#terragrunt (2022-06)

terragrunt

Terragrunt discussions

Archive: https://archive.sweetops.com/terragrunt/

2022-06-03

Amit Karpe avatar
Amit Karpe

How to migrate to Terraform cloud with Terragrunt Code base (and S3 bucket is backend)?

There must be some work around/guide. Anyone would like to point?

2022-06-06

MalluLuke avatar
MalluLuke

Is there a way to preserve project names in atlantis.yaml file when using terragrunt-atlantis-config ?

MalluLuke avatar
MalluLuke

Terragrunt is creating atlantis.yaml file as below. I would like to append name: staging

- autoplan:
    enabled: true
    when_modified:
    - '*.hcl'
    - '*.tf*'
    - ../terragrunt.hcl
    - ../terraform.tfvars
    - private.tfvars
  dir: staging/monitoring
  workflow: default
David avatar

Does the --create-project-name flag do what you’re thinking? The name field would be autogenerated from the project directory like: https://github.com/transcend-io/terragrunt-atlantis-config/blob/c3df0de38c4b024809d85a3a30e6c35c284aa399/cmd/generate.go#L420-L424

	projectName := regex.ReplaceAllString(project.Dir, "_")

	if createProjectName {
		project.Name = projectName
	}
MalluLuke avatar
MalluLuke

@David I have pre-workflow_hook as this - run: "/usr/local/bin/terragrunt-atlantis-config generate --output atlantis.yaml --autoplan --parallel --create-project-name" It looks like it is not creating name in the atlantis.yaml file!

David avatar

what version of terragrunt-atlatis-config are you using?

2022-06-10

2022-06-16

zetta avatar

I was reading this blog post about using TFC and Terragrunt, and it contains an invalid link that I can’t really find anymore
We have all the details you need to configure Terragrunt with TFC and TFE in the guide, including details on how to configure the remote backend, how to send variable inputs to TFC, and more.
^^^ above link does not work, I feel I’m missing some important configuration as when I run terragrunt plan the plan in TFC does not contain value of my variables, before adding the remote configuration terragrunt was able to pass the values without issues Anyone knows where is this guide now?

How to deploy production-grade infrastructure using Gruntwork with Terraform Cloudattachment image

Learn how the Terraform modules and tools from Gruntwork.io can integrate with Terraform Cloud and Terraform Enterprise.

2
zetta avatar

ohh, that one might be, thanks @loren will take a look does this also solve your query @Amit Karpe?

Amit Karpe avatar
Amit Karpe

yes

Amit Karpe avatar
Amit Karpe

Thanks @loren

2022-06-24

MalluLuke avatar
MalluLuke

I have Terragrunt integration with Atlantis. I have a common variable that I want to pulldown during atlantis plan When running terragrunt plan I can see that it is getting the value of the variable. However terraform plan is not getting the variable value (which make sense). What is the best way to get this common variable value during atlantis plan? terragrunt.hcl

locals {
  common_vars = read_terragrunt_config("../../_globalenv/common_variables.hcl")
}

include root {
  path = find_in_parent_folders()
}

inputs = {
  platform_ips = local.common_vars.locals.platform_ips
}
MalluLuke avatar
MalluLuke

@David appreciate if you can shed some light on this as I’m using terragrunt-atlantis-config

transcend-io/terragrunt-atlantis-config

Generate Atlantis config for Terragrunt projects.

2022-06-29

MalluLuke avatar
MalluLuke

Is it possible to run a before/after hook only once instead of running it for each terragrunt config files when running run-all plan? Ex: AWS authentication is running multiple times

Using IDP Account staging to access OneLogin <https://api.us.onelogin.com>
Using IDP Account staging to access OneLogin <https://api.us.onelogin.com>
Using IDP Account staging to access OneLogin <https://api.us.onelogin.com>
Using IDP Account staging to access OneLogin <https://api.us.onelogin.com>
loren avatar

personally i wouldn’t put authentication in a hook. just do it first, before terragrunt

loren avatar

but i don’t know how to do what you actually asked. maybe change the hook to test if credentials are present. the hook still runs, but the test keeps it from doing the thing twice

MalluLuke avatar
MalluLuke

What is the drawback for putting auth in a hook?

loren avatar

there are lots of ways to authenticate! running on ec2, or codebuild, or batch, etc, could be using a service role instead

loren avatar

i usually rely on the .aws/config to manage the authentication

MalluLuke avatar
MalluLuke

My use case is, running terragrunt on workstation

loren avatar

yeah, so put the authentication in your ~/.aws/config, using credential_process

loren avatar
Sourcing credentials with an external process - AWS Command Line Interface

If you have a method to generate or look up credentials that isn’t directly supported by the AWS CLI, you can configure the AWS CLI to use it by configuring the credential_process setting in the config file.

MalluLuke avatar
MalluLuke

That doesn’t work for us. We need to authenticate with SSO which is short lived

loren avatar

that’s exactly what credential_process is for

loren avatar

i use okta, and aws-okta-processor:

[profile terraform]
region = us-east-1
credential_process = aws-okta-processor authenticate --user <me> --organization <org> --application <app> --role <arn>
MalluLuke avatar
MalluLuke

ok, let me take a look at that

loren avatar

i assume you are using OneLogin for SSO, based on the message you posted, and it must also have a similar cli tool for you to run it in a terragrunt hook. so seems like a good candidate for credential_process instead

MalluLuke avatar
MalluLuke

Yeah, this might work.. thanks

1
    keyboard_arrow_up