Atlantis is a powerful automation tool designed to streamline collaboration and code review workflows for Terraform infrastructure as code (IaC). It acts as a bridge between version control systems (VCS) like Git and Terraform, facilitating a smooth and efficient process for managing infrastructure changes

On this case, we deployed the Atlantis on Ubuntu VM

Install Terraform

1
2
3
4
wget https://releases.hashicorp.com/terraform/1.4.4/terraform_1.4.4_linux_amd64.zip
unzip terraform_1.4.4_linux_amd64.zip 
sudo mv terraform /usr/local/bin/
terraform
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Install Atlantis

1
2
3
4
sudo apt install git -y
wget https://github.com/runatlantis/atlantis/releases/download/v0.23.3/atlantis_linux_amd64.zip
unzip atlantis_linux_amd64.zip 
sudo cp atlantis /usr/local/bin/
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Create Personal Token

Create Service Account

Run the gcloud config command inside the Atlantis VM to set credential with service account

1
2
3
cloud_sandboxgcp_gmail_com@vm-atlantis-staging-1:~$  gcloud config set account 501066779977-compute@developer.gserviceaccount.com
Updated property [core/account].
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Create Altantis directory to store the Atlantis configurations

1
mkdir -p /opt/terraform/atlantis-workdi
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Create repos.yaml on /opt/terraform/atlantis-workdir

1
2
3
4
5
6
7
repos:
# Allow a specific repo to override.
- id: github.com/rohmattriindra/tf-infra-gcp
  allowed_overrides: [apply_requirements, workflow]
  allow_custom_workflows: true
  apply_requirements: [approved]
  
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Run the Atlantis server

1
atlantis server --atlantis-url=http://34.126.185.33 --gh-user=rohmattriindra --gh-token=ghp_VcOefm8MUwuoz3JU356yQtVDummy --gh-webhook-secret="0uNbW5pOBQfQvDummyDummyF" --repo-whitelist=github.com/rohmattriindra/tf-infra-gcp --data-dir=/opt/terraform/atlantis-workdir --repo-config=/opt/terraform/atlantis-workdir/repos.yaml
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Create Atlantis.yml on the root directory, you can find sample on this repo https://github.com/rohmattriindra/tf-infra-gcp/blob/master/atlantis.yaml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
version: 3
automerge: true
projects:
  # staging-networks
  - name: staging-network
    dir: infrastructure/environments/staging/network
    autoplan:
      enabled: true
      when_modified: ["../../../stack/network/*.tf*", "terraform.tfvars"]
    workspace: staging
    workflow: terraform
    apply_requirements: [mergeable]. # without this command when we pu
workflows:
  terraform:
    plan:
      steps:
      - env: 
              name: PROJECT_DIR
              command: echo $PROJECT_NAME | cut -d- -f2
      - run: |
              rm -rf .terraform
              terraform -chdir="../../../stacks/$PROJECT_DIR/" init -backend-config=prefix="$WORKSPACE/$PROJECT_DIR" --reconfigure
              terraform -chdir="../../../stacks/$PROJECT_DIR/" plan -var-file="../../environments/$WORKSPACE/$PROJECT_DIR/terraform.tfvars"
    apply:
      steps:
      - env: 
              name: PROJECT_DIR
              command: echo $PROJECT_NAME | cut -d- -f2
      - run: |
              terraform -chdir="../../../stacks/$PROJECT_DIR/" init -backend-config=prefix="$WORKSPACE/$PROJECT_DIR" --reconfigure
              terraform -chdir="../../../stacks/$PROJECT_DIR/" apply --auto-approve -var-file="../../environments/$WORKSPACE/$PROJECT_DIR/terraform.tfvars"
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

This is a sample result of the change in firewall resources