{"id":47241,"date":"2024-10-21T10:22:56","date_gmt":"2024-10-21T10:22:56","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=47241"},"modified":"2024-10-22T00:44:29","modified_gmt":"2024-10-22T00:44:29","slug":"atlantis-step-by-step-tutorial-for-atlantis-tool","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/atlantis-step-by-step-tutorial-for-atlantis-tool\/","title":{"rendered":"Atlantis: Step-by-Step Tutorial for Atlantis tool"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"385\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-18-1024x385.png\" alt=\"\" class=\"wp-image-47256\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-18-1024x385.png 1024w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-18-300x113.png 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-18-768x289.png 768w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-18-1536x577.png 1536w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-18-2048x769.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>The core functionality of Atlantis enables developers and operators to run <code>terraform plan<\/code> and <code>apply<\/code> directly from Terraform pull requests. Atlantis then comments back on the pull request with the output of the commands:<\/p>\n\n\n\n<p>In simple terms:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>When developers make changes to their Terraform code and open a pull request (PR) in GitHub, GitLab, or another version control system, Atlantis automatically runs <code>terraform plan<\/code> and shows the result in the PR.<\/li>\n\n\n\n<li>After review and approval, developers can run <code>terraform apply<\/code> right from the PR by commenting on it. This eliminates the need for developers to manually run Terraform commands locally, making collaboration easier and more secure.<\/li>\n<\/ul>\n\n\n\n<p>Here\u2019s a comparison of Terraform workflows <strong>with Atlantis<\/strong> versus <strong>without Atlantis<\/strong>:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Summary:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>With Atlantis<\/strong>, Terraform operations are automated, more controlled, and integrated into a GitOps workflow, improving collaboration, security, and consistency across teams.<\/li>\n\n\n\n<li><strong>Without Atlantis<\/strong>, while Terraform still works effectively, it requires more manual handling, which increases the risk of errors, inconsistencies, and slower collaboration.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Feature\/Aspect<\/strong><\/th><th><strong>With Atlantis<\/strong><\/th><th><strong>Without Atlantis<\/strong><\/th><\/tr><\/thead><tbody><tr><td><strong>Collaboration<\/strong><\/td><td>Collaborates via pull requests. Automatically comments on PRs with <code>plan<\/code> and <code>apply<\/code> results.<\/td><td>Manual collaboration, typically requires team members to run Terraform commands individually.<\/td><\/tr><tr><td><strong>Automation<\/strong><\/td><td>Automatically runs <code>terraform plan<\/code> and <code>terraform apply<\/code> on PR events.<\/td><td>Requires users to manually run Terraform commands on their local machines or a shared environment.<\/td><\/tr><tr><td><strong>Approval Workflow<\/strong><\/td><td>Changes reviewed and approved via GitOps workflow (PR reviews). Terraform applies are run only after approval.<\/td><td>No standardized approval workflow. Approvals and code reviews are manual and not integrated with the Terraform process.<\/td><\/tr><tr><td><strong>CI\/CD Integration<\/strong><\/td><td>Fully integrated into CI\/CD pipeline. Automatic <code>plan<\/code> on each PR and <code>apply<\/code> on approval.<\/td><td>CI\/CD requires manual integration (scripts\/automation) to trigger <code>plan<\/code> and <code>apply<\/code>.<\/td><\/tr><tr><td><strong>Locking Mechanism<\/strong><\/td><td>Atlantis automatically locks workspaces and PRs to prevent race conditions.<\/td><td>Locking has to be managed manually, often leading to potential race conditions or state file conflicts.<\/td><\/tr><tr><td><strong>Infrastructure as Code (IaC) Visibility<\/strong><\/td><td>PR-based workflow provides clear visibility of infrastructure changes before they are applied.<\/td><td>Changes are often made directly via CLI, and visibility is limited to the person making the changes unless using a separate tool.<\/td><\/tr><tr><td><strong>Security<\/strong><\/td><td>Enforces policies and governance on infrastructure changes. All actions are logged in the PR history.<\/td><td>Security depends on manual enforcement. It&#8217;s easier for users to bypass processes without a central audit log.<\/td><\/tr><tr><td><strong>Reproducibility<\/strong><\/td><td>Commands are run in a controlled environment (e.g., in Docker containers), ensuring consistency.<\/td><td>Results may vary depending on the user\u2019s local environment, making reproducibility harder to guarantee.<\/td><\/tr><tr><td><strong>Error Reporting<\/strong><\/td><td>Automatically reports errors as comments in the PR, simplifying troubleshooting.<\/td><td>Errors must be manually communicated by the person running Terraform, making debugging slower and less transparent.<\/td><\/tr><tr><td><strong>Complexity of Setup<\/strong><\/td><td>Requires setting up the Atlantis server, webhooks, and permissions (initial setup can be complex).<\/td><td>No additional setup required beyond Terraform and your version control system, but workflows are more manual.<\/td><\/tr><tr><td><strong>Handling Multiple Projects<\/strong><\/td><td>Atlantis supports multiple projects with separate configurations in the same repository.<\/td><td>Managing multiple projects manually, requiring more complex handling of state files and environments.<\/td><\/tr><tr><td><strong>Cost Optimization<\/strong><\/td><td>Automates and schedules Terraform operations, reducing manual intervention and potentially avoiding unnecessary cloud resource usage.<\/td><td>Requires manual effort to optimize cost by running Terraform commands or adjusting schedules.<\/td><\/tr><tr><td><strong>Auditability<\/strong><\/td><td>Provides a full audit trail of all Terraform commands via PR history and logs.<\/td><td>Limited auditability. Logs are scattered and depend on manual documentation.<\/td><\/tr><tr><td><strong>User Control<\/strong><\/td><td>Users interact with Terraform by commenting on pull requests (e.g., <code>atlantis plan<\/code>, <code>atlantis apply<\/code>).<\/td><td>Users run Terraform commands manually, either locally or in a shared environment.<\/td><\/tr><tr><td><strong>State Management<\/strong><\/td><td>State is locked and handled centrally via Atlantis. Prevents concurrent modifications to the same resources.<\/td><td>Users must manually manage state file locking, leading to potential risks of conflicts and corruption.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Use cases of Atlantis<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"401\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-21-1024x401.png\" alt=\"\" class=\"wp-image-47263\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-21-1024x401.png 1024w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-21-300x117.png 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-21-768x301.png 768w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-21-1536x601.png 1536w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-21-2048x802.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Here are some key <strong>use cases of Atlantis<\/strong> for developers and software projects:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. <strong>Collaborative Infrastructure Management (GitOps Approach)<\/strong><\/h3>\n\n\n\n<p>Atlantis allows multiple developers to collaborate on infrastructure changes using pull requests (PRs). Developers can propose changes in Terraform code, and Atlantis automatically runs <code>terraform plan<\/code> and comments on the results in the PR. Once the changes are approved, <code>terraform apply<\/code> can be triggered directly from the PR, making the entire process seamless and automated.<\/p>\n\n\n\n<p><strong>Use Case:<\/strong><br>A team of developers is managing cloud infrastructure. When one developer proposes a new resource or change, other team members can review the plan, suggest modifications, and approve or reject the changes directly through GitHub or GitLab.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. <strong>Automated Terraform Plan &amp; Apply on PR<\/strong><\/h3>\n\n\n\n<p>Atlantis automates the execution of <code>terraform plan<\/code> and <code>terraform apply<\/code> when developers submit pull requests or comments. This removes the need for manual runs on developer machines, ensuring consistent infrastructure provisioning.<\/p>\n\n\n\n<p><strong>Use Case:<\/strong><br>In a project, a developer adds new infrastructure in a feature branch. Upon submitting the pull request, Atlantis automatically runs <code>terraform plan<\/code>, showing potential changes in the infrastructure. The team can then review the plan and approve the changes, triggering <code>terraform apply<\/code> to provision the infrastructure.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. <strong>State Management and Locking<\/strong><\/h3>\n\n\n\n<p>Atlantis manages Terraform state files and ensures that no two developers are applying conflicting infrastructure changes at the same time. It locks the Terraform state to prevent race conditions and ensures changes are applied safely.<\/p>\n\n\n\n<p><strong>Use Case:<\/strong><br>Two developers want to update different parts of the infrastructure. Without Atlantis, their simultaneous Terraform actions could corrupt the state file. With Atlantis, when one developer runs <code>terraform apply<\/code>, Atlantis locks the state file to prevent the other developer from making changes until the operation is complete.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4. <strong>Infrastructure as Code (IaC) Governance<\/strong><\/h3>\n\n\n\n<p>By requiring all Terraform changes to go through pull requests, Atlantis enforces governance over the infrastructure. Every change is reviewed and approved by team members, ensuring that only validated changes are applied to the infrastructure.<\/p>\n\n\n\n<p><strong>Use Case:<\/strong><br>A project has strict compliance and security requirements. All Terraform changes must be reviewed by a senior engineer. Atlantis integrates with the version control system to enforce this policy\u2014no changes are applied until they are reviewed, ensuring governance and compliance.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">5. <strong>Multi-Project or Multi-Environment Support<\/strong><\/h3>\n\n\n\n<p>Atlantis supports multiple Terraform projects and environments in the same repository. This is useful for teams managing complex infrastructures with different environments (e.g., dev, staging, production).<\/p>\n\n\n\n<p><strong>Use Case:<\/strong><br>In a microservices project, each service may have its own Terraform project. Atlantis can manage plans and applies for each project separately, allowing the team to work on multiple infrastructure components at the same time without conflicts.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">6. <strong>CI\/CD Pipeline Integration<\/strong><\/h3>\n\n\n\n<p>Atlantis integrates with existing CI\/CD pipelines by automating infrastructure deployment via Terraform. This allows infrastructure to be provisioned or updated automatically as part of the pipeline, ensuring that changes are applied in a controlled and consistent manner.<\/p>\n\n\n\n<p><strong>Use Case:<\/strong><br>A project\u2019s CI\/CD pipeline includes a step to provision cloud infrastructure before deploying the application. Atlantis automates Terraform operations, allowing the pipeline to run <code>terraform plan<\/code> and <code>apply<\/code> based on the code changes, ensuring that the environment is always up to date.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">7. <strong>Audit Trail and Security<\/strong><\/h3>\n\n\n\n<p>Atlantis provides an audit trail of all Terraform operations, including who proposed, reviewed, and applied changes. This is crucial for security and compliance, especially in organizations that need to track infrastructure modifications.<\/p>\n\n\n\n<p><strong>Use Case:<\/strong><br>In a financial services project, compliance requires that all infrastructure changes are tracked and auditable. With Atlantis, the PR history shows who initiated, reviewed, and approved each Terraform plan and apply operation, providing a full audit trail.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">8. <strong>Decentralized Terraform Operations<\/strong><\/h3>\n\n\n\n<p>Developers don\u2019t need direct access to the cloud provider\u2019s account or credentials to make changes. Atlantis handles the Terraform commands and applies the changes on behalf of developers, reducing the risk of unauthorized or accidental changes.<\/p>\n\n\n\n<p><strong>Use Case:<\/strong><br>A company managing sensitive infrastructure restricts direct access to its cloud accounts. Developers use Atlantis to propose infrastructure changes, which are applied by the system without the developers needing access to cloud credentials, improving security.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">9. <strong>Testing and Staging Environments<\/strong><\/h3>\n\n\n\n<p>Atlantis can be used to manage infrastructure for test or staging environments, allowing teams to automatically provision test environments when a new branch is pushed. This ensures that infrastructure changes can be tested in isolation before being applied to production.<\/p>\n\n\n\n<p><strong>Use Case:<\/strong><br>In a project, a developer opens a PR for a new feature, and Atlantis automatically provisions a test environment to validate the changes. Once the feature is tested and approved, Atlantis applies the changes to production through the same PR.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">10. <strong>Drift Detection and Infrastructure Consistency<\/strong><\/h3>\n\n\n\n<p>Atlantis helps ensure infrastructure consistency by continuously running <code>terraform plan<\/code> for each PR and showing what will change in the infrastructure. This can help detect infrastructure drift (where the actual infrastructure differs from the code) early.<\/p>\n\n\n\n<p><strong>Use Case:<\/strong><br>A team managing a large infrastructure wants to ensure that the code matches the actual resources in the cloud. Whenever a change is proposed, Atlantis shows exactly what will be modified, helping identify any unexpected differences and ensuring that the infrastructure stays consistent.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Atlantis Walkthrough<\/h2>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-4-3 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\"  id=\"_ytid_11305\"  width=\"760\" height=\"427\"  data-origwidth=\"760\" data-origheight=\"427\" src=\"https:\/\/www.youtube.com\/embed\/TmIPWda0IKg?enablejsapi=1&#038;autoplay=0&#038;cc_load_policy=0&#038;cc_lang_pref=&#038;iv_load_policy=1&#038;loop=0&#038;rel=1&#038;fs=1&#038;playsinline=0&#038;autohide=2&#038;theme=dark&#038;color=red&#038;controls=1&#038;disablekb=0&#038;\" class=\"__youtube_prefs__  epyt-is-override  no-lazyload\" title=\"YouTube player\"  allow=\"fullscreen; accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen data-no-lazy=\"1\" data-skipgform_ajax_framebjll=\"\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">How Atlantis Works?<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"461\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-19-1024x461.png\" alt=\"\" class=\"wp-image-47258\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-19-1024x461.png 1024w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-19-300x135.png 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-19-768x346.png 768w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-19-1536x691.png 1536w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-19-2048x922.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"680\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/intro1-1024x680.gif\" alt=\"\" class=\"wp-image-47248\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/intro1-1024x680.gif 1024w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/intro1-300x199.gif 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/intro1-768x510.gif 768w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/intro1-1536x1020.gif 1536w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Terraform Workflow Without Atlantis<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"794\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-15-1024x794.png\" alt=\"\" class=\"wp-image-47245\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-15-1024x794.png 1024w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-15-300x233.png 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-15-768x595.png 768w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-15.png 1440w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Terraform Workflow With Atlantis<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"606\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-20-1024x606.png\" alt=\"\" class=\"wp-image-47260\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-20-1024x606.png 1024w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-20-300x178.png 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-20-768x455.png 768w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-20-1536x910.png 1536w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-20-2048x1213.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"379\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-16-1024x379.png\" alt=\"\" class=\"wp-image-47246\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-16-1024x379.png 1024w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-16-300x111.png 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-16-768x284.png 768w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-16.png 1520w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">How Atlantis works?<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"723\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-17-1024x723.png\" alt=\"\" class=\"wp-image-47254\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-17-1024x723.png 1024w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-17-300x212.png 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-17-768x542.png 768w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-17-1536x1084.png 1536w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2024\/10\/image-17.png 1966w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Summary of How Atlantis Works:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Webhook Trigger<\/strong>: Atlantis listens for pull request events via a webhook.<\/li>\n\n\n\n<li><strong>Plan Execution<\/strong>: On PR creation or updates, Atlantis automatically runs <code>terraform plan<\/code> and posts the output in the PR for review.<\/li>\n\n\n\n<li><strong>Review and Approval<\/strong>: Team members review the changes and approve the PR.<\/li>\n\n\n\n<li><strong>Apply Execution<\/strong>: Once approved, Atlantis runs <code>terraform apply<\/code> when the command is added as a comment.<\/li>\n\n\n\n<li><strong>State Management<\/strong>: Atlantis handles Terraform state locking and ensures safe, conflict-free operations.<\/li>\n\n\n\n<li><strong>Auditability<\/strong>: Every operation is recorded in the PR, creating a clear audit trail of all infrastructure changes.<\/li>\n<\/ul>\n\n\n\n<p>Atlantis works by integrating with Git-based version control systems (like GitHub, GitLab, or Bitbucket) to automate the process of running Terraform commands (<code>plan<\/code> and <code>apply<\/code>) as part of the GitOps workflow. Here\u2019s a step-by-step explanation of how Atlantis works:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. <strong>Setup and Configuration<\/strong><\/h3>\n\n\n\n<p>Atlantis is deployed as a server, typically running in a container (e.g., Docker). It listens for events from your version control system (VCS), such as pull requests (PRs), which signal that Terraform changes have been made. You configure Atlantis with environment variables and settings like VCS provider credentials, repository access rules, and webhooks.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You set up a <strong>webhook<\/strong> in the VCS (e.g., GitHub) that sends events (like PR creation or updates) to Atlantis.<\/li>\n\n\n\n<li>A configuration file (<code>atlantis.yaml<\/code>) in the root of your repository tells Atlantis how to handle Terraform operations for different directories and environments.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2. <strong>Pull Request Creation (Terraform Plan Execution)<\/strong><\/h3>\n\n\n\n<p>When a developer opens a <strong>pull request<\/strong> to propose infrastructure changes, Atlantis is triggered via the webhook. It automatically runs <code>terraform plan<\/code> to show what changes will be made based on the proposed code. The result of the plan is posted back as a comment on the PR.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Example Workflow:<\/strong>\n<ol class=\"wp-block-list\">\n<li>Developer makes Terraform changes in a feature branch.<\/li>\n\n\n\n<li>They create a pull request (PR) to merge those changes into the main branch.<\/li>\n\n\n\n<li>The webhook triggers Atlantis.<\/li>\n\n\n\n<li>Atlantis runs <code>terraform plan<\/code>, and the plan output is added as a comment in the PR.<\/li>\n<\/ol>\n<\/li>\n<\/ul>\n\n\n\n<p>This helps developers and reviewers see the exact changes that will be made before applying them.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. <strong>Pull Request Review and Approval<\/strong><\/h3>\n\n\n\n<p>Once the <code>terraform plan<\/code> output is available in the PR, team members can review the proposed changes. This allows for code review and infrastructure review to happen simultaneously, providing full visibility into what resources will be modified, created, or destroyed.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Review Process:<\/strong>\n<ul class=\"wp-block-list\">\n<li>Reviewers can suggest changes or approve the PR.<\/li>\n\n\n\n<li>If approved, the developer or reviewer can trigger the next step (<code>terraform apply<\/code>) directly from the PR.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4. <strong>Terraform Apply<\/strong><\/h3>\n\n\n\n<p>After the PR is approved, Atlantis waits for a specific command (e.g., <code>atlantis apply<\/code>) to be added as a comment in the PR. This command triggers Atlantis to run <code>terraform apply<\/code>, which applies the proposed changes to the infrastructure.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Safe Apply<\/strong>: By requiring explicit approval and a separate apply step, Atlantis ensures that no changes are applied until the team has reviewed and approved them.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5. <strong>State Management and Locking<\/strong><\/h3>\n\n\n\n<p>Atlantis handles Terraform <strong>state<\/strong> and <strong>locking<\/strong> automatically. When it runs <code>terraform apply<\/code>, it locks the state file to prevent other operations from making concurrent changes. Once the apply is complete, the lock is released.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>This prevents race conditions where multiple users might attempt to modify the same resources simultaneously.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6. <strong>Handling Multiple Projects and Environments<\/strong><\/h3>\n\n\n\n<p>Atlantis can manage <strong>multiple Terraform projects<\/strong> and environments in the same repository using the <code>atlantis.yaml<\/code> configuration file. You can define different workflows for each project or environment, specifying how Atlantis should run <code>plan<\/code> and <code>apply<\/code> for each.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>For example, you can have separate configurations for <code>dev<\/code>, <code>staging<\/code>, and <code>production<\/code> environments, each with its own Terraform directory and workflow.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7. <strong>Post-Apply Workflow<\/strong><\/h3>\n\n\n\n<p>Once the <code>terraform apply<\/code> command is successfully executed, Atlantis updates the PR with the results of the apply. The PR is now ready to be merged into the main branch, and the infrastructure changes have been applied.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">8. <strong>Audit Trail and Logging<\/strong><\/h3>\n\n\n\n<p>Atlantis provides a complete <strong>audit trail<\/strong> of all Terraform commands run for each PR. Every plan and apply operation is recorded as comments in the PR, providing full transparency and traceability of all infrastructure changes.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">9. <strong>Custom Workflows and Policies<\/strong><\/h3>\n\n\n\n<p>Atlantis allows you to define <strong>custom workflows<\/strong> using the <code>atlantis.yaml<\/code> file. This flexibility lets you specify the steps to be followed during the <code>plan<\/code> and <code>apply<\/code> processes. You can also enforce <strong>policy checks<\/strong> to ensure that all changes meet security and compliance requirements before they are applied.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Key <strong>Atlantis terminologies<\/strong> and their equivalent or related concepts in <strong>Terraform<\/strong>:<\/h2>\n\n\n\n<p>Here\u2019s a comparison of key <strong>Atlantis terminologies<\/strong> and their equivalent or related concepts in <strong>Terraform<\/strong>:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Atlantis Terminology<\/strong><\/th><th><strong>Equivalent\/Related Terraform Terminology<\/strong><\/th><th><strong>Explanation<\/strong><\/th><\/tr><\/thead><tbody><tr><td><strong>Plan<\/strong><\/td><td><code>terraform plan<\/code><\/td><td>In Atlantis, a <strong>Plan<\/strong> refers to running <code>terraform plan<\/code> automatically when a pull request (PR) is created or updated. This command previews the changes without applying them.<\/td><\/tr><tr><td><strong>Apply<\/strong><\/td><td><code>terraform apply<\/code><\/td><td>In Atlantis, <strong>Apply<\/strong> refers to running <code>terraform apply<\/code>, which applies the proposed infrastructure changes. This is usually triggered after reviewing and approving a PR.<\/td><\/tr><tr><td><strong>Autoplan<\/strong><\/td><td>N\/A (Custom Automation Feature)<\/td><td><strong>Autoplan<\/strong> in Atlantis automatically runs <code>terraform plan<\/code> when specific files (like <code>.tf<\/code> files) are modified in a pull request. Terraform alone does not have this feature.<\/td><\/tr><tr><td><strong>Workspace<\/strong><\/td><td><code>terraform workspace<\/code><\/td><td>A <strong>Workspace<\/strong> in Atlantis corresponds to Terraform&#8217;s <strong>workspaces<\/strong>. It allows you to manage multiple states (e.g., for different environments like dev, staging, prod).<\/td><\/tr><tr><td><strong>Project<\/strong><\/td><td>N\/A (Group of Terraform Configurations)<\/td><td>A <strong>Project<\/strong> in Atlantis refers to a specific directory containing Terraform code, which Atlantis will manage. Terraform doesn\u2019t explicitly group files as projects.<\/td><\/tr><tr><td><strong>Locking<\/strong><\/td><td><code>terraform state lock<\/code> (with manual actions)<\/td><td>Atlantis automatically handles <strong>locking<\/strong> the Terraform state to prevent concurrent operations. In Terraform, state locking needs to be managed manually when running commands.<\/td><\/tr><tr><td><strong>Unlock<\/strong><\/td><td>N\/A (Manual with Terraform)<\/td><td><strong>Unlock<\/strong> in Atlantis releases the lock on a workspace or PR if the command was not completed successfully. Terraform doesn\u2019t have an automatic unlock system like Atlantis.<\/td><\/tr><tr><td><strong>Webhook<\/strong><\/td><td>N\/A (VCS Integration)<\/td><td><strong>Webhook<\/strong> in Atlantis is used to trigger actions when events (like pull request creation) happen in a VCS (GitHub, GitLab). Terraform does not have native webhook support.<\/td><\/tr><tr><td><strong>Atlantis.yaml<\/strong><\/td><td>N\/A (Terraform doesn\u2019t use <code>.yaml<\/code>)<\/td><td>The <strong>atlantis.yaml<\/strong> file configures how Atlantis runs Terraform commands for specific projects, directories, and workflows. Terraform uses <code>.tf<\/code> files for configurations.<\/td><\/tr><tr><td><strong>Policy Check<\/strong><\/td><td>Sentinel (in Terraform Enterprise), Custom Policy Integration<\/td><td>Atlantis can be configured to enforce <strong>policy checks<\/strong> before applying changes. Terraform has a similar concept using Sentinel in the enterprise version.<\/td><\/tr><tr><td><strong>Command<\/strong><\/td><td>Terraform CLI Commands (e.g., <code>plan<\/code>, <code>apply<\/code>, <code>destroy<\/code>)<\/td><td>An Atlantis <strong>Command<\/strong> is similar to running a Terraform command like <code>plan<\/code>, <code>apply<\/code>, or <code>destroy<\/code> from the CLI, but triggered through a PR comment.<\/td><\/tr><tr><td><strong>Comment Command<\/strong><\/td><td>N\/A (Terraform does not use comments)<\/td><td>Atlantis allows users to comment on PRs with commands like <code>atlantis plan<\/code> or <code>atlantis apply<\/code> to trigger Terraform actions. Terraform CLI lacks this feature.<\/td><\/tr><tr><td><strong>Atlantis Server<\/strong><\/td><td>N\/A (Terraform doesn\u2019t require a server)<\/td><td><strong>Atlantis Server<\/strong> is the backend that runs and manages Terraform commands. In Terraform, commands are typically run locally or in a CI\/CD pipeline without a central server.<\/td><\/tr><tr><td><strong>PR (Pull Request)<\/strong><\/td><td>N\/A (Separate to Terraform)<\/td><td><strong>Pull Requests<\/strong> are how infrastructure changes are proposed and reviewed in Atlantis. Terraform does not have a native GitOps pull request workflow.<\/td><\/tr><tr><td><strong>Run Plan in PR<\/strong><\/td><td><code>terraform plan<\/code> locally or in CI\/CD<\/td><td>Atlantis runs the plan in the pull request and posts the result as a comment. In Terraform, this would be done manually or via a CI pipeline outside of Git.<\/td><\/tr><tr><td><strong>Apply via Comment<\/strong><\/td><td><code>terraform apply<\/code> after review (manual or automated)<\/td><td>Atlantis allows apply to be triggered by commenting <code>atlantis apply<\/code> in the PR. In Terraform, you need to manually run <code>terraform apply<\/code> after the plan is reviewed.<\/td><\/tr><tr><td><strong>VCS Integration<\/strong><\/td><td>N\/A (Handled via CI\/CD)<\/td><td>Atlantis integrates directly with VCS providers (GitHub, GitLab, Bitbucket). In Terraform, integration with version control is typically done through CI\/CD automation.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Summary:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Atlantis<\/strong> enhances Terraform workflows by automating <code>plan<\/code> and <code>apply<\/code> commands directly in pull requests, using comments and webhooks.<\/li>\n\n\n\n<li>While Terraform is typically run from the CLI or CI\/CD pipelines, Atlantis adds a GitOps workflow layer, handling state locking, automating plans on PR changes, and offering governance features.<\/li>\n\n\n\n<li><strong>Atlantis.yaml<\/strong> file and <strong>workflows<\/strong> bring more automation and project-specific controls, whereas Terraform focuses primarily on infrastructure management without direct GitOps integration.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">List of All Atlantis Commands<\/h2>\n\n\n\n<p>Here\u2019s a list of <strong>Atlantis commands<\/strong> with their explanation in a tabular format:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Key Notes:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Plan<\/strong> commands (<code>atlantis plan<\/code>) are used to preview infrastructure changes based on code in a pull request.<\/li>\n\n\n\n<li><strong>Apply<\/strong> commands (<code>atlantis apply<\/code>) are used to apply changes after review and approval.<\/li>\n\n\n\n<li><strong>Unlock<\/strong> commands (<code>atlantis unlock<\/code>) release locks on workspaces or projects if operations fail or stall.<\/li>\n\n\n\n<li>The commands can be targeted to specific <strong>projects<\/strong> or <strong>workspaces<\/strong>, making them flexible for multi-environment or multi-project setups.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Command<\/strong><\/th><th><strong>Explanation<\/strong><\/th><th><strong>Usage Example<\/strong><\/th><\/tr><\/thead><tbody><tr><td><strong>atlantis plan<\/strong><\/td><td>Runs <code>terraform plan<\/code> on the pull request. This command checks the Terraform code and shows what changes will be made to the infrastructure.<\/td><td><code>atlantis plan<\/code> in a PR comment triggers the plan.<\/td><\/tr><tr><td><strong>atlantis apply<\/strong><\/td><td>Runs <code>terraform apply<\/code> on the changes proposed by <code>terraform plan<\/code> after it has been approved by reviewers. This command applies the changes to the infrastructure.<\/td><td><code>atlantis apply<\/code> in a PR comment applies the approved changes.<\/td><\/tr><tr><td><strong>atlantis unlock<\/strong><\/td><td>Unlocks the pull request or workspace if it is stuck in a locked state due to a failed or canceled operation.<\/td><td><code>atlantis unlock<\/code> frees up locked resources.<\/td><\/tr><tr><td><strong>atlantis help<\/strong><\/td><td>Displays help information about Atlantis and its commands. This command provides a brief description of the available commands and options.<\/td><td><code>atlantis help<\/code> shows the list of commands and options.<\/td><\/tr><tr><td><strong>atlantis version<\/strong><\/td><td>Shows the current version of the Atlantis server that is running. This is useful for verifying the version during troubleshooting or setup.<\/td><td><code>atlantis version<\/code> prints the current version.<\/td><\/tr><tr><td><strong>atlantis apply -d &lt;directory&gt;<\/strong><\/td><td>Applies changes to the specific Terraform directory specified in the command. This is useful when working with multiple Terraform directories in a repository.<\/td><td><code>atlantis apply -d \/my-terraform-dir<\/code> applies the changes only to that directory.<\/td><\/tr><tr><td><strong>atlantis plan -d &lt;directory&gt;<\/strong><\/td><td>Runs <code>terraform plan<\/code> for a specific directory in the repository. This command allows users to run plans only for the directory where the code has changed.<\/td><td><code>atlantis plan -d \/my-terraform-dir<\/code> plans changes for that directory.<\/td><\/tr><tr><td><strong>atlantis plan -p &lt;project&gt;<\/strong><\/td><td>Runs <code>terraform plan<\/code> for a specific project defined in <code>atlantis.yaml<\/code>. This is useful in repositories with multiple projects.<\/td><td><code>atlantis plan -p my-project<\/code> runs a plan for a specific project.<\/td><\/tr><tr><td><strong>atlantis apply -p &lt;project&gt;<\/strong><\/td><td>Runs <code>terraform apply<\/code> for a specific project defined in <code>atlantis.yaml<\/code>. This is useful when different projects exist in the same repository.<\/td><td><code>atlantis apply -p my-project<\/code> applies changes to a specific project.<\/td><\/tr><tr><td><strong>atlantis plan -w &lt;workspace&gt;<\/strong><\/td><td>Runs <code>terraform plan<\/code> for a specific workspace. Workspaces allow users to maintain different states (e.g., dev, staging, prod).<\/td><td><code>atlantis plan -w staging<\/code> runs a plan for the staging workspace.<\/td><\/tr><tr><td><strong>atlantis apply -w &lt;workspace&gt;<\/strong><\/td><td>Runs <code>terraform apply<\/code> for a specific workspace. This command allows users to apply changes to a specific environment.<\/td><td><code>atlantis apply -w production<\/code> applies changes to the production workspace.<\/td><\/tr><tr><td><strong>atlantis unlock -p &lt;project&gt;<\/strong><\/td><td>Unlocks a specific project in case a plan or apply operation was stuck and didn\u2019t release the lock.<\/td><td><code>atlantis unlock -p my-project<\/code> unlocks a specific project.<\/td><\/tr><tr><td><strong>atlantis unlock -w &lt;workspace&gt;<\/strong><\/td><td>Unlocks a specific workspace in case a plan or apply operation was stuck and didn\u2019t release the lock.<\/td><td><code>atlantis unlock -w dev<\/code> unlocks a specific workspace.<\/td><\/tr><tr><td><strong>atlantis approve_policies<\/strong><\/td><td>Approves the policy check results, if Atlantis is configured with policy checks. This command is used to bypass or accept policy results before applying the changes.<\/td><td><code>atlantis approve_policies<\/code> approves the policy check results.<\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>The core functionality of Atlantis enables developers and operators to run terraform plan and apply directly from Terraform pull requests. Atlantis then comments back on the pull request with the&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-47241","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/47241","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=47241"}],"version-history":[{"count":14,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/47241\/revisions"}],"predecessor-version":[{"id":47264,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/47241\/revisions\/47264"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=47241"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=47241"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=47241"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}