Atlas Docs

Atlas is a native Windows desktop application that replaces the AWS Management Console for daily infrastructure management. It is built with WPF and .NET 9 — no browser, no Electron, no slowness.

When you open Atlas for the first time you will see the Dashboard with an empty state. The next step is to add your AWS account.

• Click Settings in the left sidebar, or click the Go to Settings link in the Dashboard empty state.
• Fill in your AWS credentials (see Add Account).
• Click Validate & Add Account. Atlas calls sts:GetCallerIdentity to verify the keys.
• Once validated, navigate to any page — the data will load automatically.

Open the Settings page and fill in the form:

Click Validate & Add Account. Atlas calls sts:GetCallerIdentity — if the credentials are valid the account is saved. If not, an inline error explains what went wrong.

Atlas only calls read actions plus the specific write actions required for the features you use. Attach the policy below to your IAM user to enable all features. Remove any sections for services you don't use.

With Atlas Pro you can add unlimited AWS accounts (each with its own access keys and default region) and switch between them instantly.

• Add each account in Settings using the same form as the first account.
• The Active account is shown in the top bar at all times.
• Click the account name in the top bar to open the account switcher dropdown.
• Switching accounts immediately invalidates all cached data and reloads the current page.
• Each account has its own default region — you can change it in Settings at any time.
• To remove an account, click Remove next to it in Settings. The next account in the list becomes active automatically.

The Dashboard gives you an instant overview of your AWS infrastructure health and costs.

• Account ID is shown below the KPI cards.
• Last-refreshed timestamp updates after every reload.
• The Refresh button forces a full reload regardless of cache.
• All four API calls run in parallel — a missing permission on one call (e.g. no CloudWatch access) does not prevent the others from loading.
• Cost overview panel shows current-month spend and a 30-day forecast (requires ce:GetCostAndUsage).

Manage all EC2 instances in your active account and region from a single table.

• Columns: State badge, Name, Instance ID, Type, Public IP, Private IP, Launch Time.
• Real-time search by name, instance ID, or IP address — results filter as you type.
• Status filter dropdown: All / running / stopped / pending / terminated.
• Color-coded state badges: â–  running, â–  stopped, â–  pending/stopping, â–  shutting-down, â–  terminated.

• Select instances via row checkboxes. The header checkbox selects/deselects all visible rows. Use Ctrl+A to select all.
• A slide-in action bar appears at the bottom when at least one row is selected, showing a count pill and action buttons.
• Available actions: Start, Stop, Reboot, Terminate.
• Every action opens a confirmation dialog listing the target instances. Terminate uses a red danger variant with an explicit "this cannot be undone" warning.
• After an action completes the list auto-reloads to reflect the new state.

Selecting exactly one instance opens a detail panel on the right side. It shows:

• Summary — ID, state, type, vCPUs, public/private/IPv6 IPs, region, DNS names, VPC, Subnet, IAM role, Auto Scaling Group, IMDSv2 status, ARN.
• Details — AMI ID, monitoring, platform, key pair, launch time, virtualization type, lifecycle, boot mode, credit specification.
• Placement — Tenancy, Host ID, affinity, placement group, partition, reservation.
• Capacity Reservation — Reservation ID and setting.

Copy buttons () are available next to Instance ID, ARN, and AMI ID. The panel closes when you clear the selection or select multiple rows.

Browse S3 buckets and objects, upload files, and download objects — all from a split-pane browser.

• Left panel lists all buckets with name and creation date. Click a bucket to open it.
• Right panel shows the objects inside the selected bucket.
• Object columns: Key/Name, Size (auto-formatted as B / KB / MB / GB), Storage Class, Last Modified.
• Objects are browsed with prefix-based navigation, similar to a folder hierarchy.

• Click Upload to open a file picker.
• A real-time progress bar and percentage are shown during the upload.
• The object list refreshes automatically when the upload completes.

• Select an object and click Download.
• A save dialog lets you choose the destination.
• A real-time progress bar and percentage are shown during the download.

Monitor the state of all your CloudWatch alarms in one place without navigating through the AWS Console.

• KPI cards show counts per alarm state: ALARM, OK, INSUFFICIENT_DATA.
• Filter chips at the top let you show only alarms in a specific state.
• Real-time search filters alarms by name as you type.
• Each row shows alarm name, state badge, metric name, threshold, and last update time.

Review all active GuardDuty security findings sorted and filtered by severity.

• KPI cards show finding counts per severity: HIGH, MEDIUM, LOW.
• Severity filter chips at the top narrow down the list.
• Real-time search filters findings by title or description.
• Each finding row shows title, severity badge, finding type, region, and last seen time.

Audit IAM users, roles, groups, and policies across your AWS account.

• List all IAM users with username, creation date, last activity, and attached policies.
• List all IAM roles with role name, creation date, and trust policy summary.
• List IAM groups and their membership counts.
• List managed policies with their attachment counts.
• Real-time search across all IAM entities.

Track your AWS spend with Cost Explorer data pulled directly from the AWS API.

• Current-month cost breakdown by service.
• Month-over-month spend comparison.
• 30-day cost forecast based on current usage trends.
• Displayed on the Dashboard summary panel as well as the dedicated Billing page.

• AWS access keys are encrypted with Windows DPAPI (user-scoped) before being written to the local SQLite database.
• Credentials are decrypted in memory only at the moment an AWS SDK call is made, then discarded.
• No plaintext credentials are ever written to disk.
• The SQLite database is stored at %LocalAppData%\Atlas\atlas.db and is readable only by the Windows user account that created it.

• Atlas has no backend server. All AWS API calls go directly from your machine to the AWS SDK endpoints.
• No telemetry data containing your AWS resource names or account IDs is ever transmitted anywhere.
• The only external connections are: AWS SDK endpoints, optional auto-update checks (Velopack/GitHub), and anonymous usage analytics (page views only, via Google Analytics).

• Unhandled errors are written to atlas-errors.txt in the application directory.
• Log entries are prepended (newest first) and include timestamp, level, message, and stack trace.
• Log format: [YYYY-MM-DD HH:mm:ss] [LEVEL] message
• Logs never contain credential values.