Migrating from Atlantis
Atlantis pioneered Terraform PR automation. But after 1-2 years, most teams outgrow it. If you’re hitting Atlantis’s limits, Yaffle is the natural next step.
Why teams leave Atlantis
Section titled “Why teams leave Atlantis”| Pain point | Atlantis | Yaffle |
|---|---|---|
| Operational overhead | You run it: servers, updates, monitoring | Managed service, zero ops |
| Single-threaded | One run at a time, bottleneck on busy repos | Parallel runs across workspaces |
| No RBAC | Anyone with repo access can atlantis apply | Granular approval policies |
| No drift detection | Manual checks or external tooling | Built-in (planned) |
| Plan-only previews | Shows what would change, can’t test it | Real infrastructure you can hit |
| State management | You configure backends | Fully managed |
| Secrets | Environment variables or external tools | AWS Secrets Manager integration |
What you’ll gain
Section titled “What you’ll gain”Preview environments
Section titled “Preview environments”Atlantis shows you a plan. Yaffle creates real infrastructure.
Atlantis: PR → terraform plan → read diff → merge → hope it worksYaffle: PR → plan → apply preview → test it → merge → apply productionYour QA team can test against pr-42.staging.example.com before merge.
No more server management
Section titled “No more server management”Stop patching Atlantis servers, debugging webhook issues, and scaling infrastructure. Yaffle runs in our infrastructure—you just connect your repo.
Proper access control
Section titled “Proper access control”Atlantis’s access model is “if you can push, you can apply.” Yaffle supports:
[[approvals]]workspaces = ["infra/production/*"]environments = ["production"]approvers = [ "github:team:acme/platform-engineering", "github:user:alice",]OpenTofu native
Section titled “OpenTofu native”Yaffle runs OpenTofu, the open-source fork under MPL 2.0. No BSL licensing concerns as your infrastructure scales.
Migration path
Section titled “Migration path”-
Install Yaffle
Section titled “Install Yaffle”Install the GitHub App on your repository. This doesn’t affect Atlantis—both can run simultaneously.
-
Add
Section titled “Add yaffle.toml”yaffle.tomlCreate a config matching your Atlantis setup:
version = 1[[environments]]name = "production"[[environments]]name = "staging"[[triggers.github.push]]branch = "main"environment = "production"[[triggers.github.pull_request]]branch_pattern = "*"[[workspaces]]path = "infra"environments = ["*"] -
Connect your AWS account
Section titled “Connect your AWS account”Deploy the bootstrap module to create the IAM role Yaffle assumes.
-
Test on a PR
Section titled “Test on a PR”Open a test PR. Both Atlantis and Yaffle will run. Compare results.
-
Disable Atlantis
Section titled “Disable Atlantis”Once confident, remove the Atlantis webhook or uninstall the Atlantis GitHub App.
Configuration mapping
Section titled “Configuration mapping”atlantis.yaml → yaffle.toml
Section titled “atlantis.yaml → yaffle.toml”Atlantis:
version: 3projects: - name: network dir: infra/network workspace: default autoplan: when_modified: ["*.tf"] enabled: true - name: compute dir: infra/compute workspace: defaultYaffle:
version = 1
[[workspaces]]path = "infra/network"environments = ["*"]
[[workspaces]]path = "infra/compute"environments = ["*"]Workflow commands
Section titled “Workflow commands”| Atlantis command | Yaffle equivalent |
|---|---|
atlantis plan | Automatic on PR push |
atlantis apply | Automatic after plan (previews) or on merge (production) |
atlantis plan -d infra/network | Plans all affected workspaces automatically |
atlantis unlock | Not needed—Yaffle manages locking |
Environment variables
Section titled “Environment variables”Atlantis: Set in server environment or atlantis.yaml
Yaffle: Use the variables field or Secrets Manager:
[[workspaces]]path = "infra"environments = ["*"]variables.region = "us-east-1"secrets.db_password = "arn:aws:secretsmanager:us-east-1:123:secret:db-pass"Running both during migration
Section titled “Running both during migration”You can run Atlantis and Yaffle simultaneously:
- Both will post checks to PRs
- Both will plan on push
- Only one should apply—disable Atlantis autoplan for production
# atlantis.yaml - disable autoplan during migrationversion: 3projects: - name: infra dir: infra autoplan: enabled: false # Manual only during migrationOnce you’re confident in Yaffle, remove Atlantis entirely.
Can I migrate incrementally?
Yes. Add specific workspaces to Yaffle while Atlantis handles others. Yaffle only manages workspaces defined in yaffle.toml.
What about existing state?
Yaffle manages its own state. Your existing Terraform state stays where it is. For new workspaces, Yaffle starts fresh. For existing resources, use tofu import.
Do I need to change my Terraform code?
No. Yaffle runs standard OpenTofu, which is compatible with Terraform configurations. Your .tf files work as-is.
What if something goes wrong?
Yaffle provides full run logs in the dashboard and GitHub checks. If a preview fails, it doesn’t affect production. If you need to rollback, revert your PR and Yaffle applies the previous state.