Spacelift is an Atlantis alternative that provides a more intuitive, versatile, and robust GitOps workflow, granular access control, drift detection, and many more. It's a better, more flexible CI/CD for Terraform, offering maximum security without sacrificing functionality. Spacelift embraces all of Atlantis’ features, offering them in a modern and sophisticated SaaS product.
One of the most frequent challenges while using Atlantis in practice is a non-intuitive workflow driven by its reliance on pull requests. Unlike other alternatives to Atlantis, Spacelift does not depend on pull requests, it’s driven by push and tag events, so it’s easy to build a sophisticated Git flow that can be easily customized using Git push policies. Efficiently accomplishing the Atlantis Workflow with Spacelift, is possible nonetheless.
Spacelift ships with a sophisticated mechanism allowing administrators to declare who can log in (and under what circumstances) and what should be their level of access to each of the managed projects. Spacelift ships with SSO out of the box, supporting every identity provider that speaks SAML 2.0 protocol.
No other alternative to Atlantis puts policy-as-code in the center of its value proposition and builds a consistent, robust policy framework on top of Open Policy Agent – an open-source solution endorsed by Cloud Native Computing Foundation. You can not only declare rules that ensure compliance of your Terraform changes, but also implement rules around account and project access, handling push notifications, starting runs and triggering tasks, and creating relationships between projects.
In IaC you usually have multiple workflows defined to make an end to end deployment of an environment and all of its components. This can be all embedded in a CI/CD pipeline, but it usually clutters the workflow and you have to pass a lot of variables from one step to the next which can be error prone. Spacelift supports this sophisticated workflow and makes it easier to manage it, through Stack Dependencies. With this feature, you can have a stack run after another one finishes, and you can easily have nested dependencies thanks to the fact that these dependencies are directed acyclic graphs (DAG).
Spacelift adds a full CI solution for Terraform modules. You can ensure that your private modules are healthy before you distribute them to the rest of your organization. Provider Registry is currently in open beta.
In Spacelift, much of the configuration can be handled by the project owners themselves – you can add Terraform and/or environment variables and mount files (even inject Terraform code!) programmatically or through the GUI without the need for administrative privileges or changing the central server configuration.
Spacelift entities like stacks, contexts, modules or policies as well as their configuration can be managed in a declarative way using your favorite infra-as-code tool. Yes, that’s right – Spacelift offers a Terraform provider that allows you to manage the lifecycle of its own resources programmatically.
Contexts allow you to attach entire collections of configuration to individual stacks and modules. Tasks provide a powerful audited way of running one-off administrative commands on an initialized Terraform environment – subject to their own policy constraints.
Stack locking allows a single individual to take exclusive control over a stack to ensure that nobody is able to modify its state while crucial changes are being made. The resources visualization shows you all the resources you’re managing in your account, when and how they’ve last been updated, and lets you slice and dice them using a plethora of views, filters and groupings.
Available Frameworks
Terraform
Terragrunt
Kubernetes
CloudFormation
Pulumi
Ansible
ARM
Terraform
Terragrunt
SaaS offering
Yes
No
User Interface
Dedicated User Interface
Same as your VCS
State Management
Can host your state, but you are free to host it wherever you want
You need to handle your state
SSO
SAML 2.0
None
Policy As Code
OPA
Only with integration
Webhooks
Yes
Yes
Private Module Registry
Built-in + functional and compliance testing solution for new module versions
No registry
VCS driven runs + Pull request driven runs
Yes for all supported frameworks
Yes for all supported frameworks
High Availability
Yes
Requires additional effort
Sophisticated Workflows
Easy to build sophisticated workflows with Stack dependencies and Custom Inputs
Requires writing a lot of code in order to achieve a sophisticated workflows
Resource Visualization
Automatic architecture trees built after resources are deployed
None
Drift Detection
Built-in + optional remediation
None
Cost Estimation
Native Integration with Infracost
Only with integration
Audit logs
Yes
Yes
We always try to listen to the needs of our users and we know it works!
Your policy workbench, different policies, and metadata available to them to make decisions is probably the most important feature you have to us. The selling point that I’m hammering is now we can make access/push/approval decisions more intelligently. We can add other teams as approvers to PRs based on what types of resources are being touched or what stack they are in. I’ve implemented a feature where the access policy on a stack allows you stack_write access to it based on a label affixed to the stack. This is all very cool and will move us forward.
You guys move crazy fast… Things keep changing as I migrate 😃
That feature is awesome btw. Makes my life with the migration a lot easier.
I have to say, I love the tasks functionality.. makes debugging so much easier…
Hello there 👋 Glad that Spacelift got picked to make our infrastructure-as-code runs better 🎉
Indeed, we also have evaluated the Terraform Cloud Enterprise solution, however since our needs in terms of Infrastructure-as-Code and Continuous Deployment span beyond Terraform (e.g. SAM, potentially Ansible), we are leaning towards Spacelift as our global solution.
Hi y’all, nice to meet you! Thank you for building Spacelift we’re really excited to be using it. Before spacelift all terraform applies had to be done locally from peoples mac books, this is such an improvement both for their productivity as well as the safety, security, and observability of those applies.
Sweet – sounds great to me! I love the platform y’all have built – it has made managing our infrastructure 10000000x easier
Today, my devs did their first fully-unassisted app deployment to production. Over the past 2.5 years, we’ve trained towards GitOps and, step-by-step, turned over the automation to the devs. First, we got them comfortable with creating PRs with their version bumps, then we introduced them to Spacelift, teaching them how to navigate plans and use the Spacelift Github integration checks to validate the deploys as well as introducing them to TF plans, now available to them in SL. And today, one of our leads handled the whole process w/out DevOps intervention.
Spacelift completed the circuit, by giving u a consistent and independent run environment, and a UI that makes the whole TF layer accessible to all users, putting the icing on the cake.
Thank you for helping so quickly and diligently to debug our issue. This isn’t even the first time you all have hopped on quickly either but I really did want to call it out today that as a customer, I had a great experience, and I hope you can pass this on internally.
woot!
i’m stoked
SL is by far the best platform I have ever seen for this type of work.
and I’ve looked and tried a lot of solutions.
Yep, all good. Having a great time working on getting our setup refactored to work nicely with Spacelift. It’s my focus currently and I’m enjoying it.
Your policy workbench, different policies, and metadata available to them to make decisions is probably the most important feature you have to us. The selling point that I’m hammering is now we can make access/push/approval decisions more intelligently. We can add other teams as approvers to PRs based on what types of resources are being touched or what stack they are in. I’ve implemented a feature where the access policy on a stack allows you stack_write access to it based on a label affixed to the stack. This is all very cool and will move us forward.
You guys move crazy fast… Things keep changing as I migrate 😃
That feature is awesome btw. Makes my life with the migration a lot easier.
I have to say, I love the tasks functionality.. makes debugging so much easier…
Hello there 👋 Glad that Spacelift got picked to make our infrastructure-as-code runs better 🎉
Indeed, we also have evaluated the Terraform Cloud Enterprise solution, however since our needs in terms of Infrastructure-as-Code and Continuous Deployment span beyond Terraform (e.g. SAM, potentially Ansible), we are leaning towards Spacelift as our global solution.
Hi y’all, nice to meet you! Thank you for building Spacelift we’re really excited to be using it. Before spacelift all terraform applies had to be done locally from peoples mac books, this is such an improvement both for their productivity as well as the safety, security, and observability of those applies.
Sweet – sounds great to me! I love the platform y’all have built – it has made managing our infrastructure 10000000x easier
Today, my devs did their first fully-unassisted app deployment to production. Over the past 2.5 years, we’ve trained towards GitOps and, step-by-step, turned over the automation to the devs. First, we got them comfortable with creating PRs with their version bumps, then we introduced them to Spacelift, teaching them how to navigate plans and use the Spacelift Github integration checks to validate the deploys as well as introducing them to TF plans, now available to them in SL. And today, one of our leads handled the whole process w/out DevOps intervention.
Spacelift completed the circuit, by giving u a consistent and independent run environment, and a UI that makes the whole TF layer accessible to all users, putting the icing on the cake.
Thank you for helping so quickly and diligently to debug our issue. This isn’t even the first time you all have hopped on quickly either but I really did want to call it out today that as a customer, I had a great experience, and I hope you can pass this on internally.
woot!
i’m stoked
SL is by far the best platform I have ever seen for this type of work.
and I’ve looked and tried a lot of solutions.
Yep, all good. Having a great time working on getting our setup refactored to work nicely with Spacelift. It’s my focus currently and I’m enjoying it.
Enable collaboration. Ensure control and compliance. Improve flexibility. Customize, automate, and own your workflows.