Deploy Atlantis as a Kubernetes Deployment or Docker container; expose it via an ingress with a public HTTPS endpoint for webhook delivery.
Configure a GitHub or GitLab webhook pointing at `https://<ATLANTIS_HOST>/events` with events: push and pull_request; set the webhook secret as `ATLANTIS_GH_WEBHOOK_SECRET`.
Set environment variables `ATLANTIS_GH_USER`, `ATLANTIS_GH_TOKEN`, and `ATLANTIS_REPO_ALLOWLIST` (e.g., `github.com/your-org/*`) in the Atlantis deployment.
On a pull request, Atlantis automatically runs `atlantis plan` for any changed Terraform directories; comment `atlantis apply` on the PR to apply after review.
Create a `atlantis.yaml` in the repository root to define custom workflows, directory mappings, and pre/post hooks (e.g., running `checkov` or `infracost` before plan).
Use Atlantis's locking mechanism: once a plan is run for a directory, that directory is locked until `atlantis apply` or `atlantis unlock` is called, preventing concurrent conflicting applies.
Known gotchas
Atlantis requires write access to post PR comments and set commit statuses; the GitHub token must have `repo` scope or fine-grained permissions including pull_request and checks write.
Atlantis runs Terraform with the permissions of the server process; ensure the Atlantis deployment has IAM roles or cloud credentials scoped appropriately to prevent overly broad access.
By default, Atlantis applies on any approved PR without additional gates; use `atlantis.yaml` `apply_requirements` (e.g., `approved`, `mergeable`) to require PR approvals before apply is permitted.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp