alert routing to Email, Slack, and PagerDuty with SMTP TLS
Pre-built Grafana dashboards, Prometheus retention configurable, metrics retention defaults to 30 days

AI Insights Capabilities

Prometheus metrics ingestion → ML inference pipeline
Anomaly detection — surfaced per resource and time window
Capacity forecasting — projected resource utilisation trends
Alert rules for API health, host CPU/memory/disk, PostgreSQL
All findings exposed via FastAPI — displayed in React dashboard
Key Capabilities

What Makes GTP InfraSentinel Unique

Multi-Cloud Provisioning

OpenTofu-powered IaC spans AWS, Azure, GCP, and on-prem from a single unified control plane.

Automated CIS Hardening

Nightly CIS Level 1 & 2 audit cycles with one-command remediation — no manual security toil.

AI-Powered Observability

ML anomaly detection and capacity forecasting built into the dashboard — not bolted on as an afterthought.

Security-First Architecture

Non-root containers, TLS termination, Docker network isolation, and a full API audit log in every deployment.

Platform Architecture & Technology Stack

Four integrated modules unified by a FastAPI control plane, with complete observability from infrastructure layer to AI insights layer.

Module 1
Infra Provisioning
OpenTofu 1.6+
Module 2
Config Management
Ansible 2.15+
Module 3
Security Hardening
CIS Benchmarks + UFW
Module 4 — Unified Dashboard & AI Insights
FastAPI Backend + React 18 Frontend + Prometheus + Grafana
Consumes and correlates outputs from all three upstream modules
OpenTofu
IaC
Ansible
Config Mgmt
FastAPI
Control Plane
Grafana
Dashboards
Prometheus
Metrics
Deployment

Production-Ready From Day One

Three fully defined deployment environments — development, demo, and production — each with their own Docker Compose configuration, environment files, and Makefile targets.

Development

Hot-reload via Vite HMR, open ports for all services, dev overrides isolated to docker-compose.dev.yml. Spin up in seconds with make dev-up.

Min: 2 vCPU / 4 GB RAM

Demo

API docs enabled, Grafana port exposed, resource limits relaxed for client walkthroughs. Use on private network or VPN only — never public internet.

Min: 4 vCPU / 8 GB RAM

Production

TLS termination via Nginx, CA-signed certificates, API docs disabled, Grafana and Prometheus on internal-only Docker networks. All secrets from your secrets manager.

Min: 8 vCPU / 16 GB RAM

Deploy Your Internal Developer Platform

Schedule a demo to see GTP InfraSentinel in action — from multi-cloud provisioning to AI-powered observability — and discover how platform teams use it to reclaim infrastructure control.

Schedule a Demo