When an --identity can't be resolved in the currently loaded Atmos config, Atmos now checks whether the identity is defined in another profile — and either prompts you to switch or hints at the exact command to re-run. The same release also adds profiles.default so you can pin a default profile in atmos.yaml.
atmos list instances now supports --format=matrix, producing GitHub Actions-compatible JSON for driving parallel CI/CD jobs — the same format already available in atmos describe affected.
You can now preserve / in component names when Atmos auto-generates backend key prefixes — keeping your state bucket organized to match your component directory structure.
You can now enable or disable CI PR comments per-pipeline using the ATMOSCICOMMENTS_ENABLED environment variable — no config file changes needed.
When you're using a GitHub App token to manage GitHub resources with Terraform, you probably still want CI commit statuses to use the workflow's own token. Now you can — just set ATMOSCIGITHUB_TOKEN.
Atmos now supports server-side commits via the Atmos Pro GitHub App. The new atmos pro commit command
Atmos can now pull security findings from AWS Security Hub, map them to the exact Atmos
Atmos now supports browser-based OAuth2 authentication as an automatic fallback for aws/user identities. When no static credentials or keychain entries are available, Atmos opens your browser for interactive sign-in using the same AWS console flow you already know.
The atmos auth env command now supports --format=github for direct output to $GITHUB_ENV, eliminating shell pipelines in CI workflows.
Atmos AI now supports CLI providers — invoke your locally installed Claude Code, OpenAI Codex, or
Atmos can now connect to external MCP servers and use their tools directly in AI conversations.
The atmos describe affected command now auto-detects the base commit in CI environments, eliminating the need for verbose flag wiring in your workflows.
Atmos now supports ambient AWS credentials from IRSA, EC2 instance profiles, and ECS task roles via two new identity kinds: ambient (generic passthrough) and aws/ambient (AWS SDK default credential chain).
Atmos now automatically chunks large payloads when uploading affected stacks and instances to Atmos Pro, eliminating HTTP 413 errors for large infrastructure repositories.
Atmos now has a dedicated space for community-contributed recipes called Gists — creative patterns showing how to combine Atmos features in ways that go beyond standard documentation.
Atmos stack processing is now up to 3.5× faster for deep-merge operations — the hot path
Atmos identities now support required: true, enabling automatic authentication of multiple identities before Terraform runs — without prompting.
For teams using Atmos Pro, the Atmos CLI now pushes instance status directly to the Atmos Pro dashboard the moment a plan or apply completes. The dashboard reflects the real state of every component within seconds — no polling, no waiting for webhooks, no stale data.
The atmos auth console command now supports isolated browser sessions, allowing you to have multiple cloud provider consoles open simultaneously — one per identity — without logout conflicts.
What do you do when you find a 490-line function with ~67 cyclomatic complexity and 0% test coverage on its
When a single function accumulates 160 decision branches, it becomes nearly impossible to reason about, test, or safely change.
ExecuteDescribeStacks was the most complex function in the entire Atmos codebase — cyclomatic complexity of 247 and cognitive complexity of 1252. We broke it apart.
Atmos now supports native EKS kubeconfig authentication through the integrations system. When you authenticate with an identity, Atmos automatically generates kubeconfig entries for linked EKS clusters, giving you seamless kubectl access without requiring the AWS CLI.
When you see complex bash scripts and conditional logic in GitHub Actions workflows, that's a signal: the underlying tool wasn't designed for CI. Atmos now has built-in CI integration that makes the same command work identically locally and in CI—no wrapper scripts, no extra actions, no hidden complexity.
Atmos now supports a new dependencies.components format for declaring explicit component dependencies with support for cross-type dependencies, file/folder watching, and stack templates.
Add --ai to any Atmos command and get instant AI-powered analysis of the output. Successful plans get
Atmos now supports a global templates.settings.ignoremissingtemplatevalues option in atmos.yaml, eliminating the need to set ignoremissingtemplatevalues: true on every individual catalog import.
We're excited to introduce Atmos AI, an intelligent assistant built directly into Atmos CLI that understands your infrastructure-as-code like no other AI assistant can.
We're excited to introduce Atmos LSP, bringing IDE-quality features directly to your infrastructure configuration workflow—no context switching, no manual validation, no documentation hunting.
Vendor targets now accept optional version overrides, enabling multiple versions of the same component from a single source entry.
Atmos has always been cloud agnostic, but our documentation hasn't always reflected that. This release adds comprehensive multi-cloud documentation including a new design pattern for organizing stacks across different cloud providers.
Atmos now supports a ttl field on component source configuration to control how long cached JIT-vendored sources are reused before automatically re-pulling from the remote. This is especially useful when working with floating refs like branch names during active development.
The --all flag now executes Terraform components in dependency order. Run atmos terraform apply --all -s ue2-dev and components are automatically processed based on their depends_on relationships.
Atmos now ships 21 agent skills that give AI coding assistants deep knowledge of Atmos conventions, stack configuration, Terraform orchestration, authentication, validation, and more. Skills build on two open standards -- AGENTS.md and Agent Skills -- and work across Claude Code, OpenAI Codex, Gemini CLI, Cursor, Windsurf, GitHub Copilot, and other AI tools.
Access the AWS Organization ID directly in stack configuration with the new !aws.organization_id YAML function.
Atmos stores now support identity-based authentication. You can configure stores to authenticate using the same named identities from atmos auth instead of relying on default credential chains.
Test features from any Atmos pull request or commit SHA without compiling from source or manually downloading artifacts.
Atmos now supports first-class Google Cloud authentication alongside AWS and Azure, with provider-scoped file isolation and a unified auth experience.
Atmos now supports Ansible as a first-class component type, enabling unified orchestration of infrastructure provisioning (Terraform) and configuration management (Ansible) from the same stack manifests.
The !terraform.output YAML function now works seamlessly with Terraform Cloud and Terraform Enterprise backends, enabling cross-component dependencies without switching backend types.
Atmos now automatically detects components and stacks that have been deleted in your current branch compared to the target branch.
The !terraform.state YAML function now supports reading from S3 buckets encrypted with customer-provided keys (SSE-C).
Atmos now supports credential realm isolation, preventing collisions when engineers
Workflows now support environment variables at both workflow and step levels with hierarchical merging.
Atmos now supports intelligent version-aware JIT (Just-In-Time) source provisioning with automatic re-provisioning on version changes and TTL-based cleanup for stale workdirs.
Atmos helmfile commands now use the identity system for AWS authentication and provide more flexible EKS cluster name configuration.
Fixed an issue where retrieving values from Artifactory stores would fail when using nested paths, and corrected store documentation to accurately reflect supported backends.
The --chdir flag now correctly isolates configuration loading when changing to a directory with its own Atmos configuration.
Atmos now correctly detects component file changes when running atmos describe affected.
Atmos now correctly detects file changes in components that use the source attribute for just-in-time vendoring. Previously, components vendored from remote sources were not properly tracked for affected detection.
Locals now support YAML functions like !env, !exec, !store, !terraform.state, and !terraform.output.
Locals can access {{ .settings }}, {{ .vars }}, and {{ .env }} from the same file during template resolution.
Atmos now includes a source list command to display components with source configuration. Both --stack and [component] arguments are optional, allowing flexible filtering across your infrastructure.
Atmos toolchain now has native GitHub Actions support with the new github format for atmos toolchain env.
Interactive component selection now filters out non-deployable components.
Atmos now supports a dedicated github output format for atmos terraform output, making it easier than ever to pass Terraform outputs between GitHub Actions steps.
Atmos now supports directory-based Packer templates by default. Instead of requiring a single HCL template file, you can organize your Packer configurations across multiple files following HashiCorp's recommended patterns. Atmos automatically passes the component directory to Packer, which loads all *.pkr.hcl files.
Atmos now supports atmos vendor list and atmos workflow list as aliases for their atmos list vendor and atmos list workflows counterparts.
Provably safe secrets masking with custom patterns, comprehensive output coverage, and configurable replacement strings.
File generation now features interactive component and stack selection, plus cross-provisioner support for helmfile and packer. Run atmos terraform generate files without arguments and get an intuitive selector.
The atmos auth env command now exports AWSREGION and AWSDEFAULT_REGION
New query syntax for atmos list components and support for installing multiple tools at once with atmos toolchain install.
Atmos now provides granular control over experimental features with the new settings.experimental configuration option—giving teams the flexibility to explore new capabilities safely while maintaining stability in production environments.
Atmos now automatically provisions backends during terraform init, eliminating the need for a separate backend create command. When provision.backend.enabled: true is set, backends are created just-in-time during your first Terraform operation.
The source provisioner now provides better visual feedback with spinners during auto-provisioning, interactive confirmation prompts for delete operations, and interactive stack selection when --stack is omitted.
The atmos list components command now correctly shows unique component definitions, supports stack filtering, and uses a new dedicated configuration namespace.
Finding information in documentation shouldn't require knowing the exact terminology or page structure. With Ask AI, you can now ask natural language questions about Atmos and get intelligent, contextual answers—powered by Algolia DocSearch v4 and ChatGPT.
The file-scoped locals feature introduced in v1.203.0 now correctly resolves {{ .locals.* }} templates in stack configurations.
Atmos now enforces a single canonical identity per stack and supports zero-config stack naming using filenames. These changes make Atmos easier for newcomers while providing explicit control for advanced users.
The !terraform.state YAML function now correctly reads Terraform state when workspaces are disabled
Custom commands now support structured task syntax with per-step configuration including timeouts, retry logic, working directories, and authentication identities.
The atmos terraform output command now supports a --format flag, making it easy to export Terraform outputs in various formats for use in CI/CD workflows, scripts, and configuration files.
Atmos now supports declarative file generation for Terraform components via the new generate section in stack configuration.
Atmos now automatically caches Terraform providers across all components, dramatically reducing terraform init times and network bandwidth. This feature is enabled by default with zero configuration required.
Atmos now includes a unified import adapter registry that provides a modular, extensible architecture for configuration imports.
Atmos now includes native toolchain management that seamlessly integrates with the Aqua registry ecosystem — giving you
atmos auth login now automatically falls back to provider authentication when no identities are configured, enabling seamless first-time login with autoprovisionidentities.
We're sharing the Atmos Product Roadmap—a transparent view of where we've been, where we're headed, and what's coming next. Infrastructure teams evaluating Atmos often ask "What's the long-term vision?" The roadmap answers that question openly.
Atmos now automatically detects when your AWS IAM User credentials have been rotated or revoked and prompts you for new credentials inline.
Atmos now supports Azure OIDC/Workload Identity Federation for secure, secretless authentication in CI/CD pipelines.
Atmos now supports automatic retry with exponential backoff for vendoring and source operations. This makes component downloads more resilient to transient network failures, connection resets, and GitHub API rate limits.
Introduces pkg/function/, a new format-agnostic function registry that consolidates YAML function handlers into a reusable package.
Atmos now supports automatic version switching, making it easy to pin projects to specific Atmos versions and ensure consistency across teams.
Atmos now supports just-in-time (JIT) vendoring of components directly from stack configuration using the top-level source field. This works for Terraform, Helmfile, and Packer components. Declare component sources inline without requiring separate component.yaml files—components are automatically downloaded on first use.
We're introducing ECR authentication integration - automatic Docker login for AWS Elastic Container Registry as part of your Atmos authentication workflow. Configure once, authenticate everywhere.
Quickly identify which components and stacks are affected by your changes with the new atmos list affected command.
If you've ever had two component instances pointing to the same base component, you've likely encountered the frustration: file conflicts, unexpected overwrites, and mysterious errors when running Terraform operations. Today, we're introducing Component Workdir Isolation—a foundational feature that eliminates these conflicts and unlocks powerful new capabilities for Atmos.
Atmos now supports the aws/assume-root identity kind, enabling secure, centralized management of root access across your AWS Organization using the STS AssumeRoot API.
Several terraform CLI flags that were not working after version 1.202.0 have been restored. These flags were inadvertently broken during the command registry migration.
We're introducing file-scoped locals to Atmos stack configurations. Inspired by Terraform and Terragrunt, locals let you define temporary variables within a single file, reducing repetition and making your configurations more readable and maintainable.
Atmos now supports the !literal YAML function, which preserves values exactly as written without any template processing. This solves a common pain point when passing template syntax to downstream tools like Terraform, Helm, or ArgoCD.
Starting with Atmos v1.202.0, empty or omitted basepath values in atmos.yaml now trigger git root discovery instead of defaulting to the current directory. Users with multiple Atmos projects in a single repository, or where the Atmos project root differs from the git root, must explicitly set basepath: ".".
Terraform commands now feature interactive prompts for component and stack selection. Run atmos terraform plan without arguments and get an intuitive selector instead of an error message.
Atmos now provides clear, actionable error messages when your Terraform components contain HCL syntax errors, instead of the misleading "component not found" message.
Custom commands and workflow steps can now specify a working_directory to control where they execute.
You can now specify an explicit name field in stack manifests to override the logical stack name. This is especially useful when migrating from other tools like Terragrunt, or when your infrastructure doesn't follow a strict naming convention.
Atmos now supports a global env section in atmos.yaml that applies environment variables to all subprocesses spawned by Atmos, including Terraform, Helmfile, Packer, workflows, and custom commands.
Atmos terraform commands now use a modern registry pattern that improves flag validation, provides better help text, and sets the foundation for enhanced developer experience across all terraform subcommands.
We're excited to introduce automatic backend provisioning in Atmos, a feature that solves the Terraform bootstrap problem. No more manual S3 bucket creation, no more chicken-and-egg workarounds—Atmos provisions your state backend automatically with secure defaults, making it fully compatible with Terraform-managed infrastructure.
Atmos now includes interactive prompts for missing required flags and positional arguments, making commands more discoverable and user-friendly. This feature is being gradually rolled out across commands.
The atmos workflow command now automatically discovers workflow files, eliminating the need to specify --file for uniquely named workflows. This developer experience improvement makes running workflows faster and more intuitive.
Custom commands now support boolean flags with configurable default values. You can define type: bool flags that default to true or false, making it easier to handle special behavior triggers.
Atmos now includes four AWS YAML functions that retrieve identity and region information directly in stack configurations: !aws.accountid, !aws.calleridentityarn, !aws.calleridentityuserid, and !aws.region.
While Atmos supports any devcontainer configuration, Geodesic is a proven DevOps toolbox that's been battle-tested for almost 10 years. If you're looking for a production-ready development container with all the tools you need for infrastructure work, Geodesic is your answer.
Running Atmos and managing cloud infrastructure inevitably means depending on dozens of tools—Terraform, kubectl, Helmfile, AWS CLI, and many more. But here's the problem every platform team faces: "It works on my machine."
Atmos now validates that remote backend configurations are not empty before generating backend files. This prevents invalid Terraform configurations that would fail during terraform init.
We've fixed an issue where YQ default values (using the // fallback operator) in !terraform.state and !terraform.output YAML functions were not being evaluated when components weren't provisioned or outputs didn't exist.
We've reorganized the Atmos documentation to better serve both newcomers and experienced users. Here's what changed and why.
We've added comprehensive migration guides to help teams adopt Atmos regardless of their starting point.
Atmos now supports version constraint validation, allowing you to specify required Atmos version ranges in your atmos.yaml configuration. When your configuration requires specific features or behaviors, you can ensure all team members and CI/CD pipelines use compatible Atmos versions.
We've improved how Atmos handles YAML functions during merges across configuration layers.
Atmos now supports using filesystem paths instead of component names for all component commands. Use . for the current directory, relative paths like ./vpc or ../eks, or absolute paths. This might feel more natural for users accustomed to running commands on folders rather than remembering specific component names.
New metadata.name field provides stable Terraform state paths when using versioned component folders.
Configure custom columns in atmos.yaml to tailor list command output to your team's needs
Need to generate random port numbers, worker IDs, or other numeric values in your Atmos configurations? The new !random YAML function makes it easy.
This release brings documentation improvements to Atmos, making it easier to understand and use Terraform commands. We've focused on comprehensive command documentation and automated screengrab generation.
This release brings powerful enhancements to color output in CI/CD environments and significant code quality improvements that make Atmos more maintainable and performant.
We've added comprehensive documentation for all 35 Terraform commands in Atmos, making it easier to understand how to orchestrate Terraform with stack-based configurations. Each command now has dedicated documentation with usage examples, arguments, flags, and integration details.
Atmos help text now automatically adapts to your configured theme, providing a consistent and visually cohesive experience across all commands. Whether you're using a dark theme like Dracula or a light theme like GitHub, help output will match your terminal's color scheme.
Atmos now automatically provisions AWS SSO permission sets as identities when you authenticate. Log in once, and all your available roles are instantly ready to use—no manual configuration required.
When you deploy infrastructure across multiple environments—dev, staging, production—you need a way to manage which version of each component runs where. Maybe your VPC module in dev is testing new CIDR ranges, while production stays on the stable version until you're confident the changes work.
The !env YAML function now supports reading environment variables from env sections defined in your stack manifests and Atmos configuration. This makes it easy to set defaults for environment variables and reference values from your infrastructure configuration.
atmos auth logout now preserves keychain credentials by default for faster re-authentication. Only session data is cleared. Use --keychain to permanently delete credentials.
Stop fighting with different Atmos configurations for development, CI/CD, and production. Profiles let you switch contexts with a single flag while keeping your core configuration consistent.
We've completely rebuilt Atmos error handling from the ground up to provide helpful hints, rich context, and enterprise-grade error tracking. When something goes wrong, you now get actionable guidance instead of cryptic messages, and enterprises can track and analyze errors across their entire infrastructure stack.
The theme commands have been migrated to use the modern StandardFlagParser infrastructure, bringing them in line with other Atmos commands.
We're thrilled to announce native Azure authentication support in Atmos! You can now authenticate to Azure using atmos auth login with device code flow, OIDC, and service principals - working identically to az login with full Terraform provider compatibility.
Atmos now searches parent directories for atmos.yaml and discovers .atmos.d/ at the git repository root, making it easier to run commands from anywhere in your project.
Atmos now automatically discovers your repository root and runs from there, just like Git. No more cd-ing back to the root directory.
Atmos now includes 350+ terminal themes to customize your CLI experience. Choose from popular themes like Dracula, Solarized, or GitHub Dark, or browse the complete collection to find one that matches your style.
You can now disable Atmos identity authentication by setting --identity=false, allowing you to use cloud provider SDK credential resolution instead.
Tab completion for the --stack flag is now context-aware, filtering suggestions based on the component you specify.
Atmos now features intelligent terminal output that adapts to any environment automatically. Developers can write code assuming a full-featured terminal, and Atmos handles the rest - capability detection, color adaptation, and secret masking happen transparently. No more capability checking, manual color detection, or masking code. Just write clean, simple output code and it works everywhere.
Atmos now properly handles nested maps in Terraform backend configurations when using HCL format. This fixes an issue where complex backend settings like assume_role were silently dropped.
The atmos describe family of commands now supports the --identity flag, enabling runtime authentication when processing YAML template functions that access remote resources. This ensures that !terraform.state and !terraform.output functions work seamlessly without relying on ambient credentials.
We've fixed a critical bug in how Atmos handles arguments passed to custom commands via {{ .TrailingArgs }}. This fix improves security and ensures whitespace and special characters are preserved correctly.
If you develop Terraform providers, you can now test them locally with Atmos-managed components using Terraform's development overrides feature. This enables rapid iteration without publishing development versions to a registry.
We're excited to announce two major improvements to Atmos authentication: per-step authentication for workflows and authentication support for custom commands. These features enable you to seamlessly use cloud credentials in your automation while maintaining security through file-based credential management.
We've made several quality-of-life improvements to Atmos authentication commands, making identity management smoother and more intuitive.
Updated the Atmos Pro integration to use query parameters for the instances API endpoint, fixing issues with stack and component names containing slashes and improving API compatibility.
Atmos auth, documentation, and workflow management commands now work independently of stack configurations, making it easier to use Atmos in CI/CD pipelines and alongside "native" Terraform workflows.
Atmos now follows CLI tool conventions on macOS, using ~/.config, ~/.cache, and ~/.local/share instead of ~/Library/Application Support. This ensures seamless integration with Geodesic and consistency with other DevOps tools.
Atmos now detects circular dependencies in YAML function calls and provides a clear call stack showing exactly where the cycle occurs.
We've implemented a centralized authentication context system to enable concurrent multi-provider identities - allowing Atmos to manage AWS, GitHub, and other cloud provider credentials simultaneously in a single operation.
Atmos now supports Azure Blob Storage backends in the !terraform.state YAML function. Read Terraform outputs directly from Azure-backed state files without initializing Terraform—bringing the same blazing-fast performance to Azure that S3 users already enjoy.
Atmos now includes atmos auth console, a convenience command for opening cloud provider web consoles. Similar to aws-vault login, this command uses your authenticated Atmos identities to generate temporary console sign-in URLs and open them in your browser.
We've published two comprehensive guides to help you adopt and integrate atmos auth into your workflows: migrating from Leapp and configuring Geodesic for seamless authentication.
Atmos Auth supports flexible keyring backends, giving you control over how authentication credentials are stored. Use your system keyring for native OS integration, file-based keyrings to share credentials across OS boundaries (like between your Mac and a Docker container), or memory keyrings for testing.
We're excited to announce a new authentication command: atmos auth logout. This command provides secure, comprehensive cleanup of locally cached credentials, making it easy to switch between identities, end work sessions, and maintain proper security hygiene.
We've significantly improved the AWS SSO authentication experience with styled verification code dialogs, animated status indicators, and proper Ctrl+C handling.
Running atmos auth login without specifying an identity is now more user-friendly. When no --identity flag is provided, Atmos presents an interactive selector to choose from your configured identities.
We're excited to introduce atmos auth shell, a new command that makes working with multiple cloud identities more secure.
We're excited to announce a powerful new command for managing authentication in Atmos: atmos auth list. This command provides comprehensive visibility into your authentication configuration, making it easier than ever to understand and manage complex authentication chains across multiple cloud providers and identities.
We're introducing atmos auth - native cloud authentication built directly into Atmos. After years of solving the same authentication problems repeatedly across different tools and teams, we've built a solution that works whether you adopt the entire Atmos framework or just need better credential management.
We're excited to announce a new global flag that makes working with Atmos across multiple repositories and directories significantly easier: --chdir (or -C for short).
We're introducing two new commands for exploring Atmos releases: atmos version list and atmos version show. Browse release history with date filtering, inspect artifacts, and keep your infrastructure tooling up-to-date—all from your terminal with beautiful formatted output.
We're excited to announce the first step in a major architectural evolution for Atmos: the Command Registry Pattern. This foundational change will eventually enable pluggable commands, allowing the community to extend Atmos with custom command packages without modifying the core codebase.
We've identified and corrected a regression in Atmos where the pager was incorrectly enabled by default, contrary to the intended behavior documented in a previous release.
We've shipped a feature that developers working with complex infrastructure configurations have been asking for: provenance tracking. With the new --provenance flag in atmos describe component, you can now see exactly where every configuration value originated—down to the file, line number, and column.
We're excited to launch the Atmos Changelog—your go-to source for feature announcements, technical deep dives, and best practices for managing cloud infrastructure at scale.
