This repository contains a templated Dockerfile for image variants designed to run deployments using Terraform, Terragrunt, and the AWS CLI.
Via Docker Compose, which includes volumes for basic functionality:
services:
terraform:
image: ghcr.io/foreflight/terraform:1.3.5
volumes:
- ./:/usr/local/src
- $HOME/.aws:/root/.aws:ro
environment:
- AWS_PROFILE
working_dir: /usr/local/src
entrypoint: bash$ docker-compose run --rm terraform
root@5e7b9d6614b0:/usr/local/src# terraform -version
Terraform v1.3.5
on linux_amd64At ForeFlight, we use AWS Vault to log into our numerous AWS accounts via the AssumeRole API.
By default, the AWS CLI looks for credentials in multiple places, starting with credentials passed as CLI parameters and ending with credentials exposed by the instance metadata server. AWS Vault has a local implementation of the EC2 instance metadata server. So, we can use AWS Vault's local instance metadata server to supply credentials to the AWS CLI without needing to mount or pass anything to the container image:
$ aws-vault exec --server my-aws-profile
$ docker-compose run --rm terraform
root@59531b150efd:/usr/local/src# aws sts get-caller-identity
{
"UserId": "AIDASAMPLEUSERID",
"Account": "123456789012",
"Arn": "arn:aws:iam::123456789012:user/DevAdmin"
}TERRAFORM_VERSION- Terraform version.TERRAGRUNT_VERSION- Terragrunt version.AWSCLI_VERSION- AWS CLI version 2 version.
An example of how to use cibuild to build and test an image:
$ CI=1 TERRAFORM_VERSION=1.3.5 TERRAGRUNT_VERSION=v0.40.0 AWSCLI_VERSION=2.9.0 ./scripts/cibuild