Run your infrastructure anywhere.
Atmos is the open-source runtime for infrastructure β it builds, authenticates, and ships Terraform, OpenTofu, Kubernetes, Helm, and containers the same way on your laptop, in CI, and with AI agents. Auth, secrets, vendoring, caching, the toolchain, workflows, and CI are built in. Point every environment at the same reusable root modules and treat the rest as configuration. Stop stringing together 25 tools.
Run it on your laptop. Run it the same in CI. Run it with agents.
Everything is open source and free.
Tip
Already start one? Find it here.

Example of running atmos to describe infrastructure.
Atmos turns sprawling cloud infrastructure into one declarative system you can run consistently β locally, in CI/CD, and through AI agents. Model your platform once as stacks and components, authenticate once, and run the same commands everywhere. The same code deploys to every region, environment, and stage with DRY configuration β no copy-paste, no bespoke wrapper scripts, no glue.
Cloud Posse builds and operates production infrastructure on AWS, Azure, and GCP with Atmos every day β and so do startups and enterprises managing thousands of components.
Auth, secrets, vendoring, caching, the toolchain, workflows, CI, and AI are part of the runtime β not a pile of plugins you wire together.
- Unified Auth: One identity layer across AWS, Azure, and GCP β SSO, OIDC, and federation. EKS and ECR login happen automatically, and the same identity feeds Terraform, stores, and emulators.
- Secrets Management: Declare secrets per environment, source them from 10+ backends (1Password, SSM, Vault, SOPS, and more), and mask them across every channel.
- Vendoring: Pull every dependency just-in-time with version pinning and retries β no separate vendor step.
- Caching & Mirroring: A native build cache plus a transparent Terraform provider and module registry mirror β warm in CI, instant on your laptop.
- Toolchain: Auto-install the exact Terraform, OpenTofu, and Helmfile versions your stacks need β verified by checksum.
- Workflows & Automation: Orchestrate, automate, and chain anything with 25+ step types and custom commands across every component.
- GitOps & CI/CD: The same commands locally and in CI. Detect affected components, emit matrices, and catch drift.
- AI + MCP: Chat about your infrastructure, run 20+ skills, expose Atmos as an MCP server, or add
--aito any command.
- Terraform & OpenTofu like a platform team. Plan and apply across every component in dependency order with bounded concurrency. Backends and providers are generated for you, and drift is caught automatically.
- Kubernetes & Helm as first-class workloads. Model Helmfile and Kubernetes releases beside the rest of your stack, with the same CLI you already use for Terraform.
- Containers and cloud emulators. Containers and dev containers are workloads too β and you can spin up cloud emulators locally so your whole stack runs on your laptop, with no account required to iterate.
- Bring your own. Packer, Ansible, or your own component types plug into the same registry the built-ins use.
Same command, same auth, same secrets, same toolchain β whether you run it locally or in a pipeline. Atmos is git-aware: it detects what changed and plans or applies only the affected components, so CI does exactly the work that changed β nothing more.
Everything is declarative and self-documenting, so AI agents can reason about your infrastructure instead of stringing together 25 tools and praying. Atmos ships a catalog of portable agent skills β working across Claude Code, Cursor, Gemini, and Copilot β and an MCP server so any agent can install what it needs and drive Atmos directly, as native tools, with no custom integration.
- Custom Commands: Wrap any script as a first-class
atmoscommand with flags, args, and identity. - YAML Functions: Resolve state, outputs, secrets, and Git metadata right inside your config.
- Hooks: Run infracost, checkov, trivy, or any command on lifecycle events.
- Stores: Plug in SSM, Secrets Manager, Key Vault, Vault, Redis, and more for cross-component data.
- Validation: Enforce your own guardrails with OPA/Rego policies and JSON Schema.
- Templates & Data Sources: Pull live data into your config with Go templates and Gomplate datasources.
Atmos has consistently proven its strength across the cloud infrastructure and DevOps domains:
- Managing Large Multi-Account Cloud Environments: Suitable for organizations using multiple cloud accounts to separate different projects or stages of development.
- Cross-Platform Cloud Architectures: Ideal for businesses that need to manage configuration of services across AWS, GCP, Azure, etc., to build a cohesive system.
- Multi-Tenant Systems for SaaS: Perfect for SaaS companies looking to host multiple customers within a unified infrastructure. Define a baseline tenant configuration once, then onboard new tenants by reusing this baseline through pure configuration β no further code required.
- Efficient Multi-Region Deployments: Define baseline configurations with stacks and extend them across regions with DRY principles through imports and inheritance.
- Compliant Infrastructure for Regulated Industries: Create vetted configurations that comply with SOC2, HIPAA, HITRUST, PCI, and other standards, then share and reuse them across the organization via service catalogs, component libraries, vendoring, and OPA policies.
- Empowering Teams with Self-Service Infrastructure: Let teams manage their infrastructure independently, using predefined templates and policies.
Tip
Don't see your use-case listed? Ask us in the #atmos Slack channel,
or join us for "Office Hours" every week.
Atmos collects anonymous telemetry to help improve the product by understanding how it's used.
You can opt-out of telemetry collection in either of the following ways:
- Set
settings.telemetry.enabled: falsein youratmos.yaml - Or set the environment variable:
ATMOS_TELEMETRY_ENABLED=false
Note for Atmos Pro users: If you're using Atmos Pro, your workspace ID will be included in telemetry events. This allows our team to provide more effective support and assist with troubleshooting as part of your subscription.
To learn more about what is collected and how it works, see the Telemetry Documentation.
Find all documentation at: atmos.tools
This project is under active development, and we encourage contributions from our community.
Many thanks to our outstanding contributors:
For π bug reports & feature requests, please use the issue tracker.
In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
- Review our Code of Conduct and Contributor Guidelines.
- Fork the repo on GitHub
- Clone the project to your own machine
- Commit changes to your own branch
- Push your work back up to your fork
- Submit a Pull Request so that we can review your changes
NOTE: Be sure to merge the latest changes from "upstream" before making a pull request!
Join our Open Source Community on Slack. It's FREE for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totally sweet infrastructure.
Sign up for our newsletter and join 3,000+ DevOps engineers, CTOs, and founders who get insider access to the latest DevOps trends, so you can always stay in the know. Dropped straight into your Inbox every week β and usually a 5-minute read.
Join us every Wednesday via Zoom for your weekly dose of insider DevOps trends, AWS news and Terraform insights, all sourced from our SweetOps community, plus a live Q&A that you canβt find anywhere else. It's FREE for everyone!
Preamble to the Apache License, Version 2.0
Complete license is available in the LICENSE file.
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
All other trademarks referenced herein are the property of their respective owners.
Copyright Β© 2017-2026 Cloud Posse, LLC

