Digger — A scalable and secure alternative to Atlantis for Terraform Automation and Collaboration.
Terraform Automation and Collaboration is a massive challenge in organisations that are scaling. Atlantis, A tool that helps in terraform pull request automation was a massive pain solver for infrastructure automation engineers back in the 2015–2017 period, but while it was a popular choice among infrastructure automation, DevOps, and SRE engineers about 4–5 years ago, it has since lost favor due to its inactivity for several years, during which it hardly accepted any Pull Requests. The atlantis community still ships features now, but there is no company behind it to own the roadmap.
At Digger, we have constantly spoken to engineers who are migrating from atlantis stating a bunch of pains, here are some points they have mentioned to us:
- As shown in the image below from Doordash’s blog, Atlantis duplicates CI functionality. Since Atlantis runs those TF jobs on the same VM, it misses out on all the scalability improvements done in the CI tooling over the years. In modern CI platforms jobs are isolated as docker images, they don’t share memory space, they run atop infinitely scalable pools of elastic compute such as K8S/ fargate. A single VM simply cannot do that, so you end up with deploying multiple instances of Atlantis and manually managing workload for each, a bit like good old Jenkins. With Digger on the other hand the terraform binary runs natively in your CI system’s compute, whatever it is — Github Action or private worker or your K8S cluster in case you are using something like ArgoCD.
2. Atlantis does not have Drift Detection. The Drift Detection issue is open since 2020 without much progress. Digger on the other hand has support for drift detection natively. The highly requested feature was merged just last week and can be viewed here.
3.Digger is an actively maintained COSS product, which means that there is priority support and feature implementation available with Digger.
Some additional Atlantis Security Risks that we have found:
- “In Atlantis, anyone who can run a plan, can exfiltrate your root credentials. This talked about by others and was highlighted at the Defcon 2021 conference.” (CloudPosse)
- “Anyone that stumbles upon your Atlantis instance can disable apply commands, i.e. stopping production infrastructure changes. This isn’t obvious at all, and it would be a real head scratcher to work out why Atlantis suddenly stopped working!” (Loveholidays blog)
Atlantis was like the OG pioneer of GitOps for Terraform, way back when. But these days, it’s kind of taken a backseat as more hip and actively maintained tools have swooped in. The new kids on the block are all about that reliability — they just don’t flinch. Flexibility? Oh yeah, they can shimmy and shake to fit any setup. And security? Well, let’s just say they’ve got a bouncer at the door. Atlantis had its moment, but now it’s like watching a classic movie while everyone’s at the blockbuster sequel.
