Like most folks who probably arrived at this blog, I attempted to introduce Terraform cloud to my organization but was ushered away due to cost.
I needed a better solution to managing our terraform state in a large team that did not require cumbersome locking processes.. cough cough DynamoDB
Atlantis turns out to the the tool i had been looking for.
It is a no-frills application that listens for Terraform pull request events via webhooks. In my case, I used GitHub webhooks to automate and enforce my organization's terraform workflows in an auditable manner.
Quick Rundown
It enables a CI/CD pipeline for infrastructure (GitOps), which causes the PR to become the system of record.
Benefits
- Increased visibility and auditing of Infrastructure changes
- Manages terraform state locking until the pull request is merged
- Approval-based infrastructure builds
- Centralizes permissions to service accounts vs. users
- Enables collaboration with all engineering teams
Cons
- webhook interactions happen one way via pushes. This requires a public endpoint to interface with Github (if your VCS is self-hosted, this may not be an issue)
- Drift detection alerts for rarely used repositories need to be manually configured.
PR Workflow
Conclusion
If you are on a budget and looking for remote state management, then this is the best OSS alternative to terraform cloud that I have found.
Top comments (0)