Global Resources

In Terragrunt-based Terraform repositories, certain AWS services are global—they’re not bound to a specific region and are deployed once per account. To keep your directory structure clean and intuitive, isolate these global services at the top level of your project, separate from any region-specific folders.

Common AWS Global Services

Below are some frequently used AWS services that should live in your top-level global directory:

Note: Depending on your architecture, you may have additional global components (e.g., AWS Organizations, SSO, or Artifact).

Directory Structure for Global Resources

Create a global folder alongside your environment and region directories (e.g., prod, dev, region-us-east-1, region-eu-west-1). Inside global, add individual terragrunt.hcl files for each service:

Example layout:

├── dev
│   └── region-us-east-1
│       └── terraform.tfvars
├── prod
│   └── region-us-west-2
│       └── terraform.tfvars
└── global
    ├── iam
    │   └── terragrunt.hcl
    ├── route53
    │   └── terragrunt.hcl
    ├── cloudfront
    │   └── terragrunt.hcl
    ├── waf
    │   └── terragrunt.hcl
    └── acm
        └── terragrunt.hcl

This setup ensures:

• Clear separation between account-wide and region-specific resources
• Single source of truth for global configurations
• Easier navigation and maintenance across environments

Next Steps

With global services neatly isolated, you can extend your Terragrunt repository to include shared modules, environment overrides, and DRY patterns. This foundation streamlines updates and fosters collaboration across teams.

Links and References

• Terragrunt Documentation
• Terraform AWS Provider
• AWS Global Services Overview