Skip to main content

Atmos Terraform Drift Remediation

The "Atmos Terraform Drift Remediation" GitHub Action provides a way for easily remediating Terraform drift and works with GitHub Issues using IssueOps.

This action is used for drift remediation together with it's companion action for drift detection.

Usage​

Config​

The action expects the atmos configuration file atmos.yaml to be present in the repository. The config should have the following structure:

integrations:
  github:
    gitops:
      terraform-version: 1.5.2
      infracost-enabled: false
      artifact-storage:
        region: us-east-2
        bucket: cptest-core-ue2-auto-gitops
        table: cptest-core-ue2-auto-gitops-plan-storage
        role: arn:aws:iam::xxxxxxxxxxxx:role/cptest-core-ue2-auto-gitops-gha
      role:
        plan: arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops
        apply: arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops
      matrix:
        sort-by: .stack_slug
        group-by: .stack_slug | split("-") | [.[0], .[2]] | join("-")

[!IMPORTANT] Please note! This GitHub Action only works with atmos >= 1.63.0. If you are using atmos < 1.63.0 please use v1 version of this action.

Workflow example​

In this example drift will be remediated when user sets label apply to an issue.

atmos-terraform-drift-remediation.yaml

Loading...

Requirements​

This action has the requirements as Github Actions. Use the same S3 Bucket, DynamoDB table, IAM Roles and config described there.

Inputs​

action, required, default: remediate

Drift remediation action. One of ['remediate', 'discard']

atmos-config-path, required
The path to the atmos.yaml file
atmos-version, optional, default: >= 1.63.0
The version of atmos to install
debug, optional, default: false
Enable action debug mode
issue-number, required
Issue Number
token, optional

Used to pull node distributions for Atmos from Cloud Posse's GitHub repository. Since there's a default, this is typically not supplied by the user. When running this action on github.com, the default value is sufficient. When running on GHES, you can pass a personal access token for github.com if you are experiencing rate limiting. Default:

${{ github.server\_url == 'https://github.com' && github.token \|\| '' }}