Account Factory Configurations
Account factory configurations are located under the pipelines
key in ./.gruntwork/config.yml
pipelines
Options
access-control-repo-name
access-control-repo-name
stringName of the infrastructure-live-access-control repository
Example
pipelines:
access-control-repo-name: infrastructure-live-access-control
account-baseline-disable-vpc-inputs
If set to true, the terragrunt.hcl generated for the VPC in new delegated accounts will not pass any inputs to the VPC module. This is useful for customers with custom VPC configurations: e.g., IPAM, transit subnets, private NAT, etc. All of this custom config can go into vpc-app.hcl in _envcommon directly in the customer's infra-live repo.
false
Example
pipelines:
account-baseline-disable-vpc-inputs: true
account-baseline-vpc-module-url
URL of the account baseline VPC module used by account factory
git@github.com:gruntwork-io/terraform-aws-cis-service-catalog.git//modules/networking/vpc
Example
pipelines:
account-baseline-vpc-module-url: git@github.com:gruntwork-io/terraform-aws-cis-service-catalog.git//modules/networking/vpc
account-baseline-vpc-module-version
Version of the account-baseline-vpc-module
v0.48.1
Example
pipelines:
account-baseline-vpc-module-version: v0.48.1
arch-catalog-base-path
arch-catalog-base-path
string./terraform-aws-architecture-catalog
Example
pipelines:
arch-catalog-base-path: ./terraform-aws-architecture-catalog
arch-catalog-repo-url
arch-catalog-repo-url
stringURL of the architecture catalog repo used in templates
Example
pipelines:
arch-catalog-repo-url: git@github.com:gruntwork-io/terraform-aws-architecture-catalog
arch-catalog-version
arch-catalog-version
stringVersion of the arch-catalog-repo modules used in templates.
Example
pipelines:
arch-catalog-version: v2.11.1
aws-security-repo-url
aws-security-repo-url
stringURL of the terraform-aws-security repo to use in delegated repositories
git@github.com:gruntwork-io/terraform-aws-security.git
Example
pipelines:
aws-security-repo-url: git@github.com:gruntwork-io/terraform-aws-security.git
aws-utilities-repo-url
aws-utilities-repo-url
stringURL of the terraform-aws-utilities repo to use in delegated repositories
git@github.com:gruntwork-io/terraform-aws-utilities.git
Example
pipelines:
aws-utilities-repo-url: git@github.com:gruntwork-io/terraform-aws-utilities.git
cis-service-catalog-repo-url
URL of the terraform-aws-cis-service-catalog repo to use in delegated repositories
git@github.com:gruntwork-io/terraform-aws-cis-service-catalog.git
Example
pipelines:
cis-service-catalog-repo-url: git@github.com:gruntwork-io/terraform-aws-cis-service-catalog.git
control-tower-modules-version
Version of the control-tower-repo modules used in templates
Example
pipelines:
control-tower-modules-version: v0.7.5
control-tower-repo-url
control-tower-repo-url
stringURL of the terraform-aws-control-tower repo
git@github.com:gruntwork-io/terraform-aws-control-tower.git
Example
pipelines:
control-tower-repo-url: git@github.com:gruntwork-io/terraform-aws-control-tower.git
default-aws-region
default-aws-region
stringDefault AWS region for infrastructure managed in this repository
Example
pipelines:
default-aws-region: us-east-1
github-org
github-org
stringGitHub Organization this repository belongs to
Example
pipelines:
github-org: acmecorp
infra-modules-repo-name
infra-modules-repo-name
stringName of the infrastructure-catalog (previously referred to as infrastructure-modules) repository
Example
pipelines:
infra-modules-repo-name: infrastructure-modules
infra-modules-release-version
Version of the infrastructure-catalog (previously referred to as infrastructure-modules) modules used in templates
Example
pipelines:
infra-modules-release-version: v0.1.0
logs-account-name
logs-account-name
stringOverride the folder for the logs account
logs
Example
pipelines:
logs-account-name: logs
management-account-name
management-account-name
stringOverride the folder for the management account
management
Example
pipelines:
management-account-name: management
module-security-version
module-security-version
stringVersion of the aws-security-repo modules used in templates.
Example
pipelines:
module-security-version: v0.73.2
security-account-name
security-account-name
stringOverride the folder for the security account
security
Example
pipelines:
security-account-name: security
shared-account-name
shared-account-name
stringOverride the folder for the shared account
shared
Example
pipelines:
shared-account-name: shared
single-account-baseline-template-path
/templates/single-account-baseline
Enterprise Options
account-vending
account-vending
sequence(mapping)A sequence of account types mapped to their configurations see below.
Valid types are sandbox
and sdlc
.
Example
pipelines:
account-vending:
sandbox:
account-identifiers:
- sandbox
sdlc:
account-identifiers:
- dev
- stage
- prod
catalog-tags-location
catalog-tags-location
stringThe full path to a tags.yml file for centrally managed tags, e.g. acme/repo/contents/path/to/tags.yml
Example
pipelines:
catalog-tags-location: acmecorp/infrastructure-catalog/contents/common_tags.yml
pipelines-read-token-name
The name of the PIPELINES_READ_TOKEN secret to use in delegated repositories
Example
pipelines:
pipelines-read-token-name: PIPELINES_READ_TOKEN
PIPELINES_READ_TOKEN
pipelines-workflow-location
The location of the pipelines workflow to use for delegated repositories
Example
pipelines:
pipelines-workflow-location: gruntwork-io/pipelines-workflows/.github/workflows/pipelines.yml@v3
Account Type Configuration
account-identifiers
account-identifiers
sequence(string)Sequence of account identifiers. Alphanumeric account identifiers only. On account requests, an account will be created for each specified identifier & the account name will include the identifier. e.g. "<ACCOUNT-FAMILY>-dev"
Example
pipelines:
account-vending:
sdlc:
account-identifiers:
- dev
- stage
- prod
catalog-repositories
catalog-repositories
sequence(string)Sequence of repositories that contain infrastructure modules that can be easily leveraged as a catalog by delegated repositories vended by the infrastructure-root repository. For more information, see Terragrunt Catalog
Example
pipelines:
account-vending:
sdlc:
catalog-repositories:
- "github.com/acmecorp/infrastructure-catalog//."
github-collaborators
github-collaborators
sequence(mapping)Sequence of GitHub teams and their permissions automatically added to delegated repositories vended by the infrastructure-root repository. Valid permissions are: pull, triage, push, maintain and admin (in addition to custom roles if any exist) See GitHub Repository Roles
Example
pipelines:
account-vending:
sandbox:
github-collaborators:
- team: 'team-name'
permission: pull
Deprecated Configuration Options
arch-catalog-repo-name
arch-catalog-repo-name
stringName of the architecture catalog - will be used if arch-catalog-repo-url is not present but should be removed in favor of arch-catalog-repo-url
.
infra-modules-version
infra-modules-version
stringVersion of infrastructure-catalog (previously referred to as infrastructure-modules) - will be used if infra-modules-release-version is not present but should be removed in favor of infra-modules-release-version
.