What’s the difference between Atlantis and Overmind?

James Lane
February 16, 2024

What is Atlantis?

Atlantis is an open-source, self-hosted automation Terraform application. It operates based on pull requests and simplifies the Terraform workflow by automating tasks through pull request comments. With each new pull request, Atlantis automatically executes the terraform plan command and provides feedback by commenting on the pull request. Once the suggested changes are reviewed, users can leave comments in the pull request to apply those changes. Atlantis intergrates with GitHub, GitLab or Bitbucket webhooks. Eliminating the need for a separate UI for users and developers

To access the state and managed resources, Atlantis self-hosted runners can be assigned an identity native to your cloud environment (e.g., AWS instance profile) instead of using credentials. These runners can be configured to run within a VPC to access local resources, such as VPC-internal databases. However, they require inbound connectivity from the VCS provider to receive webhooks. Configuration of Atlantis primarily relies on environment variables passed to the statically linked binary and a YAML file.

It allows easy integration with other Terraform-helper tools like tfsec, checkov, Infracost, and Terratag. It seamlessly works with Terraform wrappers like Terragrunt and can even incorporate some of Terragrunt's features into vanilla Terraform, such as before and after hooks for each execution stage (init, plan, apply, etc.).

What is Overmind?

Overmind is a SaaS Terraform impact analysis tool. It acts as a second pair of eyes, taking the output of Terraform plan to tell you along with the current state of your infrastructure to calculate any dependencies and determine the potential impact or the blast radius of a change. It works by querying your AWS infrastructure via their API in real-time using a read-only role.

Using the blast radius, its real-time dependency map and a LLM it can provide a list of human readable risks that can be reviewed prior to running Terraform apply. These risks can either be commented back as part of your CI / CD pipeline or viewed in the app.

Overmind supports >100 different AWS resources and >300 possible relationships, including those that span AWS Accounts and services, whether they be created by Terraform, manual intervention, or any other process. It currently has two plans (free & pay-as-you-go.) The free plan offers unlimited users 150 free changes per month with any extra changes $0.45 each after.

Usage

Get started by creating a free account.

Next you will need to create a change. This can be done by:

  • Get started quickly using the Overmind Github action. The action will automatically create a new change with the resources and items parsed from your Terraform plan output.
  • Integrate Overmind into any CI /CD tool using the CLI.
  • Coming soon or by using the Overmind CLI to run a plan and apply locally.

Overmind Plan

Let's look at an example using the Github action. Based on the planned changes and the relationships that we have discovered, Overmind discovers the blast radius of what might be affected by this change including resources not in terraform.

Overmind Github actions process diagram

The Github action can be set up as part of you CI/CD pipeline to notify you of the affected items/ apps of your change automatically. However any CI /CD tool can be supported using the CLI.

You will then receive a set of human-readable risks that you are able to see if there is anything unexpected or of concern. If you notice that the change might affect more than you thought, you can modify either your code, or the way you plan to roll out and monitor the change to account for it. These risks can either be commented back as part of your CI / CD pipeline or viewed in the app.

By understanding which services would potentially by affected by the planned change, you'll have a full picture and will be able to fix any issues before it effects production.

Overmind apply (diffs)

When you're ready to start the change, Overmind will take a snapshot before and after to validate that the change went through as intended. Allowing you to view the health status of resources and config diffs in detail within the app.

  • Differentiate between “intentional” changes made as part of a deployment, and “unintentional” changes that may indicate that the deployment has caused problems and needs to be rolled back.
  • Have a record of which Terraform deployments caused which infrastructure changes means that the causes of problems can be more quickly discovered, reducing Mean Time To Identification
  • Store infrastructure state before a failed deployment, means that rollbacks can be done easily, with a guaranteed reference to the previous working configuration

Exploring you infra

Overmind also lets you discover dependencies in real-time using the “Explore” functionality, allowing them to plan the rollout of changes more easily and avoid risky changes to core components. Understand an application starting with just a AWS resource name or public data point and expanding outwards without significant knowledge of AWS or the application itself.

If you want to just try this out on public data (HTTP, DNS etc), you can use the new Playground without needing to sign up.

Both tools are freely available:

  • Atlantis - you can find the website here.
  • Overmind - You can sign up here.