AWS - Terraform & Atlantis
Terraform is our infrastructure as code layer and we manage our Terraform workflows with atlantis
automation.
Making Changes In Terraform
Quite often, when using Terraform we apply the changes directly by using the CLI. We suggest you change your IaC practice to a more GitOps oriented way by applying Terraform changes using Atlantis.
The second GitOps principles, versioned and immutable, stipulate that the desired state be stored in a way that enforces immutability, versioning and retains a complete versions’ history, mention that we should keep track of changes to our Terraform files. You can easily achieve this by adding your file to Git, and using pull requests or merges for adding modified files directly inside the gitops
repository. In addition to versioning, it enhances collaboration, visibility, and by keeping a complete history of the changes, make it easier to rollback if problems arise. Using Atlantis also provide you with a lock mechanism which prevents possible conflicts with colleagues working on the same projects. All in all, it's a small change to our habits that bring a lot of benefits.
Automatic Plans With Atlantis
Any change request that includes a .tf file will prompt atlantis
to wake up and run your Terraform plan. Atlantis will post the plan's result to your change request as a comment within a minute or so.
Review and approve the change request.
You can always run a new Terraform plan by commenting directly in your pull request with the words atlantis plan
.
Apply and Merge
Add the comment atlantis apply
in the approved change request. This will prompt Atlantis to wake up and run your terraform apply
.
The apply results will be added to your change request comments by Atlantis.
If the apply is successful, your code will automatically be merged with main, your change request will be closed, and the state lock will be removed in Atlantis.
Managing Terraform State
The following table shows how state is stored based on your installation selection:
State Backed | AWS | Local | Civo | Azure |
---|---|---|---|---|
AWS S3 Bucket | X | |||
Civo object store | X | |||
Azure container storage | X | |||
MinIO (locally) | X |
Tips
What is the general flow of changes using Atlantis for IaC?
- Create a Commit and Change Request: The change described by Terraform instructions will be created in a PR at a folder which Atlantis is listening for it. Once the Change Request is created on GitHub/GitLab, Atlantis will plan it and show possible impacts of it.
- Approve the change: Once you are ready, someone with access will provide
atlantis apply
on the change request, triggering the process of executing theplan
created. - Change is applied by Atlantis: Atlantis will execute the Terraform plan, and Terraform will update shared statestore with new current state changes, change request will be merged to main, reflecting the new desired state.
What can I use Atlantis & Terraform for?
For example, you can use your gitops
repository to help track the creation of repositories:
With Terraform using the S3 based state store, you can add any Terraform file to the gitops
repository on which Atlantis is listening for and Atlantis will try to plan and when approved to apply such plan for you.
Beyond repositories and users, Atlantis allow you to have your IaC demands to be tracked by your main branch registry. Easing up the usage of Terraform based workflows to update the infrastructure you are operating.