#terragrunt (2021-10)

terragrunt

Terragrunt discussions Archive: https://archive.sweetops.com/terragrunt/

2021-10-06

shamb0 avatar
shamb0

one more question, if I wanted to store my tfstate locally, is there a proper way to facilitate that with terragrunt? PS this is a one off situation, not something I plan on doing all the time

loren avatar
loren

Just don’t set the backend config :)

shamb0 avatar
shamb0

ha ha ok, thought so… just wanted to confirm, ty

loren avatar
loren
Backend Type: local - Terraform by HashiCorp

Terraform can store the state remotely, making it easier to version and work with in a team.

shamb0 avatar
shamb0

oh goddam, this is exactly what I needed, I sstupidly kept looking at terragrunts site forgetting that this is just a wrapper for terraform

shamb0 avatar
shamb0

ty

loren avatar
loren

Yeah, I largely think of terragrunt as a preprocessor for terraform. Figure out what you want it to look like from the terraform docs, then use terragrunt to process templates that create those files/inputs

1

2021-10-05

2021-10-01

shamb0 avatar
shamb0

hello, just wondering if terragrunt can handle mfa with an assume role? Im passing my aws profile to use and it forces mfa but when I run terragrunt plan it doesnt prompt and just errors with access denied

loren avatar
loren

i guess it depends on how you have mfa implemented… i’ve used terragrunt with an sso provider, using a credential_process integration in my aws profile, where the mfa is enforced at the sso layer…

Adrian avatar
Adrian

@ credential_process and https://github.com/99designs/aws-vault

GitHub - 99designs/aws-vault: A vault for securely storing and accessing AWS credentials in development environments attachment image

A vault for securely storing and accessing AWS credentials in development environments - GitHub - 99designs/aws-vault: A vault for securely storing and accessing AWS credentials in development envi…

shamb0 avatar
shamb0

oooohhhhhh ty, @Adrian this looks promising, will give it a look, right now Im just using environment variables to make-it-to-work

Adrian avatar
Adrian

example ~/.aws/config

[default]
region=eu-central-1

[profile [email protected]]
region=eu-central-1
credential_process=aws-vault --debug exec [email protected] --json
mfa_serial=arn:aws:iam::000000000000:mfa/adrian

[profile xyz-cicd-account]
region=eu-central-1
role_arn=arn:aws:iam::000000000001:role/XYZOrganizationRole
[email protected]
[email protected]
    keyboard_arrow_up