Dockerized IaC framework for Terraform and Terragrunt

Now supporting `amd64` and `aarch64/arm64` images!

And supporting `slim-latest` version having only Terraform, Terragrunt and TFlint

Base operating system changed from Alpine to Ubuntu starting from the release `tf-1.1.8-tg-0.36.6`

Docker image with Terraform, Terragrunt, Python, Make, Docker, Git, and all needed components to easily manage cloud infrastructure.
Including cloud CLIs and SDKs for Amazon Web Services, Microsoft Azure and Google Cloud Platform.

Best used as runner image for CI/CD in automation, as well as a local environment.

Please note focus of those images is to maintain availability of current versions of Terraform and Terragrunt, not CLIs or other dependencies.
Hence, images are updated when new version of Terraform or Terragrunt is released. Furthermore, versioning labels of images contain versions of said software to emphasize it.

Source code is available at devops-infra/docker-terragrunt.

Dockerfile was based on two images made by cytopia: docker-terragrunt and docker-terragrunt-fmt .
Original README files are included in this repository: docker-terragrunt and docker-terragrunt-fmt . This project grew much bigger than the original ones and is intended to be a framework for cloud Infrastructure-as-a-Code.

Available source images

Tag of the image tells which version of Terraform and Terragrunt it contains and which public cloud provider CLI it's bundled with or not (see second table below).

Registry	Example full image name	Image name	Image version	Terraform version	Terragrunt version
Docker Hub	`devopsinfra/docker-terragrunt:tf-1.2.8-tg-0.38.9`	`docker-terragrunt`	`tf-1.2.8-tg-0.38.9`	`1.2.8`	`0.38.9`
GitHub Packages	`ghcr.io/devops-infra/docker-terragrunt/docker-terragrunt:tf-1.2.8-tg-0.38.9`	`docker-terragrunt`	`tf-1.2.8-tg-0.38.9`	`1.2.8`	`0.38.9`

Available flavours

Tag of the image tells also which cloud API/SDK is included in the image.

Image name	AWS	Azure	GCP
`docker-terragrunt:slim-tf-1.2.8-tg-0.38.9`	❌	❌	❌
`docker-terragrunt:tf-1.2.8-tg-0.38.9`	❌	❌	❌
`docker-terragrunt:aws-tf-1.2.8-tg-0.38.9`	✅	❌	❌
`docker-terragrunt:azure-tf-1.2.8-tg-0.38.9`	❌	✅	❌
`docker-terragrunt:aws-azure-tf-1.2.8-tg-0.38.9`	✅	✅	❌
`docker-terragrunt:gcp-tf-1.2.8-tg-0.38.9`	❌	❌	✅
`docker-terragrunt:aws-gcp-tf-1.2.8-tg-0.38.9`	✅	❌	✅
`docker-terragrunt:azure-gcp-tf-1.2.8-tg-0.38.9`	❌	✅	✅
`docker-terragrunt:aws-azure-gcp-tf-1.2.8-tg-0.38.9`	✅	✅	✅

Usage

For working with local files - mount working directory under /data, e.g. --volume $(pwd):/data.
For working with cloud providers - pass their credentials as additional file or environment variables,
e.g. --env AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN} or --volume ~/.aws/credentials:/root/.aws/credentials.
For running other Docker images - by sharing the socket,
e.g. --privileged --volume /var/run/docker.sock:/var/run/docker.sock.
For configuring git - mount desired .gitconfig and/or SSH key (if needed),
e.g. --volume ~/.gitconfig:/root/.gitconfig --volume ~/.ssh/id_rsa_github:/root/.ssh/id_rsa

Examples of `.gitconfig` to mount

Use https with Personal Access Token:

[url "https://{GITHUB_TOKEN}@github.com/"]
	insteadOf = https://github.com/
[url "https://{GITHUB_TOKEN}@github.com/"]
	insteadOf = git+ssh://github.com/
[url "https://{GITHUB_TOKEN}@github.com/"]
	insteadOf = [email protected]:

Use https instead of git/ssh:

[url "https://github.com/"]
	insteadOf = git+ssh://github.com/
[url "https://github.com/"]
	insteadOf = [email protected]:

Use ssh instead of https:

[url "ssh://[email protected]/"]
  insteadOf = https://github.com/
[url "ssh://[email protected]/"]
	insteadOf = [email protected]:

Examples

Format all HCL files in the current directory. Including subdirectories.

docker run --rm \
    --user $(id -u):$(id -g) \
    --volume $(pwd):/data \
    devopsinfra/docker-terragrunt:latest format-hcl

Plan terraform deployment in AWS for files in current directory.

docker run --rm \
    --tty --interactive \
    --env AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION} \
    --env AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
    --env AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
    --env AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN} \
    --user $(id -u):$(id -g) \
    --volume $(pwd):/data \
    devopsinfra/docker-terragrunt:aws-latest terraform plan

Apply terragrunt deployment in subdirectory. With GitHub using a ~/.gitconfig file with PAT.

docker run --rm \
    --tty --interactive \
    --user $(id -u):$(id -g) \
    --volume $(pwd):/data \
    --volume ~/.gitconfig:/root/.gitconfig \
    devopsinfra/docker-terragrunt:aws-latest terragrunt apply --terragrunt-working-dir some/module

Run a Makefile target as orchestration script.

docker run --rm \
    --tty --interactive \
    --user $(id -u):$(id -g) \
    --volume $(pwd):/data \
    devopsinfra/docker-terragrunt:aws-latest make build

Additional software available in all images

Scripts

Script name	Is included in PATH	Purpose	Source/Documentation
`format-hcl`	Yes	For formatting all HCL files (`.hcl`, `.tf` and `.tfvars`) into format suggested by Hashicorp.	devops-infra
`terragrunt-fmt.sh`	No	Dependency for `format-hcl`	cytopia
`show-versions.sh`	Yes	Main CMD target for Docker image, just to show all installed binaries versions.	devops-infra

Binaries and Python libraries

Some are conditional, depending on the selected flavour, marked with *

Name	Type	Description	Source/Documentation
awscli*	Binary	For interacting with AWS via terminal.	https://github.com/aws/aws-cli
azure-cli*	Binary	For interacting with Azure via terminal.	https://github.com/Azure/azure-cli
bc	Binary	For numeric operations.	https://www.gnu.org/software/bc/bc.html
boto3*	Python library	For interacting with AWS via Python.	https://github.com/boto/boto3
cloudflare	Python library	For Cloudflare API operations	https://github.com/cloudflare/python-cloudflare
curl	Binary	For interacting with ElasticSearch and Kibana.	https://curl.haxx.se/
docker	Binary	For running another container, e.g. for deploying Lambdas with LambCI's docker-lambda.	https://github.com/docker/docker-ce
git	Binary	For interacting with Github repositories.	https://git-scm.com/
google-cloud-sdk*	Binary	For interacting with GCP via terminal.	https://cloud.google.com/sdk
graphviz	Binary	For generating graphic files from dot graphs, like `terraform graph`.	https://graphviz.org/
hub	Binary	For interacting with Github APIs.	https://github.com/github/hub
jq	Binary	For parsing JSON outputs of awscli.	https://stedolan.github.io/jq/
hcledit	Binary	For reading and writing HCL files.	https://github.com/minamijoyo/hcledit
make	Binary	For using `Makefile` instead of scripts in deployment process.	https://www.gnu.org/software/make/
ncurses	Binary	For expanding `Makefile` with some colors.	https://invisible-island.net/ncurses/announce.html
openssh	Binary	For allowing outgoing SSH connections.	https://www.openssh.com/
openssl	Binary	For calculating BASE64SHA256 hash of Lambda packages. Assures updating Lambdas only when package hash changed.	https://github.com/openssl/openssl
PyGithub	Python library	For interacting with GitHub API.	https://github.com/PyGithub/PyGithub
python-hcl2	Python library	For reading HCL files in Python.	https://github.com/amplify-education/python-hcl2
python3	Binary	For running more complex scripts during deployment process.	https://www.python.org/
requests	Python library	For sending HTTP requests, for example integration with Slack	https://github.com/psf/requests
slack_sdk	Python library	For integration with Slack applications/bots, e.g. creating channels for notifications	https://github.com/slackapi/python-slack-sdk
sops	Binary	For encrypting config files for Terragrunt's `sops_decrypt_file`.	https://github.com/mozilla/sops/
terraform	Binary	For managing IaC. Dependency for Terragrunt.	https://github.com/hashicorp/terraform
terragrunt	Binary	For managing IaC. Wrapper over Terraform.	https://github.com/gruntwork-io/terragrunt
tflint	Binary	For linting Terraform files.	https://github.com/terraform-linters/tflint
unzip	Binary	For extracting packages.	http://infozip.sourceforge.net/
zip	Binary	For creating packages for Lambdas.	http://infozip.sourceforge.net/

Contributors ✨

Thanks goes to these wonderful people (emoji key):

_{Krzysztof Szyper}
💻 📦 🚧

_cytopia
🤔 💻

_{Marko Djukic}
💻

_{Phileas Lebada}
🤔

_{Matthew Smedberg}
💻

_Dmitri
🐛 💻

This project follows the all-contributors specification. Contributions of any kind welcome!

docker-terragrunt
docker-terragrunt copied to clipboard

Metadata

Dockerized IaC framework for Terraform and Terragrunt

Now supporting `amd64` and `aarch64/arm64` images!

And supporting `slim-latest` version having only Terraform, Terragrunt and TFlint

Base operating system changed from Alpine to Ubuntu starting from the release `tf-1.1.8-tg-0.36.6`

Available source images

Available flavours

Usage

Examples of `.gitconfig` to mount

Examples

Additional software available in all images

Scripts

Binaries and Python libraries

Contributors ✨

← Metadata

Owner

Metadata

docker-terragrunt docker-terragrunt copied to clipboard

Metadata

Dockerized IaC framework for Terraform and Terragrunt

Now supporting amd64 and aarch64/arm64 images!

And supporting slim-latest version having only Terraform, Terragrunt and TFlint

Base operating system changed from Alpine to Ubuntu starting from the release tf-1.1.8-tg-0.36.6

Available source images

Available flavours

Usage

Examples of .gitconfig to mount

Examples

Additional software available in all images

Scripts

Binaries and Python libraries

Contributors ✨

← Metadata

Owner

Metadata

docker-terragrunt
docker-terragrunt copied to clipboard

Now supporting `amd64` and `aarch64/arm64` images!

And supporting `slim-latest` version having only Terraform, Terragrunt and TFlint

Base operating system changed from Alpine to Ubuntu starting from the release `tf-1.1.8-tg-0.36.6`

Examples of `.gitconfig` to mount