Customer Update: April 2026

byErik OstermanCEO & Founder of Cloud Posse

Three things that shipped this month that your team should know about — including one that eliminates an entire category of CI/CD glue code.

Reference Architecture

EKS Auto Mode Support

Managing EKS node groups means tracking AMI updates, configuring launch templates, tuning autoscaler parameters, and debugging kubelet version mismatches. AWS launched EKS Auto Mode to eliminate all of that — AWS manages the compute layer entirely, including provisioning, scaling, and OS patching — but our reference architecture components didn't support it yet.

Now they do. The updated eks/cluster component supports EKS Auto Mode alongside traditional managed node groups. You can adopt Auto Mode for new clusters or migrate existing ones incrementally. The component handles the compute configuration, node class selection, and the IAM roles that Auto Mode requires.

Many teams spend a week per quarter upgrading clusters — a full month every year on EKS maintenance alone. If that sounds familiar, Auto Mode is worth evaluating.

EKS and ECR Authentication via Atmos Auth

Setting up kubectl access to EKS clusters has always been more steps than it should be — running aws eks update-kubeconfig, managing multiple contexts, and re-authenticating when tokens expire. ECR is similarly painful: aws ecr get-login-password | docker login every 12 hours, or managing credential helpers across your team.

Atmos Auth now handles both natively:

EKS integration — Configure EKS clusters as part of your auth identity. atmos auth login automatically provisions kubeconfig entries for all linked clusters. No more aws eks update-kubeconfig commands. The new atmos aws eks token command works as a kubectl credential plugin for short-lived STS tokens without requiring the AWS CLI.
ECR integration — Docker push/pull to ECR works immediately after atmos auth login. No credential helpers, no 12-hour token dance.

Both integrations clean up automatically on logout. Your team configures it once in atmos.yaml and everyone gets consistent access from day one.

Atmos

Native CI/CD — No More Wrapper Scripts

In February, we mentioned Native CI/CD Support as a roadmap item. It's shipped, and it eliminates the entire category of bash glue code that most teams write to make Terraform work in GitHub Actions.

The problem: Getting Terraform plan output into GitHub in a useful format meant writing bash scripts to parse stdout, awk/grep for resource counts, and separate GitHub Actions to post PR comments. Every team wrote their own version, and they all broke in slightly different ways.

The solution: Atmos now auto-detects CI environments and does the right thing:

Rich plan summaries appear directly in GitHub Actions step summaries — resource badges, collapsible diffs, and Terraform outputs. No extra actions or parsing required.
Live commit status checks show real-time progress ("Plan in progress" then "3 to add, 1 to change, 0 to destroy").
Output variables are exported to $GITHUB_OUTPUT automatically — has_changes, has_additions, plan_summary — ready for downstream jobs.

The key insight: the same command works everywhere. atmos terraform plan vpc -s prod produces the same result locally and in CI. The difference is just the output format — Atmos handles that automatically.

# Your entire GitHub Actions step:
- run: atmos terraform plan vpc -s prod
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

No separate GitHub Actions, no wrapper scripts, no shellfu. Just clean, reproducible commands.

This lines up with a pattern we're seeing across customer teams: pulling back on the sprawl of third-party GitHub Actions. With Native CI, your workflow depends on the atmos binary — no npm, no marketplace actions to vet, version-pin, and audit. Fewer supply-chain surfaces, smaller blast radius, and one toolchain to reason about across local dev and CI.

PR comment integration is part of this release too — Atmos posts plan summaries directly as PR comments, no extra action required. Custom Go templates are available if you want full control over the formatting.

Need Help Setting Up Native CI?

If you're currently using custom GitHub Actions workflows with Terraform, we can help you migrate to Native CI. The migration typically eliminates 50-100 lines of bash per workflow.

To schedule: Reply to this email or book directly.

Atmos Pro

Introducing Atmos Pro

Native CI gives you the in-CI experience — plan summaries, status checks, output variables. But once you're running Atmos across multiple repos, multiple environments, and multiple approvers, you start needing things that don't belong inside a single Actions run: a dashboard view of drift across all your stacks, an audit trail of who approved what, and gates on apply jobs.

That's Atmos Pro — the control plane for Atmos. A hosted service that installs as a GitHub App, watches every stack across your repos, and adds:

Atmos Pro PR comment with Terraform plan summary and dependency graph

PR plan comments with dependency context — full Terraform plan summaries posted on the PR itself, with a dependency graph so reviewers can see which downstream stacks each change touches.
Drift detection — continuous comparison of state vs. real AWS, surfaced before the next deploy.
Deployment approvals — gate apply jobs behind approval workflows, with per-stack history.
Team dashboard — deployment frequency, pending approvals, and drift status across every workspace in one place.
Rollbacks (coming soon) — one-click revert to any previously applied plan, with the same approval gates.

Open-source Atmos still does what it always has, locally and in CI. Atmos Pro is the control plane on top — coordinating drift, approvals, and rollbacks across every workspace once you've outgrown "the CI logs are the source of truth."

We're opening up subscriptions over the next few weeks at atmos-pro.com. If you want early access, reply to this email.

What's Coming

Atmos Pro Subscriptions — Self-serve sign-up opening over the next few weeks. Reply if you want early access.
Planfile Artifacts — Native CI will store and verify planfiles automatically, with SHA256 integrity checks across S3, GitHub Artifacts, or local storage. Apply jobs can consume the exact plan from earlier steps without glue code.

Check the Atmos Roadmap for detailed timelines.

Community

Office Hours continues weekly — if you have questions about any of these changes, it's the fastest way to get answers. Register here if you don't already have it on your calendar, or catch up via the podcast.

Questions about any of these changes? Reply to this email or schedule time with us.

Erik Osterman

CEO & Founder of Cloud Posse

Founder & CEO of Cloud Posse. DevOps thought leader.

Schedule Time

Share This Update

← All Updates Get Support →

Customer Update: April 2026

Customer Update #3

Customer Update: April 2026

byErik OstermanCEO & Founder of Cloud Posse

Three things that shipped this month that your team should know about — including one that eliminates an entire category of CI/CD glue code.

Reference Architecture

EKS Auto Mode Support

Many teams spend a week per quarter upgrading clusters — a full month every year on EKS maintenance alone. If that sounds familiar, Auto Mode is worth evaluating.

EKS and ECR Authentication via Atmos Auth

Atmos Auth now handles both natively:

EKS integration — Configure EKS clusters as part of your auth identity. atmos auth login automatically provisions kubeconfig entries for all linked clusters. No more aws eks update-kubeconfig commands. The new atmos aws eks token command works as a kubectl credential plugin for short-lived STS tokens without requiring the AWS CLI.
ECR integration — Docker push/pull to ECR works immediately after atmos auth login. No credential helpers, no 12-hour token dance.

Both integrations clean up automatically on logout. Your team configures it once in atmos.yaml and everyone gets consistent access from day one.

Atmos

Native CI/CD — No More Wrapper Scripts

In February, we mentioned Native CI/CD Support as a roadmap item. It's shipped, and it eliminates the entire category of bash glue code that most teams write to make Terraform work in GitHub Actions.

The solution: Atmos now auto-detects CI environments and does the right thing:

Rich plan summaries appear directly in GitHub Actions step summaries — resource badges, collapsible diffs, and Terraform outputs. No extra actions or parsing required.
Live commit status checks show real-time progress ("Plan in progress" then "3 to add, 1 to change, 0 to destroy").
Output variables are exported to $GITHUB_OUTPUT automatically — has_changes, has_additions, plan_summary — ready for downstream jobs.

# Your entire GitHub Actions step:
- run: atmos terraform plan vpc -s prod
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

No separate GitHub Actions, no wrapper scripts, no shellfu. Just clean, reproducible commands.

Need Help Setting Up Native CI?

If you're currently using custom GitHub Actions workflows with Terraform, we can help you migrate to Native CI. The migration typically eliminates 50-100 lines of bash per workflow.

To schedule: Reply to this email or book directly.

Atmos Pro

Introducing Atmos Pro

That's Atmos Pro — the control plane for Atmos. A hosted service that installs as a GitHub App, watches every stack across your repos, and adds:

Atmos Pro PR comment with Terraform plan summary and dependency graph

PR plan comments with dependency context — full Terraform plan summaries posted on the PR itself, with a dependency graph so reviewers can see which downstream stacks each change touches.
Drift detection — continuous comparison of state vs. real AWS, surfaced before the next deploy.
Deployment approvals — gate apply jobs behind approval workflows, with per-stack history.
Team dashboard — deployment frequency, pending approvals, and drift status across every workspace in one place.
Rollbacks (coming soon) — one-click revert to any previously applied plan, with the same approval gates.

We're opening up subscriptions over the next few weeks at atmos-pro.com. If you want early access, reply to this email.

What's Coming

Atmos Pro Subscriptions — Self-serve sign-up opening over the next few weeks. Reply if you want early access.
Planfile Artifacts — Native CI will store and verify planfiles automatically, with SHA256 integrity checks across S3, GitHub Artifacts, or local storage. Apply jobs can consume the exact plan from earlier steps without glue code.

Check the Atmos Roadmap for detailed timelines.

Community

Questions about any of these changes? Reply to this email or schedule time with us.

Erik Osterman

CEO & Founder of Cloud Posse

Founder & CEO of Cloud Posse. DevOps thought leader.

Schedule Time

Share This Update

← All Updates Get Support →