Terragrunt hooks I This page documents the hooks specific to Terragrunt provided by the pre-commit-terraform repository. Jan 7, 2025 · Pre-commit hooks are automated scripts or checks running before developers commit code to a repository. 0 With pre-commit, you can ensure your Terraform module documentation is kept up-to-date each time you make a commit. To run custom commands/scripts can be attempted to use run_cmd function. pre-commit-terraform provides a collection of Git Hooks for Terraform and related tools and is driven by the pre-commit framework. Jun 19, 2020 · Terraform static code analysis with tfsec and terragrunt Would you like to detect common security mistakes in configuration of infrastructure before actually deploying them? I should would. Custom Workflows Custom workflows can be defined to override the default commands that Atlantis runs. Child hooks override all parent hooks. It provides automated checks, formatting, validation, and security scanning to maintain high-quality Infrastructure as Code (IaC) configurations before they are committed to version control. Example infrastructure-live for Terragrunt This repo, along with the terragrunt-infrastructure-modules-example repo, show an example file/folder structure you can use with Terragrunt to keep your OpenTofu and Terraform code DRY. If you've never used terragrunt before, I highly recommend it Feb 2, 2021 · The idea behind error hooks is to execute arbitrary shell commands when a terraform command returns an error. I’d start with at least the following: 4 terraform_fmt hook formats *. In Feb 12, 2021 · How to set variables using terragrunt before_hook Asked 4 years, 7 months ago Modified 3 years, 9 months ago Viewed 2k times Sep 17, 2024 · What is Terragrunt? Terragrunt is an open-source tool designed to enhance Terraform configurations by simplifying workflows and adding valuable features. before_hook "scan_infra" { comm Mar 2, 2021 · Checkov can run in a Jenkins job, in a GitHub action, or Terragrunt could run it automatically on each plan. Oct 5, 2020 · Inputs in the terragrunt. Terragrunt’s before_hook / after_hook run tests, notify Slack, rotate secrets, etc. Terrascan Example : The recommended way to use this tool is to install it onto your Atlantis server, and then use a Pre-Workflow hook to run it after every clone. Here’s what Aug 24, 2022 · run complex bash command in before_hook block terragrunt Asked 3 years, 1 month ago Modified 2 years, 9 months ago Viewed 2k times Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale. From the Anton Babekno repository, we will use the following hooks: A stack in Terragrunt is a collection of related units that can be managed together. But when I use other regex string, the error_hook can't be trigger The article explains the Terraform block in Terragrunt, detailing its attributes and how to configure it for consistent Terraform behavior. The command terragrunt init was executed using a pipeline was there no way to provide a confirmation in the runner. Why combine Atlantis with Terragrunt The integration of Atlantis and Terragrunt delivers substantial benefits for infrastructure automation Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale. We simply place the repository in the . Explore advanced features like workspaces and custom hooks to enhance your infrastructure management process. Vamos desvendar os hooks do Terragrunt, entender como lidar com erros retratáveis e mergulhar na estrutura ideal de projetos para otimizar seu uso. Each repo can have a YAML config file that defines Terraform module dependencies, so that PRs that affect dependent modules will automatically generate terraform plan s for those modules. Nov 28, 2022 · after_hook — A feature of terragrunt that make it possible to define custom actions that will be called either before or after execution of the terraform command. For background information, check out the Keep your code DRY section of the Terragrunt documentation. What is this? Atlantis is an awesome tool for Terraform pull request automation. You may verify this using the below command. Together, they create a streamlined, collaborative approach to infrastructure management that scales from small teams to large enterprises. Apr 23, 2025 · Overview Relevant source files pre-commit-terraform is a collection of Git hooks designed for Terraform, OpenTofu, and Terragrunt code quality assurance, leveraging the pre-commit framework. 9. However, pre-commit-terraform allows it to be integrated. Pre workflow hooks do not require the repository configuration to be present. These hooks serve as an early defense against common issues, ensuring code quality and consistency before changes are committed to version control. Hooks: Terragrunt supports hooks for executing actions before or after Terraform commands, providing flexibility in command sequence. hcl file are exposed as environment variables when you call TFLint using before/after hook. 12. Oct 12, 2021 · This article reviews how to keep your configuration DRY by setting Terragrunt variables with the run_cmd function from a parameter store. Mar 11, 2020 · └── terragrunt. 10. Configurable hooks Terragrunt supports pre- and post-terraform hooks, allowing you to run custom scripts or commands before or after running Terraform commands. This page documents the hooks specific to Terragrunt provided by the pre-commit-terraform repository. 2. To get started, add a pre_workflow_hooks field to your repos section of your server-side repo config: Apr 24, 2023 · I'm trying to configure Atlantis to run Terragrunt and I'm quite confused on the custom workflow. Gruntwork offers a commercial CI/CD solution for Terragrunt called Pipelines. See server-side repo config use cases for more details. Is it possible with terragrunt? Perhaps using a for_each directive? Sep 9, 2019 · I'm in the middle of a small experimental POC with terragrunt and was interested in using a before hook as a way to execute a pre-flight script to check if certain conditions were in place before p Pre Workflow Hooks Pre workflow hooks can be defined to run scripts before default or custom workflows are executed. This can be utilized to dynamically generate repo configs. Example syntax would be similar to before_hook and after Terragrunt shines with its 'before' and 'after' hooks, allowing you to automate repetitive tasks such as logging, monitoring setup, or even policy enforcement checks before applying changes. If Hooks & glue logic Terraform CLI has no pre/post hooks. Terragrunt is not just a tool for complex projects, but a game-changer in simplifying and optimizing the way we approach Infrastructure as Code. * in on_errors list, the error_hook can be triggered. yaml file in repo with "mock:" string inside it to prevent fails with empy yaml file errors. For information about Terraform hooks, see Terraform Hooks. hcl config with your hook commands Logs, or behavior that makes you think the hooks are not properly running Thanks! Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale. I haven't tested this myself, but the documentation says nothing about thing about any guarantees on the child process is environment. This guide will introduce you to more advanced Terragrunt features, and show you how to use Terragrunt to manage your infrastructure across multiple environments in a real-world AWS account. Note that charts are detected by walking up the directory tree of the changed file and looking for a Chart. Terragrunt is a nice wrapper that can be used on top of Terraform. key or env_vars. It will run once per changed chart that it detects. They are particularly useful in the context of infrastructure, such as code (IaC) development, when working with Terraform. Solution: Added the ‘–terragrunt-non-interactive’ parameter for the terragrunt command Operating System Mismatch Error: May 8, 2020 · When calling terragrunt apply-all on a service (mod1) with a dependency block defined (mod2), the after_hook of mod2 is called twice. It is possible to instruct Terragrunt to run a custom command before the actual Terraform plan command. #2218 Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale. Oct 9, 2019 · I’m currently playing around with terragrunt, after it being mentioned at work, and am currently kicking the tires to understand how it would work given certain scenarios. Nov 18, 2022 · terragrunt destroy -target with before_hook presentI'm checking with one of our Terragrunt experts to get some insight into the issue. A collection of pre-commit hooks used by Gruntwork tools - gruntwork-io/pre-commit Example module demonstrating scriptable import of existing resources & baking hook scripts into modules - simonmcc/terragrunt-brownfield Sep 20, 2022 · Terragrunt/Terraform with Atlantis to Automate your Infrastructure Pull Requests Overview — What Is Atlantis? Atlantis is an application for automating Terraform pull requests. Quick Decision Matrix Use Terraform Workspaces when… Use Terragrunt when… You’re a single team spinning up short-lived copies (e. Pipelines is a fully managed CI/CD service that is designed to work seamlessly with Terragrunt. These global hooks would execute once per run-all or run --all command—before any modules begin (global before) Jan 17, 2021 · Install pre-commit hooks These hooks provide a safety net that gets executed on each git commit. Hooks for both init-from-module and init only run if the requisite stage needs to run. pre-commit-config. Terragrunt shines with its 'before' and 'after' hooks, allowing you to automate repetitive tasks such as logging, monitoring setup, or even policy enforcement checks before applying changes. Dec 20, 2024 · pre-commit-terraform is a collection of git hooks to be used with pre-commit. It acts as a ‘wrapper’ around Terraform, addressing common challenges like keeping configurations DRY (Don’t Repeat Yourself), managing remote states, handling multiple environments, and executing custom tasks before or after running Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale. , PR previews) of one stack in the same backend. - gruntwork-io/terragrunt Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale. Can you share a bit more info to help us debug this further? The terragrunt. Today, we are going Nov 20, 2020 · Overall, Pre-Commit hooks go a long way toward increasing confidence in Terraform code that is submitted to a repo, reaping invaluable improvement in both developer proficiency and code quality. In current state i have an empty secrets. May 31, 2023 · Terragrunt is a powerful tool that enhances the Terraform experience by providing DRY code, versioning, dependency management, and hooks, among other features. Aug 22, 2022 · Hello We are keeping our state files locally in our repo and encrypt them using sops. Stacks provide a way to: Deploy multiple infrastructure components with a single command Manage dependencies between units automatically Control the blast radius of changes Organize infrastructure into logical groups Terragrunt supports two approaches to defining stacks: Implicit Stacks: Created by organizing Mar 18, 2022 · Hello, I'm trying to use error_hook to catch resource exist issue. Jan 27, 2021 · Notifications You must be signed in to change notification settings Fork 1. For detailed Terragrunt is able to launch multiple configuration applications using a single command Finally, Terragrunt allows to launch additional commands via hooks before and after the apply In the context of this article, I did not use Terragrunt. Describe the bug terragrunt modifies paths in before_hook output Reproducing bugs We have written a before_hook in bash to ensure that terragrunt runs with sensible environment settings. Aug 18, 2024 · Using Checkov in Terragrunt Introduction Terragrunt is a popular wrapper for Terraform that provides extra tools for keeping your configurations DRY, working with multiple Terraform modules, and … Nov 20, 2017 · A proposal to discuss with the Terragrunt community: adding "hooks" to Terragrunt that can be used to execute arbitrary shell commands. The helmlint pre-commit hook runs helm lint on the charts that have been changed by the commit. pre-commit Hooks Since v0. simply create or update a . Exploiting Terragrunt's hooks While this isn't exactly a Terraform mistake, I see a lot of teams using Terragrunt's hooks to run custom scripts or commands before or after Terraform commands. Suggested name is if Additional context The current method I am using for getting a similar Jan 2, 2024 · before_hook hook is executed before the execution of terragrunt command not terragrunt itself. If the env Apr 18, 2023 · The power of Terragrunt’s dependencies feature and how it can help you manage your infrastructure as code… + provide some hands-on examples pre-commit git hooks to take care of OpenTofu configurations - tofuutils/pre-commit-opentofu A collection of pre-commit hooks used by Gruntwork tools - gruntwork-io/pre-commit Dec 9, 2022 · I have a before hook that runs a shell script to refresh my GCP token. It brings multiple features, and one of them is the before_hook. Learn about Terragrunt, a powerful open-source tool for managing infrastructure as code using Terraform. These hooks help ensure that your Terragrunt configurations are properly formatted, validated, and maintain consistent provider lock files. Aug 18, 2025 · Describe the Enhancement Introduce global before_hook, after_hook, and error_hook capabilities in Terragrunt’s configuration. Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale. hcl │ │ ├── rds-aurora │ │ │ └── terragrunt. It helps ensure that Terraform, OpenTofu, and Terragrunt configurations are kept in good shape by automatically running various checks and formatting code before committing changes to version control system. Feb 23, 2021 · Terragrunt must parse your terragrunt. For now we will use a simple hook that will format our terragrunt code before committing it. Sometimes I find it too difficult to find terraform examples of AWS things. Terragrunt can be integrated with your CI/CD pipelines for automated infrastructure deployment. And i have a "before_hook" which executes a script that reads data from vault Feb 5, 2021 · After investigating this (#1534), I was able to verify the hooks were running when using run-all apply or apply-all. sh file to set the environment variables and take a look at example. Which means they do Sep 28, 2022 · @AssafKatz3 IMO the best thing here is to just set the env vars in the parent shell, the one calling terragrunt. gruntwork. hcl file: terraform { before_hook "decrypt_states" { commands = ["plan", "a Nov 10, 2023 · I am currently experimenting with Terragrunt hooks, especially error ones, to allow our Ops teams to have a cleaner output on stdout during execution and errors. hcl ├── envs │ ├── dev │ │ ├── env_vars. Integration with CI/CD pipelines Terragrunt can be integrated into continuous integration and continuous deployment (CI/CD) pipelines to automate infrastructure deployments. Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale. This is organized into a series of microservice modules, and uses terragrunt to apply them. Once when it is applied, and then again when terraform output - May 22, 2025 · Atlantis automates Terraform workflows through pull requests, while Terragrunt keeps your infrastructure code DRY. Append all hooks together, with the caveat where a child hook overrides a parent hook if they have the same name. Jul 15, 2021 · I need to use tfsec command in before_hook in order to scan my terraform code Working condition terraform { # Before apply, run script. Versioning: Terragrunt enables referencing specific versions of Terraform modules for each environment, offering enhanced control and the ability to revert changes. Terragrunt is able to launch multiple configuration applications using a single command Finally, Terragrunt allows to launch additional commands via hooks before and after the apply In the context of this article, I did not use Terragrunt. yaml files. tf to the current working directory before terraform init (2) a . Nov 8, 2023 · Terragrunt — the Terraform Wrapper Terragrunt is a lightweight wrapper for Terraform, which makes it easier to manage complex, multi-environment and multi-module infrastructure builds. The scenario I’m currently looking at is when two modules get updated with one module including a dependency on a new output from the other module and in this scenario, assuming some sort of PR has been raised, you’d Terragrunt didn't just handle complexity; it actively simplified the process of writing and managing IaC, thanks to its emphasis on modularity. Simple, but limits reuse. This is slightly more complicated, but seems like the most intuitive option. Terrascan Example : Sep 27, 2025 · This also allows me to enforce organizational standards and best practices more easily. I choose to utilize a env. hcl files You specify these in a . yaml file. This way, Atlantis can automatically determine what modules should be planned/applied for any change to your repository. Jan 30, 2025 · Describe the enhancement Add a new property to the before_hook and after_hook to allow it to be skipped. The idea would be to follow the basic structure of extra_argu Cause: The AKS module was dependent on other modules and terragrunt was requesting confirmation before running ‘apply’. If I use . key for an example. I have multiple projects under the same terragrunt project: ├── prod │ ├── bucket │ │ └── Terragrunt HCL Format enforces consistent style for HCL files, helping teams maintain clean code and minimize version-control noise. Jul 29, 2022 · terragrunt hooks and extra arguments - functions invoked many times - regardless of commands. Terragrunt is a Terraform wrapper, which has the Jun 5, 2023 · { "dev" = "development", "prod" = "production", } I'm wondering if there is a more elegant way to have the same results without writing twice the dependency block and/or hardcoding the environments in the inputs block (this would also allow me to scale to N enviroments without breaking the code). So im Sep 7, 2021 · I have a terragrunt project like this ├── common_vars. May 31, 2022 · I would like to run terragrunt just for once without before hooks. For example, an after_hook for the command init-from-module will run after terragrunt clones the module, while an after_hook for the command init will run after terragrunt runs tofu init / terraform init on the cloned module. Take Jan 15, 2025 · Another killer feature users adopt Terragrunt for is the ability to add hooks that drive behavior surrounding IaC updates. Discover the advantages of using Terragrunt, and get started with installation, organizing Terraform code, defining Terragrunt configurations, and running Terragrunt commands. yaml file that exists on the path. @denis256 Re: setting the env using before_hook, over in this issue it was said that hooks don't actually change the child processes env. By following best practices and leveraging Terragrunt's features, you can create a more efficient and maintainable infrastructure management process in large-scale deployments. Sep 21, 2025 · Terragrunt Atlantis Config Generate Atlantis Config for Terragrunt projects. Also unable to find anything useful in the google search results. Pre workflow hooks differ from custom workflows in several ways. terragrunt-cache folder is created as terraform’s working directory. Notes: If you want to allow repos to select their own workflows, they must have the allowed_overrides: [workflow] setting. . 1k Terraform and Terragrunt examples. Pre workflow hooks are run outside of Atlantis commands. Jan 19, 2024 · Terragrunt hooks can be used to perform actions before or after Terraform commands. Looking at the documentation unable to find anything useful. yaml in the root of your Git repo with at least the following content: Dec 16, 2024 · The hooks as described in the documentation (https://terragrunt. Feb 12, 2024 · Intro Terragrunt is a utility that can be used along with Terraform, to alleviate some of the Tagged with aws, terraform, devops. tf files using the terraform fmt command terraform_validate similarly runs terraform validate terragrunt-hclfmt runs terragrunt hclfmt on terragrunt. hcl (1) the before_hook copies terraform. Apr 23, 2021 · What is Terragrunt? Terragrunt is a thin wrapper that overlays Terraform that allows you to avoid having large amounts of repetition in your infrastructure as code, as well as helping with Terraform modules and remote state. What do you think? Jul 30, 2020 · When using the dependency block to declare a dependency for outputs, the before and after hooks are called despite the fact that only terraform output is being called within the dependent module. Apr 27, 2018 · Simple, but does not allow any way to override behavior. Usage Custom workflows can be specified in the Server-Side Repo Config or in the Repo-Level atlantis. Do we Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale. hcl │ │ ├── rds-sg │ │ │ └── terr Pre-commit hooks for Packer, Terraform and Terragrunt - exdial/pre-commit-hooks Nov 8, 2023 · - terragrunt-hclfmt: Automatically run terragrunt hclfmt on all Terragrunt configurations. g. hcl file to find the hooks And it's during parsing that it'll execute functions within that file, such as templatefile. Nov 17, 2020 · I am trying to setup secret management with terraform + terragrunt + hashicorp vault. This is part of our main terragrunt. yaml and choose the hooks that we want to run. io/docs/features/hooks/#tflint-hook) are not working anymore, I think this is a rather serious regression. Using hooks allows users to keep their OpenTofu/Terraform code generic and easier to maintain, while accounting for operational procedures that is more convenient to define outside of IaC. tett zmos sdysi xayfd hwpyb qibvjjgl zet zcrx abyc tkuk fumfg udwi fniq jgqrjyuw iwoatj