Optional: Vendor Components

Optional step

This step is not required for the tutorial. The six components in this example live in the repo under components/terraform/, so there's nothing to vendor. This page is included as a design-pattern aside: in real projects you'll often pull shared components from a remote source instead of copying them by hand. If you just want to deploy the example, skip to Configure Validation.

Vendoring is how Atmos pulls component source code from a remote location (Git, OCI, S3, HTTP, the Terraform Registry, …) into your repository at a pinned version. It keeps your components DRY and versioned without forking shared modules.

tip

For more information about Atmos Vendoring and the atmos vendor pull CLI command, refer to:

To vendor components from a remote source, perform the following steps:

Create a `vendor.yaml` config file

Create a vendor.yaml Atmos vendor config file in the root of the repo. Each source declares a component, the remote location to pull it from, the pinned version, and the target folder. For example, to vendor a shared s3-bucket component:

vendor.yaml

apiVersion: atmos/v1
kind: AtmosVendorConfig
metadata:
  name: example-vendor-config
  description: Atmos vendoring manifest
spec:
  # `imports` or `sources` (or both) must be defined in a vendoring manifest.
  imports: []

  sources:
    # `source` supports the following protocols: local paths (absolute and relative), OCI (https://opencontainers.org),
    # Git, Mercurial, HTTP, HTTPS, Amazon S3, Google GCP,
    # and all URL and archive formats as described in https://github.com/hashicorp/go-getter.
    # In 'source', Golang templates are supported  https://pkg.go.dev/text/template.
    # If 'version' is provided, '{{.Version}}' will be replaced with the 'version' value before pulling the files from 'source'.
    - component: "s3-bucket"
      source: "github.com/cloudposse/terraform-aws-components.git//modules/s3-bucket?ref={{.Version}}"
      version: "1.398.0"
      targets:
        - "components/terraform/s3-bucket"
      # Only include the files that match the 'included_paths' patterns.
      included_paths:
        - "**/*.tf"
      excluded_paths:
        - "**/providers.tf"
      tags:
        - storage

Vendor the dependencies

Execute the command atmos vendor pull from the root of the repo.

atmos vendor pull

Processing vendor config file 'vendor.yaml'

Pulling sources for the component 's3-bucket'
from 'github.com/cloudposse/terraform-aws-components.git//modules/s3-bucket?ref=1.398.0'
into 'components/terraform/s3-bucket'

Atmos downloads the source into the target folder, and the component is then available exactly like a local one.

Vendored components work exactly like local ones

A vendored component reads another component's remote state and resolves !store/!secret functions just like the local components you built earlier — no extra configuration. Atmos finds your atmos.yaml from the repo root (base_path: "."), so cross-component wiring keeps working after you vendor.

quick-start-advanced

Optional: Vendor Components

View full example

README.md

README.md3.8 KB

Source

Atmos Quick Start (Advanced)

Atmos is a universal tool for DevOps and cloud automation. This advanced example provisions a small AWS application stack — entirely offline — against a local AWS emulator (Floci), so you can learn the patterns end to end without a real AWS account or any credentials.

Follow the Quick Start: Advanced guide for a step-by-step walkthrough of this repository.

It's just plain Terraform

The components in components/terraform/ are vanilla Terraform — raw aws_* resources using only the official hashicorp/aws provider. There are no Cloud Posse modules and no special wrappers. Atmos is a bring-your-own-Terraform orchestrator: it never requires you to rewrite your Terraform or adopt proprietary components. Each component carries only a stock providers.tf (provider "aws" { region = var.region }) with no endpoint or credentials configuration — the local-aws identity (kind: aws/emulator) generates a providers_override.tf.json that points the provider at the emulator at runtime, so the exact same code deploys unchanged against real AWS.

Component	What it is (plain Terraform)
`kms-key`	`aws_kms_key` + alias
`s3-bucket`	`aws_s3_bucket` (+ versioning, SSE)
`dynamodb-table`	`aws_dynamodb_table`
`sns-topic`	`aws_sns_topic`
`sqs-queue`	`aws_sqs_queue` (+ policy)
`app-config`	publishes resolved config + secrets to SSM Parameter Store

The components are wired together with Atmos features — not Terraform remote_state data sources: stack templates build predictable coordinates, dependency metadata controls graph order, store hooks publish applied outputs, and !secret resolves declared secrets from the SSM/Secrets Manager stores.

Run it end to end

Everything runs against the local emulator. You need Atmos and a container runtime (Docker or Podman).

The test custom command brings up the emulator, seeds secrets, applies the full component DAG in dependency order, confirms the cross-component wiring resolves, then tears everything down:

atmos test -s plat-ue2-dev

Or run the same steps by hand:

# Start the local AWS emulator for the stack.
atmos emulator up aws -s plat-ue2-dev

# Lint every stack manifest.
atmos validate stacks

# Seed the required app-config secrets.
atmos secret set API_KEY=sk-quickstart-example -s plat-ue2-dev -c app-config
atmos secret set 'DB_CONFIG={"username":"app","password":"s3cr3t"}' -s plat-ue2-dev -c app-config

# Apply every component in dependency order (the S3 state backend is auto-provisioned
# inside the emulator via `provision.backend.enabled`).
atmos terraform deploy --all -s plat-ue2-dev

# Inspect a component and see where every value came from.
atmos describe component app-config -s plat-ue2-dev --provenance
atmos list instances --format tree --provenance --identity=false --process-functions=false --process-templates=false

# Tear down.
atmos terraform destroy --all -s plat-ue2-dev -auto-approve
atmos emulator down aws -s plat-ue2-dev

Available stacks: plat-ue2-{dev,staging,prod} (us-east-2) and plat-uw2-{dev,staging,prod} (us-west-2).

Operator commands

This example also registers operator-focused custom commands in atmos.yaml:

atmos operator status -s <stack>                  # show stack tree, instances, catalog, and next commands
atmos operator inspect <component> -s <stack>     # describe component config with provenance

For the full CLI configuration and command reference, see Atmos CLI.

Create a vendor.yaml config file​

Vendor the dependencies​

Create a `vendor.yaml` config file

Vendor the dependencies