CLI Configuration
Use the atmos.yaml
configuration file to control the behavior of the Atmos CLI
Everything in the Atmos CLI is configurable. The defaults are established in the atmos.yaml
configuration file. The CLI configuration should not
be confused with Stack configurations, which have a different schema.
Think of this file as where you bootstrap the settings or configuration of your project. If you'll be using
terraform, then this is where
you'd specify the command to run (e.g. opentofu
),
the base path location of the components, and so forth.
Configuration File (atmos.yaml
)
The --config flag allows you to specify a relative or absolute path to a valid configuration file. Only the configuration files specified by this flag will be loaded. The --config-path flag designates a directory containing Atmos configuration files. files name should be (atmos.yaml, .atmos.yaml,atmos.yml, .atmos.yml). Only files from the specified directory will be loaded. You can use both --config and --config-path multiple times in a single command. Configurations will be deep-merged in the order provided, with the first specified config having the lowest priority and the last one having the highest. This allows later configurations to override settings from earlier ones. For example, to load multiple configuration files, you would run:
atmos --config /path/to/config1.yaml --config /path/to/config2.yaml --config-path /path/first/config/ -config-path /path/second/config/ ...
Configuration Load Order If --config and --config-path not specified in command The CLI config is loaded from the following locations (from lowest to highest priority):
- System directory (
/usr/local/etc/atmos/atmos.yaml
on Linux,%LOCALAPPDATA%/atmos/atmos.yaml
on Windows) - Home directory (
~/.atmos/atmos.yaml
) - Current directory (
./atmos.yaml
) - Environment variable
ATMOS_CLI_CONFIG_PATH
(the ENV var should point to a folder without specifying the file name)
Each configuration file discovered is deep-merged with the preceding configurations.
Atmos supports POSIX-style greedy Globs for all file
names/paths (double-star/globstar **
is supported as well)
Default CLI Configuration
If atmos.yaml
is not found in any of the searched locations, Atmos will use the following default CLI configuration:
atmos.yaml
If Atmos does not find an atmos.yaml
file and the default CLI config is used, and if you set the ENV variable ATMOS_LOGS_LEVEL
to Debug
(e.g. export ATMOS_LOGS_LEVEL=Debug
) before executing Atmos commands, you'll see the following message:
What follows are all the sections of the atmos.yaml
configuration file.
YAML Functions
Atmos extends standard YAML with several custom functions that can be used in atmos configuration atmos.yaml
file. These functions provide powerful tools for dynamic configuration:
!env
Used to retrieve environment variables. See the
!env
documentation for more details.!exec
Used to execute shell scripts and assign their output. See the
!exec
documentation for more details.!include
Used to include other YAML files into the current configuration. See the
!include
documentation for more details.!repo-root
Used to retrieve the root directory of the Atmos repository. If the Git root is not found, it will return a default value if specified; otherwise, it returns an error. See the
!repo-root
documentation for more details.
Imports
Additionally, Atmos supports imports
of other CLI configurations. Use imports to break large Atmos CLI configurations into smaller ones, such as organized by top-level section. File imports are relative to the base path (if import
section is set in the config). All imports are processed at the time the configuration is loaded, and then deep-merged in order, so that the last file in the list supersedes settings in the preceding imports. For an example, see scenarios/demo-atmos-cli-imports
.
Atmos supports POSIX-style greedy Globs for all file
names/paths (double-star/globstar **
is supported as well)
Imports can be any of the following:
- Remote URL
- Specific Path
- Wildcard globs (
*
), including recursive globs (**
), can be combined (e.g.,**/*
matches all files and subfolders recursively). Only files ending in.yml
or.yaml
will be considered for import when using globs.
For example, we can import from multiple locations like this:
import:
# Load the Atmos configuration from the main branch of the 'cloudposse/atmos' repository
- "https://raw.githubusercontent.com/cloudposse/atmos/refs/heads/main/atmos.yaml"
# Then merge the configs
- "configs.d/**/*"
# Finally, override some logging settings
- "./logs.yaml"
Note, templated imports of Atmos configuration are not supported (unlike stacks).
- Always use HTTPS URLs (currently correctly demonstrated in the example).
- Verify the authenticity of remote sources.
- Consider pinning to specific commit hashes instead of branch references
Each configuration file discovered is deep-merged with the preceding configurations.
Base Path
The base path for components, stacks, workflows and validation configurations.
It can also be set using ATMOS_BASE_PATH
environment variable, or by passing the --base-path
command-line argument.
It supports both absolute and relative paths.
If not provided or is an empty string, components.terraform.base_path
, components.helmfile.base_path
, stacks.base_path
and workflows.base_path
are independent settings (supporting both absolute and relative paths).
If base_path
is provided, components.terraform.base_path
, components.helmfile.base_path
, stacks.base_path
, workflows.base_path
,
schemas.jsonschema.base_path
and schemas.opa.base_path
are considered paths relative to base_path
.
base_path: "."
Windows Path Handling
When configuring paths in atmos.yaml
on Windows, there are important considerations for how YAML interprets backslashes:
Backslashes (\
) are treated as escape characters only inside double-quoted YAML scalars. Single-quoted and plain scalars treat backslashes literally. Use single quotes or plain scalars for Windows paths, or double-escape backslashes in double quotes.
Correct Ways to Specify Windows Paths
- Forward Slashes (Recommended)
- Escaped Backslashes
- Single Quotes (Backslashes Literal)
- Unquoted Paths
# Forward slashes work on all platforms including Windows
components:
terraform:
base_path: "C:/Users/username/projects/components/terraform"
# Double backslashes to escape them in YAML
components:
terraform:
base_path: "C:\\Users\\username\\projects\\components\\terraform"
# Single quotes treat backslashes as literal characters
components:
terraform:
base_path: 'C:\Users\username\projects\components\terraform'
# Unquoted paths with forward slashes also work
components:
terraform:
base_path: C:/Users/username/projects/components/terraform
Incorrect Windows Path Format
# ❌ WRONG: Single backslashes get interpreted as escape sequences
components:
terraform:
base_path: "C:\Users\username\projects\components\terraform"
# This becomes: C:Usersusernameprojectscomponentsterraform (invalid)
Use forward slashes (/
) for all paths in atmos.yaml
. They work correctly on all operating systems including Windows, Linux, and macOS.
Settings
The settings
section configures Atmos global settings.
atmos.yaml
settings.list_merge_strategy
Specifies how lists are merged in Atmos stack manifests.
The following strategies are supported:
replace
- Most recent list imported wins (the default behavior).
append
- The sequence of lists is appended in the same order as imports.
merge
- The items in the destination list are deep-merged with the items in the source list. The items in the source list take precedence. The items are processed starting from the first up to the length of the source list (the remaining items are not processed). If the source and destination lists have the same length, all items in the destination lists are deep-merged with all items in the source list.
settings.terminal
Specifies how content is displayed in the terminal.
The following settings are supported:
max_width
- The maximum width for displaying content in the terminal.
pager
- Configure pager behavior. Can be set to
false
(disabled, default),true
(enabled), or a specific pager likeless
ormore
. color
- Enable or disable colored output (default:
true
). Can be overridden with--no-color
flag orNO_COLOR
/ATMOS_NO_COLOR
environment variables.
Environment Variables for PortabilityConfiguration Deprecation: The
no_color
field inatmos.yaml
is deprecated. Usecolor: false
instead.Environment Variables Still Supported: The
NO_COLOR
andATMOS_NO_COLOR
environment variables remain fully supported for portability across different environments and CI/CD systems.settings.inject_github_token
Adds the
GITHUB_TOKEN
as a Bearer token for GitHub API requests, enabling authentication for private repositories and increased rate limits. IfATMOS_GITHUB_TOKEN
is set, it takes precedence, overriding this behavior.settings.docs
(Deprecated)- Deprecated
The
settings.docs
section is deprecated and will be removed in a future version. Please usesettings.terminal
instead.max-width
(Deprecated)- Use
settings.terminal.max_width
instead. pagination
(Deprecated)- Use
settings.terminal.pager
instead.
Workflows
atmos.yaml
Integrations
Atmos supports many native Atmos integrations. They extend the core functionality of Atmos.
atmos.yaml
For more information, refer to Atmos Integrations.
Schemas
Configure the paths where to find OPA and JSON Schema files to validate Atmos stack manifests and components.
atmos.yaml
For more information, refer to:
Logs
Logs are configured in the logs
section:
atmos.yaml
-
logs.file
- the file to write Atmos logs to. Logs can be written to any file or any standard file descriptor, including/dev/stdout
,/dev/stderr
and/dev/null
. If omitted,/dev/stdout
will be used. The environment variableATMOS_LOGS_FILE
can also be used to specify the log file -
logs.level
- Log level. Supported log levels areTrace
,Debug
,Info
,Warning
,Off
. If the log level is set toOff
, Atmos will not log any messages (note that this does not prevent other tools like Terraform from logging). The environment variableATMOS_LOGS_LEVEL
can also be used to specify the log level
To prevent Atmos from logging any messages (except for the outputs of the executed commands), you can do one of the following:
-
Set
logs.file
or the ENV variableATMOS_LOGS_FILE
to/dev/null
-
Set
logs.level
or the ENV variableATMOS_LOGS_LEVEL
toOff
Note that when you set the log level to Debug
or Trace
, Atmos will log additional messages before printing the output
of an executed command. For example, let's consider the atmos describe affected
command:
atmos.yaml
With logs.level: Trace
, and logs.file: "/dev/stdout"
, all the messages and the command's JSON output will be printed
to the console to the /dev/stdout
standard output.
This behavior might be undesirable when you execute the command atmos describe affected
in CI/CD (e.g. GitHub Actions).
For example, you might want to log all the Atmos messages (by setting logs.level: Trace
) for debugging purposes,
and also want to parse the JSON output of the command (e.g. by using jq
) for further processing. In this case, jq
will not be able to parse the JSON output because all the other messages make the output an invalid JSON document.
To deal with that, you can set logs.file
to /dev/stderr
in atmos.yaml
:
atmos.yaml
Now when the atmos describe affected
command is executed, the additional messages are printed to /dev/stderr
,
but the command's JSON output is printed to /dev/stdout
, allowing jq
to parse it without errors.
Profiler
Atmos includes built-in performance profiling capabilities using Go's pprof profiler. This allows you to analyze CPU usage, memory allocations, goroutines, and other performance metrics when running Atmos commands.
The profiler is configured in the profiler
section:
atmos.yaml
profiler.enabled
Enable or disable the pprof profiling server. When enabled, Atmos will start an HTTP server that serves pprof endpoints for performance analysis. Can also be set using the
--profiler-enabled
command-line flag.profiler.host
The host address to bind the profiling server to. Defaults to
localhost
for security. Can also be set using the--profiler-host
command-line flag.profiler.port
The port number for the profiling server. Defaults to
6060
(the standard pprof port). Can also be set using the--profiler-port
command-line flag.
Using the Profiler
When the profiler is enabled, Atmos will start a pprof server and display the URL when any command is run:
The profiler provides several endpoints for different types of analysis:
- CPU Profile:
http://localhost:6060/debug/pprof/profile
- 30-second CPU profile - Memory Profile:
http://localhost:6060/debug/pprof/heap
- Memory heap profile - Goroutines:
http://localhost:6060/debug/pprof/goroutine
- Stack traces of all current goroutines - Web Interface:
http://localhost:6060/debug/pprof/
- Interactive web interface
Analyzing Performance Data
You can use Go's pprof tool to analyze the profiling data:
Security Considerations
The profiler exposes detailed runtime information about your Atmos process. Only enable it when needed for debugging or performance analysis, and ensure the host/port are not accessible from untrusted networks.
By default, the profiler binds to localhost
only, which prevents external access. If you need to access the profiler from another machine, make sure to use appropriate network security measures.
Aliases
CLI command aliases are configured in the aliases
section.
An alias lets you create a shortcut name for an existing CLI command. Any CLI command can be aliased, including the Atmos
native commands like terraform apply
or describe stacks
, as well as Atmos Custom Commands.
For example:
atmos.yaml
Execute an alias as you would any Atmos native or custom command:
The aliases configured in the aliases
section automatically appear in Atmos help, and are shown as
alias for '<command>'
.
For example:
An alias automatically supports all command line arguments and flags that the aliased command accepts.
For example:
atmos up <component> -s <stack>
supports all the parameters from the aliased commandatmos terraform apply <component> -s <stack>
atmos dc <component> -s <stack>
supports all the parameters from the aliased commandatmos describe component <component> -s <stack>
Templates
Atmos supports Go templates in stack manifests, and the following template functions and data sources:
- Go
text/template
functions - Atmos Template Functions
- Sprig Functions
- Gomplate Functions
- Gomplate Datasources
For more details, refer to Atmos Stack Manifest Templating
atmos.yaml
-
templates.settings.enabled
- a boolean flag to enable/disable the processing ofGo
templates in Atmos stack manifests. If set tofalse
, Atmos will not processGo
templates in stack manifests -
templates.settings.sprig.enabled
- a boolean flag to enable/disable the Sprig Functions in Atmos stack manifests -
templates.settings.gomplate.enabled
- a boolean flag to enable/disable the Gomplate Functions and Gomplate Datasources in Atmos stack manifests -
templates.settings.gomplate.timeout
- timeout in seconds to execute Gomplate Datasources -
templates.settings.gomplate.datasources
- a map of Gomplate Datasource definitions:-
The keys of the map are the datasource names, which are used in
Go
templates in Atmos stack manifests. For example:terraform:
vars:
tags:
provisioned_by_ip: '{{ (datasource "ip").ip }}'
config1_tag: '{{ (datasource "config-1").tag }}'
config2_service_name: '{{ (datasource "config-2").service.name }}' -
The values of the map are the datasource definitions with the following schema:
-
url
- the Datasource URL -
headers
- a map of HTTP request headers for thehttp
datasource. The keys of the map are the header names. The values of the map are lists of values for the header.The following configuration will result in the
accept: application/json
HTTP header being sent with the HTTP request to the datasource:headers:
accept:
- "application/json"
-
-
Some functions are present in both Sprig and Gomplate.
For example, the env
function has the same name in Sprig and
Gomplate, but has different syntax and accept different number of arguments.
If you use the env
function from one templating engine and enable both Sprig
and Gomplate, it will be invalid in the other templating engine, and an error will be thrown.
For this reason, you can use the templates.settings.sprig.enabled
and templates.settings.gomplate.enabled
settings to selectively
enable/disable the Sprig and Gomplate
functions.
Environment Variables
Configuration
Most YAML settings can also be defined by environment variables. This is helpful while doing local development. For example,
setting ATMOS_STACKS_BASE_PATH
to a path in /localhost
to your local development folder, will enable you to rapidly iterate.
Variable | YAML Path | Description |
---|---|---|
ATMOS_CLI_CONFIG_PATH | N/A | Where to find atmos.yaml . Path to a folder where atmos.yaml CLI config file is located (e.g. /config ) |
ATMOS_BASE_PATH | base_path | Base path to components and stacks folders |
ATMOS_VENDOR_BASE_PATH | vendor.base_path | Path to vendor configuration file or directory containing vendor files. If a directory is specified, all .yaml files in the directory will be processed in lexicographical order. Supports both absolute and relative paths. |
ATMOS_COMPONENTS_TERRAFORM_COMMAND | components.terraform.command | The executable to be called by atmos when running Terraform commands |
ATMOS_COMPONENTS_TERRAFORM_BASE_PATH | components.terraform.base_path | Base path to Terraform components |
ATMOS_COMPONENTS_TERRAFORM_APPLY_AUTO_APPROVE | components.terraform.apply_auto_approve | If set to true , auto-generate Terraform backend config files when executing atmos terraform commands |
ATMOS_COMPONENTS_TERRAFORM_DEPLOY_RUN_INIT | components.terraform.deploy_run_init | Run terraform init when executing atmos terraform deploy command |
ATMOS_COMPONENTS_TERRAFORM_INIT_RUN_RECONFIGURE | components.terraform.init_run_reconfigure | Run terraform init -reconfigure when executing atmos terraform commands |
ATMOS_COMPONENTS_TERRAFORM_INIT_PASS_VARS | components.terraform.init.pass_vars | Pass the generated varfile to terraform init using the --var-file flag. OpenTofu supports passing a varfile to init to dynamically configure backends |
ATMOS_COMPONENTS_TERRAFORM_PLAN_SKIP_PLANFILE | components.terraform.plan.skip_planfile | Skip writing the plan to a file by not passing the -out flag to Terraform when executing terraform plan commands. Set it to true when using Terraform Cloud since the -out flag is not supported. Terraform Cloud automatically stores plans in its backend |
ATMOS_COMPONENTS_TERRAFORM_AUTO_GENERATE_BACKEND_FILE | components.terraform.auto_generate_backend_file | If set to true , auto-generate Terraform backend config files when executing atmos terraform commands |
ATMOS_COMPONENTS_HELMFILE_COMMAND | components.helmfile.command | The executable to be called by atmos when running Helmfile commands |
ATMOS_COMPONENTS_HELMFILE_BASE_PATH | components.helmfile.base_path | Path to helmfile components |
ATMOS_COMPONENTS_HELMFILE_USE_EKS | components.helmfile.use_eks | If set to true , download kubeconfig from EKS by running aws eks update-kubeconfig command before executing atmos helmfile commands |
ATMOS_COMPONENTS_HELMFILE_KUBECONFIG_PATH | components.helmfile.kubeconfig_path | Path to write the kubeconfig file when executing aws eks update-kubeconfig command |
ATMOS_COMPONENTS_HELMFILE_HELM_AWS_PROFILE_PATTERN | components.helmfile.helm_aws_profile_pattern | Pattern for AWS profile to use when executing atmos helmfile commands |
ATMOS_COMPONENTS_HELMFILE_CLUSTER_NAME_PATTERN | components.helmfile.cluster_name_pattern | Pattern for EKS cluster name to use when executing atmos helmfile commands |
ATMOS_STACKS_BASE_PATH | stacks.base_path | Base path to Atmos stack manifests |
ATMOS_STACKS_INCLUDED_PATHS | stacks.included_paths | List of paths to use as top-level stack manifests |
ATMOS_STACKS_EXCLUDED_PATHS | stacks.excluded_paths | List of paths to not consider as top-level stacks |
ATMOS_STACKS_NAME_PATTERN | stacks.name_pattern | Stack name pattern to use as Atmos stack names |
ATMOS_STACKS_NAME_TEMPLATE | stacks.name_template | Stack name Golang template to use as Atmos stack names |
ATMOS_WORKFLOWS_BASE_PATH | workflows.base_path | Base path to Atmos workflows |
ATMOS_SCHEMAS_JSONSCHEMA_BASE_PATH | schemas.jsonschema.base_path | Base path to JSON schemas for component validation |
ATMOS_SCHEMAS_OPA_BASE_PATH | schemas.opa.base_path | Base path to OPA policies for component validation |
ATMOS_SCHEMAS_ATMOS_MANIFEST | schemas.atmos.manifest | Path to JSON Schema to validate Atmos stack manifests. For more details, refer to Atmos Manifest JSON Schema |
ATMOS_LOGS_FILE | logs.file | The file to write Atmos logs to. Logs can be written to any file or any standard file descriptor, including /dev/stdout , /dev/stderr and /dev/null ). If omitted, /dev/stdout will be used |
ATMOS_LOGS_LEVEL | logs.level | Logs level. Supported log levels are Trace , Debug , Info , Warning , Off . If the log level is set to Off , Atmos will not log any messages (note that this does not prevent other tools like Terraform from logging) |
ATMOS_PROFILER_ENABLED | profiler.enabled | Enable or disable the pprof HTTP profiling server. When enabled, starts an HTTP server for interactive profiling |
ATMOS_PROFILER_HOST | profiler.host | Host address for the profiling server. Default: localhost . Use 0.0.0.0 to allow external connections (security consideration) |
ATMOS_PROFILER_PORT | profiler.port | Port for the profiling server. Default: 6060 |
ATMOS_PROFILE_FILE | profiler.file | Write profiling data to the specified file (enables profiling automatically). When specified, enables file-based profiling instead of server-based |
ATMOS_PROFILE_TYPE | profiler.profile_type | Type of profile to collect when using ATMOS_PROFILE_FILE . Options: cpu , heap , allocs , goroutine , block , mutex , threadcreate , trace . Default: cpu |
ATMOS_SETTINGS_LIST_MERGE_STRATEGY | settings.list_merge_strategy | Specifies how lists are merged in Atmos stack manifests. The following strategies are supported: replace , append , merge |
ATMOS_VERSION_CHECK_ENABLED | version.check.enabled | Enable/disable Atmos version checks for updates to the newest release |
ATMOS_GITHUB_TOKEN | N/A | Bearer token for GitHub API requests, enabling authentication for private repositories and higher rate limits |
ATMOS_BITBUCKET_TOKEN | N/A | App password for Bitbucket API requests is set to avoid rate limits. Unauthenticated Requests are limited to 60 requests per hour across all API resources. |
ATMOS_BITBUCKET_USERNAME | N/A | Username for Bitbucket authentication. Takes precedence over BITBUCKET_USERNAME. |
ATMOS_GITLAB_TOKEN | N/A | Personal Access Token (PAT) for GitLab authentication. Unauthenticated users are limited to 6 requests per minute per IP address for certain endpoints, while authenticated users have higher thresholds. |
Context
Some commands, like atmos terraform shell
,
spawn an interactive shell with certain environment variables set, in order to enable the user to use other tools
(in the case of atmos terraform shell
, the Terraform or Tofu CLI) natively, while still being configured for a
specific component and stack. To accomplish this, and to provide visibility and context to the user regarding the
configuration, Atmos may set the following environment variables in the spawned shell:
Variable | Description |
---|---|
ATMOS_COMPONENT | The name of the active component |
ATMOS_SHELL_WORKING_DIR | The directory from which native commands should be run |
ATMOS_SHLVL | The depth of Atmos shell nesting. When present, it indicates that the shell has been spawned by Atmos. |
ATMOS_STACK | The name of the active stack |
ATMOS_TERRAFORM_WORKSPACE | The name of the Terraform workspace in which Terraform commands should be run |
PS1 | When a custom shell prompt has been configured in Atmos, the prompt will be set via PS1 |
TF_CLI_ARGS_* | Terraform CLI arguments to be passed to Terraform commands |