Terragrunt for Beginners
Terragrunt Attributes
Terragrunt Attribute Overview
In this guide, we’ll dive into key Terragrunt configuration attributes that unlock advanced control over your Infrastructure as Code workflows. You’ll learn how to parameterize Terraform modules, optimize caching, enforce security safeguards, and handle transient errors—empowering you to build resilient, maintainable deployments.
Attribute Summary
| Attribute | Purpose |
|---|---|
| inputs | Pass variables into Terraform modules for dynamic parameterization. |
| download_dir | Define a local cache directory for remote Terraform modules and providers. |
| prevent_destroy | Protect critical resources from accidental deletion during apply or destroy. |
| skip | Exclude specific Terragrunt blocks or commands from execution. |
| iam_role | Configure AWS IAM roles and permissions for Terraform operations. |
| terraform_binary | Specify a custom Terraform executable or version. |
| version_constraint | Enforce version rules for both Terraform and Terragrunt binaries. |
| retryable_errors | List error patterns that Terragrunt retries automatically on failure. |
Detailed Attribute Guide
inputs
Define a map of input variables to inject into your Terraform modules.
# terragrunt.hcl
inputs = {
environment = "production"
region = "us-east-1"
}
Note
Use precise variable names in inputs to match your Terraform module's variables.tf definitions.
download_dir
Specify where Terragrunt downloads remote modules, providers, and configuration files. This optimizes build speed by caching dependencies locally.
download_dir = "${get_terragrunt_dir()}/.terragrunt-cache"
prevent_destroy
Safeguard resources from accidental destruction. When set to true, Terragrunt will refuse to run terraform destroy on the protected blocks.
prevent_destroy = true
Warning
Enabling prevent_destroy can block intentional resource teardown. Use with caution.
skip
Skip execution of selected Terragrunt commands or blocks to streamline CI/CD pipelines.
skip = ["plan", "apply_all"]
iam_role
Assign an AWS IAM role for Terraform operations, ensuring secure and auditable access.
iam_role {
arn = "arn:aws:iam::123456789012:role/TerraformExecution"
}
terraform_binary
Point Terragrunt to a specific Terraform binary, enabling consistent Terraform versions across your environments.
terraform_binary = "/usr/local/bin/terraform"
version_constraint
Lock both Terraform and Terragrunt to specific versions for consistent builds.
version_constraint = ">= 1.0.0, < 2.0.0"
retryable_errors
Configure Terragrunt to automatically retry on transient errors.
retryable_errors = [
"Error acquiring the state lock",
"Provider finished with"
]
Links and References
Watch Video
Watch video content