AtlantasAtlantas
The Trust Layer for Infrastructure Automation

Managed Atlantis
for the Agentic Era.

AI agents detect drift, clean up waste, and keep versions current — all gated by an evaluation pipeline that enforces policy, cost, and security checks before any change reaches production. Equal care for human and AI operators.

Start Free TrialMeet the Agent Fleet
atlantas — drifter agent
# Drifter detects manual S3 bucket change
drifter drift detected aws_s3_bucket.uploads — public_access modified
⚠ Structural drift — opening import PR
# Evaluation pipeline checks the PR automatically
✓ OPA policy check passed (3 rules)
✓ Infracost cost delta: +$0.00/mo
✓ tfsec 0 critical, 0 high findings
# Human approves → apply → verification confirms
✓ Applied 1 resource imported
✓ Verified terraform plan shows 0 changes — drift resolved

Works with the tools your team and your agents already use

Terraform
Terraform
OpenTofu
OpenTofu
AWS
AWS
Google Cloud
Google Cloud
Azure
Azure
Kubernetes
Kubernetes
GitHub
GitHub
Claude
Claude
ChatGPT
ChatGPT
AI Agent Fleet

AI agents, governed by trust

Each agent operates under scoped permissions, submits PRs for human review, and passes the same evaluation gauntlet as your team.

The Drifter

Detects manual cloud changes via terraform plan diff. Filters noise — auto-scaling, timestamps, computed attributes. Opens import PRs with LLM-generated HCL.

  • Multi-cloud drift detection
  • Configurable ignore rules
  • LLM-assisted import blocks
  • Post-apply verification

The Janitor

Finds orphaned resources — unattached volumes, unused EIPs, idle environments. Respects age and usage thresholds. PRs include cost savings estimates.

  • State + cloud API analysis
  • Conservative thresholds
  • Infracost savings estimate
  • Never deletes with deps

The Upgrader

Detects outdated provider and module versions via Terraform Registry API. Runs dry-plan before submitting. Never proposes major version bumps.

  • Registry API version check
  • Dry-plan gate
  • Per-candidate PRs
  • No major version bumps

The Closed Loop

Every agent proposal follows the same trust pipeline as human changes

Agent DetectsOpens PROPA + Infracost + tfsecHuman ApprovesApplyVerified

Trust is the product

Every infrastructure change — whether proposed by a human engineer or an AI agent — flows through the same evaluation gauntlet before reaching production.

Change ProposedHuman or AgentOPA PoliciesCompliance checkInfracostCost estimationtfsec ScanSecurity checkBlast RadiusImpact reviewHuman GateApprove / RejectApplyterraform applyVerifiedState confirmed

Hard Block

Cannot approve. Fix the violation in code. Public S3 buckets, open security groups.

Soft Block

Override required. Admin or operator must click Override and Approve. Logged in audit trail.

Informational

Proceed freely. Finding is noted for awareness. Cost delta shown, no action required.

Everything you need to trust infrastructure automation

From evaluation pipelines to blast radius visualization — every feature designed to make infrastructure changes safe, visible, and auditable.

Evaluation Pipeline

OPA policy-as-code, Infracost cost gates, and tfsec security scanning on every plan. Hard blocks, soft blocks, and informational tiers per environment.

Blast Radius Visualization

Interactive dependency graph showing exactly what every plan affects. Color-coded nodes, service tag clusters, and an LLM-generated summary.

AI Agents

Drifter detects drift and opens import PRs. Janitor finds orphaned resources with cost savings. Upgrader bumps versions after dry-plan verification.

Silicon Identities

Agents have distinct non-human identities with environment-scoped permissions and short-lived tokens. They cannot approve their own proposals.

Closed-Loop Verification

After every apply, terraform plan confirms state matches reality. Verified, Failed, or Unavailable — the system never reports false success.

Multi-Tenant Isolation

PostgreSQL RLS, K8s NetworkPolicies, and per-tenant HKDF encryption. Every query scoped at the database level, not just application code.

Real-Time Plan Streaming

SSE streaming of plan and apply output as it happens. Structured resource-level diffs with color-coded add, modify, and destroy indicators.

State Browser

Browse resources in state as a tree. Click to see attributes. Version history with diffs. Lock and unlock from the UI with admin force-unlock.

Up and running in five steps

From zero to a fully governed agentic infrastructure platform.

01

Connect

Link your cloud accounts (AWS, GCP, Azure via IAM role, static creds, or OIDC) and repos (GitHub App or Git PAT/deploy key).

02

Create

Spin up a managed Atlantis instance in your isolated K8s namespace. Configure version and server-side settings via YAML editor.

03

Configure

Set evaluation policies (OPA rules), cost thresholds (Infracost), and security rules (tfsec) per environment. Stricter for prod, relaxed for dev.

04

Activate

Enable the Drifter, Janitor, and Upgrader agents with environment-scoped permissions. Set cron schedules. Agents get short-lived tokens — never long-lived keys.

05

Trust

Every change — human or agent — passes through the evaluation gauntlet, shows blast radius, requires approval, and gets post-apply verification.

Built-in State Backend

State as an API your agents can reason about

Atlantas hosts your Terraform state with encryption at rest, automatic versioning, and built-in locking. Your agents can read state over HTTP to understand current infrastructure before making changes. No more S3 buckets or DynamoDB lock tables.

AES-256 Encryption
Per-tenant HKDF key derivation — a single key compromise never exposes other tenants
State Browser
Browse resources as a tree, click to see attributes. Version history with structured diffs.
Lock / Unlock from UI
Admin force-unlock for stuck locks with confirmation dialog. State locking via native HTTP backend.
Version History
Full audit trail with diffs between versions — whether a human or an agent made the change
Agent-Readable
Agents can GET state to inspect resources before planning changes
backend.tf
terraform {
  backend "http" {
    address        = "https://atlantas.io/api/v1/tfstate/vpc-core/default"
    lock_address   = "https://atlantas.io/api/v1/tfstate/vpc-core/default"
    unlock_address = "https://atlantas.io/api/v1/tfstate/vpc-core/default"
    lock_method    = "LOCK"
    unlock_method  = "UNLOCK"
  }
}

# That's it. Atlantas handles the rest.

Visual Infrastructure

See your infrastructure as a graph

Your team uses the graph editor. Your agents use the same data via the API. Both see the same topology — projects, instances, dependencies, and assignments.

Project Graph4 projects · 2 instances
vpc-core
org/infra · default
iam-policies
org/security · prod
eks-cluster
org/platform · staging
monitoring
org/observability · default
infra-prod
Running
infra-staging
Running

How Atlantas compares

The only Atlantis platform built for the agentic era — with trust architecture that competitors cannot match.

FeatureAtlantasHCP CloudSelf-Hosted
AI Agent Fleet (Drifter, Janitor, Upgrader)
Evaluation Pipeline (OPA + Infracost + tfsec)
Blast Radius Visualization
Silicon Identities (Agent RBAC)
Closed-Loop Verification
Per-Environment Policy ThresholdsPartial
Agent-ready REST API
Multi-tenant isolation (RLS + NetworkPolicies)Partial
Encrypted state hosting (per-tenant HKDF)DIY
Real-time plan streaming (SSE)
SSO (Google, GitHub, OIDC, SAML)DIY
Setup time< 30 minHoursDays
Self-hosted option

Simple, per-resource pricing

$9 per user per month + $0.15 per resource per month.
Free tier: up to 2 users and 50 resources.

Free

For individuals exploring managed Atlantis.

Free
  • Up to 2 users
  • Up to 50 managed resources
  • 1 Atlantis instance
  • 3 environments
  • 100 runs / month
  • Built-in evaluation policies
  • State browser & version history
  • GitHub SSO
  • Community support
Start Free
Most Popular

Pro

Per-user pricing that scales with your infrastructure.

$9/ user / month
  • $9 / user / month
  • $0.15 per resource / month
  • Unlimited Atlantis instances
  • Unlimited environments & runs
  • All 3 AI agents (Drifter, Janitor, Upgrader)
  • Full evaluation pipeline (OPA + Infracost + tfsec)
  • Blast radius visualization
  • Closed-loop verification
  • 5 GB encrypted state storage
  • GitHub + Google SSO
  • Email support
Start Free Trial

Enterprise

For organizations that need full control and compliance.

Custom
  • Volume discounts on seats & resources
  • Custom OPA policies (.rego uploads)
  • Silicon identities (Agent RBAC)
  • Per-environment policy thresholds
  • OIDC + SAML SSO
  • Agent audit logging & activity feed
  • Unlimited encrypted state storage
  • Custom quotas
  • SLA & dedicated support
  • Self-hosted option
Talk to Sales

Estimate your cost

Adjust the sliders to match your team size and infrastructure.

5
1100
200
105,000
5 users × $9/mo$45/mo
200 resources × $0.15/mo$30/mo
Estimated monthly total$75/mo
Annual estimate$900/yr

No credit card required. Free tier forever. Cancel anytime.

What Teams Say

Trusted by operations teams and their agents

We pointed our Claude agent at the Atlantas API and it was managing Terraform plans within an hour. No SDK, no wrapper — just REST calls the model figured out from the docs.
Sarah Chen
Head of Platform Engineering, Fintech Startup
Our team uses the dashboard. Our AI agents use the API. Same audit trail, same RBAC, same state. That parity is what sold us.
Marcus Johansson
DevOps Lead, E-commerce Scale-up
We replaced three internal tools and a week-long onboarding process. Now new engineers and new agents both ship infrastructure on day one.
Priya Patel
VP of Engineering, Healthcare SaaS

Ready to let your team and your agents ship infrastructure safely?

AI agents. Evaluation pipeline. Blast radius visualization. All governed by trust.

Start Free TrialTalk to Sales

No credit card required · Free tier forever · Cancel anytime