#atlantis (2021-02)

atlantis

Discuss the Atlantis (http://runatlantis.io|runatlantis.io) *Archive: * https://archive.sweetops.com/atlantis/

2021-02-24

jose.amengual avatar
jose.amengual
Release v0.17.0-beta · runatlantis/atlantis

Feature release. Due to a sizeable refactor and the number of configuration settings supported in Atlantis, this is a pre-release and should not be considered fully stable. Features Add –enable-p…

3
3
2
jose.amengual avatar
jose.amengual

@joshmyers ^

2021-02-22

joshmyers avatar
joshmyers

@jose.amengual Are ya’ll gonna cut a release of Atlantis since merging the OPA stuff?

jose.amengual avatar
jose.amengual

The policy checks will be released as a pre-release for people to try

joshmyers avatar
joshmyers

Awesome! Any idea when that will be?

jose.amengual avatar
jose.amengual

Let me ask and get back to you

1
joshmyers avatar
joshmyers

Thanks!

jose.amengual avatar
jose.amengual

this week it will be released

1
joshmyers avatar
joshmyers

Awesome, thanks man

2021-02-18

maarten avatar
maarten

Hi everybody, I’d like to use Terraform cross-account, without having the assume_role block in provider and backend. With terragrunt that was easily solved by using –terragrunt-iam-role in the cmdline of the apply/plan steps.

I have state buckets in every account seperately.

What would now be the best way forward ?

zeid.derhally avatar
zeid.derhally

We deploy an Atlantis into each AWS account and each atlantis is configured to only listen to certain repos. There is a cost to this in both maintaining a service and $$ for running it. If you have a lot of accounts this can add up, but it is more secure. But it is probably still cheaper than paying for one of those SaaS options

joshmyers avatar
joshmyers

Can still use Terragrunt with Atlantis…

maarten avatar
maarten

i can dream

maarten avatar
maarten

i’ll try and use aws sts to assume , see if that works

David avatar
David

I use terragrunt + a single atlantis server that assumes roles cross-account and it works great. If done with fine-grained IAM roles the security model is still quite nice.

If you just want to not assume roles locally though you can set up different profiles using aws-vault and run commands like aws-vault exec some_profile -- terraform apply.

joshmyers avatar
joshmyers

terragrunt + a single atlantis server < snap

joshmyers avatar
joshmyers

assumes roles into other accounts

joshmyers avatar
joshmyers

what atlantis runs is exactly what users from from local

maarten avatar
maarten

I have a solution now, but what you are suggesting can be done without terragrunt.hcl ?

maarten avatar
maarten

It’s a project which I need to dumb down a bit for the target group, flat structures, no workspaces, no tricks, so duplicated vars. Also the reason that I’m not using terragrunt as it’s another thing..

2021-02-17

zeid.derhally avatar
zeid.derhally

Anyone know/recommend a terraform module for deploying atlantis to GCP

2021-02-09

Steve Wade avatar
Steve Wade

just upgraded many thanks @jose.amengual

3
1

2021-02-08

jose.amengual avatar
jose.amengual
Release v0.16.1 · runatlantis/atlantis

Description Few improvements and a number of bug fixes Features/Improvements Add –gh-app-slug which allows fetching of gh app user. (#1334 by @nishkrishnan) (Also fixes #1161) Add –disable-repo-…

3
4
4
1

2021-02-05

jose.amengual avatar
jose.amengual
infracost/infracost-atlantis

Atlantis integration for Infracost. Shows cloud cost estimates for Terraform in pull requests. - infracost/infracost-atlantis

1
Steve Wade avatar
Steve Wade

Nice one @jose.amengual

jose.amengual avatar
jose.amengual

Atlantis release is coming today or monday

5
Steve Wade avatar
Steve Wade

do you have a changelog yet @jose.amengual would be interested in having a read as i will defo be upgrading

jose.amengual avatar
jose.amengual

we will publish one

jose.amengual avatar
jose.amengual

is not yet publish

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

so i have this atlantis.yaml in my repo with allow repo configs enabled

version: 3
projects:
- name: iam
  dir: aws_accounts/account_a/iam
  terraform_version: v0.14.6

I have like 50 modules in my repo and none of them work except for aws_accounts/account_a/iam

how do i set a default workflow for all directories except for the ones specified in my atlantis.yaml

jose.amengual avatar
jose.amengual

maybe this ?

jose.amengual avatar
jose.amengual

not for autoplan but same idea

Steve Wade avatar
Steve Wade

if it comes with streaming the run to comments the devs in my company are going to love this release

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

hmm i have that set in my repos.yaml file

# <https://www.runatlantis.io/docs/server-configuration.html#repo-config-json>
repos:

  # apply config to repos matching this regex
  - id: /.*/
    # allow repo level configs to override the following per project
    allowed_overrides:
      - apply_requirements
      - workflow
    # `terraform apply` requires the PR to be the following.
    # commented out since applies are commented out
    #apply_requirements:
    #  - approved
    #  # - mergeable
    workflow: default
RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

but it seems like my repo atlantis.yaml supplants the /.*/ workflow

jose.amengual avatar
jose.amengual

it could

jose.amengual avatar
jose.amengual

it is last match

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

no i mean, the repo atlantis.yaml file seems to completely supplant the repos.yaml file on the server

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

so if i codify aws_accounts/account_a/iam that will use the custom atlantis.yaml in my repo

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

but if i dont codify say secrets dir in that same repo, the repos.yaml will not use it’s /.*/ default repo workflow

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

does that make sense ?

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

so basically i have to choose betw the repos.yaml on my server and my atlantis.yaml in my repo instead of having a default set in atlantis.yaml if a directory is not codified in repos.yaml

jose.amengual avatar
jose.amengual

server config overwrite repo config only if is allowed in the server side

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

not sure i follow

jose.amengual avatar
jose.amengual

you kinda have to have a default and then a specific repo setting

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

but don’t i already have a default set ?

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

what do i need to add ?

jose.amengual avatar
jose.amengual

allowed_overrides: []

jose.amengual avatar
jose.amengual

that will now allow repos to set those setting

jose.amengual avatar
jose.amengual

what happens if you do atlantis plan -d aws_accounts/account_a/iam -d aws_accounts/account_a/sgs -d aws_accounts/account_a/pepesucks

jose.amengual avatar
jose.amengual

does that work?

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

wait but i want repos to be able to override the workflow

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

(lol at your example command btw)

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

ya if i comment on the PR with a manual atlantis plan -d dir_path then it works correctly

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

but not the best UX. I’d prefer if the default is /.*/ w/o having to run it manually

jose.amengual avatar
jose.amengual

I think this is not implemented on atlantis

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

ahh! ok so im not crazy

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

i thought i was doing something wrong

jose.amengual avatar
jose.amengual

and if you do *.tf it will pick every single module

jose.amengual avatar
jose.amengual

you do not have !/pepe/*.tf

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

lol i did try that a while back and it planned EVERYTHING

jose.amengual avatar
jose.amengual

you can create a pr to atlantis

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

my github PR was insanely commented hahaha

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

im go nna have to learn how to locally dev atlantis

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

do you folks have docs on that ?

jose.amengual avatar
jose.amengual

not really

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

ah please add them cause i am so confused how to dev it

jose.amengual avatar
jose.amengual

I use dlv to run atlantis and ngrok for the webhook

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

if you work with me on setting up a local dev env, id write up the tech docs for it and contrib to atlantis

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

im not free this week but ill be free next week if youre down

jose.amengual avatar
jose.amengual

I can help you

1
jose.amengual avatar
jose.amengual

go 1.15 DLV VScode

2021-02-03

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

how does one set the required_version to be picked up automatically by atlantis for 0.13 or 0.14 ?

    keyboard_arrow_up