Fix backend generation when access and secret keys are supplied

[jaysonsantos]

Description

This should fix a bug that happens when you provide only access and secret keys and terragrunt tries to initialize the bucket, and it fails because it always fallbacks to env/config file from ~/.aws

TODOs

Read the Gruntwork contribution guidelines.

• [x] Update the docs. (nothing changes)
• [x] Run the relevant tests successfully, including pre-commit checks.
• [x] Ensure any 3rd party code adheres with our license policy or delete this line if its not applicable.
• [x] Include release notes. If this PR is backward incompatible, include a migration guide.

Release Notes (draft)

Allow terragrunt to be initialized with s3 backend using access and secret keys.

Migration Guide

It should be backwards compatible

[jaysonsantos]

Before and after the changes:

 in terraform/contabo-s3/github on  main [$!?⇣] took 17s 
❯ terragrunt init                             
ERRO[0005] Error finding AWS credentials (did you set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables?): NoCredentialProviders: no valid providers in chain. Deprecated.
        For verbose messaging see aws.Config.CredentialsChainVerboseErrors 
ERRO[0005] Unable to determine underlying exit code, so Terragrunt will exit with error code 1 

in terraform/contabo-s3/github on  main [$!?⇣] took 6s 
❯ make build -C ~/src/terragrunt &&   ~/src/terragrunt/terragrunt init
make: Nothing to be done for `build'.

Initializing the backend...

Initializing provider plugins...

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Used config:

locals {
    credentials = yamldecode(sops_decrypt_file("${get_parent_terragrunt_dir()}/credentials.enc.yaml"))
}

remote_state {
  backend = "s3"
  generate = {
    path      = "backend.tf"
    if_exists = "overwrite"
  }
  config = {
    bucket         = local.credentials.bucket
    key            = "${path_relative_to_include()}/terraform.tfstate"
    region         = "eu-central-1"
    encrypt        = true
    skip_credentials_validation = true
    skip_metadata_api_check     = true
    force_path_style            = true
    access_key = local.credentials.access_key
    secret_key = local.credentials.secret_key
    endpoint = local.credentials.endpoint
  }

}

[denis256]

Hi, I'm not 100% sure if its a good idea to set different values for access_key / secret_key on the remote state block and have it in the source code since it may lead to leak of secrets in git and have less portable modules

If the approach is useful, then it should be documented in config-blocks-and-attributes.md and also added tests that will validate if new values are still in use

[denis256]

Hi, I'm not 100% sure if its a good idea to set different values for access_key / secret_key on the remote state block and have it in the source code since it may lead to leak of secrets in git and have less portable modules

If the approach is useful, then it should be documented in config-blocks-and-attributes.md and also added tests that will validate if new values are still in use