Published on

Unleashing Terraform Automation with Atlantis: An Overview

Authors

Introduction

Terraform has become the de facto standard for Infrastructure as Code (IaC) due to its ability to manage and provision infrastructure across various cloud providers. As organizations scale, managing Terraform workflows manually becomes challenging. This is where Atlantis comes into play. Atlantis automates Terraform operations via pull requests, making infrastructure management more efficient and secure.

In this post, I will explore what Atlantis is, its key features, and how it can transform your Terraform workflows.

What is Atlantis?

Atlantis is an open-source tool designed to automate Terraform operations via pull requests. It integrates seamlessly with popular version control systems like GitHub, GitLab, and Bitbucket. By listening to webhooks from these systems, Atlantis runs terraform plan and terraform apply commands and comments the output back on the pull request. This ensures that infrastructure changes are reviewed, tested, and applied in a controlled and consistent manner.

This diagram visualises the above mentioned:

atlantis-workflow-diagram

Preview of Atlantis

A preview on how a atlantis plan execution looks like in a Gitlab Merge Request:

atlantis-gitlab-plan-merge-request

Key Features of Atlantis

1. Automated Terraform Plans and Applies

Atlantis automatically runs terraform plan when a pull request is opened, updated, or reopened. It posts the plan output as a comment on the pull request, allowing reviewers to see what changes Terraform will make without having to run the commands locally.

2. Secure and Isolated Execution

Atlantis runs as a standalone application within your infrastructure, ensuring that no third-party has access to your credentials. Each Terraform operation is executed in an isolated environment, minimizing security risks.

3. Integration with Version Control Systems

Atlantis integrates with GitHub, GitLab, and Bitbucket, enabling you to leverage your existing version control workflows. It listens for webhooks and responds to comments, allowing you to trigger terraform apply by commenting atlantis apply on the pull request.

4. Custom Workflows and Policies

Atlantis supports custom workflows and policies, enabling you to define how and when Terraform commands should be run. You can enforce policies such as requiring approvals before applying changes, ensuring compliance with organizational standards.

5. Multi-Environment Support

Atlantis can manage multiple environments (e.g., staging, production) by configuring separate workspaces for each environment. This ensures that changes are tested in a staging environment before being applied to production.

Authentication with AWS for Atlantis

Since Atlantis runs on your Kubernetes cluster, you do not have to hardcode AWS_ACCESS_KEY_ID credentials. Instead, you can use IAM Role Service Accounts, allowing you to avoid defining static access keys. This approach enhances security by leveraging AWS's built-in IAM capabilities, providing temporary credentials for your Kubernetes pods running Atlantis.

Parallelism

Atlantis offers the configuration option ATLANTIS_PARALLEL_APPLY which is set to false by default. This means that two jobs will not run at the same time. If there are two merge request events open, Atlantis will lock the first job, preventing the second job from running plan or apply commands until the first job completes. The first job can be unlocked using the atlantis unlock command, allowing the second job to proceed.

Atlantis vs. GitHub Actions for Terraform Workflows

When comparing Atlantis with GitHub Actions for managing Terraform workflows, there are a few key differences to consider:

  • Integration: Atlantis is designed specifically for Terraform and integrates directly with version control systems to automate plan and apply operations via pull requests. GitHub Actions, on the other hand, is a general-purpose CI/CD tool that can be configured to run Terraform commands, but requires more setup and customization.
  • Simplicity and Focus: Atlantis provides a streamlined, Terraform-focused experience, with built-in features for locking, commenting on pull requests, and enforcing policies. GitHub Actions offers more flexibility and a wider range of integrations, but may require additional effort to achieve similar functionality.
  • Security: Both tools can be configured to run securely within your infrastructure. However, Atlantis's tight integration with version control systems and its IAM Role Service Accounts support for AWS may provide a simpler and more secure setup for Terraform-specific workflows.

How Atlantis Transforms Terraform Workflows

Enhanced Collaboration

By integrating with version control systems, Atlantis brings collaboration to the forefront of infrastructure management. Developers and operations teams can review, comment, and approve Terraform changes directly within pull requests.

Increased Efficiency

Automating Terraform commands saves time and reduces the risk of human error. Atlantis handles the execution of terraform plan and terraform apply, allowing teams to focus on higher-level tasks.

Improved Security

Running Atlantis within your infrastructure ensures that sensitive credentials remain secure. Each Terraform operation is executed in a controlled environment, reducing the attack surface.

Consistency and Reliability

With Atlantis, Terraform plans and applies are executed consistently across different environments. This consistency ensures that infrastructure changes are predictable and reliable.

Conclusion

Atlantis is a powerful tool that brings automation, collaboration, and security to Terraform workflows. By integrating with version control systems and automating Terraform operations, Atlantis enables teams to manage infrastructure changes efficiently and securely.

In the next post, we will dive into how to set up Atlantis for GitLab, providing a step-by-step guide to get you started.

Next Up

If you found this post helpful, stay tuned for the next part where we'll cover the setup of Atlantis for GitLab. Don't forget to subscribe to my newsletter to get updates on new posts and more tips on Terraform and infrastructure management.

Join my Newsletter?

I will post future Atlantis content under the #atlantis tag.

Thank You

Thanks for reading, if you like my content, feel free to check out my website, and subscribe to my newsletter or follow me at @ruanbekker on Twitter.

Buy Me A Coffee
Discuss on TwitterView on GitHub