davidjeddy/terragrunt.hcl

## terragrunt.hcl
terraform {
  # https://runterrascan.io/ # style linting  for TF files
  before_hook "terraform fmt" {
    commands = ["apply", "init", "plan"]
    execute  = ["terraform", "fmt", "-recursive", "."]
  }

  # https://terragrunt.gruntwork.io/docs/reference/cli-options/#hclfmt # style linting for HCL files
  before_hook "terragrunt fmt" {
    commands = ["apply", "init", "plan"]
    execute  = ["terragrunt", "hclfmt", "."]
  }

  # https://runterrascan.io/ # best practice static analysis
  after_hook "terrascan" {
    commands = ["apply", "plan"]
    execute  = ["terrascan", "scan", "--config-path", "terrascan_config.toml", "--iac-type", "terraform", "--non-recursive"]
  }

  # https://github.com/aquasecurity/tfsec # best practice static analysis
  after_hook "tfsec" {
    commands = ["apply", "plan"]
    execute  = ["tfsec", ".", "--concise-output", "--exclude-downloaded-modules", "--tfvars-file", "terraform.tfvars"]
  }

  # https://github.com/terraform-linters/tflint # best practice static analysis
  after_hook "tflint" {
    commands = ["apply", "plan"]
    execute  = ["tflint", "--color", "."]
  }1

  # https://github.com/infracost/infracost # cost control and reporting
  after_hook "infracost" {
    commands = ["apply", "plan"]
    execute  = ["infracost", "diff", "--compare-to", "infracost-base.json", "--path", "${get_repo_root()}/terraform/aws/root", "--project-name", "[[NAMSPACE]]/[[ENV]]"]
  }

  # https://github.com/bridgecrewio/checkov # best practice static analysis
  after_hook "checkov" {
    commands = ["apply", "plan"]
    execute  = ["checkov", "--directory", ".", "--framework", "terraform", "--framework", "terraform_plan", "--quiet"]
  }

  # https://github.com/terraform-docs/terraform-docs # documentation generator
  after_hook "terraform-docs" {
    commands = ["apply", "plan"]
    execute  = ["terraform-docs", "markdown", "table", "--output-file", "${get_repo_root()}/README.md", "--output-mode", "inject", "."]
  }

  extra_arguments "custom_vars" {

    arguments = [
      "-var-file=terraform.tfvars"
    ]

    commands = [
      "apply",
      "import",
      "init",
      "plan",
      "push",
      "refresh",
    ]
  }
}

# generate backend configuration dynamically
generate "backend" {
  path      = "backend.tf"
  if_exists = "overwrite_terragrunt"
  contents = <<EOF
terraform {
  backend "remote" {
    organization = "[[WORKSPACE_NAME]]"
    workspaces {
      name = "${path_relative_to_include()}"
    }
  }

  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = ">= 4.27., < 5.0.0"
    }
  }
}
EOF
}
	terraform {
	# https://runterrascan.io/ # style linting for TF files
	before_hook "terraform fmt" {
	commands = ["apply", "init", "plan"]
	execute = ["terraform", "fmt", "-recursive", "."]
	}

	# https://terragrunt.gruntwork.io/docs/reference/cli-options/#hclfmt # style linting for HCL files
	before_hook "terragrunt fmt" {
	commands = ["apply", "init", "plan"]
	execute = ["terragrunt", "hclfmt", "."]
	}

	# https://runterrascan.io/ # best practice static analysis
	after_hook "terrascan" {
	commands = ["apply", "plan"]
	execute = ["terrascan", "scan", "--config-path", "terrascan_config.toml", "--iac-type", "terraform", "--non-recursive"]
	}

	# https://github.com/aquasecurity/tfsec # best practice static analysis
	after_hook "tfsec" {
	commands = ["apply", "plan"]
	execute = ["tfsec", ".", "--concise-output", "--exclude-downloaded-modules", "--tfvars-file", "terraform.tfvars"]
	}

	# https://github.com/terraform-linters/tflint # best practice static analysis
	after_hook "tflint" {
	commands = ["apply", "plan"]
	execute = ["tflint", "--color", "."]
	}1

	# https://github.com/infracost/infracost # cost control and reporting
	after_hook "infracost" {
	commands = ["apply", "plan"]
	execute = ["infracost", "diff", "--compare-to", "infracost-base.json", "--path", "${get_repo_root()}/terraform/aws/root", "--project-name", "[[NAMSPACE]]/[[ENV]]"]
	}

	# https://github.com/bridgecrewio/checkov # best practice static analysis
	after_hook "checkov" {
	commands = ["apply", "plan"]
	execute = ["checkov", "--directory", ".", "--framework", "terraform", "--framework", "terraform_plan", "--quiet"]
	}

	# https://github.com/terraform-docs/terraform-docs # documentation generator
	after_hook "terraform-docs" {
	commands = ["apply", "plan"]
	execute = ["terraform-docs", "markdown", "table", "--output-file", "${get_repo_root()}/README.md", "--output-mode", "inject", "."]
	}

	extra_arguments "custom_vars" {

	arguments = [
	"-var-file=terraform.tfvars"
	]

	commands = [
	"apply",
	"import",
	"init",
	"plan",
	"push",
	"refresh",
	]
	}
	}

	# generate backend configuration dynamically
	generate "backend" {
	path = "backend.tf"
	if_exists = "overwrite_terragrunt"
	contents = <<EOF
	terraform {
	backend "remote" {
	organization = "[[WORKSPACE_NAME]]"
	workspaces {
	name = "${path_relative_to_include()}"
	}
	}

	required_providers {
	aws = {
	source = "hashicorp/aws"
	version = ">= 4.27., < 5.0.0"
	}
	}
	}
	EOF
	}