#terragrunt (2021-11)


Terragrunt discussions

Archive: https://archive.sweetops.com/terragrunt/


Andy avatar

We use aws-google-auth to create aws credentials that expire after X hours. Oftentimes I’ll see an error from terragrunt like:

Error in function call; Call to function "read_terragrunt_config" failed: exit status 1.

which doesn’t make sense because I haven’t changed code near that, and the root cause is my aws credentials have expired.

Does anyone else get into this situation and have a way to deal with it?

Andy avatar

We use a Makefile to run our terragrunt code in a container, so I could just add a aws sts call to that to check if the creds are valid, but interested to know if there are other approaches

loren avatar

I use a credential_process wrapper, which can automatically refresh the credentials

loren avatar

As long as my session to the idp is still valid, of course

Andy avatar

Thanks! Didn’t realise that option existed. Unfortunately it’s not yet supported by aws-google-auth.

loren avatar

yeah, you’d have to wrap that wrapper as long as it provides the access, secret, session token, and expiration, you can reformat the outputs pretty easily i’d think