#atmos - June 2026

Hello, is there any way I can use variable in atlantis integration template? I don't want to add concept of tenant or stage to our terraform when we have slightly different variables. Something like this:

    project_templates:
      project-1:
        name: "{{var.name}}-{{var.custom_name}}"

I tried workarounds with passing things like this but it didn't work

vars:
  custom_name: <value>
  stage: {{ .vars.custom_name }}

Hey!
I have open a new issue for ECR loging multiple times:
https://github.com/cloudposse/atmos/issues/2562

Upvote! https://www.reddit.com/r/Terraform/comments/1tr1hun/comment/oosbzmi/

(not sure who posted this, but thanks!)

Hey Guys,
I would like to know if support for aws secrets manager or encrypted params in param store is comming?
https://atmos.tools/stacks/sharing-state/stores

With the recent shift toward native CI, and the deprecation of the GHAs (🥳 ) what's the current guidance for drift detection w/ native CI?

Hey guys
I have a question, Is there a way to filter out some global variables? for example I have configure region as a vars on the _defaults for the org but there is just 1 component where I will like to not pass that region to, is there a way to do this?

I'd like to give a massive shout out to @shirkevich for working closely with us to implement parallel/concurrent execution in Atmos. In the upcoming release, you can control concurrency of --all and --affected for plan and apply operations.

e.g.

atmos terraform plan --all -s prod --max-concurrency=4

https://atmos.tools/changelog/terraform-dag-concurrency

Can I combine yaml functions? I have some challenges passing JSON via !terraform.state, it gets turned into object, and I just want it as string.

Hello,
I finally took the time to test the command-adding feature. I added tflint, kics, trivy, checkov, and tfupdate in just a few lines. Atmos downloads the app and launches it in the right place. Really cool!

Coming to an atmos near you!
• Provider and Registry cache that works across all components
• Native GitHub Actions cache support (compatible with provider and registry cache and toolchain!)
• Custom Components (thanks @Ben Smith (Benbentwo) for validating)
• Native Secrets Management

Hey I have a question about atmos toolchain on atmos release 1.220.0 there was an update to how the toolchain verifies downloaded packages, it now will do checksums and signature/attestations this is great but on the PR it mention that this should be no breaking but if the package only has checksums it will fail with 404 I believed this should be a warning unless this is intentional

Hi, is the atmos manifest schema updated with each release? I'm running 1.219.0 and I can see required_providers in the output from atmos describe stacks so I found the page mentioning this (a blog post) but can't seem to find anything in the actual documentation nor do I see the fields in the manifest schema, so after adding the providers as per the example, atmos describe stacks is tripping up because the stack yamls no longer validate against the manifest schema at https://atmos.tools/schemas/atmos/atmos-manifest/1.0/atmos-manifest.json

Edit to clarify manifest schema, not json schema. I know I can comment out the schema from my atmos.yaml to bypass the error, but just curious how often is the online schema updated?

Is atmos interactive workflows released (v1.220.0)?
• https://atmos.tools/changelog/custom-commands-step-types
• https://atmos.tools/workflows#step-types

is there an obvious way to exec/drop to a raw tty via a custom command? E.g. I'm trying to do something like:

commands:
  name: ssh
  steps:
    - type: shell
      output: raw
      command: "exec aws ssm start-session --target {{ .Arguments.instance_id }}"

but the exec seems to be within a subprocess itself, so doesn't replace atmos and the terminal gets all bunged up, most obviously if you try and Ctrl-C a command in the session, atmos itself takes teh Ctrl-C exits, and then the session ends with SIGPIPE 😞

Feels like a common need I would have thought, but I'm failing to find the right invocation in the docs...

I found some interesting design differences between my own GCP components vs. Cloud Posse AWS components. I designed my GCP components to always take explicit var.project_id , this concept of account_map is quite confusing. 😃

Especially when tofu allows to use variables within provider blocks nowadays.

In atmos+pro, you can now mint short-lived narrowly scoped GitHub tokens that span repos. Think of it like AWS STS but for GitHub.

https://atmos-pro.com/changelog/2026-05-29-cross-repo-sts

This makes it trivial to read stack configs, source components, or really anything you do that needs a short-lived cross-repo token.

In 1.221.0 you can now define your own custom components. https://atmos.tools/changelog/custom-component-types

Hi team, I recently started using the required_providers, required_version and providers atmos fields and wanted to share some findings and get a sense of whether I'm on the right track.

hello, we're trying to standardize on making every component declare a standard instance and a dr instance of said component. So under stacks/catalog/network/default.yaml for example, we'd declare our VPC twice referencing components/terraform/network as the component. Now under stacks/deploy/dev.yaml we import our stacks/catalog/network and in the dev.yaml, we'd like to be able to toggle that DR instance on or off. The idea is that every environment has to opt out of provisioning a DR environment. What approach would you recommend to address this? We've had trouble getting a variable passed over to the metadata.enabled because anything we pass gets converted to a string and enabled needs a bool

I recorded a 20-minute overview of the Atmos Changelog covering all of the latest features that have come out over the past month.

https://us02web.zoom.us/clips/share/tQmxbpnfQxGWs-bpWl4sAA

• Atmos Git for GitOps — Manage repositories as first-class Atmos resources; clone, diff, commit, push, and publish generated artifacts through lifecycle hooks.
• Secrets Management — Declare component secret dependencies and manage secrets natively in Atmos.
• CI Caching — Cache toolchains, providers, modules, vendored components, and remote imports to accelerate local and CI runs.
• Terraform Registry Cache(Experimental) — Cache providers and modules for faster, reproducible, and more resilient builds.
• Terraform/OpenTofu RC Management(Experimental) — Define CLI runtime configuration in atmos.yaml; Atmos manages temporary RC files automatically.
• Terraform DAG Concurrency — Dependency-aware execution with concurrent planning and deterministic ordering.
• Interactive Workflows & Commands — 25+ interactive step types for building CLI wizards and guided workflows.
• Atmos Pro STS Tokens — Just-in-time GitHub tokens for CI access to private resources.
• Git Repository Metadata Functions — YAML functions exposing repository metadata.
• atmos.Resolve Template Function — Evaluate YAML functions inside templates.
• Install from Branches & Tags — --use-version supports Git refs directly.
• Dotenv Support in !include — Include .env files directly in YAML.
• !append YAML Function — Extend inherited lists.
• !unset YAML Function — Remove inherited configuration keys cleanly.
• ECR Public Authentication — Authenticated pulls from public.ecr.aws to avoid rate limits.
https://atmos.tools/changelog

Btw, it's a really minor issue, but atmos ai skill does not support vscode natively, as it expect skills in some specific folders.
I've had to make it available this way:

cd <my VScode workspace>
atmos ai skill install cloudposse/atmos -y --force
mkdir -p .github/skills && for d in ~/.atmos/skills/cloudposse/atmos/*/; do ln -sfn "$d" ".github/skills/$(basename "$d")"; done

I’m looking forward to Atmos secrets management. We use Sealed Secrets for our application layer since everything runs on Kubernetes. Managing secrets as code makes deployments much more portable across regions and accounts.

However, for our infrastructure layer, secrets are stored in Secure SSM Parameters and Secrets Manager. The lack of portability has become a small pain point when managing a DR region, so I’ve been considering a move to SOPS. After another practice run of our DR runbook last week, I’m definitely making the switch soon. The timing of Atmos secrets management with SOPS support couldn’t have come at a better time.