search

gruntwork-io / terragrunt

Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.
https://terragrunt.gruntwork.io/
MIT License
7.99k stars 970 forks source link

feat: Add support for all the assume-role attributes in the S3 remote state block #2744

Open asvinours opened 1 year ago

asvinours commented 1 year ago

Describe the solution you'd like

Add support for extra assume-role attributes for S3 remote_state backend.

Right now it looks like terragrunt supports role_arn, external_id and session_name but not the session duration, the session policy nor the session tags attributes.

terraform s3 backend documentation: https://developer.hashicorp.com/terraform/language/settings/backends/s3#assume-role-configuration

Describe alternatives you've considered

One alternative is to not use the terragrunt remote_state block and use a generate block and generate a terraform file for the backend configuration. Although doing this takes away the automatic deployment of the S3 bucket and dynamoDB table.

fe-ax commented 5 months ago

Additionally, assume_role_with_web_identity is not supported either. I am currently working around this by generating a ~/.aws/config file.

github-actions[bot] commented 1 week ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for raising this issue.