February 14, 2023
min

Terraform Pull Request Automation using Atlantis

Atlantis is a self-hosted application that automates Terraform workflows, enabling teams to collaborate on infrastructure changes effectively. It integrates seamlessly with popular version control systems, such as GitHub, GitLab, and Bitbucket, and facilitates code review and approval processes. By automating many of the manual steps involved in executing Terraform commands, Atlantis improves productivity, reduces human error, and ensures a consistent workflow across your team.
Stream Team
No items found.
No items found.

TL;DR

Introduction

Terraform has revolutionized infrastructure management, providing a simple and efficient way to provision and manage cloud resources using code. However, implementing and managing Terraform at scale can be challenging, especially for teams collaborating on infrastructure changes. Enter Atlantis, an open-source tool that streamlines the Terraform workflow and fosters collaboration. In this blog post, we'll explore the basics of Atlantis, its key features, and how it can enhance your Terraform experience.

What is Atlantis?

Atlantis is a self-hosted application that automates Terraform workflows, enabling teams to collaborate on infrastructure changes effectively. It integrates seamlessly with popular version control systems, such as GitHub, GitLab, and Bitbucket, and facilitates code review and approval processes. By automating many of the manual steps involved in executing Terraform commands, Atlantis improves productivity, reduces human error, and ensures a consistent workflow across your team.

Key Features of Atlantis

  1. Pull Request Automation: Atlantis automatically detects Terraform changes in pull requests, running 'terraform init', 'terraform plan', and posting the results as comments. This helps team members review the changes before applying them, ensuring that only approved modifications are executed.
  2. Concurrent Execution: Atlantis can manage multiple Terraform projects concurrently, allowing your team to work on different projects without waiting for others to finish. This eliminates bottlenecks and increases overall efficiency.
  3. Custom Workflow: Atlantis allows you to create custom workflows for your specific needs. You can add custom scripts or steps, define dependencies between projects, and control the execution order.
  4. Role-Based Access Control (RBAC): Atlantis provides RBAC, ensuring that only authorized team members can execute Terraform commands. This feature enhances security and enables you to maintain proper access control across your infrastructure.
  5. Audit Trails: Atlantis maintains a log of all executed commands, making it easier to track changes, identify issues, and maintain accountability.

Getting Started with Atlantis

Setting up Atlantis is straightforward. First, you'll need to deploy the Atlantis server on your infrastructure, which can be done using Docker, Kubernetes, or other deployment methods. Next, you'll configure the Atlantis server by providing credentials for your version control system and specifying the repositories it should monitor. Once the server is up and running, you can start using Atlantis to manage your Terraform workflows.

To install Atlantis on AWS, you can follow these general steps:

  1. Create an EC2 instance: Log in to your AWS console and create an EC2 instance that meets the system requirements for Atlantis (e.g., Ubuntu 18.04, 2 GB RAM, 2 vCPUs, etc.). You can choose an instance type based on your requirements and budget.
  2. Install and configure Atlantis: SSH into your EC2 instance and install Atlantis following the official documentation. You'll need to configure the atlantis server with a webhook to your code hosting provider, such as GitHub, GitLab, or Bitbucket, and set up a user account for Atlantis with the necessary permissions.
  3. Set up SSL: You can use a free SSL certificate from Let's Encrypt to enable HTTPS on your Atlantis server. You can follow the instructions provided by Let's Encrypt to obtain and install the certificate on your EC2 instance.
  4. Configure firewall and security groups: Ensure that your EC2 instance's security group allows incoming traffic on the port that Atlantis is listening on (e.g., port 4141). You can also configure a firewall on your EC2 instance to block unauthorized access.

Atlantis has multiple paid alternative:

Terraform Cloud

Env0

Scalr

Spacelift

tfRails supports an easy to use integration as an Atlantis workflow, Start Free now!

About Stream Security

Stream Security leads in Cloud Detection and Response, modeling all cloud activities and configurations in real-time to uncover adversary intent. The platform correlates activities by principles, helping security teams connect the dots and understand correlations among cloud operations. It reveals each alert's exploitability and blast radius to predict the adversary's next move, enabling security teams to detect, investigate, and respond with confidence, outpacing the adversary.

Stream Team