Terragrunt Structure for China and Gov Cloud

[zestrells]

Hi All,

Just wanted to get some of your recommendations for the terragrunt folder structure if we had prod environments in:

Same Account

• us-west-2
• us-east-1

Different Accounts

• us-china
• us-gov

I was thinking we could have us-west-2 and us-china environments in the same folder structure for terragrunt/live/prod, but it looks like that groups stacks together in the same AWS account. So it would need to be terragrunt/live/china and terragrunt/live/gov.

Just wanted to ping here for your recommendations? @ArchiFleKs

[ArchiFleKs]

Hi @zestrells What do we mean it staked together ? Yes in general I segment AWS account at the environment level. Personnaly I like to do:

terragrunt/live/account1/us-west-2
terragrunt/live/account1/us-east-1
terragrunt/live/account2/us-china
terragrunt/live/account3/us-gov

You can then make use of the terragrunt assume role ARN to switch between account if you have a root accountfor example with iam_role = "arn:aws:iam::${local.merged.aws_account_id}:role/github-action-iac-administrator" in each environment / account terragrunt.hcl here.

Hope that's clear

[zestrells]

Hi @ArchiFleKs , sorry to be pinging you so often. Did you have any troubles leveraging terragrunt in China? I am running into the following issue when first running terragrunt to create all components including s3 state backend from a cn-north-1 ec2 instance. We validated that our egress for our Security group is 0.0.0.0/0, so we are confused why this is arising or what the potential fix could be. Thank you for your help as always, we leveraged the suggestions you made above 😄

Initializing the backend...

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.

Initializing provider plugins...
- Finding latest version of hashicorp/aws...
╷
│ Error: Failed to query available provider packages
│
│ Could not retrieve the list of available versions for provider
│ hashicorp/aws: could not connect to registry.terraform.io: Failed to
│ request discovery document: Get
│ "https://registry.terraform.io/.well-known/terraform.json": net/http: TLS
│ handshake timeout

[ArchiFleKs]

Hi @ArchiFleKs , sorry to be pinging you so often. Did you have any troubles leveraging terragrunt in China? I am running into the following issue when first running terragrunt to create all components including s3 state backend from a cn-north-1 ec2 instance. We validated that our egress for our Security group is 0.0.0.0/0, so we are confused why this is arising or what the potential fix could be. Thank you for your help as always, we leveraged the suggestions you made above 😄

Initializing the backend...



Successfully configured the backend "s3"! Terraform will automatically

use this backend unless the backend configuration changes.



Initializing provider plugins...

- Finding latest version of hashicorp/aws...

╷

│ Error: Failed to query available provider packages

│

│ Could not retrieve the list of available versions for provider

│ hashicorp/aws: could not connect to registry.terraform.io: Failed to

│ request discovery document: Get

│ "https://registry.terraform.io/.well-known/terraform.json": net/http: TLS

│ handshake timeout

Seems more a Terraform / Egress connection issue than related to Teks or this module IMO