An introduction to Terragrunt (2023)

A tutorial on provisioning basic AWS resources using Terragrunt with Terraform Registry modules

This is part II of our Terragrunt series. We cover the basics of using Terragrunt to manage your infrastructure and provision resources on AWS. This post is specifically aimed at beginners and intermediate users and provides a step-by-step guide of the whole process. See Part I if you want to knowWhy use Terragrunt in 2022.

The official documentation describes:

Terragrunt is a thin wrapper that provides additional tools for managing your DRY configuration, working with various Terraform modules, and managing remote status.

Fuente:https://terragrunt.gruntwork.io/

ground gruntis an open source tool that exists as an extension to Terraform for code maintenanceSEK, and to manage terraform states, among other thingscool featureswhich are integrated into Terragrunt when working with various Terraform modules. Terragrunt also addresses a major issue: Terraform doesn't allow path or variable interpolation for its backend type when storing remote states, e.g. B. an s3 bucket.

Terraforming-Protokoll

Verified modules are reviewed by HashiCorp and actively maintained by contributors to keep them current and compatible with Terraform and their respective providers.

Fuente:https://www.terraform.io/registry/modules/verified

Terraforming-ProtokollIt has verified and community modules. Community modules can be of high quality and actively managed. The term simply means that a HashiCorp partner has not created a community module. The registry acts as a repository for templates for building and running the infrastructure.

All modules must meet code standards as specified inofficial documentation.

1. Create oneaws-Konto
2. DisposeTerraform and Terragrunt

TerraformarIt is an open source infrastructure as a code tool and compatible with multiple cloud providers: AWS, Azure, GCP, Alibaba Cloud andMuch more. For this tutorialAmazon Web Services (AWS)was chosen because:

• It is the most comprehensive and widely used cloud platform in the world.
• AWS offers an flow levelThis allows free hands-on experiences with a variety of AWS services

Follow the required instructions and verify that Terraform and Terragrunt are installed with the following commands:

$terraformar
terraformar
Usage: terraform [global options] <subcommand> [arguments](...)$terragruñidoDESCRIPTION:
terragrunt: Terragrunt is a thin wrapper for Terraform that provides additional tools for working with different
Terraform Modules, Remote Status and Blocking. For documentation seehttps://github.com/gruntwork-io/terragrunt/.(...)

After completing the requirements, follow the guide to create the resources listed below. Some prior knowledge of cloud would be beneficial as this guide aims to jump from terraform to terragrunt. Here is a breakdown of the process:

1. Create an identity and access management account
2. Export secret and access keys as environment variables
3. Create a terragrunt.hcl file and paste the content at the root level of the module
4. Follow the project structure.
5. Create the S3 bucket and VPC by running the Terragrunt commands
6. Further development of AWS resources (load balancer, web server)
7. Start the web server cluster
8. Start the web server in a separate region
9. clear resources

The source code for this tutorial can be found here:

https://github.com/marwai/medium-terragrunt

After you set up an AWS account for the first time, you are given an identity called the root user. The root user grants you full permissions to access AWS services and resources. We recommend creating an IAM account with limited permissions. Following the principle of least privilege is a best practice when granting the user the minimum privileges required to perform their role.

monitoring: This tutorial does not go into details about IAM. An IAM user with full access is sufficient.

To restrict access to IAM, simply grant the user the following permissions:

• AmazonEC2Full Access
• AmazonS3 full access
• IAMFullAccess

Search the consoleI AM. On the next page navigate tousermiadd user. introduceusernamesuitable for the project and selectAccess Key - Programmatic Access*

Access your terminal and copy the content in the AWS credentials or configure directly withAWS configurationSort and store access keys and secret keys as environment variables on your computer.

$ nano ~/.aws/credentials[spielen]
aws_access_key_id=<clave_de_acceso>
aws_secret_access_key=<clave_secreta># Create a profile with the name of your choice, paste the format as shown, replacing <access_key> and <secret_key> with the details created in AWS
# Navigate back to your project and export the profile$ cd ~/Documents/terragrunt-medium$ exportar AWS_PROFILE=terragrunt

Also, use your favorite text editorvim oder nanoto enter your secret and access keys.

Terragrunt manages the DRY backend configuration. It is set at the root level and the settings are inherited by child modules using.hcl

$ touch terragrunt.hcl# Copy the following content into the file
remote_state {
Backend = "s3"
configuration = {
Bucket="half-terragrunt-example"
clave = "terragrunted/${path_relative_to_include()}.tfstate"
region = "eu-west-1"
encrypt = true
}
}terraformar {
extra_arguments "common_vars" {
comandos = get_terraform_commands_that_need_vars()
optional_var_files = [
find_in_parent_folders("regional.tfvars"),
]
}
}generate "vendor" {
ruta = "proveedores.tf"
if_exists = "replace"
Content = << EOF
provider "aws" {
region = var.aws_region
}Variable "aws_region" {
description = "AWS region to build infrastructure"
type = string
}terraformar {
Infrastruktur "s3" {
}
}weekend
}

Copy the code above, making sure the region is appropriate and the bucket name is globally unique.

• distant state: Terraform stores state data in a remote data store that can be shared by all members of a team. The tool supports saving the state inTerraforming Clouds,HashiCorp Consul, Amazon S3, etc. In the example, the remote state is stored in an S3 bucket namedSample Demi-terragruntwith the keyTerragrunted/relative_filepath,Sheregion eu-west-1and finally guaranteed encrypted.
• to generate: This can be used to generate common Terraform configurations shared by multiple Terraform modules. In this example, the provider block can be built consistently by simply placing the code block at the root level.
• S3: Change "terragrunt-medium-example" to somethingunique worldwide, See below:

Globally unique and the namespace is shared by all AWS accounts. This means that after a bucket is created, another AWS account in any AWS Region cannot use that bucket name until the bucket is deleted.

(Video) How to use Terraform and Terragrunt with Infrastructure Code

Fuente:https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingBucket.html

The tutorial follows a relatively flat module structure for reusable infrastructure. Modules can be used to create lighter abstractions and separate services instead of having a coremain.tf or terragrunt.hcllike a monolith

├── Medium
│ └── eu-west-1
│ ├── Infrastructure
│ │ └── vpc
│ └── regional.tfvars
├── Module
└── terragrunt.hcl

To create the above structure, copy the following code:

$ mkdir -p medium/eu-west-1/infrastructure/vpc && touch medium/eu-west-1/regional.tfvars && módulos mkdir$ Touch README.md$ cd mid/eu-west-1/infrastructure/vpc && touch terragrunt.hcl

Navigate to the terragrunt.hcl file inMedium/eu-west-1/infrastructure/vpc :

$ cd medium/eu-west-1/infrastructure/vpc# Copy the content belowcontain {
path = look_in_parent_folders()
}terraformar {
fuente = "git::https://github.com/terraform-aws-modules/terraform-aws-vpc.git//?ref=v3.11.0"extra_arguments "init_args" {
commands = [
"Start"
]Arguments = [
]
}
}entries = {
name="main"
idr = "10.0.0.0/16"azs = ["westme-1a", "westme-1b", "westme-1c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]enable_nat_gateway = true
single_nat_gateway = verdadero
enable_dns_hostnames = true
enable_dns_support = verdaderocharacter = {
Name="VPC"
owner=""
Contact=""
Project = "Half Terragrunt"
environment = "development"
}
}

A default VPC is ready to use, so you don't have to create and configure your own VPC. You can start launching Amazon EC2 instances into your default VPC immediately.

Fuente:https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html

As of 12/4/2013, creating an AWS account automatically generates a default VPC configured with a route table and internet gateway. You can easily launch EC2 instances as well as AWS services. For this tutorial, a custom VPC is created for a hands-on approach. A new VPC is recommended for networking and security. The user can manage exactly what traffic is allowed to pass through the network.

Navigate to the terragrunt.hcl file inMedium/eu-west-1/regional.tfvarsto copy us static values:

aws_region = "eu-west-1"

This tutorial uses or basicEnter Terragrunt CLI commands. First create an execution plan to compare the current state of the infrastructure with the desired state:

# navigate tomedium/eu-west-1/infrastructure/vpcand run the following$ BodenebeneMedium Terragrunt sample remote state S3 bucket does not exist or you do not have permission to access it. Do you want Terragrunt to create you? (y/n)# Terragrunt will automatically create a bucket for you if one hasn't already been created.$ yInitialize backend...You have successfully configured the "s3" backend! Terraform automatically
Use this backend unless the backend configuration is changed.(...)Plan: add 20, change 0, destroy 0.(...)

As can be seen in the code above, there is no need to manually initialize the file. Terragrunt has an autostart feature as described inofficial documentation:

Auto-Init is a Terragrunt feature that does thisHe enters the earthit does not need to be called explicitly before other Terragrunt commands.

Fuente:https://terragrunt.gruntwork.io/docs/features/auto-init/

$ terragrunt apply...
vpc_ipv6_cidr_block = (known by application)
+ vpc_main_route_table_id = (known by application)
+ vpc_owner_id = (known after application)
+ vpc_secondary_cidr_blocks = []Do you want to perform these actions?
Terraform performs the actions described above.
Only "Yes" is accepted as passed.Enter a value:Simulator

Tip: Creating the VPC for the first time takes a few minutes.

navigate to/Infrastructureand configure the following modules:

• externer Load-Balancer/alba
• external load balancer/security group

$ pro Personterragrunt-medium/Medium/eu-west-1/infrastructure/vpc# Navigate to infrastructure
$ cd ../infrastructure
$ mkdir -p load-balancer/external-alb-load-balancer/external-security-group

Create an external security group

Navigate toexternal security groupand create oneterragrunt.hclfor the external security group module.

In terragrunt.hcl copy the following:

contain {
path = look_in_parent_folders()
}terraformar {
source="git::https://github.com/terraform-aws-modules/terraform-aws-security-group.git//?ref=v4.3.0"extra_arguments "init_args" {
commands = [
"Start"
]Arguments = [
]
}}dependency "vpc" {
ruta_config = "../..//vpc"
}entries = {
name="external security group"
description = "SG for use with external ALB, allow internal specific traffic but restrict based on route based rules"
vpc_id = dependency.vpc.outputs.vpc_id
ingress_cidr_blocks = concat(
["<INSERT-YOUR-OWN-IP>/32"]
)
reglas_ingress = ["http-80-tcp"]
output_with_cidr_blocks = [
{
from_port = 0
a_puerto = 0
Protocol="-1"
description = "All outputs"
cidr_blocks = "0.0.0.0/0"
}
]character = {
name="external-lb-security-group"
Owner = "<INSERT-COMPANY-NAME>"
Contact = "<INSERT NAME>"
Project = "Half Terragrunt"
environment = "development"
}
}

Update lines 28, 44, 45 with your IP and dates (optional). The IP must contain the length of the prefix /32.

Deploy the Application Load Balancer

navigate toexterner Load-Balancer/albafor Copy the following content to terragrunt.hcl:

contain {
path = look_in_parent_folders()
}terraformar {
source="git::https://github.com/terraform-aws-modules/terraform-aws-alb.git//?ref=v6.6.1"extra_arguments "init_args" {
commands = [
"Start"
]Arguments = [
]
}}dependency "vpc" {
ruta_config = "../../vpc"
}dependency "external security group" {
config_path = "../external-security-group/"
}entries = {
name="alb-external"
load_balancer_type = "Application"
vpc_id = dependency.vpc.outputs.vpc_id
sub-nets =dependency.vpc.outputs.public_subnets
security_groups = [dependency.external-security-group.outputs.security_group_id]
internal = wrong
Audiences = [
{
name = "externe-route-to-nothing"
protocolo_backend = "HTTP"
backend_port = "80"
}
]
http_tcp_listeners = [
{
porta = "80"
Protocol = "HTTP"
}
]
character = {
service="alb-external"
Owner = "<INSERT-COMPANY-NAME>"
Contact = "<INSERT NAME>"
Project = "Half Terragrunt"
environment = "development"
}
}

General use of Terragrunt

Run the following command and enterjafter three requests. The run all command can be used to apply multiple changes to multiple modules instead of running terraform app or terragrunt app individually as if you were using terraform.

$ terragrunt run-all applyAre you sure you want to run terragrunt apply on each folder in the stack described above? (y/n)$ y(...)lb_dns_name = "external-alb-419927666.eu-west-1.elb.amazonaws.com"

Copy the result to lb_dns_name for later.

$ cd ../../../../../módulos/
Webserver $mkdir
$ cd-Webserver
$ mkdir lib && toque principal.tf

First create a file called lib/server_web.sh.tplwith the following content:

#!/bin/bash
apt update -y
apt install apache2 -y
systemctl iniciar apache2
bash -c 'echo The website works fine! > /var/www/html/index.html'

This is a bash script that writes "The website works fine!" in index.html.

Then enter the following in main.tf:

############################################## # ### ##############
## Data Sources ##
############################################## # ### ##############
specified "aws_jam_account_alias" "actual" {
}############################################## # ### ##############
## EC2 ##
############################################## # ### ##############
dados "aws_iam_policy_document" "ec2_role_trust" {
opinion {
Actions = ["sts:AssumeRole"]
effect="Allow"
directors {
type="Service"
identifier = ["ec2.amazonaws.com"]
}
}
}
data "aws_ami" "ec2" {
most_recent = true
filter {
name = "name"
Werte = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
}
filter {
name="Virtualization Type"
Values ​​= ["hvm"]
}
Owner="["099720109477"]
}
############################################## # ### ##############
## I AM ##
############################################## # ### ##############
recurso "aws_iam_instance_profile" "instance_profile" {
name = "${var.environment}-${var.service}"
role = aws_iam_role.iam_role.name
}
# Identity and access management role
Ressource „aws_iam_role“ „iam_role“ {
name = "${var.environment}-${var.service}"
asumir_role_policy = datos.aws_iam_policy_document.ec2_role_trust.json
}
############################################## # ### ##############
## Autoscale Group ##
############################################## # ### ##############
recurso "aws_autoscaling_group" "dev" {
name = "${var.environment}-${var.service}-asg"
max_size = var.max
min_size = var.min
desired_capacity = var. desired_capacity
health_check_grace_period = 300
health_check_type = "EC2"
# EC2 instead of ELB, load balancer now only works if ec2 is healthy
force_delete = true
launch_configuration = aws_launch_configuration.dev.name
vpc_zone_identifier = var.private_subnet_ids
target_group_arns = [aws_lb_target_group.web_server.arn]
Lifespan {
create_before_destroy = wahr
}
}
############################################## # ### ##############
## Start configuration ##
############################################## # ### ##############
recurso "aws_launch_configuration" "dev" {
name_prefix = "${var.environment}-${var.service}-web-config"
image_id = datos.aws_ami.ec2.id
instance type = var.instance type
security_groups = [aws_security_group.security_group.id]
iam_instance_profile = aws_iam_instance_profile.instance_profile.id
enable_monitoring = true
datos_usuario = templatefile("${path.module}/lib/web_server.sh.tpl",
{
service_name = var.service
environment = var.environment
aws_account_name = datos.aws_iam_account_alias.current.account_alias
})
device_root_block {
encrypted = true
}
Lifespan {
create_before_destroy = wahr
}
}
############################################## # ### ##############
## Listener-Rule ##
############################################## # ### ##############
recurso "aws_lb_listener_rule" "external_forwarder_rule" {
listener_arn = var.external_lb_listener_arn
action {
type = "next"
target_group_arn = aws_lb_target_group.web_server.arn
}
Illness {
pattern path {
Values ​​= ["/"]
}
}
Priority = 1
}############################################## # ### ##############
## Security Group ##
############################################## # ### ##############recurso "aws_security_group" "security_group" {
name = "${var.environment}-${var.service}-sg-instance"
vpc_id = var.vpc_idcharacter = {
name="web security group"
}
}############################################## # ### ##############
## Security Group Rules ##
############################################## # ### ##############
# HTTP-Gateway
recurso "aws_security_group_rule" "puerto_externo" {
description = "Gateway - 80"
from_port = 80
protocol="tcp"
security_group_id = aws_security_group.security_group.id
# security group id =
a_puerto = 80
type="input"
source_security_group_id = var.external_lb_security_group_id
}
# Get out of everything
recurso "aws_security_group_rule" "egress_all" {
description = "All expenses"
type="output"
a_puerto = 0
from_port = 0
Protocol="-1"
security_group_id = aws_security_group.security_group.id
blocks_cidr = ["0.0.0.0/0"]
}
############################################## # ### ##############
## Target group ##
############################################## # ### ##############
recurso "aws_lb_target_group" "servidor_web" {
health check {
range = 20
ruta = "/"
Protocol = "HTTP"
Time limit = 10
Healthy_threshold = 3
limit_unhealthy = 5
}name = "${var.environment}-http"
Tor = 80
Protocol = "HTTP"
vpc_id = var.vpc_id
target_type = "instancia"character = {
Name = "${var.environment}-${var.service}-http-target-group"
}Lifespan {
create_before_destroy = wahr
}
}############################################## # ### ##############
## Variables ##
############################################## # ### ##############variable "environment" {
default="tools"
type = string
description = "environment name"
}variable "service" {
default="Webserver"
type = string
description = "service name"
}Variable "Instanztyp" {
default="t2.micro"
type = string
description="Instanztyp"
}Variable "vpc_id" {
type = string
description="VPC-ID"
}Variable "private_subnet_ids" {
type = list(string)
description="Private Subnetz-ID"
}Variable "public_subnet_ids" {
type = list(string)
description = "Subnetz Subnetz-ID"
}Variable "max" {
Standard = 6
type = number
description = "Maximum number of autoscaling group instances"
}Variable "min" {
Standard = 3
type = number
description = "Minimum number of autoscaling group instances"
}variable "desired_capacity" {
Standard = 3
type = number
description = "Desired number of autoscaling groups"
}Variable "log_expire_days" {
Standard = 7
type = number
description="value"
}variable "available_zones" {
type = list(string)
}variable "company name" {
default = "Change this to the client"
type = string
description = "company name"
}Variable "lb_ingress_rules" {
default = ["null"]
type = list(string)
description = "ips allowed for web server"
}Variable "create_load_balancer" {
default = true
Type = bool
description = "if you want to create a resource"
}Variable "external_target_group_arns" {
type = list(string)
Standard = []
}variable "project name" {
type = string
default="medium"
}Variable "external_lb_listener_arn" {
type = string
default=""
description = "Arn listener for external load balancer"
}Variable "externer_lb_name" {
type = string
description = "Name des externen Load Balancers"
default="half pound"
}Variable "external_lb_zone_id" {
type = string
description = "Externe Load Balancer-Zonen-ID"
}Variable "external_lb_security_group_id" {
type = string
description = "External load balancer security group"
}############################################## # ### ##############
##Salida ##
############################################## # ### ##############
output "asg_arn" {
valor = aws_autoscaling_group.dev.arn
}

After copying the configuration above, you need to go to the top-level modules. Then navigate toMitte/I-West-1/, create a new folderServices/Web Server/and create one tooterragrunt.hclfile again.

$ cd Medium/eu-west-1/ && mkdir services/web-server/
$ touch terragrunt.hcl

In the terragrunt.hcl file, copy the following:

contain {
path = look_in_parent_folders()
}terraformar {
source = "../../../../modules//webserver"extra_arguments "init_args" {
commands = [
"Start"
]Arguments = [
]
}}dependency "vpc" {
config_path = "../../infraestructura/vpc"
}dependency "external_alb" {
config_path = "../../infrastructure/load balancer/alb-external"
}dependency "external_security_group" {
config_path = "../../infrastructure/load balancer/external-security-group"
}entries = {# VPC
available_zones=dependency.vpc.outputs.azs
vpc_id = dependency.vpc.outputs.vpc_id
private_subnet_ids =dependencia.vpc.salidas.private_subnets
public_subnet_ids =dependency.vpc.outputs.public_subnets# Define inputs
company name = "and"
lb_ingress_rules = [<TU-IP>/32] # CAMBIA A TU IP
project_name = "Terragrunt Medio"# Listener configuration
external_lb_security_group_id =dependencia.external_security_group.outputs.security_group_id
external_lb_listener_arn =dependencia.external_alb.outputs.http_tcp_listener_arns[0]
external_lb_name = dependency.external_alb.outputs.lb_dns_name
external_lb_zone_id = dependency.external_alb.outputs.lb_zone_id
external_target_group_arns =dependencia.external_alb.outputs.target_group_arnscharacter = {
Name="Terragrunt-VPC"
Owner = "<INSERT-COMPANY-NAME>"
Contact = "<INSERT NAME>"
Project = "Half Terragrunt"
environment = "development"
}
}

The general structure should look like this:

├── Medium
│ ├── eu-west-1
│ ├── Infrastructure
│ │ ├── Load-Balancer
│ │ │ ├── white on the outside
│ │ │ │ └── terragrunt.hcl
│ │ │ └── external security group
│ │ │ └── terragrunt.hcl
│ │ └── vpc
│ │ └── terragrunt.hcl
│ ├── regional.tfvars
│ └── Services
│ └── Webserver
│ └── terragrunt.hcl
├── LÉAME.md
├── Module
│ └── Webserver
│ ├── LÉAME.md
│ ├── Free
│ │ └── server_web.sh.tpl
│ └── Prinzipal.tf
└── terragrunt.hcl

Now review the plan and apply the changes. After applying the changes, you can go to the AWS console and view the updated settings in Autoscaling Group, Launch Configuration, Security Groups, and Target Groups.

Terragrunt-App:

# Run terragrunt apply and read the output. Type "Yes" and press Enter.$ terragrunt apply
(...)Create # aws_security_group_rule.external_port
+ recurso "aws_security_group_rule" "puerto_externo" {
+ description = "gateway - 80"
+ from_port = 80
+ id = (known after application)
+ protocol = "tcp"
+ security_group_id = (known after application)
+ automatic = wrong
+ source_security_group_id = "sg-097110dc519ca5ef7"
+ a_puerto = 80
+ type = "input"
}Flat: 9 to add, 0 to change, 0 to destroy.Departure Changes:
+ asg_arn = (known after application)

Paste the above dns_name into your browser or paste the following into the terminal:

lb_dns_name = "external-alb-419927666.eu-west-1.elb.amazonaws.com"$ curl externo-alb-419927666.eu-west-1.elb.amazonaws.com
The site works perfectly!

(Video) Terragrunt (part 1)

Congratulations, you have created your first web server cluster with Terragrunt! You can test the ASG by killing the instances. Go toinstances> Cliqueinstance statebutton >terminate instance. The ASG detects a change and starts a backup instance to maintain the desired capacity for the pool.

8. Start the web server in a separate region

Web servers are currently only available in eu-west-1, to copy the infrastructure to eu-west-2, do the following:

• Copy and paste the entire configuration from eu-west-1

• Change the name toue-west-2

emmedium/eu-west-2/infrastructure/vpc/terragrunt.hcl, change the following:

azs = ["westme-1a", "westme-1b", "westme-1c"]

for:

azs = ["westme-2a", "westme-2b", "westme-2c"]

The terragrunt.hcl file should look like this:

contain {
path = look_in_parent_folders()
}terraformar {
source="git::https://github.com/terraform-aws-modules/terraform-aws-vpc.git//?ref=v3.11.0"extra_arguments "init_args" {
commands = [
"Start"
]
Arguments = [
]
}
}entries = {
name="main"
idr = "10.0.0.0/16"azs = ["westme-2a", "westme-2b", "westme-2c"]
...

Repeat the steps formedium/eu-west-2/services/web-server/terragrunt.hcl

Change:

environment="tools-i-1"

For:

Environment="i-tools-2"

Apply changes as before usingterragrunt run-all apply, press "y" when prompted in eu-west-2 to accept the changes. Now copy the new DNS name in eu-west-2 (London) into your browser to see if the setup works.

Structure of the final project

├── Medium
│ ├── eu-west-1
│ │ ├── Infrastructure
│ │ │ ├── Loadbalancer
│ │ │ │ ├── Outside white
│ │ │ │ │ └── terragrunt.hcl
│ │ │ │ └── external security group
│ │ │ │ └── terragrunt.hcl
│ │ │ └── vpc
│ │ │ └── terragrunt.hcl
│ │ ├── regional.tfvars
│ │ └── Services
│ │ └── Webserver
│ │ └── terragrunt.hcl
│ ├── eu-west-2
│ ├── Infrastructure
│ │ ├── Load-Balancer
│ │ │ ├── white on the outside
│ │ │ │ └── terragrunt.hcl
│ │ │ └── external security group
│ │ │ └── terragrunt.hcl
│ │ └── vpc
│ │ └── terragrunt.hcl
│ ├── regional.tfvars
│ └── Services
│ └── Webserver
│ └── terragrunt.hcl
├── LÉAME.md
├── Module
│ └── Webserver
│ ├── LÉAME.md
│ ├── Free
│ │ └── server_web.sh.tpl
│ └── Prinzipal.tf
└── terragrunt.hcl

This is the last tree diagram of the Terragrunt project pulled from GitHub.

When you're done with the tutorial, it's best to delete all resources so AWS doesn't bill you. This is a simple process where you run the following command:

$ pro Person
~/documents/terragrunt-medium$ terragrunt run destroy all

Press and type "y" when prompted.Terragrunt run destroy allcan be used to destroy the entire module and all dependencies in both regions.

You should now have a basic understanding of Terragrunt and the Terraform logging engine. Both together kept the DRY code and eliminated the need to build modules from scratch with verified/community modules.

Please note that this tutorial has only scratched the surface of Terragrunt. To better understand the topic, access theofficial documentationfor more informations.

If you followed the tutorial let me know what you think in the comments. If you have any problems please contact me and I will try to help you.