#atmos - May 2024

removed an integration from this channel: Linear Asks

Hey all, my team is working through updating some of our atmos configuration, and we're looking for some guidance around "when" to vendor? We're considering adding some logic to our GitHub Actions that would pull components for affected stacks allowing us to keep the code outside of the repository. Some wins here would be less to review on pull requests as we vendor new versions into different dev/stag/prod stages. However, is it a better play to vendor in as we develop and then commit the changes to the atmos repo?

Hey Guys,

I have an use case where my component in atmos has just a terraform null_reource to execute a python script based on few triggers.
However, is there any way out I can still manage this similar to a component but not through terraform(null resource), can I use something like custom cli commands that atmos supports to do this?
Any input on this use case would be really appreciated.

What do you folks think of allowing s3 module or component to have an option to add a suffix with a random string to avoid the high cost of unauthorized s3 denied access?

Or is there a gomplate way of generating a random id and passing it in the yaml to attributes ?

@RB here's the documentation on OpenTofu cc @Matt Gowie
https://github.com/cloudposse/atmos/pull/594

HI @Erik Osterman (Cloud Posse), I have an interesting use case where I have a stack with 10 components approximately and the all of these components are depending on a output of a single component which is being deployed at the first place as part of my stack. what I'm doing right now is reading out put of the component using remote-state feature of atmos, however, when I execute the workflow which has commands to execute all these components sequentially even there is a change only for a single component(this is the current design I came up with) it is reading the state file of the component every single time for each component and that is adding up extra time for my pipeline execution time. imagine if I have to deploy 100 stacks which are affected. is there any way to mimic this feature something similar to having a global variable in the stack file and refer the same all over the stack wherever it is needed?. basically what I'm looking for is, read once per stack for the output of a component and use it as part of all other dependant components.

It would really save me a lot of time, anybody's help in this regard would be really appreciated.

Thanks a ton in advance !!!

If a component's enabled flag is set to false it should delete an existing component's infra, but what if you did not want the component to be acted on at all? Would a new metadata.enabled flag be acceptable? This way it wouldn't even create the workspace or run terraform commands. Atmos should just early exit

Hey all, happy Monday! I hope I have a quick question and I'm missing something obvious. I have the need to configure a provider for a component that require credentials stored in a GitHub secret. I'm missing how to get that data out of the secret and available for Atmos to use when building the provider_override.tf.json file in the component directory.

providers:
  provider_name:
    alias: "example"
    host: "<https://example.com>"
    account_id: ${{ env.example_account_id }}
    client_id: ${{ env.example_client_id }}
    client_secret: ${{ env.example_client_secret }}

Is there some documentation or capability in Atmos to parse our YAML files and replace variable placeholders with content from a secret store?

Hi,

i don't know if its me or a bug 🙂 If i use Uppercase Letters in tenant, the remote state provider will downcase it and then not find the stack. I've simply renamed the stack, but wanted to let you know.

Second thing, i'm not 100% sure, but i belive the remote-state provider ignores stacks.name_template and only looks for stacks.name_pattern

I'd like to solicit more feedback on remote sources for components so we arrive at the best implementation.

https://github.com/cloudposse/atmos/issues/598

v1.72.0
Update gomplate datasources. Add env and evaluations sections to Go template configurations @aknysh (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2286698395" data-permission-text="Title is private"...

v1.72.0
Update gomplate datasources. Add env and evaluations sections to Go template configurations @aknysh (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2286698395" data-permission-text="Title is private"...

Is there a way to list only real components ?

atmos list components --real

Hi,

is there an json manifest for vendor.yaml?

Since inherit will not merge metadata, i need to define the component version for every component in every stack.

i try to dynamically name a component using catalog templates. But so far it is not working. With this approach i try to version my component but sill be able to use multiple instances of it.

import highlevel component in stack:

 import:
  - catalog/account/v0_1_0
  - mixins/region/eu-central-1

use import for the highlevel component:

import:
  - path: catalog/components/account-vpc/v0_1_0
    context:
      name: 'vpc/{{ .setting.region }}'

use component template:

components:
  terraform:
    '{{ .name }}':
      metadata:
        component: account-vpc/v0.1.0

my component ends up beeing:

atmos list components -s accounts-sandbox-5
global
vpc/{{ .setting.region }}

How does one provision a VPC with database specific subnets like terraform-aws-modules/vpc ?

Is it better to provision a new VPC instead ?

for those, who use tenv: https://github.com/tofuutils/tenv/pull/129

question... i know this has been covered here but I don't think I can find/search the history w/o it getting chopped off going to Free Slack.... any guidance around how to lookup resources/ids from prereq stacks? Is it always just use the remote-state data lookup? or is it just easier/preferred to do a regular data lookup like one would w/ any resources? guidance on when to use one or the other? In my environment (azure) we split up terraform state across the subscriptions that hold the resources so there's not liek a single blob storage that holds all of the state files...

Hey everyone, I figured I would come in here and ask before I start hacking around. We're leveraging the VPC module to build our pub/priv subnets, and I need to modify the default route on those public subnets away from the IGW to a Cisco device. I'm guessing this is outside the scope of the module but I figured I would ask 🙂 Hope you guys are having a good week.

Heya! I'm following the Quick Start docs in Atmos, and I am enjoying it very much so far, its hard to not skip steps and go all in 😄 I have ran in to a small issue though with provisioning, Im at the configure a TF backend, and it feels like the docs are skipping some steps between here: https://atmos.tools/quick-start/configure-terraform-backend#provision-terraform-s3-backend and https://atmos.tools/quick-start/configure-terraform-backend#configure-terraform-s3-backend. In the first section it describes that Atmos has the capability to provision itself a backend using the tfstate-backend component, but I can't find a good doc on how to actually use it, I tried and I see some errors I'll post in the thread here. In the next step it assumes provisioning is complete. Im happy to open a PR with the missing instructions if I figure it out.

Go and Sprig functions 🧵

I have a variable that I need to pass that is formatted like this in HCL:

variable "firewall_rules" {
  description = "value"
  type = list(object({
    name                    = string,
    description             = optional(string, null),
    direction               = string, # The input Value must be uppercase
    priority                = optional(number, 1000),
    ranges                  = list(string),
    source_tags             = optional(list(string), null),
    source_service_accounts = optional(list(string), null),
    target_tags             = optional(list(string), null),
    target_service_accounts = optional(list(string), null),
    allow = optional(list(object({
      protocol = string # The input Value must be uppercase
      ports    = optional(list(string), [])
    })), []),
    deny = optional(list(object({
      protocol = string # The input Value must be uppercase
      ports    = optional(list(string), [])
    })), []),
    log_config = optional(object({
      metadata = string
    }), null)
  }))
  default = []
}

And I cannot get the value to translate properly. How do I fix my yaml file?

firewall_rules:
          - name: "RULE_NAME"
            description: "DESCRIPTION"
            direction: "DIRECTION"
            priority: <NUMBER>      
            ranges: ["<IP_RANGE>"]
          - allow:
              protocol: "PROTOCOL_TYPE"
              ports: ["PORT1", "PORT2"]

v1.73.0
Allow Go templates in metadata.component section. Add components.terraform.command section to atmos.yaml. Document OpenTofu support @aknysh (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2309535706" data-permission-text="Title is...

v1.73.0
Allow Go templates in metadata.component section. Add components.terraform.command section to atmos.yaml. Document OpenTofu support @aknysh (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2309535706" data-permission-text="Title is...

We've added the documentation for how to leverage opentofu

https://atmos.tools/integrations/opentofu

v1.74.0
Update Atmos logs. Update docs @aknysh (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2313407201" data-permission-text="Title is private" data-url="https://github.com/cloudposse/atmos/issues/605" data-hovercard-type="pull_request"...

v1.74.0
Update Atmos logs. Update docs @aknysh (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2313407201" data-permission-text="Title is private" data-url="https://github.com/cloudposse/atmos/issues/605" data-hovercard-type="pull_request"...

Is it possible to define multiple aws providers in atmos yaml, to be used by a single component? I’m thinking of something like the below, but that obviously won’t work because of the duplicate aws: keys

terraform:
  providers:
    aws:
      region: us-west-2
      assume_role:
        role_arn: "role_1"
    aws:
      alias: "account_2"
      region: us-west-2
      assume_role:
        role_arn: "role_2"

We added a new <File/> component to the docs, so it's easier to identify files from terminal output.
https://atmos.tools/quick-start/add-custom-commands

v1.75.0
Improve atmos validate stacks and atmos describe affected commands @aknysh (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2316727181" data-permission-text="Title is private" data-url="https://github.com/cloudposse/atmos/issues/608"...

/github subscribe cloudposse/atmos releases

✅️ Subscribed to cloudposse/atmos. This channel will receive notifications for issues, pulls, commits, releases, deployments

/github subscribe list features

/github unsubscribe cloudposse/atmos issues

This channel will receive notifications from cloudposse/atmos for: pulls, commits, releases, deployments

/github unsubscribe cloudposse/atmos pulls commits deployments

This channel will receive notifications from cloudposse/atmos for: releases

Are there plans to document integration atmos into argocd? I'd absolutely love the ability to auto sync stacks and manually sync stacks to apply terraform