When following Terraform state management best practices, you often end up with the all the components of a single environment broken into many folders. For example, here is a typical production environment:
prod
β vpc
β services
β frontend-app
β backend-app
β vars.tf
β outputs.tf
β main.tf
β .terragrunt
β data-storage
β mysql
β redis
The reason we break out these components into separate folders rather than defining them all in one set of templates provides is to ensure isolation. That way, when you're making changes to one component (e.g. deploying the frontend-app), you aren't risking breaking all the others (e.g. breaking the VPC, data storage, etc).
The question is, how do you "spin up" an entire environment without having to manually go into each folder and run terragrunt apply
?
One option is to add a command like terragrunt spin-up
which could find all the Terraform modules in the folder structure (based on the presence of a .tf
files), parse the code in those modules to figure out the dependencies between them (that is, those dependencies explicitly specified via the usage of the terraform_remote_state resource), and automatically call terragrunt apply
on that dependency tree in the right order. There could be an analogous terragrunt spin-down
command too. If all the modules contain .terragrunt
files (or there is a root .terragrunt
file if we implement #26 (comment)), then Terragrunt would know how they manage remote state, and could therefore match the remote state configuration against the usage of the terraform_remote_state
resource within each module.
This would work as long as all dependencies between modules are specified via the terraform_remote_state
resource. If there are an implicit dependenciesβfor example, if the iam
module creates an IAM role and the kms
module has the name of that IAM role copy/pasted and just assumes it'll existβthen you may get errors. The good news is that fixing those errors would be very simply: just add a terraform_remote_state
resource to the kms
module that points to the remote state of the iam
module. In other words, adding a terraform_remote_state
resource would be like adding a depends_on
parameter.
There is also the tricky question of what to do if Terragrunt hits an error part of the way through spinning up an environment. Probably the right thing to do is to exit, just as Terraform does. If you fix the issue and re-run terragrunt spin-up
, you'd probably lose some time running terraform apply
on modules that have already been applied, but since there won't be any actual changes to apply, that shouldn't take too long.