#terragrunt (2021-10)
Terragrunt discussions
Archive: https://archive.sweetops.com/terragrunt/
2021-10-01
hello, just wondering if terragrunt can handle mfa with an assume role? Im passing my aws profile to use and it forces mfa but when I run terragrunt plan it doesnt prompt and just errors with access denied
i guess it depends on how you have mfa implemented… i’ve used terragrunt with an sso provider, using a credential_process integration in my aws profile, where the mfa is enforced at the sso layer…
oooohhhhhh ty, @Adrian this looks promising, will give it a look, right now Im just using environment variables to make-it-to-work
example ~/.aws/config
[default]
region=eu-central-1
[profile adrian@xyz]
region=eu-central-1
credential_process=aws-vault --debug exec adrian@xyz --json
mfa_serial=arn:aws:iam::000000000000:mfa/adrian
[profile xyz-cicd-account]
region=eu-central-1
role_arn=arn:aws:iam::000000000001:role/XYZOrganizationRole
source_profile=adrian@xyz
include_profile=adrian@xyz
2021-10-05
2021-10-06
one more question, if I wanted to store my tfstate locally, is there a proper way to facilitate that with terragrunt? PS this is a one off situation, not something I plan on doing all the time
Just don’t set the backend config :)
ha ha ok, thought so… just wanted to confirm, ty
Or of you want to control the path, set it, https://www.terraform.io/docs/language/settings/backends/local.html#example-configuration
oh goddam, this is exactly what I needed, I sstupidly kept looking at terragrunts site forgetting that this is just a wrapper for terraform
ty
Yeah, I largely think of terragrunt as a preprocessor for terraform. Figure out what you want it to look like from the terraform docs, then use terragrunt to process templates that create those files/inputs