#atlantis (2021-05)
Discuss the Atlantis (<http://runatlantis.io | runatlantis.io>) |
**Archive: ** https://archive.sweetops.com/atlantis/
2021-05-03
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
If there is a repo level atlantis.yaml
file containing directories dir1
and dir2
and a PR comes in that affects the terraform module dir3
, atlantis will show a 0 / 0
approval check for the PR. This seems like a bug, no ?
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
The repo level atlantis.yaml for dir1 and dir2 version: 3 projects: - dir: dir1 - dir: dir2 A PR for only dir3 and I see this atlantis/apply — 0/0 projects applied successfully. atlantis/plan — 0/0…
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
and if you run atlantis plan manually it says no plans?
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
it says no plans
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
oh, not sure how to run atlantis manually. ill have to check that
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
weird
2021-05-07
![Steve Wade (swade1987) avatar](https://avatars.slack-edge.com/2022-12-08/4499411930625_2768e5fdceec550e6669_72.jpg)
does anyone know (or have ideas) how to fix atlantis (using the upstream fargate module) taking a long time when a lot of PRs are being executed from different repositories
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
like how to debug on the server, or how to redeploy?
![Steve Wade (swade1987) avatar](https://avatars.slack-edge.com/2022-12-08/4499411930625_2768e5fdceec550e6669_72.jpg)
at present we have quite a few PRs currently being planned/applied across a number of repos
![Steve Wade (swade1987) avatar](https://avatars.slack-edge.com/2022-12-08/4499411930625_2768e5fdceec550e6669_72.jpg)
when this happens we find that Atlantis slows down massively
![Steve Wade (swade1987) avatar](https://avatars.slack-edge.com/2022-12-08/4499411930625_2768e5fdceec550e6669_72.jpg)
not sure if increasing https://github.com/terraform-aws-modules/terraform-aws-atlantis/blob/master/variables.tf#L284-L288 would help?
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
Nope, don’t do that.
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
Atlantis uses a local BoltDB, more tasks isn’t what you want.
![Steve Wade (swade1987) avatar](https://avatars.slack-edge.com/2022-12-08/4499411930625_2768e5fdceec550e6669_72.jpg)
i thought that might be the case
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
Terraform configurations for running Atlantis on AWS Fargate. Github, Gitlab and BitBucket are supported - terraform-aws-modules/terraform-aws-atlantis
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
Beef up the Fargate task size CPU/mem
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
Makes a big difference
![Steve Wade (swade1987) avatar](https://avatars.slack-edge.com/2022-12-08/4499411930625_2768e5fdceec550e6669_72.jpg)
yeh makes sense
![Steve Wade (swade1987) avatar](https://avatars.slack-edge.com/2022-12-08/4499411930625_2768e5fdceec550e6669_72.jpg)
any recommendations?
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
ecs_task_memory = 4096
ecs_task_cpu = 2048
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
Depends how many concurrent plan/apply you expect to run, how long is a piece of string
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
We also set ATLANTIS_PARALLEL_POOL_SIZE
to 50
![Steve Wade (swade1987) avatar](https://avatars.slack-edge.com/2022-12-08/4499411930625_2768e5fdceec550e6669_72.jpg)
what does that do?
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
I run on a m5.2xlarge (8 vCPU, 32gb mem) EC2 instance and often have hundreds of plans run in parallel.
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
RTFM
![Steve Wade (swade1987) avatar](https://avatars.slack-edge.com/2022-12-08/4499411930625_2768e5fdceec550e6669_72.jpg)
i thought that only works when using workspaces?
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
There is a difference I believe between Atlantis workspaces and Terraform workspaces, if that is what you are thinking of
![Steve Wade (swade1987) avatar](https://avatars.slack-edge.com/2022-12-08/4499411930625_2768e5fdceec550e6669_72.jpg)
changes applied, lets see what this does to the speed, fingers crossed
![pcantea avatar](https://secure.gravatar.com/avatar/7aeb6111a6a5524163b49e2f456ffd67.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
:wave: Hi all, quick question, do env vars set with the env
step persist between runs? For example if I run atlantis plan
which sets FOO=BAR, will $FOO be there if I run atlantis plan
again?
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
2021-05-14
![Piotr Hryszko avatar](https://secure.gravatar.com/avatar/81194e235790ffb0ded5ce4770f174b2.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
hey :wave: I’m trying to modify a resource that does not have support with Terraform yet - updating cognito user pool with custom email sender. I can do this with null_resource
command aws cognito-idp update-user-pool --user-pool-id …
. I have added awscli to atlantis image, that’s done, however what would be the best way of passing aws credentials without baking them into the image? Atlantis runs on Fargate at the moment
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
instance profile
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
the fargate task execution role
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
add the permissions there
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
if you are running TF already then you probably have the permissions
![Piotr Hryszko avatar](https://secure.gravatar.com/avatar/81194e235790ffb0ded5ce4770f174b2.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
I’ve been running terraform without issues however, aws cli requires credentials and profile to be configured , doesn’t it?
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
no
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
if it runs on an instance or task
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
Configure the AWS CLI to use a role defined in AWS Identity and Access Management (IAM).
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
[profile marketingadmin]
role_arn = arn:aws:iam::123456789012:role/marketingadminrole
credential_source = Ec2InstanceMetadata
![Piotr Hryszko avatar](https://secure.gravatar.com/avatar/81194e235790ffb0ded5ce4770f174b2.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
Perfect, thank you @jose.amengual
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
np
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
This is a problem we encounter in certain places too, can’t pass Terraform cred providers down into null_resources, so turn your one liner command into a script and that script needs to assume the correct role.
2021-05-17
2021-05-27
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
policies:
owners:
users:
- nishkrishnan
policy_sets:
- name: null_resource_warning
path: <CODE_DIRECTORY>/policies/null_resource_warning
source: local
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
^^ Looking at the conftest/OPA stuff in Atlantis, what can source be there? Does it need to be local
?
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
Hmm, looks like these need to be local for now…
2021-05-28
![Steve Wade (swade1987) avatar](https://avatars.slack-edge.com/2022-12-08/4499411930625_2768e5fdceec550e6669_72.jpg)
is anyone else experiencing Atlantis being unable to auto-merge gitlab PRs to master
which the gitlab API moved to the default branch of main
earlier this week?
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
Bah, looks like you can’t use the inbuilt Atlantis policy checks if using Terragrunt. Anyone else hit this or got it working? Failing when trying to run terraform show
which works when running terragrunt show
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
{"level":"error","ts":1622220562.7195866,"caller":"terraform/terraform_client.go:277","msg":"running \"/usr/local/bin/terraform show -no-color -json /home/atlantis/.atlantis/repos/userservices/userservices-infrastructure/806/default/terraform/prod/prod/us-west-2/platform-dependencies/prod::prod::us-west-2::platform-dependencies-default.tfplan\" in \"/home/atlantis/.atlantis/repos/userservices/userservices-infrastructure/806/default/terraform/prod/prod/us-west-2/platform-dependencies\": exit status 1","json":{"repo":"userservices/userservices-infrastructure","pull":"806"},"stacktrace":"github.com/runatlantis/atlantis/server/events/terraform.(*DefaultClient).RunCommandWithVersion\n\t/home/circleci/project/server/events/terraform/terraform_client.go:277\ngithub.com/runatlantis/atlantis/server/events/runtime.(*ShowStepRunner).Run\n\t/home/circleci/project/server/events/runtime/show_step_runner.go:42\ngithub.com/runatlantis/atlantis/server/events/runtime.(*PlanTypeStepRunnerDelegate).Run\n\t/home/circleci/project/server/events/runtime/plan_type_step_runner_delegate.go:64\ngithub.com/runatlantis/atlantis/server/events/runtime.(*MinimumVersionStepRunnerDelegate).Run\n\t/home/circleci/project/server/events/runtime/minimum_version_step_runner_delegate.go:43\ngithub.com/runatlantis/atlantis/server/events.(*DefaultProjectCommandRunner).runSteps\n\t/home/circleci/project/server/events/project_command_runner.go:381\ngithub.com/runatlantis/atlantis/server/events.(*DefaultProjectCommandRunner).doPolicyCheck\n\t/home/circleci/project/server/events/project_command_runner.go:246\ngithub.com/runatlantis/atlantis/server/events.(*DefaultProjectCommandRunner).PolicyCheck\n\t/home/circleci/project/server/events/project_command_runner.go:145\ngithub.com/runatlantis/atlantis/server/events.runProjectCmds\n\t/home/circleci/project/server/events/project_command_pool_executor.go:47\ngithub.com/runatlantis/atlantis/server/events.(*PolicyCheckCommandRunner).Run\n\t/home/circleci/project/server/events/policy_check_command_runner.go:59\ngithub.com/runatlantis/atlantis/server/events.(*PlanCommandRunner).runAutoplan\n\t/home/circleci/project/server/events/plan_command_runner.go:144\ngithub.com/runatlantis/atlantis/server/events.(*PlanCommandRunner).Run\n\t/home/circleci/project/server/events/plan_command_runner.go:221\ngithub.com/runatlantis/atlantis/server/events.(*DefaultCommandRunner).RunAutoplanCommand\n\t/home/circleci/project/server/events/command_runner.go:160"}
![joshmyers avatar](https://avatars.slack-edge.com/2018-11-20/483958217281_8117d6f6c62807ce9912_72.jpg)
This policy set in /etc/atlantis/repos.yaml policies: owners: users: - cscott policy_sets: - name: terraform_version path: policies/terraform_version source: local appears to be failing since a ter…