CloudTruth Documentation
Sign InAPIIntegrationsGitHubVisit our website
  • Overview
  • Getting Started
  • Architecture
    • 🔒Security Overview
  • Copilot
  • 🏢Org management
    • Account Setup
    • Access Control
      • 🔑API Tokens
      • 🌐Protecting Projects and Environments
      • 👥Users
    • Audit Log
  • 🛠️Config Management
    • Projects
    • Parameters
      • Sharing Config Data
      • Parameter Management
        • Internal Values
          • Dynamic Values
        • External Values
          • Terraform Remote State Files
        • Parameter Override
        • Environment Value Override
      • Parameter and Parameter Value Inheritance
      • Value Comparison
      • Value History
      • Value Validation
      • Value Expiration
    • Environments and Tags
    • Templates
      • 📒Sample Templates
    • Actions
      • Import Actions
      • Push Actions
    • CLI & API
      • CloudTruth CLI
      • Rest API
    • Integrations
      • Argo CD
      • Atlassian Compass
      • AWS
        • AWS Connection
        • AWS Role
          • CloudFormation
          • Terrraform
          • AWS Console
        • Parameter Store (SSM)
        • S3
        • Secrets Manager
      • Azure Key Vault
      • Bitbucket Pipelines
      • Docker
      • Docker Compose
      • GitHub
      • GitHub Actions
      • GitLab
      • Harness
      • Jenkins
      • Kubernetes
      • Pulumi
      • Terraform
      • Terragrunt
      • Explorer
      • Circle CI
    • Events, Notifications, Webhooks
    • Types
  • 🔎REPORTING
    • Compare
    • History
    • Expirations
  • 🚀PRODUCT
    • What is CloudTruth?
    • Interactive Demo
    • Kubernetes
    • Terraform
    • CI/CD Pipeline Configuration
    • Cloud CMDB
    • Secrets Management
    • GitOps
    • Our Manifesto
    • Open Source
    • FAQs
    • Our Mission
  • 📚Reference
    • 🎓Quick Start Videos
      • What is CloudTruth?
      • CloudTruth in Action
      • Environments and Projects
      • Secrets, Parameters, ENV variables
      • Audit Logs, RBAC, SSO
      • Containers - Kubernetes, Docker
      • Infrastructure as Code (IaC) - Terraform, Cloudformation, CDK, Azure Bicep, Pulumi
      • CICD Pipelines - GitHub Actions, ArgoCD, Jenkins, CircleCI, Harness, GitLab Pipelines
      • AWS Videos - Secret Manager, Parameter Store, S3, IAM
      • Azure Videos - Azure DevOps, Azure Bicep, PowerShell
    • Knowledge Base
      • Best Practices
        • Versioned Releases
      • CLI
        • History comparison of deleted parameters with null values
      • Integrations
        • Advanced AWS IAM policy permissions
        • K8s pull image from private Docker registry
        • S3 Region Selection
      • Templates
        • Templates render quotations in key values as quot
    • Roadmap and New Features
    • JMESPath Reference
    • REST API
Powered by GitBook

Copyright© 2023 CloudTruth

On this page
  • Prerequisites
  • Terragrunt DRY deploy

Was this helpful?

  1. Config Management
  2. Integrations

Terragrunt

Terragrunt is a wrapper that provides tools for keeping your configurations DRY, working with multiple Terraform modules, and managing remote state.

PreviousTerraformNextExplorer

Last updated 3 years ago

Was this helpful?

This walkthrough will guide you through using Terragrunt with CloudTruth enabling you to manage your multiple environments parameters and secretes from a centralized location.

You can also use CloudTruth to externally reference backend .

Prerequisites

  • You know basic .

  • You have installed .

  • You have created a and installed the .

Terragrunt DRY deploy

Terragrunt with allows you to keep your code while centralizing your configuration input values.

Rather than using hardcoded and scattered Terragrunt to define parameter values, we will inject inputs directly from a specified CloudTruth and .

This example deployed with Terragrunt HCL will create an AWS Instance in us-west-2 and an S3 bucket, utilizing CloudTruth to manage Terraform variable keys and values for a development, production, and staging environment.

You can follow along in your AWS account by cloning this .

git clone https://github.com/cloudtruth-demo/terragrunt-cloudtruth-deploy.git

The Terragrunt folder structure for this repo contains development, production, and staging directories.

# terragrunt-cloudtruth-deploy
├── development
│   ├── instance
│   │   └── terragrunt.hcl
│   ├── s3
│   │   └── terragrunt.hcl
│   └── terragrunt.hcl
│       
├── production
│   ├── instance
│   │   └── terragrunt.hcl
│   ├── s3
│   │   └── terragrunt.hcl
│   └── terragrunt.hcl
│       
└── staging
    ├── instance
    │   └── terragrunt.hcl
    ├── s3
    │   └── terragrunt.hcl
    └── terragrunt.hcl

Example instance terragrunt.hcl:

terraform {
  source = "git::https://github.com/cloudtruth-demo/terragrunt-cloudtruth-modules.git//instance?ref=v0.0.1"
}

include {
  path = find_in_parent_folders()
}

Notice that we are not hardcoding inputs in the terragrunt.hcl! Inputs will be centrally managed and sourced from CloudTruth and not buried in environment subdirectories. 🎉

Setup a CloudTruth Project and Environments

cloudtruth project set Terragrunt
cloudtruth --project Terragrunt parameter set TF_VAR_ami -v ami-830c94e3
cloudtruth --project Terragrunt parameter set TF_VAR_instance_type -v t2.micro
cloudtruth --project Terragrunt parameter set TF_VAR_availability_zone_names -v '["us-west-2a", "us-west-2b"]'
cloudtruth --project Terragrunt parameter set TF_VAR_resource_tags -v '{"Name":"Cloudtruth-Instance","project":"CloudTruth Run Terraform","environment":"default"}'

Set unique resource tags that get applied to the EC2 instance and s3 bucket for each environment.

cloudtruth --project Terragrunt --env development parameter set TF_VAR_resource_tags -v '{"Name":"CloudTruth-development","project":"CloudTruth Run Terraform","environment":"development"}'
cloudtruth --project Terragrunt --env production parameter set TF_VAR_resource_tags -v '{"Name":"CloudTruth-production","project":"CloudTruth Run Terraform","environment":"production"}'
cloudtruth --project Terragrunt --env staging parameter set TF_VAR_resource_tags -v '{"Name":"CloudTruth-staging","project":"CloudTruth Run Terraform","environment":"staging"}'

Now your CloudTruth Terragrunt project is setup to centrally manage the TF_VAR variables with unique values for resource tags across our multiple environments.

Running a centrally managed DRY deploy

Change directory to terragrunt-cloudtruth-deploy/development/.

From terragrunt-cloudtruth-deploy/development/ execute the following command which passes variables from the CloudTruth project Terragrunt for the development environment into terragrunt:

cloudtruth --project Terragrunt --env development run -- terragrunt run-all apply

You have now deployed an instance in EC2 and an S3 bucket with a DRY Terragrunt configuration and CloudTruth! 🙌

You can view the outputs that display the parameter values from the CloudTruth Development environment by running terragrunt run-all output.

AMI = <sensitive>
instance_name = "CloudTruth-development"
instance_type = "t2.micro"
zone = "us-west-2a"
s3_bucket_name = "cloudtruth-grunt-free-panda"
s3_tag_name = "CloudTruth-development"

You can change to the production or staging directories and pass the respective CloudTruth environment to deploy various settings across your different infrastructure!

Cleanup

Destroy the AWS resources by passing environment variables the same way we created them.

cloudtruth --project Terragrunt --env development run -- terragrunt run-all destroy

You can see the source code for the Terraform modules and Terragrunt Deploy in the following repos.

The instance and s3 sub-folders contain a terragrunt.hcl file that set the source parameter to point at the specific modules in the repo. They also include the parent terragrunt.hcl which configures the AWS provider.

Create a CloudTruth called Terragrunt.

Now add the parameters to the Terragrunt project that are required by the we are calling in the terragrunt.hcl.

Terragrunt any TF_VAR_xxx variables you’ve manually set in your environment and follows the same variable precedence as . Using CloudTruth Run we will pass the CloudTruth configured TF_VAR_xxx variables directly to the Terraform modules through Terragrunt for the specified environment.

🛠️
terragrunt-cloudtruth-modules
Project
Terraform modules
respects
Terraform
Terraform
Terragrunt
CloudTruth API Access token
CloudTruth
DRY across multiple environments
inputs
project
environment
repo
GitHub - cloudtruth-demo/terragrunt-cloudtruth-deploy: Terragrunt DRY deploy across environments with CloudTruth runGitHub
GitHub - cloudtruth-demo/terragrunt-cloudtruth-modules: AWS Modules to demonstrate a DRY deploy with TerragruntGitHub
Logo
Logo
tfstate output as an external parameter
CLI