Spacelift is an Atlantis alternative that embraces all of its features, offering them in a modern and sophisticated SaaS product. It provides a more intuitive, versatile, and robust GitOps workflow, granular access control, drift detection, and many more. It's a better, more flexible CI/CD for Terraform, offering maximum security without sacrificing functionality.
One of the most frequent challenges while using Atlantis in practice is a non-intuitive workflow driven by its reliance on pull requests. Spacelift does not depend on pull requests, it’s driven by push and tag events, so it’s easy to build a sophisticated Git flow that can be easily customized using Git push policies. Efficiently accomplishing the Atlantis Workflow with Spacelift, is possible nonetheless.
Spacelift ships with a sophisticated mechanism allowing administrators to declare who can log in (and under what circumstances) and what should be their level of access to each of the managed projects. Spacelift ships with SSO out of the box, supporting every identity provider that speaks SAML 2.0 protocol.
Spacelift puts policy-as-code in the center of its value proposition and builds a consistent, robust policy framework on top of Open Policy Agent – an open-source solution endorsed by Cloud Native Computing Foundation. You can not only declare rules that ensure compliance of your Terraform changes, but also implement rules around account and project access, handling push notifications, starting runs and triggering tasks, and creating relationships between projects.
In IaC you usually have multiple workflows defined to make an end to end deployment of an environment and all of its components. This can be all embedded in a CI/CD pipeline, but it usually clutters the workflow and you have to pass a lot of variables from one step to the next which can be error prone. Spacelift supports this sophisticated workflow and makes it easier to manage it, through Stack Dependencies. With this feature, you can have a stack run after another one finishes, and you can easily have nested dependencies thanks to the fact that these dependencies are directed acyclic graphs (DAG)
Spacelift adds a full CI solution for Terraform modules. You can ensure that your private modules are healthy before you distribute them to the rest of your organization. Provider Registry is currently in open beta.
In Spacelift, much of the configuration can be handled by the project owners themselves – you can add Terraform and/or environment variables and mount files (even inject Terraform code!) programmatically or through the GUI without the need for administrative privileges or changing the central server configuration.
Spacelift entities like stacks, contexts, modules or policies as well as their configuration can be managed in a declarative way using your favorite infra-as-code tool. Yes, that’s right – Spacelift offers a Terraform provider that allows you to manage the lifecycle of its own resources programmatically.
Contexts allow you to attach entire collections of configuration to individual stacks and modules. Tasks provide a powerful audited way of running one-off administrative commands on an initialized Terraform environment – subject to their own policy constraints.
Stack locking allows a single individual to take exclusive control over a stack to ensure that nobody is able to modify its state while crucial changes are being made. The resources visualization shows you all the resources you’re managing in your account, when and how they’ve last been updated, and lets you slice and dice them using a plethora of views, filters and groupings.
Available Frameworks
Terraform
Terragrunt
Kubernetes
CloudFormation
Pulumi
Ansible
ARM
Terraform
Terragrunt
SaaS offering
Yes
No
User Interface
Dedicated User Interface
Same as your VCS
State Management
Can host your state, but you are free to host it wherever you want
You need to handle your state
SSO
SAML 2.0
None
Policy As Code
OPA
Only with integration
Webhooks
Yes
Yes
Private Module Registry
Built-in + functional and compliance testing solution for new module versions
No registry
VCS driven runs + Pull request driven runs
Yes for all supported frameworks
Yes for all supported frameworks
High Availability
Yes
Requires additional effort
Sophisticated Workflows
Easy to build sophisticated workflows with Stack dependencies and Custom Inputs
Requires writing a lot of code in order to achieve a sophisticated workflows
Resource Visualization
Automatic architecture trees built after resources are deployed
None
Drift Detection
Built-in + optional remediation
None
Cost Estimation
Native Integration with Infracost
Only with integration
Audit logs
Yes
Yes
We always try to listen to the needs of our users and we know it works!
Enable collaboration. Ensure control and compliance. Improve flexibility. Customize, automate, and own your workflows.