Skip to main content

Overview

To integrate smoothly with Fast Foundation, each Terragrunt unit requires specific configuration blocks in its terragrunt.hcl file. These ensure that parameter management, resource orchestration, and naming conventions remain consistent across environments.

Required Components

Your terragrunt.hcl should always include:
  1. Includes blocks
  2. Before-Hooks
    • The standard secrets management hook, which keeps inputs.hcl synchronized with S3 before any init, plan, or apply
    • This is what powers the parameter management automation
  3. Locals block
    • Parameter management variables
    • Variables from inputs.hcl and shared config files can be defined here for improved readability.
  4. Inputs block
    • Values passed into the Terraform module
    • Typically merged with environment and service variables defined higher in the repo hierarchy

Example terragrunt.hcl

terraform {
  source = "${dirname(find_in_parent_folders("root.hcl"))}/_modules/my-module"

  before_hook "secrets_management" {
    commands = ["init", "plan", "apply"]
    execute  = [
      "${local.parameter_script}",
      "${local.local_file_path}",
      "${include.root.locals.project_name}-terragrunt-states",
      "${local.s3_key}",
      "${local.aws_profile_infrastructure}"
    ]
    run_on_error = false
  }
}

include "root" {
  path   = find_in_parent_folders("root.hcl")
  expose = true
}

locals {
  # Shared Configurations
  region_vars          = include.root.locals.region_vars.locals
  service_vars         = include.root.locals.service_vars.locals
  account_vars         = include.root.locals.account_vars.locals
  environment_vars     = include.root.locals.environment_vars.locals
  
  # Unit Inputs from inputs.hcl
  inputs = try(read_terragrunt_config("${get_terragrunt_dir()}/inputs.hcl").locals,{})

  # Parameter management - s3 key, profile and local file path
  s3_key                     = "${path_relative_to_include("root")}/inputs.hcl"
  local_file_path            = "${get_terragrunt_dir()}/inputs.hcl"
  aws_profile_infrastructure = "${include.root.locals.project_name}-infrastructure"
  project_name               = include.root.locals.project_name

  # Parameter management - cross-platform script selection
  script_base_path = "${dirname(find_in_parent_folders("root.hcl"))}/_scripts/parameter-management"
  script_preference = get_env("TG_SCRIPT_TYPE", "auto")
  parameter_script = (
    local.script_preference == "powershell" ? "${local.script_base_path}.ps1" :
    local.script_preference == "python" ? "${local.script_base_path}.py" :
    local.script_preference == "bash" ? "${local.script_base_path}.sh" :
    "${local.script_base_path}.sh"  # Default fallback to bash
  )
}

inputs = {
  # Resource naming (best practice)
  name = basename(get_terragrunt_dir())
  # Add your module-specific inputs here
}

Naming Best Practice

If possible, use the folder name as the resource name. This keeps the repository intuitive: the folder you are working in directly reflects the deployed resource. It simplifies navigation, debugging, and collaboration across teams.

Want to dive deeper?

Ready to explore these concepts in more detail? Check out our hands-on workshops:

Deploy an EC2 instance

Learn step-by-step how to create an EC2 instance with external modules.

Deploy a custom module

Learn step-by-step how to create an EC2 instance with external modules.

Users and Groups Management

Dive into AWS SSO, groups, and permission sets,
and practice managing users in a safe environment.

Users and Groups Management with External Identity Provider (IdP)

Dive into AWS SSO, groups, and permission sets,
and practice managing users in a safe environment.