Open a-hat opened 7 months ago
terragrunt-atlantis-config just generates a config, so it doesn't need a IAM role, but I could be mistaken?
terragrunt-atlantis-config just generates a config, so it doesn't need a IAM role, but I could be mistaken?
@Almenon Thanks for your feedback! Unfortunately it does. As far as I understand, to generate the config terragrunt is called, which will need to retrieve the terraform state from the remote location. In our case this is a AWS backend, and we need to assume the role to access it.
I also have a AWS backend. I'm able to generate the config without AWS credentials.
I also have a AWS backend. I'm able to generate the config without AWS credentials.
If I try to generate the config without the assume role parameter, I get 4xx errors accessing the AWS API. I don't know exactly what terragrunt does, maybe it tries to retrieve outputs of a module from the state.
Pull Request
Related Github Issues
Description
Adds a new argument
--iam-role
which passes the given role ARN to terragrunt (see https://terragrunt.gruntwork.io/docs/reference/cli-options/#terragrunt-iam-role).Security Implications
System Availability