Terragrunt is a wrapper that provides tools for keeping your configurations DRY, working with multiple Terraform modules, and managing remote state.
This walkthrough will guide you through using Terragrunt with CloudTruth enabling you to manage your multiple environments parameters and secretes from a centralized location.
You can also use CloudTruth to externally reference backend tfstate output as an external parameter.


Terragrunt DRY deploy

Terragrunt with CloudTruth allows you to keep your code DRY across multiple environments while centralizing your configuration input values.
Rather than using hardcoded and scattered Terragrunt inputs to define parameter values, we will inject inputs directly from a specified CloudTruth project and environment.
This example deployed with Terragrunt HCL will create an AWS Instance in us-west-2 and an S3 bucket, utilizing CloudTruth to manage Terraform variable keys and values for a development, production, and staging environment.
You can follow along in your AWS account by cloning this repo.
git clone
The Terragrunt folder structure for this repo contains development, production, and staging directories.
# terragrunt-cloudtruth-deploy
├── development
│ ├── instance
│ │ └── terragrunt.hcl
│ ├── s3
│ │ └── terragrunt.hcl
│ └── terragrunt.hcl
├── production
│ ├── instance
│ │ └── terragrunt.hcl
│ ├── s3
│ │ └── terragrunt.hcl
│ └── terragrunt.hcl
└── staging
├── instance
│ └── terragrunt.hcl
├── s3
│ └── terragrunt.hcl
└── terragrunt.hcl
The instance and s3 sub-folders contain a terragrunt.hcl file that set the source parameter to point at the specific modules in the terragrunt-cloudtruth-modules repo. They also include the parent terragrunt.hcl which configures the AWS provider.
Example instance terragrunt.hcl:
terraform {
source = "git::"
include {
path = find_in_parent_folders()
Notice that we are not hardcoding inputs in the terragrunt.hcl! Inputs will be centrally managed and sourced from CloudTruth and not buried in environment subdirectories. 🎉

Setup a CloudTruth Project and Environments

Create a CloudTruth Project called Terragrunt.
cloudtruth project set Terragrunt
Now add the parameters to the Terragrunt project that are required by the Terraform modules we are calling in the terragrunt.hcl.
cloudtruth --project Terragrunt parameter set TF_VAR_ami -v ami-830c94e3
cloudtruth --project Terragrunt parameter set TF_VAR_instance_type -v t2.micro
cloudtruth --project Terragrunt parameter set TF_VAR_availability_zone_names -v '["us-west-2a", "us-west-2b"]'
cloudtruth --project Terragrunt parameter set TF_VAR_resource_tags -v '{"Name":"Cloudtruth-Instance","project":"CloudTruth Run Terraform","environment":"default"}'
Set unique resource tags that get applied to the EC2 instance and s3 bucket for each environment.
cloudtruth --project Terragrunt --env development parameter set TF_VAR_resource_tags -v '{"Name":"CloudTruth-development","project":"CloudTruth Run Terraform","environment":"development"}'
cloudtruth --project Terragrunt --env production parameter set TF_VAR_resource_tags -v '{"Name":"CloudTruth-production","project":"CloudTruth Run Terraform","environment":"production"}'
cloudtruth --project Terragrunt --env staging parameter set TF_VAR_resource_tags -v '{"Name":"CloudTruth-staging","project":"CloudTruth Run Terraform","environment":"staging"}'
Now your CloudTruth Terragrunt project is setup to centrally manage the TF_VAR variables with unique values for resource tags across our multiple environments.

Running a centrally managed DRY deploy

Terragrunt respects any TF_VAR_xxx variables you’ve manually set in your environment and follows the same variable precedence as Terraform. Using CloudTruth Run we will pass the CloudTruth configured TF_VAR_xxx variables directly to the Terraform modules through Terragrunt for the specified environment.
Change directory to terragrunt-cloudtruth-deploy/development/.
From terragrunt-cloudtruth-deploy/development/ execute the following command which passes variables from the CloudTruth project Terragrunt for the development environment into terragrunt:
cloudtruth --project Terragrunt --env development run -- terragrunt run-all apply
You have now deployed an instance in EC2 and an S3 bucket with a DRY Terragrunt configuration and CloudTruth! 🙌
You can view the outputs that display the parameter values from the CloudTruth Development environment by running terragrunt run-all output.
AMI = <sensitive>
instance_name = "CloudTruth-development"
instance_type = "t2.micro"
zone = "us-west-2a"
s3_bucket_name = "cloudtruth-grunt-free-panda"
s3_tag_name = "CloudTruth-development"
You can change to the production or staging directories and pass the respective CloudTruth environment to deploy various settings across your different infrastructure!


Destroy the AWS resources by passing environment variables the same way we created them.
cloudtruth --project Terragrunt --env development run -- terragrunt run-all destroy
You can see the source code for the Terraform modules and Terragrunt Deploy in the following repos.
Last modified 8mo ago