Skip to content


Dockerized IaC framework for Terraform and Terragrunt

Supporting amd64 and aarch64/arm64 images!

Supporting now latest OpenTofu version for every release

Docker image with Terraform, Terragrunt, Go, Python, Make, Docker, Git, and all needed components to easily manage cloud infrastructure for CI/CD environments as a runner image.

Including cloud CLIs and SDKs for Amazon Web Services, Microsoft Azure, Google Cloud Platform and YandexCloud.

Best used as runner image for CI/CD in automation, as well as a local run environment.

Please note focus of those images is to maintain availability of current versions of Terraform and Terragrunt, not CLIs or other dependencies.
Hence, images are updated when new version of Terraform or Terragrunt is released. Furthermore, versioning labels of images contain versions of said software to emphasize it.

Source code is available at devops-infra/docker-terragrunt.

Dockerfile was based on two images made by cytopia: docker-terragrunt and docker-terragrunt-fmt .
Original README files are included in this repository: docker-terragrunt and docker-terragrunt-fmt . This project grew much bigger than the original ones and is intended to be a framework for cloud Infrastructure-as-a-Code.

All Contributors

Push to master Push to other
GitHub GitHub code size in bytes GitHub last commit
DockerHub Dockerfile size Docker Pulls

Available source images

Tag of the image tells which version of Terraform and Terragrunt it contains and which public cloud provider CLI it's bundled with or not (see second table below).

Registry Example full image name Image name Image version Terraform version Terragrunt version
Docker Hub devopsinfra/docker-terragrunt:tf-1.8.1-tg-0.57.2 docker-terragrunt tf-1.8.1-tg-0.57.2 1.8.1 0.57.2
GitHub Packages docker-terragrunt tf-1.8.1-tg-0.57.2 1.8.1 0.57.2

Available flavours

Tag of the image tells also which cloud API/SDK is included in the image.

Image name AWS Azure GCP Description Size
docker-terragrunt:slim-tf-1.8.1-tg-0.57.2 Lightweight version with TF, TG and bare dependencies Docker size
docker-terragrunt:tf-1.8.1-tg-0.57.2 Normal version. Having Go, Python, Make, etc. Docker size
docker-terragrunt:aws-tf-1.8.1-tg-0.57.2 Normal version with AWS CLI. Docker size
docker-terragrunt:azure-tf-1.8.1-tg-0.57.2 Normal version with Azure CLI. Docker size
docker-terragrunt:aws-azure-tf-1.8.1-tg-0.57.2 Normal version with AWS and Azure CLIs. Docker size
docker-terragrunt:gcp-tf-1.8.1-tg-0.57.2 Normal version with GCP CLI. Docker size
docker-terragrunt:aws-gcp-tf-1.8.1-tg-0.57.2 Normal version with AWS and GCP CLIs. Docker size
docker-terragrunt:azure-gcp-tf-1.8.1-tg-0.57.2 Normal version with Azure and GCP CLIs. Docker size
docker-terragrunt:aws-azure-gcp-tf-1.8.1-tg-0.57.2 Normal version with AWS, Azure and GCP CLIs. Docker size
docker-terragrunt:yc-tf-1.8.1-tg-0.57.2 Normal version with YandexCloud CLI. Docker size


  • For working with local files - mount working directory under /data, e.g. --volume $(pwd):/data.
  • For working with cloud providers - pass their credentials as additional file or environment variables,
    e.g. --env AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN} or --volume ~/.aws/credentials:/root/.aws/credentials.
  • For running other Docker images - by sharing the socket,
    e.g. --privileged --volume /var/run/docker.sock:/var/run/docker.sock.
  • For configuring git - mount desired .gitconfig and/or SSH key (if needed),
    e.g. --volume ~/.gitconfig:/root/.gitconfig --volume ~/.ssh/id_rsa_github:/root/.ssh/id_rsa

Examples of .gitconfig to mount

  • Use https with Personal Access Token:
[url "https://{GITHUB_TOKEN}"]
	insteadOf =
[url "https://{GITHUB_TOKEN}"]
	insteadOf = git+ssh://
[url "https://{GITHUB_TOKEN}"]
	insteadOf =
  • Use https instead of git/ssh:
[url ""]
	insteadOf = git+ssh://
[url ""]
	insteadOf =
  • Use ssh instead of https:
[url "ssh://"]
  insteadOf =
[url "ssh://"]
	insteadOf =


  • Format all HCL files in the current directory. Including subdirectories.
docker run --rm \
    --user $(id -u):$(id -g) \
    --volume $(pwd):/data \
    devopsinfra/docker-terragrunt:latest format-hcl
  • Plan terraform deployment in AWS for files in current directory.
docker run --rm \
    --tty --interactive \
    --user $(id -u):$(id -g) \
    --volume $(pwd):/data \
    devopsinfra/docker-terragrunt:aws-latest terraform plan
  • Apply terragrunt deployment in subdirectory. With GitHub using a ~/.gitconfig file with PAT.
docker run --rm \
    --tty --interactive \
    --user $(id -u):$(id -g) \
    --volume $(pwd):/data \
    --volume ~/.gitconfig:/root/.gitconfig \
    devopsinfra/docker-terragrunt:aws-latest terragrunt apply --terragrunt-working-dir some/module
  • Run a Makefile target as orchestration script.
docker run --rm \
    --tty --interactive \
    --user $(id -u):$(id -g) \
    --volume $(pwd):/data \
    devopsinfra/docker-terragrunt:aws-latest make build

Additional software available in all images


Script name Is included in PATH Purpose Source/Documentation
format-hcl Yes For formatting all HCL files (.hcl, .tf and .tfvars) into format suggested by Hashicorp. devops-infra No Dependency for format-hcl cytopia Yes Main CMD target for Docker image, just to show all installed binaries versions. devops-infra

Binaries and Python libraries

Some are conditional, depending on the selected flavour, marked with *

Name Type Description Source/Documentation
awscli* Binary For interacting with AWS via terminal.
azure-cli* Binary For interacting with Azure via terminal.
bc Binary For numeric operations.
boto3* Python library For interacting with AWS via Python.
cloudflare Python library For Cloudflare API operations
curl Binary For interacting with ElasticSearch and Kibana.
docker Binary For running another container, e.g. for deploying Lambdas with LambCI's docker-lambda.
git Binary For interacting with Github repositories.
go Binary For using Golang, e.g. easy install of additional libraries/binaries.
google-cloud-sdk* Binary For interacting with GCP via terminal.
gnupg Binary For GPG operations.
graphviz Binary For generating graphic files from dot graphs, like terraform graph.
hub Binary For interacting with Github APIs.
jq Binary For parsing JSON outputs of awscli.
hcledit Binary For reading and writing HCL files.
make Binary For using Makefile instead of scripts in deployment process.
ncurses Binary For expanding Makefile with some colors.
openssh Binary For allowing outgoing SSH connections.
openssl Binary For calculating BASE64SHA256 hash of Lambda packages. Assures updating Lambdas only when package hash changed.
opentofu Binary As open-source alternative to Terraform.
PyGithub Python library For interacting with GitHub API.
python-hcl2 Python library For reading HCL files in Python.
python3 Binary For running more complex scripts during deployment process.
requests Python library For sending HTTP requests, for example integration with Slack
slack_sdk Python library For integration with Slack applications/bots, e.g. creating channels for notifications
sops Binary For encrypting config files for Terragrunt's sops_decrypt_file.
terraform Binary For managing IaC. Dependency for Terragrunt.
terragrunt Binary For managing IaC. Wrapper over Terraform.
tflint Binary For linting Terraform files.
unzip Binary For extracting packages.
yc Binary For interaction with Yandex Cloud via terminal.
zip Binary For creating packages for Lambdas.

Contributors ✨

Thanks goes to these wonderful people (emoji key):

Krzysztof Szyper

💻 📦 🚧


🤔 💻

Marko Djukic


Phileas Lebada


Matthew Smedberg



🐛 💻

This project follows the all-contributors specification. Contributions of any kind welcome!