- Published on
Unleashing Terraform Automation with Atlantis: An Overview
- Authors
- Name
- Ruan Bekker
- @ruanbekker
Introduction
Terraform has become the de facto standard for Infrastructure as Code (IaC) due to its ability to manage and provision infrastructure across various cloud providers. As organizations scale, managing Terraform workflows manually becomes challenging. This is where Atlantis comes into play. Atlantis automates Terraform operations via pull requests, making infrastructure management more efficient and secure.
In this post, I will explore what Atlantis is, its key features, and how it can transform your Terraform workflows.
What is Atlantis?
Atlantis is an open-source tool designed to automate Terraform operations via pull requests. It integrates seamlessly with popular version control systems like GitHub, GitLab, and Bitbucket. By listening to webhooks from these systems, Atlantis runs terraform plan
and terraform apply
commands and comments the output back on the pull request. This ensures that infrastructure changes are reviewed, tested, and applied in a controlled and consistent manner.
This diagram visualises the above mentioned:
Preview of Atlantis
A preview on how a atlantis plan execution looks like in a Gitlab Merge Request:
Key Features of Atlantis
1. Automated Terraform Plans and Applies
Atlantis automatically runs terraform plan
when a pull request is opened, updated, or reopened. It posts the plan output as a comment on the pull request, allowing reviewers to see what changes Terraform will make without having to run the commands locally.
2. Secure and Isolated Execution
Atlantis runs as a standalone application within your infrastructure, ensuring that no third-party has access to your credentials. Each Terraform operation is executed in an isolated environment, minimizing security risks.
3. Integration with Version Control Systems
Atlantis integrates with GitHub, GitLab, and Bitbucket, enabling you to leverage your existing version control workflows. It listens for webhooks and responds to comments, allowing you to trigger terraform apply
by commenting atlantis apply
on the pull request.
4. Custom Workflows and Policies
Atlantis supports custom workflows and policies, enabling you to define how and when Terraform commands should be run. You can enforce policies such as requiring approvals before applying changes, ensuring compliance with organizational standards.
5. Multi-Environment Support
Atlantis can manage multiple environments (e.g., staging, production) by configuring separate workspaces for each environment. This ensures that changes are tested in a staging environment before being applied to production.
Authentication with AWS for Atlantis
Since Atlantis runs on your Kubernetes cluster, you do not have to hardcode AWS_ACCESS_KEY_ID
credentials. Instead, you can use IAM Role Service Accounts, allowing you to avoid defining static access keys. This approach enhances security by leveraging AWS's built-in IAM capabilities, providing temporary credentials for your Kubernetes pods running Atlantis.
Parallelism
Atlantis offers the configuration option ATLANTIS_PARALLEL_APPLY
which is set to false
by default. This means that two jobs will not run at the same time. If there are two merge request events open, Atlantis will lock the first job, preventing the second job from running plan
or apply
commands until the first job completes. The first job can be unlocked using the atlantis unlock
command, allowing the second job to proceed.
Atlantis vs. GitHub Actions for Terraform Workflows
When comparing Atlantis with GitHub Actions for managing Terraform workflows, there are a few key differences to consider:
- Integration: Atlantis is designed specifically for Terraform and integrates directly with version control systems to automate
plan
andapply
operations via pull requests. GitHub Actions, on the other hand, is a general-purpose CI/CD tool that can be configured to run Terraform commands, but requires more setup and customization. - Simplicity and Focus: Atlantis provides a streamlined, Terraform-focused experience, with built-in features for locking, commenting on pull requests, and enforcing policies. GitHub Actions offers more flexibility and a wider range of integrations, but may require additional effort to achieve similar functionality.
- Security: Both tools can be configured to run securely within your infrastructure. However, Atlantis's tight integration with version control systems and its IAM Role Service Accounts support for AWS may provide a simpler and more secure setup for Terraform-specific workflows.
How Atlantis Transforms Terraform Workflows
Enhanced Collaboration
By integrating with version control systems, Atlantis brings collaboration to the forefront of infrastructure management. Developers and operations teams can review, comment, and approve Terraform changes directly within pull requests.
Increased Efficiency
Automating Terraform commands saves time and reduces the risk of human error. Atlantis handles the execution of terraform plan
and terraform apply
, allowing teams to focus on higher-level tasks.
Improved Security
Running Atlantis within your infrastructure ensures that sensitive credentials remain secure. Each Terraform operation is executed in a controlled environment, reducing the attack surface.
Consistency and Reliability
With Atlantis, Terraform plans and applies are executed consistently across different environments. This consistency ensures that infrastructure changes are predictable and reliable.
Conclusion
Atlantis is a powerful tool that brings automation, collaboration, and security to Terraform workflows. By integrating with version control systems and automating Terraform operations, Atlantis enables teams to manage infrastructure changes efficiently and securely.
In the next post, we will dive into how to set up Atlantis for GitLab, providing a step-by-step guide to get you started.
Next Up
If you found this post helpful, stay tuned for the next part where we'll cover the setup of Atlantis for GitLab. Don't forget to subscribe to my newsletter to get updates on new posts and more tips on Terraform and infrastructure management.
I will post future Atlantis content under the #atlantis tag.
Thank You
Thanks for reading, if you like my content, feel free to check out my website, and subscribe to my newsletter or follow me at @ruanbekker on Twitter.
- Linktree: https://go.ruan.dev/links
- Patreon: https://go.ruan.dev/patreon