Not my personal setup, but I’ve worked at orgs in the past where the tier0 infra was set up using terraform and all funneled through github PRs. To add users/gain access to resources…etc, users would submit a PR and someone on the IT team would review/reject accordingly. It allowed for scalability and version/config control, but still required human input for the actual security question decision making.