Skip to main content

Atmos Terraform Drift Remediation

The "Atmos Terraform Drift Remediation" GitHub Action provides a way for easily remediating Terraform drift and works with GitHub Issues using IssueOps.

This action is used for drift remediation together with it's companion action for drift detection.

Usage

Config

The action expects the atmos configuration file atmos.yaml to be present in the repository. The config should have the following structure:

integrations:
  github:
    gitops:
      terraform-version: 1.5.2
      infracost-enabled: false
      artifact-storage:
        region: us-east-2
        bucket: cptest-core-ue2-auto-gitops
        table: cptest-core-ue2-auto-gitops-plan-storage
        role: arn:aws:iam::xxxxxxxxxxxx:role/cptest-core-ue2-auto-gitops-gha
      role:
        plan: arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops
        apply: arn:aws:iam::yyyyyyyyyyyy:role/cptest-core-gbl-identity-gitops
      matrix:
        sort-by: .stack_slug
        group-by: .stack_slug | split("-") | [.[0], .[2]] | join("-")

[!IMPORTANT] Please note! This GitHub Action only works with atmos >= 1.63.0. If you are using atmos < 1.63.0 please use v1 version of this action.

Workflow example

In this example drift will be remediated when user sets label apply to an issue.

atmos-terraform-drift-remediation.yaml

Loading...

Requirements

This action has the requirements as Github Actions. Use the same S3 Bucket, DynamoDB table, IAM Roles and config described there.

Inputs

action, required, default: remediate

Drift remediation action. One of ['remediate', 'discard']

atmos-config-path, required
The path to the atmos.yaml file
atmos-version, optional, default: >= 1.63.0
The version of atmos to install
debug, optional, default: false
Enable action debug mode
issue-number, required
Issue Number
token, optional

Used to pull node distributions for Atmos from Cloud Posse's GitHub repository. Since there's a default, this is typically not supplied by the user. When running this action on github.com, the default value is sufficient. When running on GHES, you can pass a personal access token for github.com if you are experiencing rate limiting. Default:

${{ github.server\_url == 'https://github.com' && github.token \|\| '' }}