From atmos
Details Atmos components for IaC: Terraform root modules, Helmfile, Packer; directory structure, inheritance, versioning, mixins, and stack configurations.
npx claudepluginhub cloudposse/atmos --plugin atmosThis skill uses the workspace's default tool permissions.
Components are the building blocks of infrastructure in Atmos. Each component is an opinionated, reusable unit of infrastructure-as-code -- typically a Terraform root module -- that solves a specific problem. Atmos separates the component implementation (code) from its configuration (stack manifests), enabling one implementation to be deployed many times with different settings.
Documents Atmos patterns for stack organization, multi-region setups, org hierarchies, inheritance chains, and layered YAML configs for Terraform infrastructure.
Guides creation, modification, validation of Terraform Stack configs (.tfcomponent.hcl, .tfdeploy.hcl); manages components/deployments from local/public/private sources for multi-region/env infrastructure.
Authors Pulumi ComponentResource classes for reusable infrastructure components, including args interfaces, multi-language support, package distribution, and debugging.
Share bugs, ideas, or general feedback.
Components are the building blocks of infrastructure in Atmos. Each component is an opinionated, reusable unit of infrastructure-as-code -- typically a Terraform root module -- that solves a specific problem. Atmos separates the component implementation (code) from its configuration (stack manifests), enabling one implementation to be deployed many times with different settings.
In Atmos, a component consists of two parts:
components/ directory.components section.This separation is fundamental: you write the Terraform module once, then configure it differently for each environment, region, and account through stack YAML files.
Atmos natively supports three component types:
| Type | Implementation Location | Purpose |
|---|---|---|
| Terraform / OpenTofu | components/terraform/<name>/ | Provision cloud infrastructure resources |
| Helmfile | components/helmfile/<name>/ | Deploy Helm charts to Kubernetes clusters |
| Packer | components/packer/<name>/ | Build machine images (AMIs, VM images) |
Terraform is by far the most common type. Custom commands can extend Atmos to support any tooling.
Components are stored in your project's components/ directory, organized by type:
components/
terraform/
vpc/
main.tf
variables.tf
outputs.tf
versions.tf
eks/
cluster/
main.tf
variables.tf
outputs.tf
s3-bucket/
main.tf
variables.tf
outputs.tf
iam-role/
main.tf
variables.tf
outputs.tf
helmfile/
nginx-ingress/
helmfile.yaml
cert-manager/
helmfile.yaml
packer/
ubuntu-base/
template.pkr.hcl
The base path for Terraform components is configured in atmos.yaml:
components:
terraform:
base_path: "components/terraform"
Nested directories are supported. A component at components/terraform/eks/cluster/ is referenced as eks/cluster in stack configurations.
Components are configured in the components section of stack manifests:
components:
terraform:
vpc:
metadata:
component: vpc # Points to components/terraform/vpc/
vars:
cidr_block: "10.0.0.0/16"
availability_zones:
- us-east-1a
- us-east-1b
settings:
spacelift:
workspace_enabled: true
eks-cluster:
metadata:
component: eks/cluster # Points to components/terraform/eks/cluster/
vars:
cluster_name: prod-eks
kubernetes_version: "1.28"
Each component configuration can include these sections:
| Section | Purpose |
|---|---|
metadata | Component location, inheritance, type, and Atmos behavior |
vars | Input variables passed to Terraform/Helmfile/Packer |
env | Environment variables set during execution |
settings | Integration metadata (Spacelift, validation, depends_on) |
hooks | Lifecycle event handlers |
backend / backend_type | Terraform state backend configuration |
providers | Terraform provider configuration |
command | Override the executable (e.g., tofu instead of terraform) |
auth | Authentication identity reference |
Mark a component as metadata.type: abstract to create a blueprint that cannot be deployed directly:
components:
terraform:
vpc/defaults:
metadata:
type: abstract
component: vpc
vars:
enabled: true
nat_gateway_enabled: true
max_subnet_count: 3
vpc_flow_logs_enabled: true
Abstract components:
atmos terraform apply (Atmos returns an error).atmos describe stacks output by default.If metadata.type is not specified, the component is real and can be deployed:
components:
terraform:
vpc:
metadata:
inherits:
- vpc/defaults
vars:
vpc_cidr: "10.0.0.0/16"
Use metadata.inherits to inherit configuration from a base component:
components:
terraform:
vpc/defaults:
metadata:
type: abstract
component: vpc
vars:
enabled: true
nat_gateway_enabled: true
vpc:
metadata:
inherits:
- vpc/defaults
vars:
nat_gateway_enabled: false # Override inherited value
The derived component receives all vars, env, settings, hooks, backend, providers, and command from the base, then its own values are deep-merged on top.
A component can inherit from multiple bases. Entries are processed in order with later entries having higher precedence:
components:
terraform:
rds:
metadata:
component: rds
inherits:
- base/defaults # Applied first
- base/logging # Applied second
- base/production # Applied last (highest base precedence)
vars:
name: my-database # Inline has highest precedence
This enables composing "traits" -- reusable abstract components that represent independent configuration concerns (logging, security, sizing, environment settings).
The metadata.component field maps an Atmos component name to its Terraform root module directory:
components:
terraform:
vpc-main:
metadata:
component: vpc # Uses components/terraform/vpc/
vars:
name: main-vpc
vpc-isolated:
metadata:
component: vpc # Same Terraform module
vars:
name: isolated-vpc
enable_internet_gateway: false
Both components use the same Terraform code but maintain separate state files and configurations. This is the multiple component instances pattern.
Deploy the same Terraform module multiple times in the same stack by giving each instance a unique Atmos component name:
components:
terraform:
vpc/1:
metadata:
component: vpc
inherits:
- vpc/defaults
vars:
name: vpc-1
ipv4_primary_cidr_block: 10.9.0.0/18
vpc/2:
metadata:
component: vpc
inherits:
- vpc/defaults
vars:
name: vpc-2
ipv4_primary_cidr_block: 10.10.0.0/18
Each instance has its own Terraform state and is independently deployable:
atmos terraform apply vpc/1 -s plat-ue2-prod
atmos terraform apply vpc/2 -s plat-ue2-prod
All fields available in the metadata section:
| Field | Type | Description |
|---|---|---|
component | string | Path to Terraform root module relative to components base path |
inherits | list | List of component names to inherit configuration from |
type | string | abstract (non-deployable) or real (default, deployable) |
name | string | Stable logical identity for workspace key prefix |
enabled | boolean | Enable or disable the component (default: true) |
locked | boolean | Prevent modifications to the component |
terraform_workspace | string | Explicit workspace name override |
terraform_workspace_pattern | string | Workspace name pattern with tokens |
custom | map | User-defined metadata (preserved, not interpreted by Atmos) |
The stacks/catalog/ directory is the conventional location for reusable component configurations:
stacks/
catalog/
vpc/
_defaults.yaml # Abstract base for all VPC instances
eks/
_defaults.yaml
cluster.yaml
s3-bucket/
_defaults.yaml
iam-role/
_defaults.yaml
Catalog files define abstract components with sensible defaults. Top-level stacks import from the catalog and override only what differs:
# stacks/catalog/vpc/_defaults.yaml
components:
terraform:
vpc/defaults:
metadata:
type: abstract
component: vpc
vars:
enabled: true
nat_gateway_enabled: true
max_subnet_count: 3
# stacks/orgs/acme/plat/prod/us-east-1.yaml
import:
- catalog/vpc/_defaults
components:
terraform:
vpc:
metadata:
inherits:
- vpc/defaults
vars:
vpc_cidr: "10.0.0.0/16"
Mixins are small, focused configuration snippets that alter component behavior. They are typically stored in stacks/mixins/ and imported into stacks:
stacks/
mixins/
region/
us-east-1.yaml
us-east-2.yaml
us-west-2.yaml
stage/
dev.yaml
staging.yaml
prod.yaml
tenant/
plat.yaml
# stacks/mixins/region/us-east-2.yaml
vars:
region: us-east-2
environment: ue2
# stacks/orgs/acme/plat/prod/us-east-2.yaml
import:
- mixins/region/us-east-2
- mixins/stage/prod
- catalog/vpc/_defaults
Components can access outputs from other components using the remote-state module or YAML functions:
# Using YAML function
components:
terraform:
eks-cluster:
vars:
vpc_id: !terraform.output vpc vpc_id
subnet_ids: !terraform.output vpc private_subnet_ids
For the Terraform-side approach, use the remote-state module:
# In components/terraform/eks/cluster/remote-state.tf
module "vpc" {
source = "cloudposse/stack-config/yaml//modules/remote-state"
version = "1.5.0"
component = "vpc"
}
This reads the VPC component's Terraform outputs from the same or a different stack.
Maintain multiple versions of a component side by side:
components/
terraform/
vpc/
v1/
main.tf
v2/
main.tf
components:
terraform:
vpc:
metadata:
name: vpc # Stable workspace key prefix
component: vpc/v2 # Physical version path
Use atmos vendor pull to pin specific upstream versions. See the atmos-vendoring skill for details.
One concern per component: Each component should provision a single logical piece of infrastructure (VPC, EKS cluster, database). Do not combine resources with different lifecycles.
Use abstract base components: Define catalog defaults as abstract components and inherit from them.
Keep inheritance chains shallow: Limit to 2-3 levels for readability and debuggability.
Use metadata.component for instances: When deploying the same module multiple times, use metadata.component to share the implementation.
Use metadata.name for versioning: Set metadata.name to maintain stable Terraform workspace key prefixes across version upgrades.
Design for reuse: Components should accept configuration through variables, not hard-coded values. Use the catalog pattern to define sensible defaults.
Use atmos describe component: Always verify the resolved configuration before applying changes.
atmos describe component vpc -s plat-ue2-prod