Deployment Approvals
Atmos Pro leverages GitHub Environments and deployment protection rules to require manual approval before infrastructure changes are applied.
Atmos Pro integrates with GitHub Environments to give your team control over when infrastructure changes are applied. By configuring deployment protection rules on your GitHub environments, you can require manual approval from designated reviewers before any Terraform apply runs.
This is especially important for production environments where infrastructure changes can have significant impact. With deployment approvals, your team gets an explicit gate between a successful plan and the actual apply — ensuring that changes are reviewed and approved by the right people before anything is provisioned.
GitHub Enterprise Required
Custom deployment protection
rules
— including required reviewers, wait timers, and branch restrictions on environments — are only available for
repositories owned by GitHub Enterprise organizations. Public repositories on any plan can use environment protection
rules, but private repositories require GitHub Enterprise.
With Deployment Approvals, you can:
Require manual approval before applying infrastructure changes
Designate specific reviewers for each environment
Enforce different approval policies per environment (e.g., staging vs production)
Leverage GitHub's built-in audit trail for all approvals
Deployment approvals are powered entirely by GitHub's native environment protection rules. Atmos Pro dispatches workflows that target GitHub environments, and GitHub enforces the protection rules you've configured.
- 1A developer merges a pull request containing infrastructure changes.
- 2Atmos Pro detects the merge and dispatches the configured apply workflows.
- 3Each workflow targets a specific GitHub environment (e.g.,
production,staging). - 4If the environment has protection rules configured, GitHub pauses the workflow and notifies the designated reviewers.
- 5A reviewer approves (or rejects) the deployment directly in GitHub.
- 6Once approved, the workflow proceeds and Terraform apply runs.
- 7Atmos Pro tracks the workflow status and updates the PR comment accordingly.
Atmos Pro dispatches workflows and tracks their status — it does not implement its own approval mechanism. Approvals are handled entirely by GitHub, which means:
- You configure protection rules in your GitHub repository settings, not in Atmos Pro.
- Reviewers approve deployments through the GitHub UI, email notifications, or the GitHub mobile app.
- GitHub maintains a complete audit trail of who approved what and when.
- Your existing GitHub access controls and team structures apply.
This design keeps Atmos Pro focused on orchestration while leveraging GitHub's mature, well-understood approval infrastructure.
Deployment approvals are configured entirely through GitHub's native environment settings — there's nothing new to adopt. This keeps your audit surface small, works within your existing compliance tooling, and means your team manages approvals with the same GitHub UI they already know.
Configure GitHub Environments
Ready to configure deployment approvals?
Set up GitHub environment protection rules to require approval before infrastructure changes are applied.