—
Every few months, we send out a newsletter to all Gruntwork customers that describes all the updates we’ve made since the last newsletter and news from the DevOps industry. Note that some of the links below may go to private repositories in the Gruntwork Infrastructure as Code Library that are only accessible to customers.
Happy February, the shortest month of the year. Just because the number of days are fewer doesn’t mean we’re short on DevOps news and announcements, especially with the upcoming release of Terragrunt 1.0!
As always, if you have any questions or need help, email us at [email protected]!
Gruntwork Updates
Pipelines GitLab Private Beta
Gruntwork Pipelines, the official pipeline for Terragrunt, is launching into private beta for GitLab this month! Pipelines has been available on GitHub for nearly 5 years and the team is thrilled to be expanding support to additional SCM and CI providers. If you are using GitLab and interested in trying out pipelines, get in touch!
Pipelines Dependent File Support
In version 3.7.0 Gruntwork Pipelines introduced support for automatically triggering plan/applies for Terragrunt units when dependent data files, in use by those units, are changed. The common pattern is that a terragrunt.hcl file will read an external tags.yaml (or similar) file. Up until 3.7, if you wanted to rerun plan/apply on a unit when the tags.yaml file was updated, you had to make a no-op change to terragrunt.hcl itself. With the release of the File Dependencies feature, Gruntwork Pipelines will leverage Terragrunt’s understanding of linked files/dependent files to determine where to run plan/apply automatically on every PR, even if the file changed is read indirectly by a Terragrunt unit.
Library Support for AWS EKS Auto Mode
Our EKS Library module is getting several new features in the coming weeks! AWS recently released EKS Auto Mode this past December and we are adding first class support for the feature. EKS Auto Mode is a powerful new feature that simplifies EKS cluster management on AWS. This innovative capability automates the provisioning and management of cluster infrastructure, significantly reducing or eliminating the need for manual worker node configuration. With EKS Auto Mode, you can streamline operations by offloading cluster management tasks to AWS, allowing you to focus on building applications rather than the operational aspects of managing EKS compute resources. EKS Auto Mode will automatically select optimal compute instances, dynamically scale resources, and continuously ensure right-sizing of your EKS cluster. EKS Auto Mode also enhances security by enforcing AWS best practices, using immutable EKS Optimized AMIs, and regularly rotating worker nodes.
Adding Database support to Terratest
Terratest has added new functions to connect to and inspect databases as part of a test run. The need adding database operation support to Terratest arises from the need to validate the deployment of databases, such as Microsoft SQL Server, using Terraform. Previously, there were no built-in functions in Terratest for connecting to databases or executing SQL commands, which makes it challenging to verify if the database is running correctly after deployment. By introducing methods for database connection and SQL execution, users can automate validation checks, ensuring that the deployed database is fully functional and configured as expected. This enhancement would improve testing coverage and streamline the infrastructure validation process for users deploying databases with Terraform.
Tailscale Module Update Revamp
We’re released a major update to our Tailscale module. This new version brings comprehensive support for all existing Tailscale configuration flags while significantly simplifying the setup process. The module now fully aligns with Tailscale’s latest node configuration methods, addressing previous limitations and incorporating frequently requested features. Users can now configure their Tailscale nodes more efficiently with reduced complexity.
New CloudFront CDN Module Updates
We’ve continued to enhance our standalone CloudFront module, which was initially released several months ago to streamline the deployment of CloudFront distributions and associated resources. This month’s update introduces support for newly released CloudFront features, including gRPC communication with origins and VPC origin connectivity. These additions provide more flexible options for managing content delivery and API implementations.
AWS Provider — Macie Invitation Upstream Bugfix
We reported a critical issue affecting Macie resources to maintainers. Macie resources were unable to establish cross-account connections, and we successfully traced this problem to a specific version where the issue was introduced. AWS provider maintainers have now released the fix to restore full cross-account functionality for Macie resources in AWS Provider version v5.85.0.
Terragrunt Updates
Experimental Terragrunt Stacks Support
Terragrunt Stacks are now being developed in public under the stacks experiment flag.
Users now have the ability to:
Generate a stack of units using the terragrunt stack generate command.
Perform a run within a stack using the terragrunt stack run command.
Aggregate outputs of a stack using the terragrunt stack output command.
Clean up a generated stack using the terragrunt stack clean command.
Pass values to units in a stack using the values attribute.
Terragrunt Stacks are still an experimental feature, and subject to change.
We encourage you to try out the commands in your (non-production) workflows and we request you give us feedback to shape the final form of Stacks! We’re close to feature complete for Stacks, and when we are, we’ll go through final rounds of testing with community support before we mark them as generally available.
If you want to be one of the community members testing stacks before we finalize their design, we highly encourage you to join the Terragrunt Discord. Community members that opt in to receive notifications are alerted whenever we’re trying to solicit feedback on experimental designs.
Starting the Terragrunt CLI Redesign
We’ve recently started the process of redesigning the Terragrunt CLI!
All the changes that we’ve made are fully backwards compatible, and will be so until we start the final deprecation and removal process of legacy CLI behavior. Similar to the Stacks experiment, the new functionality in the CLI Redesign is gated behind the cli-redesign experiment.
Users now have the ability to use new run and exec commands to have granular control over the processes that Terragrunt spawns to drive infrastructure changes.
The run command replaces what is currently the default command when users use Terragrunt. By default, when Terragrunt does not find a command in the CLI API, it forwards those commands to OpenTofu/Terraform. With the introduction of the run command, users have a way to explicitly indicate that they want this done.
Going forward, the run command will also replace the run-all and graph commands by virtue of the flags --all and --graph respectively.
Up until recently, users have been fairly limited in the processes that they can spawn with Terragrunt. For the most part, it has been invocations of the tofu or terraform binaries. With the introduction of the exec command, users now have the ability to run arbitrary commands via Terragrunt.
e.g.
$ terragrunt exec -- tofu init
$ terragrunt exec -- aws s3 ls
Users that have wanted to integrate with tooling other than OpenTofu/Terraform now have a mechanism that supports that.
In addition, all Terragrunt flags that are prefixed with terragrunt- now have an alias that strips the terragrunt- prefix. You will be able to use either until they are fully deprecated and removed from the CLI.
e.g.
$ terragrunt --terragrunt-non-interactive plan
# Is now:
$ terragrunt --non-interactive plan
There are many more changes, and the best place to stay up to date on how to adapt to the CLI Redesign is to read the dedicated migration docs.
You are also encouraged to subscribe to the pinned deprecation issue for updates on future removal of deprecated functionality!
Native support for OpenTofu state encryption in Terragrunt
Terragrunt now has native support for OpenTofu state encryption in the remote_state configuration block.
Previously, Terragrunt users could use the generate attribute to explicitly generate OpenTofu configurations that enabled state encryption, but with this change, there is native support for the configurations used in OpenTofu state encryption. This means that Terragrunt will validate them before running OpenTofu/Terraform, and give helpful messages to make sure it’s configured correctly.
Special thanks to @norman-zon for contributing this feature!
DevOps News
The AWS Management Console now supports simultaneous sign-in, letting you access up to five different accounts (or roles within the same account) in a single browser session. This multi-session capability streamlines workflows and reduces the hassle of constant switching, improving efficiency for admins and engineers managing complex cloud environments. This feature is available in all commercial AWS regions and should be especially helpful for Gruntwork Account Factory customers that are regularly managing multiple accounts.
