Terraform Automation: Review the Atlantis Workflow

Overview

Apply before merging or merging before applying, the great Terraform and OpenTofu debate. Both options have their pros and cons, but the biggest issue is accommodating all of your teams. Wouldn’t it be great to onboard teams with different GitOps philosophies and not have to change their day-to-day workflow? 

Well, now you can. Scalr has always supported the merge before apply workflow, but now we’re excited to introduce PR-Comment-Based Opentofu/Terraform Runs. No more jumping between tools or pipelines—just efficient infrastructure management from your existing code review workflow.

What Problem Are We Solving?

One of the most significant pain points in DevOps workflows is context switching. Engineers typically have to:

• Create a development or feature branch off of the main branch.
• Review the Terraform code in a pull request in a VCS provider such as GitHub or GitLab.
• Switch to the CI/CD tool to trigger a Terraform run.
• Wait for the plan or apply results in a separate environment.
• Repeat this process for each environment or stage (staging, production, etc.).

This workflow creates friction, slows down feedback loops, and increases the potential for human error, especially when managing complex infrastructure deployments across multiple environments. This is the main reason for the creation of Atlantis, a powerful open-source tool to execute Terraform commands from pull request comments. The developer can perform operations and receive feedback in a single place. While Atlantis is a great open-source project, many large organizations have trouble scaling for their needs, such as:

• Lack of a highly available solution that can handle many concurrent Terraform/OpenTofu runs at once.
• Atlantis supports the basic GitOps workflow but lacks integrations with the greater Terraform or OpenTofu eco-system such as OPA, CheckOv, Slack/Teams, and more.
• Lack of enterprise-level support team to help when an organization runs into critical issues.

By enabling Opentofu/Terraform to run directly from PR comments, Scalr streamlines this workflow, allowing team members to stay in their VCS context while reviewing terraform changes, automating environment testing, and deployments at an enterprise scale.

The Atlantis Workflow in Scalr

1. Enable the feature for the VCS provider

In addition to existing VCS features, such as “Trigger runs for draft pull requests” and “Send the plan summary back to pull request comments”, we added two more features: “Allow triggering plan-only runs from the PR comments” and “Allow triggering apply runs from the PR comments”. Once admins enable it, users can trigger runs from the PR comments.

2. Execute a Run From a Pull Request

Once VCS admins enable the end-users to trigger plans and applies from the PR, users can add the following comments, which will trigger runs in Scalr:

• /scalr plan - triggers plan-only Terraform runs in all workspaces with the VCS-driven dry runs enabled that are affected by the proposed changes.
• /scalr plan -force - also triggers plan-only Terraform runs, but it ignores the Enable VCS-driven dry runs workspace setting. This is very helpful when users want to ensure changes without changing the default workspace settings.
• /scalr apply - triggers apply Terraform runs in all workspaces affected by the PR. ‍
• /scalr apply -workspace-id=ws-12345678 - allows you to limit the workspaces you want to run a Terraform apply first (e.g. in the pre-production workspace).

3. Scalr Integration

Behind the scenes, Scalr picks up the comment event and initiates the Opentofu/Terraform workflow. Before running the operation, you can configure the pipelines to check for specific conditions like approvals or preconditions.

4. Output and Feedback

Once the plan is completed, the result (success/failure, resource changes, etc.) is automatically posted as a comment in the pull request thread, keeping your Terraform code review and infrastructure workflows fully integrated.

5. Advanced Use Cases (Optional)

Want to limit which Scalr environments can have runs executed in workspaces from pull request comments? Scalr’s integration with Open Policy Agent (OPA) can prevent various run sources, including PR comments. Every run that is executed in Scalr provides a source for the Terraform run input in OPA:

{
  "tfrun": {
    "workspace": {
   ....
   ...
   ..
    },
    "environment": {
      "id": "env-v0oj55tcci963d86q",
      "name": "Atlantis"
    },
    "vcs": {
      "repository_id": "repo/pr-driven",
      "branch": "dev",
      "commit": {
        "sha": "204b4ac780eea11c2fe9a639fc873acd23627daa",
        "message": "Update main.tf",
        "author": {
          "name": "user",
          "email": "user@users.noreply.github.com",
          "username": "user",
          "teams": null
        }
      },
      "pull_request": null
    },
    "cost_estimate": {
      "prior_monthly_cost": 0.0,
      "proposed_monthly_cost": 0.0,
      "delta_monthly_cost": 0.0
    },
    "source": "comment-github",
    "message": "Update main.tf",
    "is_destroy": false
   … 
   ..
   .

As seen above, an OPA policy check can be created to deny any run with the "source": "comment-github" or deny any run that isn’t "source": "comment-github". A use case for this is to allow PR-driven runs from lab and development environments, but maybe not production.

Learn more on OPA here.

Scalr advantages over Atlantis

As Scalr and Atlantis both support triggering plans and applies from the pull request comments, Scalr is built for any sized organization that is expanding its IaC usage:

High Availability

• Scalr is a highly available SaaS solution that offers SLA’s.
• Atlantis does not offer out-of-the-box, high-availability deployments. 

Support

• Scalr is a SaaS solution designed for organizations that want to run at scale. Scalr offers a highly available service with 24x7 support.
• Atlantis is an open-source tool that is supported by a great community of developers but cannot offer the same level of support as a SaaS product. Users also must run and support the Atlantis server.

Run Concurrency

• Scalr customers have at least 5 concurrent runs, a quota that can be increased free of charge by opening a support ticket. Also, every Scalr agent deployed by a customer adds 5 more concurrent runs. The speed at which developers can execute is a key advantage of Scalr’s.
• Atlantis is limited to one run at a time, greatly slowing down the development cycle for any company deploying in parallel.

Multi-Tenant and Role-Based Access Control (RBAC)

• Scalr is designed as a multi-tenant solution, allowing organizations to manage different teams and projects within a single platform while controlling access through granular RBAC. This is especially advantageous for large enterprises or multi-team setups where different departments have specific roles and permissions.‍
• Atlantis lacks built-in multi-tenancy and advanced RBAC, relying on simpler access controls and depending heavily on Git repository permissions.

Policy and Governance

• Scalr has built-in policy checks (OPA and Checkov), allowing administrators to define and enforce policies like manual approvals, cost management rules, and security best practices.
• Atlantis does not natively provide policy checks and governance features, although it can be integrated with policy-as-code tools (e.g., Open Policy Agent) to enforce custom policies. However, this requires additional setup.

Workflow Automation and Flexibility

• Scalr supports automated workflows and custom pipelines for Opentofu/Terraform runs, integrates directly with CI/CD pipelines, and allows flexible configuration of automation steps across different environments.
• Atlantis is primarily designed for Git-based workflows, focusing on PR-driven runs. It lacks Scalr's flexibility in configuring workflows that might not be entirely Git-driven.

Integration with Existing Tools

• Scalr integrates natively with tools like VCS providers (Github, Gitlab, Azure DevOps, Bitbucket), Okta, Slack/MS Teams, and monitoring tools (like Datadog, creating a unified ecosystem for DevOps processes. Scalr’s integration with Datadog and AWS Eventbridge supports enterprise-level audit logs to track all activity.
• Atlantis primarily integrates with VCS platforms like GitHub, GitLab, and Bitbucket, with fewer out-of-the-box integrations for broader toolchains.

State Management and Security

• Scalr includes Terraform managed state file storage with secure backups and versioning, which can help streamline disaster recovery and meet compliance requirements without additional configurations. Terraform state files can be stored in Scalr or any supported Terraform remote backend. Equally important, all Terraform operations can be executed on Scalr.io or self-hosted agents.
• Atlantis relies on Terraform’s backend configuration for Terraform state file management, which can be customized but requires self-management and adds setup complexity. Users must also manage the Atlantis instance and ensure it is secure.

User-Friendly Interface and Reporting

• Scalr offers a modern UI with dashboards, detailed run histories, and real-time feedback, which makes it easier to monitor infrastructure changes, plan outputs, and Terraform apply statuses across projects.
• Atlantis uses a more basic web interface for Terraform run information, and while functional, it lacks the enhanced visibility and reporting features available in Scalr.

Conclusion

For enterprises needing robust governance, policy enforcement, multi-tenancy, and deeper integrations, Scalr offers a more complete solution. Atlantis is a good stepping stone, but any team that is scaling their IaC usage will outgrow it.

Summary

By integrating Opentofu/Terraform runs with pull request comments (Atlantis workflow), we’re bringing infrastructure management closer to the source code. We’re excited to see how teams use this feature to streamline their DevOps processes. As always, we’re committed to continually improving and expanding these capabilities. In future updates, we plan to add more customizable triggers, better integration with policy engines, and extended multi-environment support.

Get Started Today

Ready to streamline your Terraform development process? Head over to our documentation to learn how to set up PR-Comment-Based Opentofu/Terraform Runs in Scalr. It’s quick to configure and can dramatically improve how you manage Terraform configuration changes.

As always, we value your feedback. Let us know how this feature impacts your Terraform projects and development process, and share your thoughts on future enhancements!

Sign up for the Scalr free tier and see how easy it is to reproduce the Atlantis workflow in Scalr.

‍