Skip to content

terragrunt

GitHub stars autofix GitHub release (latest SemVer) GitHub last commit GitHub commit activity GitHub contributors

terragrunt documentation

terragrunt - GitHub

Configuration in MegaLinter

Variable Description Default value
TERRAFORM_TERRAGRUNT_ARGUMENTS User custom arguments to add in linter CLI call
Ex: -s --foo "bar"
TERRAFORM_TERRAGRUNT_COMMAND_REMOVE_ARGUMENTS User custom arguments to remove from command line before calling the linter
Ex: -s --foo "bar"
TERRAFORM_TERRAGRUNT_FILTER_REGEX_INCLUDE Custom regex including filter
Ex: (src\|lib)
Include every file
TERRAFORM_TERRAGRUNT_FILTER_REGEX_EXCLUDE Custom regex excluding filter
Ex: (test\|examples)
Exclude no file
TERRAFORM_TERRAGRUNT_CLI_LINT_MODE Override default CLI lint mode
- file: Calls the linter for each file
- project: Call the linter from the root of the project
file
TERRAFORM_TERRAGRUNT_FILE_EXTENSIONS Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all files
Ex: [".py", ""]
[".hcl"]
TERRAFORM_TERRAGRUNT_FILE_NAMES_REGEX File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files
Ex: ["Dockerfile(-.+)?", "Jenkinsfile"]
Include every file
TERRAFORM_TERRAGRUNT_PRE_COMMANDS List of bash commands to run before the linter None
TERRAFORM_TERRAGRUNT_POST_COMMANDS List of bash commands to run after the linter None
TERRAFORM_TERRAGRUNT_UNSECURED_ENV_VARIABLES List of env variables explicitly not filtered before calling TERRAFORM_TERRAGRUNT and its pre/post commands None
TERRAFORM_TERRAGRUNT_CONFIG_FILE terragrunt configuration file nameUse LINTER_DEFAULT to let the linter find it terragrunt.hcl
TERRAFORM_TERRAGRUNT_RULES_PATH Path where to find linter configuration file Workspace folder, then MegaLinter default rules
TERRAFORM_TERRAGRUNT_DISABLE_ERRORS Run linter but consider errors as warnings false
TERRAFORM_TERRAGRUNT_DISABLE_ERRORS_IF_LESS_THAN Maximum number of errors allowed 0
TERRAFORM_TERRAGRUNT_CLI_EXECUTABLE Override CLI executable ['terragrunt']

MegaLinter Flavors

This linter is available in the following flavors

Flavor Description Embedded linters Info
all Default MegaLinter Flavor 124 Docker Image Size (tag) Docker Pulls
cupcake MegaLinter for the most commonly used languages 83 Docker Image Size (tag) Docker Pulls
security Optimized for security 24 Docker Image Size (tag) Docker Pulls
terraform Optimized for TERRAFORM based projects 54 Docker Image Size (tag) Docker Pulls

Behind the scenes

How are identified applicable files

  • File extensions: .hcl
  • File name don't ends with: .tflint.hcl

How the linting is performed

  • terragrunt is called one time by identified file (file CLI lint mode)

Example calls

terragrunt hclfmt --terragrunt-check --terragrunt-hclfmt-file myfile.hcl
terragrunt hclfmt --terragrunt-check --terragrunt-config terragrunt.hcl --terragrunt-hclfmt-file myfile.hcl

Help content

NAME:
   terragrunt - Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale. For documentation, see https://terragrunt.gruntwork.io/.

USAGE:
   terragrunt <command> [options]

COMMANDS:
   aws-provider-patch     Overwrite settings on nested AWS providers to work around a Terraform bug (issue #13018).
   catalog                Launch the user interface for searching and managing your module catalog.
   graph                  Execute commands on the full graph of dependent modules for the current module, ensuring correct execution order.
   graph-dependencies     Prints the terragrunt dependency graph to stdout.
   hclfmt                 Recursively find hcl files and rewrite them into a canonical format.
   hclvalidate            Find all hcl files from the config stack and validate them.
   output-module-groups   Output groups of modules ordered by command (apply or destroy) as a list of list in JSON (useful for CI use cases).
   render-json            Render the final terragrunt config, with all variables, includes, and functions resolved, as json.
   run-all                Run a terraform command against a 'stack' by running the specified command in each subfolder.
   scaffold               Scaffold a new Terragrunt module.
   terragrunt-info        Emits limited terragrunt state on stdout and exits.
   validate-inputs        Checks if the terragrunt configured inputs align with the terraform defined variables.
   *                      Terragrunt forwards all other commands directly to Terraform

GLOBAL OPTIONS:
   --terragrunt-auth-provider-cmd value              The command and arguments that can be used to fetch authentication configurations. [$TERRAGRUNT_AUTH_PROVIDER_CMD]
   --terragrunt-config value                         The path to the Terragrunt config file. Default is terragrunt.hcl. [$TERRAGRUNT_CONFIG]
   --terragrunt-debug                                Write terragrunt-debug.tfvars to working folder to help root-cause issues. [$TERRAGRUNT_DEBUG]
   --terragrunt-disable-bucket-update                When this flag is set Terragrunt will not update the remote state bucket. [$TERRAGRUNT_DISABLE_BUCKET_UPDATE]
   --terragrunt-disable-command-validation           When this flag is set, Terragrunt will not validate the terraform command. [$TERRAGRUNT_DISABLE_COMMAND_VALIDATION]
   --terragrunt-disable-log-formatting               If specified, logs will be displayed in key/value format. By default, logs are formatted in a human readable format. [$TERRAGRUNT_DISABLE_LOG_FORMATTING]
   --terragrunt-download-dir value                   The path to download OpenTofu/Terraform modules into. Default is .terragrunt-cache in the working directory. [$TERRAGRUNT_DOWNLOAD]
   --terragrunt-exclude-dir value                    Unix-style glob of directories to exclude when running *-all commands. [$TERRAGRUNT_EXCLUDE_DIR]
   --terragrunt-excludes-file value                  Path to a file with a list of directories that need to be excluded when running *-all commands. (default: .terragrunt-excludes) [$TERRAGRUNT_EXCLUDES_FILE]
   --terragrunt-fail-on-state-bucket-creation        When this flag is set Terragrunt will fail if the remote state bucket needs to be created. [$TERRAGRUNT_FAIL_ON_STATE_BUCKET_CREATION]
   --terragrunt-fetch-dependency-output-from-state   The option fetchs dependency output directly from the state file instead of init dependencies and running terraform on them. [$TERRAGRUNT_FETCH_DEPENDENCY_OUTPUT_FROM_STATE]
   --terragrunt-forward-tf-stdout                    If specified, the output of OpenTofu/Terraform commands will be printed as is, without being integrated into the Terragrunt log. [$TERRAGRUNT_FORWARD_TF_STDOUT]
   --terragrunt-iam-assume-role-duration value       Session duration for IAM Assume Role session. Can also be set via the TERRAGRUNT_IAM_ASSUME_ROLE_DURATION environment variable. [$TERRAGRUNT_IAM_ASSUME_ROLE_DURATION]
   --terragrunt-iam-assume-role-session-name value   Name for the IAM Assummed Role session. Can also be set via TERRAGRUNT_IAM_ASSUME_ROLE_SESSION_NAME environment variable. [$TERRAGRUNT_IAM_ASSUME_ROLE_SESSION_NAME]
   --terragrunt-iam-role value                       Assume the specified IAM role before executing OpenTofu/Terraform. Can also be set via the TERRAGRUNT_IAM_ROLE environment variable. [$TERRAGRUNT_IAM_ROLE]
   --terragrunt-iam-web-identity-token value         For AssumeRoleWithWebIdentity, the WebIdentity token. Can also be set via TERRAGRUNT_IAM_ASSUME_ROLE_WEB_IDENTITY_TOKEN environment variable [$TERRAGRUNT_IAM_ASSUME_ROLE_WEB_IDENTITY_TOKEN]
   --terragrunt-ignore-dependency-errors             *-all commands continue processing components even if a dependency fails. [$TERRAGRUNT_IGNORE_DEPENDENCY_ERRORS]
   --terragrunt-ignore-dependency-order              *-all commands will be run disregarding the dependencies [$TERRAGRUNT_IGNORE_DEPENDENCY_ORDER]
   --terragrunt-ignore-external-dependencies         *-all commands will not attempt to include external dependencies [$TERRAGRUNT_IGNORE_EXTERNAL_DEPENDENCIES]
   --terragrunt-include-dir value                    Unix-style glob of directories to include when running *-all commands [$TERRAGRUNT_INCLUDE_DIR]
   --terragrunt-include-external-dependencies        *-all commands will include external dependencies [$TERRAGRUNT_INCLUDE_EXTERNAL_DEPENDENCIES]
   --terragrunt-json-log                             If specified, Terragrunt will output its logs in JSON format. [$TERRAGRUNT_JSON_LOG]
   --terragrunt-log-disable                          Disable logging [$TERRAGRUNT_LOG_DISABLE]
   --terragrunt-log-level value                      Sets the logging level for Terragrunt. Supported levels: stderr, stdout, error, warn, info, debug, trace (default: info) [$TERRAGRUNT_LOG_LEVEL]
   --terragrunt-log-show-abs-paths                   Show absolute paths in logs [$TERRAGRUNT_LOG_SHOW_ABS_PATHS]
   --terragrunt-modules-that-include value           If flag is set, 'run-all' will only run the command against Terragrunt modules that include the specified file. [$TERRAGRUNT_MODULES_THAT_INCLUDE]
   --terragrunt-no-auto-approve -auto-approve        Don't automatically append -auto-approve to the underlying OpenTofu/Terraform commands run with 'run-all'. (default: true) [$TERRAGRUNT_NO_AUTO_APPROVE]
   --terragrunt-no-auto-init                         Don't automatically run 'terraform/tofu init' during other terragrunt commands. You must run 'terragrunt init' manually. (default: true) [$TERRAGRUNT_NO_AUTO_INIT]
   --terragrunt-no-auto-retry                        Don't automatically re-run command in case of transient errors. (default: true) [$TERRAGRUNT_NO_AUTO_RETRY]
   --terragrunt-no-color                             If specified, Terragrunt output won't contain any color. [$TERRAGRUNT_NO_COLOR]
   --terragrunt-non-interactive                      Assume "yes" for all prompts. [$TERRAGRUNT_NON_INTERACTIVE]
   --terragrunt-parallelism value                    *-all commands parallelism set to at most N modules (default: 2147483647) [$TERRAGRUNT_PARALLELISM]
   --terragrunt-provider-cache                       Enables Terragrunt's provider caching. [$TERRAGRUNT_PROVIDER_CACHE]
   --terragrunt-provider-cache-dir value             The path to the Terragrunt provider cache directory. By default, 'terragrunt/providers' folder in the user cache directory. [$TERRAGRUNT_PROVIDER_CACHE_DIR]
   --terragrunt-provider-cache-hostname value        The hostname of the Terragrunt Provider Cache server. By default, 'localhost'. [$TERRAGRUNT_PROVIDER_CACHE_HOSTNAME]
   --terragrunt-provider-cache-port value            The port of the Terragrunt Provider Cache server. By default, assigned automatically. [$TERRAGRUNT_PROVIDER_CACHE_PORT]
   --terragrunt-provider-cache-registry-names value  The list of remote registries to cached by Terragrunt Provider Cache server. By default, 'registry.terraform.io', 'registry.opentofu.org'. (default: registry.terraform.io,registry.opentofu.org) [$TERRAGRUNT_PROVIDER_CACHE_REGISTRY_NAMES]
   --terragrunt-provider-cache-token value           The Token for authentication to the Terragrunt Provider Cache server. By default, assigned automatically. [$TERRAGRUNT_PROVIDER_CACHE_TOKEN]
   --terragrunt-source value                         Download OpenTofu/Terraform configurations from the specified source into a temporary folder, and run Terraform in that temporary folder. [$TERRAGRUNT_SOURCE]
   --terragrunt-source-map value                     Replace any source URL (including the source URL of a config pulled in with dependency blocks) that has root source with dest. [$TERRAGRUNT_SOURCE_MAP]
   --terragrunt-source-update                        Delete the contents of the temporary folder to clear out any old, cached source code before downloading new source code into it. [$TERRAGRUNT_SOURCE_UPDATE]
   --terragrunt-strict-include                       If flag is set, only modules under the directories passed in with '--terragrunt-include-dir' will be included. [$TERRAGRUNT_STRICT_INCLUDE]
   --terragrunt-tf-logs-to-json                      If specified, Terragrunt will wrap Terraform stdout and stderr in JSON. [$TERRAGRUNT_TF_JSON_LOG]
   --terragrunt-tfpath value                         Path to the Terraform binary. Default is tofu (on PATH). (default: terraform) [$TERRAGRUNT_TFPATH]
   --terragrunt-use-partial-parse-config-cache       Enables caching of includes during partial parsing operations. Will also be used for the --terragrunt-iam-role option if provided. [$TERRAGRUNT_USE_PARTIAL_PARSE_CONFIG_CACHE]
   --terragrunt-working-dir value                    The path to the directory of Terragrunt configurations. Default is current directory. [$TERRAGRUNT_WORKING_DIR]
   --help, -h                                        Show help
   --version, -v                                     Show terragrunt version

VERSION: v0.67.5

AUTHOR: Gruntwork <www.gruntwork.io>

Installation on mega-linter Docker image

  • Dockerfile commands :
# renovate: datasource=docker depName=alpine/terragrunt
ARG TERRAFORM_TERRAGRUNT_VERSION=1.9.5
FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} AS terragrunt
COPY --link --from=terragrunt /usr/local/bin/terragrunt /usr/bin/