github gruntwork-io/terragrunt v0.26.0

Updated CLI args, config attributes and blocks

  • remote_state_s3_test.go
  • skip_bucket_accesslogging config option
  • accesslogging_bucket_name config option
  • gostructToCty function

Description

  • Add commercial support subpages
  • Rename the gostructToCty (in config_as_cty.go) -> goTypeToCty (fixes issue: #1384)
  • Deprecate skip_bucket_accesslogging (fixes issue: #1333)
  • Replace it with accesslogging_bucket_name (fixes issue: #1333)
  • Updated docs for relevant configuration option updates & missing asset paths

Migration guide

You only need to follow this guide if you used Terragrunt v0.18.0 or newer to automatically create S3 buckets as a backend (Auto Init) with access logging. If you created the S3 buckets yourself using other mechanisms, you can skip this guide.

_If you used Terragrunt v0.18.0 or newer with Auto Init enabled to create S3 buckets as a backend, then you might be seeing the following bug, described in more details here: https://github.com/gruntwork-io/terragrunt/issues/1333_

Fixing the bug on existing S3 buckets

  1. In the AWS Web Console, locate the S3 remote state buckets that were created with terragrunt.
  2. For all the relevant S3 buckets, find & navigate to their logging properties.
  3. Edit the properties and set the Target Bucket to point to a new S3 bucket dedicated for logs (you may need to create this new bucket yourself, if it doesn't exist already).

Skipping access logging if you had skip_bucket_accesslogging set

  1. Find all terragrunt configuration files from your code base that have the skip_bucket_acesslogging config option set.
  2. Remove the skip_bucket_accesslogging config option.
  3. Run terragrunt plan - no planned changes should be output & the access logging should still be disabled for the relevant S3 buckets.

Enabling access logging with this release and going forward

Caveat: This only applies to new S3 buckets for storing terraform state created by Terragrunt Auto Init. If the bucket already exists, Terragrunt will NOT update the existing S3 bucket.

  1. Find all terragrunt.hcl files that set up a remote state using S3, and you want to enable server access logging for the S3 bucket the state will be stored in.
  2. Add in the remote_state.config section of the configuration file the new config option and replace the value "A VALID S3 BUCKET NAME STRING" with a string fir the name of your logs Target Bucket.
    # terragrunt.hcl remote_state { ... config = { ... accesslogging_bucket_name = "A VALID S3 BUCKET NAME STRING" ... } }
  3. Run one of the following commands terragrunt plan | apply | validate so that the S3 state bucket new configuration changes can take effect

Docs

Check out the docs to read in more detail how to use the new attribute.

Special thanks

  • Thank you to @VishalCR7, @ArkuVonSymfon & @klijakub for the contribution!
  • Thank you to @tony-harverson-moonpig for raising the issue for S3 bucket logging

Related links

latest releases: v0.32.4, v0.32.3, v0.32.2...
10 months ago