I have Terragrunt folder structure like below,
|-- eu-west-1
| |-- product
| | |-- prod
| | | |-- 5.7
| | | |-- 6.2
| | | |-- development
| | | | |-- fargate-clusters
| | | | | |-- module.tf.json
| | | | | `-- terragrunt.hcl
| | | | `-- uiapp
| | | | |-- terragrunt.hcl
| | | | `-- module.tf.json
| | | `-- env.hcl
| | |-- dev
| | | |-- 5.7
| | | | |-- fargate-clusters
| | | | | |-- module.tf.json
| | | | | `-- terragrunt.hcl
| | | | `-- uiapp
| | | | |-- terragrunt.hcl
| | | | `-- module.tf.json
| | | |-- development
| | | | |-- fargate-clusters
| | | | | |-- module.tf.json
| | | | | `-- terragrunt.hcl
| | | | `-- uiapp
| | | | |-- terragrunt.hcl
| | | | `-- module.tf.json
| | | `-- env.hcl
| |-- region.hcl
|-- README.md
`-- terragrunt.hcl
And I have multiple accounts configured inside my terragrunt.hcl
provider "aws" {
alias = "product-dev"
region = "${local.aws_region}"
assume_role {
role_arn = "arn:aws:iam::123456789:role/TerraformRole"
}
}
There are more than AWS 50 accounts we are managing and we keep on adding new accounts into Terragrunt.
Is there a known pattern already to dynamically tell terraform/terragrunt about the new acccount id and the IAM role to assume?
As of now, every time I have to manually add the provider into terragrunt.hcl and account id into env.hcl
Aucun commentaire:
Enregistrer un commentaire