Whirlwind Terragrunt Center
Overview
Drive manual, targeted Terragrunt applies with Terraform Cloud remote execution. This repo is the control plane for shared networking DNS stacks and workload stacks per client and OU.
Bootstrap shared networking DNS
- •Apply development zone first, then staging, then production.
- •Use GitHub Actions with
environment=shared_networkingandbootstrap_shared_networking=true, or runscripts/bootstrap-shared-networking-dns.sh <client> <ou>locally. - •Create
live/<client>/<ou>/shared_networking/BOOTSTRAP_COMPLETEafter success.
Normal apply workflow
- •Choose the stack path (includes the region layer) and verify it is valid.
- •Run
scripts/terragrunt-apply.sh <client> <ou> <environment> <stack_path>. - •Use
scripts/validate-target.shfor guardrails and bootstrap enforcement.
Key files
- •
terragrunt.hcldefines Terraform Cloud settings and shared inputs. - •
.github/workflows/terragrunt.ymlruns manual applies. - •
live/<client>/<ou>/terragrunt.hclholds account-level IDs and assume-role. - •
live/<client>/<ou>/shared_networking/.../dns/records/*.hclholds record inputs.
Guardrails
- •Applies are manual only; no automatic promotion.
- •Shared networking DNS requires bootstrap ordering and a
BOOTSTRAP_COMPLETEmarker. - •Shared networking applies are single-stack (one hosted zone at a time).
References
- •
references/repo-layout.md - •
references/bootstrap-dns.md - •
references/workspace-naming.md - •
references/auto-scaling-plan.md - •
references/troubleshooting-bootstrap.md - •
references/tfc-aws-oidc.md - •
references/vpn-access.md - •
references/vpn-subnet-scheme.md - •
references/runbook-shared-networking-apply.md - •
references/runbook-stack-selection.md