This is just one of many structures for using Terragrunt.
- Install
terraform
andterragrunt
- Configure your
AWS credentials
using one of the supported authentication mechanisms. - Update the parameters in the root
terragrunt.hcl
, and inenv.hcl
for each account.
You can download it from the official website.
To summarize, we need to create two IAM roles.
First, you need to create a policy with create/delete/update permissions on resources per account.
For our purposes, we'll name this role "ExecutionRole"
.
Next, Your AWS user must have an IAM policy which grants permissions for interacting with DynamoDB and S3. It also includes permission to assume the ExecutionRole
role.
You can see how you can create an IAM Role with minimal permissions here.
NOTE: Recommend using a Trust Relationship to securely use Roles
Update the parameter values required by the *.hcl
file.
- Change directory into the resource to deploy folder (eg.
cd /prod/us-east-1/ec2
) - Run
terragrunt plan
to see the changes you're about to apply. - If there are no issues, run
terragrunt apply
.
- Change directory into the account/region folder (eg.
cd /prod
,cd /prod/us-east-1
) - Run
terragrunt run-all plan
to see the changes you're about to apply. - If there are no issues, run
terragrunt run-all apply
.