atmos-auth
Atmos Authentication and Identity Management
Atmos Auth provides a unified authentication layer for multiple cloud providers. It consolidates AWS SSO, SAML,
OIDC, GitHub Actions, GCP Workload Identity Federation, Azure, and static credentials into a single configuration
model in atmos.yaml. Credentials are managed through providers (upstream authentication systems) and identities
(the roles and accounts obtained from those providers), with support for identity chaining, keyring-based
credential storage, and integrations like ECR.
Architecture Overview
The auth system has four layers configured under the auth: key in atmos.yaml:
- Providers -- Upstream systems that issue initial credentials (SSO, SAML, OIDC, GCP ADC/WIF).
- Identities -- Roles, permission sets, or accounts obtained from providers or chained from other identities.
- Keyring -- Secure credential storage backend (system keyring, encrypted file, or in-memory).
- Integrations -- Client-side credential materializations (e.g., ECR Docker login) triggered by identity auth.
auth:
More from cloudposse/atmos
atmos-design-patterns
Design patterns: stack organization, component catalogs, inheritance, configuration composition, version management, layered configuration
15atmos-config
Project configuration: atmos.yaml structure, all sections, discovery, merging, base paths, settings, imports, profiles
12atmos-workflows
Workflow automation: multi-step workflows, Go template support, cross-component orchestration
12atmos-helmfile
Helmfile orchestration: sync/apply/destroy/diff, Kubernetes deployments, varfile generation, EKS integration, source management
12atmos-stores
Store backends: AWS SSM, Azure Key Vault, Google Secret Manager, Redis, Artifactory configuration, hooks integration, cross-component data sharing
11atmos-stacks
Stack configuration: imports, inheritance, deep merging, locals, vars, settings, metadata, overrides
10