https://www.runatlantis.io/ logo
Title
v

Venkat Raghavan

03/05/2023, 5:21 PM
We are looking to centralize custom IAM policy checks in Terraform and CFT deployments. As I learn about Atlantis, conceptually Atlantis looks like a "proxy" that intercepts/listens to various GitHub actions and there is natural place where we can inject our custom policy checking and manifest the results into the daily workflows of a developer and their toolchains. Our policies would include checking for authorized IAM Role grants, detecting Risky Roles and mapping Roles to cloud services and cloud data stores. With that baseline, we can track and govern IAM drift between cloud accounts. I would love to get feedback on whether Atlantis is designed for this type of transparent interception whether folks have tried similar approaches - thanks Venkat.
p

PePe Amengual

03/05/2023, 5:23 PM
Atlantis is a gitops tool
it has to be configured and it becomes part of your pipeline
and it was built to run terraform workflow
is not a proxy
it lisen to VCS event from your repos after you configure the webhook
v

Venkat Raghavan

03/05/2023, 5:38 PM
Got it. Thank you. If I understand you correctly every developer pipeline has to be configured to use Atlantis. But we can still consistently enforce policies on Terraform workflows?
p

PePe Amengual

03/05/2023, 6:00 PM
yes, you can use contest or run a custom workflow to run other type of policies
Atlantis can be set at the org level too