Skip to content
Meta-configurations for repositories, teams, files in terraform-aws-modules organization
HCL Shell Makefile
Branch: master
Clone or download

Meta files for terraform-aws-modules organization

This repository contains Terraform configurations for all Terraform modules managed as part of terraform-aws-modules organization on GitHub.

What exactly is managed here?

  1. GitHub resources:

    • Repositories
    • Branch protections (status checks, pull-request reviews, restrictions)
    • Teams
    • Team repositories
    • Team memberships
    • Organization memberships (admins and members)
  2. Common files in GitHub repositories:

    • .pre-commit-hooks.yml
    • .github issues and PR templates
    • Makefile
    • GitHub Actions
    • ...

Why here and not in each individual repository?

It is hard to keep things identical, predictable, and with high-quality, while focusing on maintaining Terraform modules.

GitHub allows to have a special repository named .github where common files like,, FUNDING.yml, and are stored. Those files are automatically used by all repositories across the whole GitHub organization.

Ideally, individual Terraform module repository should contain only Terraform configurations and have standard procedures for releasing, updating, testing, documenting, defined in a central place (this repo).


If you are using Mac, you can install all dependencies using Homebrew:

$ brew install terraform terragrunt terraform-docs pre-commit

🔒 GitHub Token

GitHub Personal Access Token is stored using and populated during execution by Terragrunt.

Give a try if you are tired of struggling with secrets already. Remember to mention that you have read about it here. :)

Manage GitHub resources (repositories, teams, members):

$ cd github/main
$ terragrunt apply

Manage files in one repository (eg, terraform-aws-modules/terraform-aws-vpc):

$ cd github/repositories/terraform-aws-modules/terraform-aws-vpc
$ terragrunt apply

Manage files in all repositories (not supported):

Currently it is not well implemented here yet. Due to a large amount of API calls to GitHub and inability of terragrunt to limit execution to a single process.

$ cd github/repositories
$ terragrunt plan-all    # <- it is a good idea to see changes :)
$ terragrunt apply-all

Ideas for later

  • Use SecretHub for storing secret Github Token
  • Prevent making changes in files managed by this repo in repositories (tell users during PR checks)
  • Finish running code in this repo - terraform-aws-modules/terraform-aws-eks
  • Verify if GitHub is actually using the files in "ISSUE_TEMPLATE" directory from .github repository. Verify and update if necessary.


This repository is managed by Anton Babenko.


Apache 2 Licensed. See LICENSE for full details.

You can’t perform that action at this time.