Run `terragrunt` behind proxy

[ozbillwang]

Have issue to run terragrunt behind proxy.

$ terragrunt plan
[terragrunt] [/var/tmp/ttt] 2019/05/07 12:38:24 Running command: terraform --version
[terragrunt] 2019/05/07 12:38:24 Reading Terragrunt config file at /var/tmp/ttt/terraform.tfvars
[terragrunt] [/var/tmp/ttt] 2019/05/07 12:38:25 Initializing remote state for the s3 backend
[terragrunt] [/var/tmp/ttt] 2019/05/07 12:38:26 [terragrunt] [/var/tmp/ttt]  Remote state S3 bucket xxx-terraform-state does not exist or you don't have permissions to access it. Would you like Terragrunt to create it? (y/n) 
^C

$ aws s3 ls s3://xxx-terraform-state
                           PRE dev/

Run with terraform by command init, plan, apply, no issue.

OS: "Ubuntu 18.04.2 LTS"

[brikis98]

Terragrunt uses the AWS Go SDK under the hood. Not sure why a proxy would interfere with that?

[j4ng5y]

@ozbillwang Is the ubuntu system level proxy turned on?

Feel free to redact the actual information here, but what output do you get with: echo "$http_proxy\n $HTTP_PROXY\n $https_proxy\n $HTTPS_PROXY\n $ftp_proxy\n $FTP_PROXY\n $no_proxy\n $NO_PROXY\n"

If these aren't returning anything, how exactly is your proxy configured in the OS?

[ghost]

In the GCloud SDK, they have specific commands to configure proxies, so that any API request called will be directed first to the proxy: https://cloud.google.com/sdk/docs/properties#proxy

If the GCloud SDK just assumed that the underlying OS would take care of it, why would they feel the need to expose those settings to the developer?

I could be completely wrong, but have been dealing a lot with GCP IAP and Proxy settings, so wanted to chime in (all built with Terragrunt of course :))

[justin-octo]

I'm running Terragrunt inside a Docker container. I need to override my system Proxy settings (kind of the opposite of OP). I have tried adding -e NO_PROXY="0.0.0.0/0" and it still tries to go through the system configured proxy. :( My proxy is running on a cloud provider which Cloudflare blocks (unjustly in my opinion). The AWS SDK Go seems to block the IP block owned by this provider. Hence I am wanting to NOT use the Proxy inside the Docker container.

I know it's blocking the proxy because when I turn off the system proxy the container is able to function just fine. This is only a problem for some modules. Specifically the terraform-aws-service-catalog's account-baseline-security module. Or maybe a dependancy.

Sorry if this is confusing. But an answer to OP's question would probably help my use case too.

The most irritating thing is it just sits there for hours with no error. Took me a long time to figure out the issue.

[justin-octo]

This link seems to indicate that AWS's SDK Go will honor the ENV's, but my experience shows otherwise. Unless I'm doing something wrong. Or it supports setting a proxy, but not setting NO_PROXY

https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/custom-http/#configuring-a-proxy

[justin-octo]

Seems Go has an ENV,

go env

List them all, and I see that:

GONOPROXY=""

For OP's purposes, I also see:

GOPROXY="https://proxy.golang.org,direct"

No sure if these are respected (or set during go client was compiled/installed) . I tried setting GONOPROXY="0.0.0.0/0" and it didn't seem to effect anything differently...