Skip to main content
Sponsor @cloudposse

Deploy with Atmos and Terraform

Quick Start

Steps
1. Vendoratmos workflow vendor -f gitops
2. Deployatmos workflow deploy/all -f gitops
GitOps Terminology

Currently, the workflows use the terminology "gitops". In the future, we plan to replace this with "atmos-pro".

Requirements

1 Authentication Prerequisites

The GitHub Action workflows expect the gitops AWS Team to be properly setup and connected to GitHub OIDC. This component should already be deployed with aws-teams/aws-team-roles and github-oidc-provider respectively. Verify the following to complete the authentication prerequisites.

Trusted GitHub Repos

By default in the Reference Architecture, the trusted_github_repos input is commented out for aws-teams. Now is the time to uncomment those lines. Please see stacks/catalog/aws-teams.yaml

  • The gitops Team is defined and deployed by aws-teams
  • The team has trusted relationships with the infrastructure repo via trusted_github_repos Capitalization matters! In the reference architecture, these values are initially commented out and will need to be updated with your specific repository information: 
    components:
      terraform:
        aws-teams:
          vars:
            trusted_github_repos:
              gitops:
                - "acme/infra:main"
  • The aws-team-roles default catalog allows the gitops team to assume the terraform role
  • github-oidc-provider is deployed to the account where Atmos Pro infrastructure will be created
  • The workflows have adequate permission
GitHub Workflow Permissions

In order to assume GitHub OIDC roles, a workflow needs the following:

permissions:
  id-token: write # This is required for requesting the JWT
  contents: read # This is required for actions/checkout

How To Setup

1 Vendor Components

The gitops stacks depends on components that may already exist in your component library (s3-bucket and dynamodb) and adds new components to manage the GitHub OIDC access. Vendor these components either with the included Atmos Workflows or using Atmos Vendoring.

vendor:
These are the commands included in the vendor workflow in the examples/snippets/stacks/workflows/gitops.yaml file:
    No commands found

Too many commands? Consider using the Atmos workflow! 🚀

2 Deploy Atmos Pro Infrastructure

Deploy the Atmos Pro infrastructure components with the following workflow:

deploy/all:
These are the commands included in the deploy/all workflow in the examples/snippets/stacks/workflows/gitops.yaml file:
    No commands found

Too many commands? Consider using the Atmos workflow! 🚀

Review

Congratulations! The Atmos components have now deployed:

  • An IAM role configured with trusted relationships for GitHub Actions
  • An S3 bucket to store Terraform plan files
  • A DynamoDB table for managing those plan files

You're now ready to start using Atmos Pro with GitHub Actions.