Feature release. Due to a sizeable refactor and the number of configuration settings supported in Atlantis, this is a pre-release and should not be considered fully stable. Features Add –enable-p…
@jose.amengual Are ya’ll gonna cut a release of Atlantis since merging the OPA stuff?
The policy checks will be released as a pre-release for people to try
Awesome! Any idea when that will be?
Let me ask and get back to you
this week it will be released
Awesome, thanks man
Hi everybody, I’d like to use Terraform cross-account, without having the assume_role block in provider and backend. With terragrunt that was easily solved by using –terragrunt-iam-role in the cmdline of the apply/plan steps.
I have state buckets in every account seperately.
What would now be the best way forward ?
We deploy an Atlantis into each AWS account and each atlantis is configured to only listen to certain repos. There is a cost to this in both maintaining a service and $$ for running it. If you have a lot of accounts this can add up, but it is more secure. But it is probably still cheaper than paying for one of those SaaS options
Can still use Terragrunt with Atlantis…
i can dream
i’ll try and use aws sts to assume , see if that works
I use terragrunt + a single atlantis server that assumes roles cross-account and it works great. If done with fine-grained IAM roles the security model is still quite nice.
If you just want to not assume roles locally though you can set up different profiles using
aws-vault and run commands like
aws-vault exec some_profile -- terraform apply.
terragrunt + a single atlantis server < snap
assumes roles into other accounts
what atlantis runs is exactly what users from from local
I have a solution now, but what you are suggesting can be done without terragrunt.hcl ?
It’s a project which I need to dumb down a bit for the target group, flat structures, no workspaces, no tricks, so duplicated vars. Also the reason that I’m not using terragrunt as it’s another thing..
Anyone know/recommend a terraform module for deploying atlantis to GCP
just upgraded many thanks @jose.amengual
Description Few improvements and a number of bug fixes Features/Improvements Add –gh-app-slug which allows fetching of gh app user. (#1334 by @nishkrishnan) (Also fixes #1161) Add –disable-repo-…
Nice one @jose.amengual
so i have this
atlantis.yaml in my repo with allow repo configs enabled
version: 3 projects: - name: iam dir: aws_accounts/account_a/iam terraform_version: v0.14.6
I have like 50 modules in my repo and none of them work except for
how do i set a default workflow for all directories except for the ones specified in my
maybe this ?
Atlantis: Terraform Pull Request Automation
not for autoplan but same idea
if it comes with streaming the run to comments the devs in my company are going to love this release
hmm i have that set in my repos.yaml file
\# <https://www.runatlantis.io/docs/server-configuration.html#repo-config-json> repos: # apply config to repos matching this regex - id: /.*/ # allow repo level configs to override the following per project allowed_overrides: - apply_requirements - workflow # `terraform apply` requires the PR to be the following. # commented out since applies are commented out #apply_requirements: # - approved # # - mergeable workflow: default
but it seems like my repo atlantis.yaml supplants the
it is last match
no i mean, the repo atlantis.yaml file seems to completely supplant the repos.yaml file on the server
so if i codify
aws_accounts/account_a/iam that will use the custom
atlantis.yaml in my repo
but if i dont codify say
secrets dir in that same repo, the
repos.yaml will not use it’s
/.*/ default repo workflow
does that make sense ?
so basically i have to choose betw the
repos.yaml on my server and my
atlantis.yaml in my repo instead of having a default set in
atlantis.yaml if a directory is not codified in
server config overwrite repo config only if is allowed in the server side
not sure i follow
you kinda have to have a default and then a specific repo setting
but don’t i already have a default set ?
what do i need to add ?
that will now allow repos to set those setting
what happens if you do
atlantis plan -d aws_accounts/account_a/iam -d aws_accounts/account_a/sgs -d aws_accounts/account_a/pepesucks
does that work?
wait but i want repos to be able to override the workflow
(lol at your example command btw)
ya if i comment on the PR with a manual
atlantis plan -d dir_path then it works correctly
but not the best UX. I’d prefer if the default is
/.*/ w/o having to run it manually
I think this is not implemented on atlantis
ahh! ok so im not crazy
i thought i was doing something wrong
and if you do *.tf it will pick every single module
you do not have
lol i did try that a while back and it planned EVERYTHING
you can create a pr to atlantis
my github PR was insanely commented hahaha
im go nna have to learn how to locally dev atlantis
do you folks have docs on that ?
ah please add them cause i am so confused how to dev it
I use dlv to run atlantis and ngrok for the webhook
if you work with me on setting up a local dev env, id write up the tech docs for it and contrib to atlantis
im not free this week but ill be free next week if youre down
I can help you
go 1.15 DLV VScode
woops. i posted in #terraform when I meant to post here.
how does one set the
required_version to be picked up automatically by atlantis for 0.13 or 0.14 ?