Ive been looking around before I came here to ask this but I

Question

Ive been looking around before I came here to ask this but I didnt find anything helpful For the Atlantis web ui I need my SRE team to be able to access it to clear plans and locks if needed but i dont want my devs to be able to do that I just want them to be able to click details and see the job output on an Atlantis run Any way to do this I see there is the BasicAuth option in my values yaml file but that means everyone has shares that username and password

PePe Amengual · Answer

Basic auth is to access the UI

PePe Amengual · Answer

there is no concept of groups or users in the UI

PePe Amengual · Answer

you could deploy an oauth proxy in front but anyone will be able to click that button if they have access

Bruno Schaatsbergen · Answer

Where do you exactly run Atlantis

Bruno Schaatsbergen · Answer

On Google Cloud you could secure it with IAP Identity Aware Proxy and then grant access to the Atlantis UI via a Google login

Bruno Schaatsbergen · Answer

Which works very well and is easy to setup

Seth Floyd · Answer

Runs in an EKS cluster

Justin S · Answer

so my dev s have no access to atlantis

Justin S · Answer

SRE can access the UI via Okta

Justin S · Answer

Dev s could potentially see logs in Loki or w e

Justin S · Answer

but in general there is nothing in the atlantis UI that would assist a developer more then the errors outputs they get back to them in gitlab

PePe Amengual · Answer

PRs are welcome

Justin S · Answer

honestly the only thing I think that would be benficial would be some semblance of a `yes im still running i swear`

Neil Davies · Answer

< Seth Floyd> we run ours in AWS with a WAF amp ELB in front The WAF allows the details of the plans to get piped back from ` jobs ` to the github webhook