This message was deleted.
# atlantis-community
s
This message was deleted.
j
github secrets wouldn't be populated by way of
atlantis.yml
, they would be populated by way of github actions workflows, if you are indeed running atlantis by way of github actions (which probably isn't common). but if you are indeed running atlantis by way of github actions, then your environment variables should be populated in
.github/workflows/*.yml
👀 1
i personally wouldn't even attempt to use atlantis as a github action because github actions doesn't have persistent storage, AFAIK. one of these options will be better: https://www.runatlantis.io/docs/deployment.html
r
Not sure to understand when you mean by "atlantis as a github action"? In my case I am using the atlantis.yaml at the root of the repo, and was trying to feed env variables so I can have Terraform authenticate to AWS 🤔
j
how is atlantis being run? eg. i run it on AWS fargate.
r
I am running it on AWS Fargate as well
j
provision a fargate task role which has the desired permissions, then fargate will populate the AWS variables for you.
atlantis.yml
has no involvement in that part.
r
I am trying to avoid setting the AWS variables within the container definition, is there any way to achieve that?
j
if a role is assigned to a task then AWS will populate those AWS variables on its own, without explicitly defining them in a task definition.
r
Would that work in a setup where a single instance of atlantis is dealing with multiple repos?
j
depends on if the permissions granted in the role will provide the necessary access level to do
terraform plan
and
terraform apply
in multiple repos.
r
Then my role should have the permissions to assume a role on a different account? And everytime I would add a repo to Atlantis I would need to grant my fargate role access to the required aws account to run terraform. Is that correct?
j
yes. and none of that is different if you hadn't used atlantis either. like if you just ran terraform on your laptop, if you added an AWS account you would have to rig up some way for your laptop to assume a role in that new account too.
r
I see, thank you very much for your insight helped a ton
j
np.
r
Hello, I created the required roles and policies. Terraform is still unable to initialize de backend on S3 which is within a different account 🤔 edit: my backend was referencing a profile: "profile = default" Removed that line, now backend can init but I can't fetch the state from S3 somehow. My policies are allowing that.