search

gruntwork-io / terragrunt

Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.
https://terragrunt.gruntwork.io/
MIT License
8.04k stars 975 forks source link

Terragrunt with AWS SSO #1670

Closed ahmadzaikk closed 3 years ago

ahmadzaikk commented 3 years ago

Hello, I am getting the following error when I try to use Terragrunt with AWS SSO, is there any instruction to setup Terragrunt to work with SSO?

Initializing the backend...

Error: No valid credential sources found for AWS Provider. Please see https://terraform.io/docs/providers/aws/index.html for more information on providing credentials for the AWS Provider

ERRO[0002] Hit multiple errors: Hit multiple errors: exit status 1

brikis98 commented 3 years ago

What version of Terragrunt? How are you authenticating?

ahmadzaikk commented 3 years ago

@brikis98 I am using terragrunt version v0.29.0, i use aws-vault to authenticate.

My terragrunt.hcl state file looks like this

remote_state { backend = "s3" generate = { path = "backend.auto.tf" if_exists = "overwrite_terragrunt" } config = { bucket = "state-file-buck" dynamodb_table = "dynamodb" encrypt = true key = "${path_relative_to_include()}/terraform.tfstate" region = "us-west-2"

role_arn = "arn:aws:iam::account-id1:role/aws-reserved/sso.amazonaws.com/us-west-2/AWSReservedSSO_managed-full_055b0a1893"

} }

My account.hcl looks like this

locals { account_name = "account-name" aws_account_id = "account-id" role_arn = "arn:aws:iam::account-id:role/aws-reserved/sso.amazonaws.com/us-west-2/AWSReservedSSO_managed-full_ee0cc1b8056"

}

brikis98 commented 3 years ago

Can you post the full command you're running and all the log output?

ahmadzaikk commented 3 years ago

@brikis98

$ terragrunt init

Initializing the backend... Error refreshing state: AccessDenied: Access Denied status code: 403, request id: TMS2J14AA79B0FXW, host id: KHo8gTWicSplWfHL6mm6Rh4P6eQS/mwgj0qBXtIzAgMvoSOPPoMGn0WHO3B8SAeXAkeC+N8UV/U= ERRO[0001] Hit multiple errors: Hit multiple errors: exit status 1

brikis98 commented 3 years ago

I'm a bit confused... You mentioned aws-vault earlier, but it's not in your command... And now you're getting an Access Denied error rather than No valid credential sources found for AWS Provider. The former implies you're trying to use a backend (e.g., S3 bucket) you don't have access to; the latter implies you haven't authenticated.