27 messages
👽️
Jan Ludvikabout 1 month ago
Hello, is there any way I can use variable in atlantis integration template? I don't want to add concept of
I tried workarounds with passing things like this but it didn't work
tenant or stage to our terraform when we have slightly different variables. Something like this: project_templates:
project-1:
name: "{{var.name}}-{{var.custom_name}}"I tried workarounds with passing things like this but it didn't work
vars:
custom_name: <value>
stage: {{ .vars.custom_name }}Miguel Zablahabout 1 month ago
Hey!
I have open a new issue for ECR loging multiple times:
https://github.com/cloudposse/atmos/issues/2562
I have open a new issue for ECR loging multiple times:
https://github.com/cloudposse/atmos/issues/2562
erikabout 1 month ago
Upvote! https://www.reddit.com/r/Terraform/comments/1tr1hun/comment/oosbzmi/
(not sure who posted this, but thanks!)
(not sure who posted this, but thanks!)
Nimrod Dicklerabout 1 month ago
Hey Guys,
I would like to know if support for aws secrets manager or encrypted params in param store is comming?
https://atmos.tools/stacks/sharing-state/stores
I would like to know if support for aws secrets manager or encrypted params in param store is comming?
https://atmos.tools/stacks/sharing-state/stores
Josh Simmondsabout 1 month ago
With the recent shift toward native CI, and the deprecation of the GHAs (🥳 ) what's the current guidance for drift detection w/ native CI?
Miguel Zablahabout 1 month ago
Hey guys
I have a question, Is there a way to filter out some global variables? for example I have configure region as a vars on the _defaults for the org but there is just 1 component where I will like to not pass that region to, is there a way to do this?
I have a question, Is there a way to filter out some global variables? for example I have configure region as a vars on the _defaults for the org but there is just 1 component where I will like to not pass that region to, is there a way to do this?
erikabout 1 month ago(edited)
I'd like to give a massive shout out to @shirkevich for working closely with us to implement parallel/concurrent execution in Atmos. In the upcoming release, you can control concurrency of
e.g.
https://atmos.tools/changelog/terraform-dag-concurrency
--all and --affected for plan and apply operations.e.g.
atmos terraform plan --all -s prod --max-concurrency=4https://atmos.tools/changelog/terraform-dag-concurrency
Paavo Pokkinenabout 1 month ago
Can I combine yaml functions? I have some challenges passing JSON via !terraform.state, it gets turned into object, and I just want it as string.
Yotaabout 1 month ago(edited)
Hello,
I finally took the time to test the command-adding feature. I added
I finally took the time to test the command-adding feature. I added
tflint, kics, trivy, checkov, and tfupdate in just a few lines. Atmos downloads the app and launches it in the right place. Really cool!erikabout 1 month ago
Coming to an atmos near you!
• Provider and Registry cache that works across all components
• Native GitHub Actions cache support (compatible with provider and registry cache and toolchain!)
• Custom Components (thanks @Ben Smith (Benbentwo) for validating)
• Native Secrets Management
• Provider and Registry cache that works across all components
• Native GitHub Actions cache support (compatible with provider and registry cache and toolchain!)
• Custom Components (thanks @Ben Smith (Benbentwo) for validating)
• Native Secrets Management
Miguel Zablahabout 1 month ago
Hey I have a question about
atmos toolchain on atmos release 1.220.0 there was an update to how the toolchain verifies downloaded packages, it now will do checksums and signature/attestations this is great but on the PR it mention that this should be no breaking but if the package only has checksums it will fail with 404 I believed this should be a warning unless this is intentionalThomas Spearabout 1 month ago(edited)
Hi, is the atmos manifest schema updated with each release? I'm running 1.219.0 and I can see
Edit to clarify manifest schema, not json schema. I know I can comment out the schema from my atmos.yaml to bypass the error, but just curious how often is the online schema updated?
required_providers in the output from atmos describe stacks so I found the page mentioning this (a blog post) but can't seem to find anything in the actual documentation nor do I see the fields in the manifest schema, so after adding the providers as per the example, atmos describe stacks is tripping up because the stack yamls no longer validate against the manifest schema at https://atmos.tools/schemas/atmos/atmos-manifest/1.0/atmos-manifest.jsonEdit to clarify manifest schema, not json schema. I know I can comment out the schema from my atmos.yaml to bypass the error, but just curious how often is the online schema updated?
Brianabout 1 month ago
Is
• https://atmos.tools/changelog/custom-commands-step-types
• https://atmos.tools/workflows#step-types
atmos interactive workflows released (v1.220.0)?• https://atmos.tools/changelog/custom-commands-step-types
• https://atmos.tools/workflows#step-types
Matt Brownabout 1 month ago
is there an obvious way to exec/drop to a raw tty via a custom command? E.g. I'm trying to do something like:
but the exec seems to be within a subprocess itself, so doesn't replace atmos and the terminal gets all bunged up, most obviously if you try and Ctrl-C a command in the session, atmos itself takes teh Ctrl-C exits, and then the session ends with SIGPIPE 😞
Feels like a common need I would have thought, but I'm failing to find the right invocation in the docs...
commands:
name: ssh
steps:
- type: shell
output: raw
command: "exec aws ssm start-session --target {{ .Arguments.instance_id }}"but the exec seems to be within a subprocess itself, so doesn't replace atmos and the terminal gets all bunged up, most obviously if you try and Ctrl-C a command in the session, atmos itself takes teh Ctrl-C exits, and then the session ends with SIGPIPE 😞
Feels like a common need I would have thought, but I'm failing to find the right invocation in the docs...
Paavo Pokkinenabout 1 month ago
I found some interesting design differences between my own GCP components vs. Cloud Posse AWS components. I designed my GCP components to always take explicit
Especially when tofu allows to use variables within provider blocks nowadays.
var.project_id , this concept of account_map is quite confusing. 😃Especially when tofu allows to use variables within provider blocks nowadays.
erik30 days ago
In atmos+pro, you can now mint short-lived narrowly scoped GitHub tokens that span repos. Think of it like AWS STS but for GitHub.
https://atmos-pro.com/changelog/2026-05-29-cross-repo-sts
This makes it trivial to read stack configs, source components, or really anything you do that needs a short-lived cross-repo token.
https://atmos-pro.com/changelog/2026-05-29-cross-repo-sts
This makes it trivial to read stack configs, source components, or really anything you do that needs a short-lived cross-repo token.
erik30 days ago
In
1.221.0 you can now define your own custom components. https://atmos.tools/changelog/custom-component-typesThomas Spear26 days ago
Hi team, I recently started using the required_providers, required_version and providers atmos fields and wanted to share some findings and get a sense of whether I'm on the right track.
Brandon26 days ago
hello, we're trying to standardize on making every component declare a standard instance and a dr instance of said component. So under stacks/catalog/network/default.yaml for example, we'd declare our VPC twice referencing components/terraform/network as the component. Now under stacks/deploy/dev.yaml we import our stacks/catalog/network and in the dev.yaml, we'd like to be able to toggle that DR instance on or off. The idea is that every environment has to opt out of provisioning a DR environment. What approach would you recommend to address this? We've had trouble getting a variable passed over to the metadata.enabled because anything we pass gets converted to a string and enabled needs a bool
erik26 days ago
I recorded a 20-minute overview of the Atmos Changelog covering all of the latest features that have come out over the past month.
https://us02web.zoom.us/clips/share/tQmxbpnfQxGWs-bpWl4sAA
• Atmos Git for GitOps — Manage repositories as first-class Atmos resources; clone, diff, commit, push, and publish generated artifacts through lifecycle hooks.
• Secrets Management — Declare component secret dependencies and manage secrets natively in Atmos.
• CI Caching — Cache toolchains, providers, modules, vendored components, and remote imports to accelerate local and CI runs.
• Terraform Registry Cache(Experimental) — Cache providers and modules for faster, reproducible, and more resilient builds.
• Terraform/OpenTofu RC Management(Experimental) — Define CLI runtime configuration in
• Terraform DAG Concurrency — Dependency-aware execution with concurrent planning and deterministic ordering.
• Interactive Workflows & Commands — 25+ interactive step types for building CLI wizards and guided workflows.
• Atmos Pro STS Tokens — Just-in-time GitHub tokens for CI access to private resources.
• Git Repository Metadata Functions — YAML functions exposing repository metadata.
•
• Install from Branches & Tags —
• Dotenv Support in
•
•
• ECR Public Authentication — Authenticated pulls from
https://atmos.tools/changelog
https://us02web.zoom.us/clips/share/tQmxbpnfQxGWs-bpWl4sAA
• Atmos Git for GitOps — Manage repositories as first-class Atmos resources; clone, diff, commit, push, and publish generated artifacts through lifecycle hooks.
• Secrets Management — Declare component secret dependencies and manage secrets natively in Atmos.
• CI Caching — Cache toolchains, providers, modules, vendored components, and remote imports to accelerate local and CI runs.
• Terraform Registry Cache(Experimental) — Cache providers and modules for faster, reproducible, and more resilient builds.
• Terraform/OpenTofu RC Management(Experimental) — Define CLI runtime configuration in
atmos.yaml; Atmos manages temporary RC files automatically.• Terraform DAG Concurrency — Dependency-aware execution with concurrent planning and deterministic ordering.
• Interactive Workflows & Commands — 25+ interactive step types for building CLI wizards and guided workflows.
• Atmos Pro STS Tokens — Just-in-time GitHub tokens for CI access to private resources.
• Git Repository Metadata Functions — YAML functions exposing repository metadata.
•
atmos.Resolve Template Function — Evaluate YAML functions inside templates.• Install from Branches & Tags —
--use-version supports Git refs directly.• Dotenv Support in
!include — Include .env files directly in YAML.•
!append YAML Function — Extend inherited lists.•
!unset YAML Function — Remove inherited configuration keys cleanly.• ECR Public Authentication — Authenticated pulls from
public.ecr.aws to avoid rate limits.https://atmos.tools/changelog
Alexandre Feblot24 days ago
Btw, it's a really minor issue, but
I've had to make it available this way:
atmos ai skill does not support vscode natively, as it expect skills in some specific folders.I've had to make it available this way:
cd <my VScode workspace>
atmos ai skill install cloudposse/atmos -y --force
mkdir -p .github/skills && for d in ~/.atmos/skills/cloudposse/atmos/*/; do ln -sfn "$d" ".github/skills/$(basename "$d")"; doneBrian24 days ago(edited)
I’m looking forward to Atmos secrets management. We use Sealed Secrets for our application layer since everything runs on Kubernetes. Managing secrets as code makes deployments much more portable across regions and accounts.
However, for our infrastructure layer, secrets are stored in Secure SSM Parameters and Secrets Manager. The lack of portability has become a small pain point when managing a DR region, so I’ve been considering a move to SOPS. After another practice run of our DR runbook last week, I’m definitely making the switch soon. The timing of Atmos secrets management with SOPS support couldn’t have come at a better time.
However, for our infrastructure layer, secrets are stored in Secure SSM Parameters and Secrets Manager. The lack of portability has become a small pain point when managing a DR region, so I’ve been considering a move to SOPS. After another practice run of our DR runbook last week, I’m definitely making the switch soon. The timing of Atmos secrets management with SOPS support couldn’t have come at a better time.
erik20 days ago
We've published a media kit for atmos! If you've wanted some atmos logos, we got 'em.
https://atmos.tools/media-kit
https://atmos.tools/media-kit
Brandon19 days ago
hello, anyone able to confirm if planfile artifact storage to gh artifacts has been implemented as of v1.221.1?
Nick Dunn17 days ago(edited)
Hey, everyone. Random unimportant question.
I think I know the answer, considering the obvious focus of Atmos and Atmos Pro using Github/Gitlab. But I'm curious. Has the team ever considered a Kubernetes Operator approach similar to tofu-controller or burrito? We've been using Atmos for some time now, but we're also a heavy Kubernetes + ArgoCD shop. So, naturally, I found the approach intriguing.
I think I know the answer, considering the obvious focus of Atmos and Atmos Pro using Github/Gitlab. But I'm curious. Has the team ever considered a Kubernetes Operator approach similar to tofu-controller or burrito? We've been using Atmos for some time now, but we're also a heavy Kubernetes + ArgoCD shop. So, naturally, I found the approach intriguing.
Nick Dunn15 days ago
Hey, team. I think there might be a documentation snafu.
Here in the Native CI docs, it shows an example of how one can set up Github OIDC auth. This did not work. Atmos complained that the profile was not valid.
Fortunately,
Here in the Native CI docs, it shows an example of how one can set up Github OIDC auth. This did not work. Atmos complained that the profile was not valid.
auth:
providers:
github-oidc:
kind: github/oidc
region: us-east-1
identities:
plat-dev/terraform:
provider: github-oidc
role_arn: arn:aws:iam::111122223333:role/atmos-terraform
default: true # Use this identity unless a component overrides itFortunately,
atmos auth validate was pretty helpful and suggested useful changes, which I was later able to confirm in the more thorough auth section in the Atmos docs. I would humbly suggest that the example for the Native CI section should look something like this.auth:
providers:
github-oidc:
kind: github/oidc
region: us-east-1
spec:
audience: <http://sts.amazonaws.com|sts.amazonaws.com>
identities:
plat-dev/terraform:
kind: aws/assume-role
via:
provider: github-oidc
principal:
assume_role: arn:aws:iam::111122223333:role/atmos-terraform
default: true # Use this identity unless a component overrides itPaavo Pokkinen11 days ago
Is there some command to apply all components in a specific stack? All flag applies all components in all stacks, not specific one.