terragrunt
terragrunt documentation
- Version in MegaLinter: 0.67.5
- Visit Official Web Site
- See How to configure terragrunt rules
Configuration in MegaLinter
- Enable terragrunt by adding
TERRAFORM_TERRAGRUNT
in ENABLE_LINTERS variable - Disable terragrunt by adding
TERRAFORM_TERRAGRUNT
in DISABLE_LINTERS variable
- Enable autofixes by adding
TERRAFORM_TERRAGRUNT
in APPLY_FIXES variable
Variable | Description | Default value |
---|---|---|
TERRAFORM_TERRAGRUNT_ARGUMENTS | User custom arguments to add in linter CLI call Ex: -s --foo "bar" |
|
TERRAFORM_TERRAGRUNT_COMMAND_REMOVE_ARGUMENTS | User custom arguments to remove from command line before calling the linter Ex: -s --foo "bar" |
|
TERRAFORM_TERRAGRUNT_FILTER_REGEX_INCLUDE | Custom regex including filter Ex: (src\|lib) |
Include every file |
TERRAFORM_TERRAGRUNT_FILTER_REGEX_EXCLUDE | Custom regex excluding filter Ex: (test\|examples) |
Exclude no file |
TERRAFORM_TERRAGRUNT_CLI_LINT_MODE | Override default CLI lint mode - file : Calls the linter for each file- project : Call the linter from the root of the project |
file |
TERRAFORM_TERRAGRUNT_FILE_EXTENSIONS | Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all filesEx: [".py", ""] |
[".hcl"] |
TERRAFORM_TERRAGRUNT_FILE_NAMES_REGEX | File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files Ex: ["Dockerfile(-.+)?", "Jenkinsfile"] |
Include every file |
TERRAFORM_TERRAGRUNT_PRE_COMMANDS | List of bash commands to run before the linter | None |
TERRAFORM_TERRAGRUNT_POST_COMMANDS | List of bash commands to run after the linter | None |
TERRAFORM_TERRAGRUNT_UNSECURED_ENV_VARIABLES | List of env variables explicitly not filtered before calling TERRAFORM_TERRAGRUNT and its pre/post commands | None |
TERRAFORM_TERRAGRUNT_CONFIG_FILE | terragrunt configuration file nameUse LINTER_DEFAULT to let the linter find it |
terragrunt.hcl |
TERRAFORM_TERRAGRUNT_RULES_PATH | Path where to find linter configuration file | Workspace folder, then MegaLinter default rules |
TERRAFORM_TERRAGRUNT_DISABLE_ERRORS | Run linter but consider errors as warnings | false |
TERRAFORM_TERRAGRUNT_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed | 0 |
TERRAFORM_TERRAGRUNT_CLI_EXECUTABLE | Override CLI executable | ['terragrunt'] |
MegaLinter Flavors
This linter is available in the following flavors
Flavor | Description | Embedded linters | Info | |
---|---|---|---|---|
all | Default MegaLinter Flavor | 124 | ||
cupcake | MegaLinter for the most commonly used languages | 83 | ||
security | Optimized for security | 24 | ||
terraform | Optimized for TERRAFORM based projects | 54 |
Behind the scenes
How are identified applicable files
- File extensions:
.hcl
- File name don't ends with:
.tflint.hcl
How the linting is performed
- terragrunt is called one time by identified file (
file
CLI lint mode)
Example calls
terragrunt hclfmt --terragrunt-check --terragrunt-hclfmt-file myfile.hcl
terragrunt hclfmt --terragrunt-check --terragrunt-config terragrunt.hcl --terragrunt-hclfmt-file myfile.hcl
Help content
NAME:
terragrunt - Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale. For documentation, see https://terragrunt.gruntwork.io/.
USAGE:
terragrunt <command> [options]
COMMANDS:
aws-provider-patch Overwrite settings on nested AWS providers to work around a Terraform bug (issue #13018).
catalog Launch the user interface for searching and managing your module catalog.
graph Execute commands on the full graph of dependent modules for the current module, ensuring correct execution order.
graph-dependencies Prints the terragrunt dependency graph to stdout.
hclfmt Recursively find hcl files and rewrite them into a canonical format.
hclvalidate Find all hcl files from the config stack and validate them.
output-module-groups Output groups of modules ordered by command (apply or destroy) as a list of list in JSON (useful for CI use cases).
render-json Render the final terragrunt config, with all variables, includes, and functions resolved, as json.
run-all Run a terraform command against a 'stack' by running the specified command in each subfolder.
scaffold Scaffold a new Terragrunt module.
terragrunt-info Emits limited terragrunt state on stdout and exits.
validate-inputs Checks if the terragrunt configured inputs align with the terraform defined variables.
* Terragrunt forwards all other commands directly to Terraform
GLOBAL OPTIONS:
--terragrunt-auth-provider-cmd value The command and arguments that can be used to fetch authentication configurations. [$TERRAGRUNT_AUTH_PROVIDER_CMD]
--terragrunt-config value The path to the Terragrunt config file. Default is terragrunt.hcl. [$TERRAGRUNT_CONFIG]
--terragrunt-debug Write terragrunt-debug.tfvars to working folder to help root-cause issues. [$TERRAGRUNT_DEBUG]
--terragrunt-disable-bucket-update When this flag is set Terragrunt will not update the remote state bucket. [$TERRAGRUNT_DISABLE_BUCKET_UPDATE]
--terragrunt-disable-command-validation When this flag is set, Terragrunt will not validate the terraform command. [$TERRAGRUNT_DISABLE_COMMAND_VALIDATION]
--terragrunt-disable-log-formatting If specified, logs will be displayed in key/value format. By default, logs are formatted in a human readable format. [$TERRAGRUNT_DISABLE_LOG_FORMATTING]
--terragrunt-download-dir value The path to download OpenTofu/Terraform modules into. Default is .terragrunt-cache in the working directory. [$TERRAGRUNT_DOWNLOAD]
--terragrunt-exclude-dir value Unix-style glob of directories to exclude when running *-all commands. [$TERRAGRUNT_EXCLUDE_DIR]
--terragrunt-excludes-file value Path to a file with a list of directories that need to be excluded when running *-all commands. (default: .terragrunt-excludes) [$TERRAGRUNT_EXCLUDES_FILE]
--terragrunt-fail-on-state-bucket-creation When this flag is set Terragrunt will fail if the remote state bucket needs to be created. [$TERRAGRUNT_FAIL_ON_STATE_BUCKET_CREATION]
--terragrunt-fetch-dependency-output-from-state The option fetchs dependency output directly from the state file instead of init dependencies and running terraform on them. [$TERRAGRUNT_FETCH_DEPENDENCY_OUTPUT_FROM_STATE]
--terragrunt-forward-tf-stdout If specified, the output of OpenTofu/Terraform commands will be printed as is, without being integrated into the Terragrunt log. [$TERRAGRUNT_FORWARD_TF_STDOUT]
--terragrunt-iam-assume-role-duration value Session duration for IAM Assume Role session. Can also be set via the TERRAGRUNT_IAM_ASSUME_ROLE_DURATION environment variable. [$TERRAGRUNT_IAM_ASSUME_ROLE_DURATION]
--terragrunt-iam-assume-role-session-name value Name for the IAM Assummed Role session. Can also be set via TERRAGRUNT_IAM_ASSUME_ROLE_SESSION_NAME environment variable. [$TERRAGRUNT_IAM_ASSUME_ROLE_SESSION_NAME]
--terragrunt-iam-role value Assume the specified IAM role before executing OpenTofu/Terraform. Can also be set via the TERRAGRUNT_IAM_ROLE environment variable. [$TERRAGRUNT_IAM_ROLE]
--terragrunt-iam-web-identity-token value For AssumeRoleWithWebIdentity, the WebIdentity token. Can also be set via TERRAGRUNT_IAM_ASSUME_ROLE_WEB_IDENTITY_TOKEN environment variable [$TERRAGRUNT_IAM_ASSUME_ROLE_WEB_IDENTITY_TOKEN]
--terragrunt-ignore-dependency-errors *-all commands continue processing components even if a dependency fails. [$TERRAGRUNT_IGNORE_DEPENDENCY_ERRORS]
--terragrunt-ignore-dependency-order *-all commands will be run disregarding the dependencies [$TERRAGRUNT_IGNORE_DEPENDENCY_ORDER]
--terragrunt-ignore-external-dependencies *-all commands will not attempt to include external dependencies [$TERRAGRUNT_IGNORE_EXTERNAL_DEPENDENCIES]
--terragrunt-include-dir value Unix-style glob of directories to include when running *-all commands [$TERRAGRUNT_INCLUDE_DIR]
--terragrunt-include-external-dependencies *-all commands will include external dependencies [$TERRAGRUNT_INCLUDE_EXTERNAL_DEPENDENCIES]
--terragrunt-json-log If specified, Terragrunt will output its logs in JSON format. [$TERRAGRUNT_JSON_LOG]
--terragrunt-log-disable Disable logging [$TERRAGRUNT_LOG_DISABLE]
--terragrunt-log-level value Sets the logging level for Terragrunt. Supported levels: stderr, stdout, error, warn, info, debug, trace (default: info) [$TERRAGRUNT_LOG_LEVEL]
--terragrunt-log-show-abs-paths Show absolute paths in logs [$TERRAGRUNT_LOG_SHOW_ABS_PATHS]
--terragrunt-modules-that-include value If flag is set, 'run-all' will only run the command against Terragrunt modules that include the specified file. [$TERRAGRUNT_MODULES_THAT_INCLUDE]
--terragrunt-no-auto-approve -auto-approve Don't automatically append -auto-approve to the underlying OpenTofu/Terraform commands run with 'run-all'. (default: true) [$TERRAGRUNT_NO_AUTO_APPROVE]
--terragrunt-no-auto-init Don't automatically run 'terraform/tofu init' during other terragrunt commands. You must run 'terragrunt init' manually. (default: true) [$TERRAGRUNT_NO_AUTO_INIT]
--terragrunt-no-auto-retry Don't automatically re-run command in case of transient errors. (default: true) [$TERRAGRUNT_NO_AUTO_RETRY]
--terragrunt-no-color If specified, Terragrunt output won't contain any color. [$TERRAGRUNT_NO_COLOR]
--terragrunt-non-interactive Assume "yes" for all prompts. [$TERRAGRUNT_NON_INTERACTIVE]
--terragrunt-parallelism value *-all commands parallelism set to at most N modules (default: 2147483647) [$TERRAGRUNT_PARALLELISM]
--terragrunt-provider-cache Enables Terragrunt's provider caching. [$TERRAGRUNT_PROVIDER_CACHE]
--terragrunt-provider-cache-dir value The path to the Terragrunt provider cache directory. By default, 'terragrunt/providers' folder in the user cache directory. [$TERRAGRUNT_PROVIDER_CACHE_DIR]
--terragrunt-provider-cache-hostname value The hostname of the Terragrunt Provider Cache server. By default, 'localhost'. [$TERRAGRUNT_PROVIDER_CACHE_HOSTNAME]
--terragrunt-provider-cache-port value The port of the Terragrunt Provider Cache server. By default, assigned automatically. [$TERRAGRUNT_PROVIDER_CACHE_PORT]
--terragrunt-provider-cache-registry-names value The list of remote registries to cached by Terragrunt Provider Cache server. By default, 'registry.terraform.io', 'registry.opentofu.org'. (default: registry.terraform.io,registry.opentofu.org) [$TERRAGRUNT_PROVIDER_CACHE_REGISTRY_NAMES]
--terragrunt-provider-cache-token value The Token for authentication to the Terragrunt Provider Cache server. By default, assigned automatically. [$TERRAGRUNT_PROVIDER_CACHE_TOKEN]
--terragrunt-source value Download OpenTofu/Terraform configurations from the specified source into a temporary folder, and run Terraform in that temporary folder. [$TERRAGRUNT_SOURCE]
--terragrunt-source-map value Replace any source URL (including the source URL of a config pulled in with dependency blocks) that has root source with dest. [$TERRAGRUNT_SOURCE_MAP]
--terragrunt-source-update Delete the contents of the temporary folder to clear out any old, cached source code before downloading new source code into it. [$TERRAGRUNT_SOURCE_UPDATE]
--terragrunt-strict-include If flag is set, only modules under the directories passed in with '--terragrunt-include-dir' will be included. [$TERRAGRUNT_STRICT_INCLUDE]
--terragrunt-tf-logs-to-json If specified, Terragrunt will wrap Terraform stdout and stderr in JSON. [$TERRAGRUNT_TF_JSON_LOG]
--terragrunt-tfpath value Path to the Terraform binary. Default is tofu (on PATH). (default: terraform) [$TERRAGRUNT_TFPATH]
--terragrunt-use-partial-parse-config-cache Enables caching of includes during partial parsing operations. Will also be used for the --terragrunt-iam-role option if provided. [$TERRAGRUNT_USE_PARTIAL_PARSE_CONFIG_CACHE]
--terragrunt-working-dir value The path to the directory of Terragrunt configurations. Default is current directory. [$TERRAGRUNT_WORKING_DIR]
--help, -h Show help
--version, -v Show terragrunt version
VERSION: v0.67.5
AUTHOR: Gruntwork <www.gruntwork.io>
Installation on mega-linter Docker image
- Dockerfile commands :
# renovate: datasource=docker depName=alpine/terragrunt
ARG TERRAFORM_TERRAGRUNT_VERSION=1.9.5
FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} AS terragrunt
COPY --link --from=terragrunt /usr/local/bin/terragrunt /usr/bin/