AgentSkillsCN

whirlwind-terragrunt-center

在 Whirlwind AWS 账户中,使用 Terraform Cloud 远程执行功能,搭建 Terragrunt 控制平面。适用于在此仓库中手动运行 Terragrunt 应用、初始化共享网络 DNS、编辑实时堆栈输入,或排查堆栈选择与工作空间命名问题时使用。

SKILL.md
--- frontmatter
name: whirlwind-terragrunt-center
description: Terragrunt control plane for Whirlwind AWS accounts using Terraform Cloud remote execution. Use when running manual Terragrunt applies, bootstrapping shared networking DNS, editing live stack inputs, or troubleshooting stack selection and workspace naming in this repo.

Whirlwind Terragrunt Center

Overview

Drive manual, targeted Terragrunt applies with Terraform Cloud remote execution. This repo is the control plane for shared networking DNS stacks and workload stacks per client and OU.

Bootstrap shared networking DNS

  1. Apply development zone first, then staging, then production.
  2. Use GitHub Actions with environment=shared_networking and bootstrap_shared_networking=true, or run scripts/bootstrap-shared-networking-dns.sh <client> <ou> locally.
  3. Create live/<client>/<ou>/shared_networking/BOOTSTRAP_COMPLETE after success.

Normal apply workflow

  1. Choose the stack path (includes the region layer) and verify it is valid.
  2. Run scripts/terragrunt-apply.sh <client> <ou> <environment> <stack_path>.
  3. Use scripts/validate-target.sh for guardrails and bootstrap enforcement.

Key files

  • terragrunt.hcl defines Terraform Cloud settings and shared inputs.
  • .github/workflows/terragrunt.yml runs manual applies.
  • live/<client>/<ou>/terragrunt.hcl holds account-level IDs and assume-role.
  • live/<client>/<ou>/shared_networking/.../dns/records/*.hcl holds record inputs.

Guardrails

  • Applies are manual only; no automatic promotion.
  • Shared networking DNS requires bootstrap ordering and a BOOTSTRAP_COMPLETE marker.
  • Shared networking applies are single-stack (one hosted zone at a time).

References

  • references/repo-layout.md
  • references/bootstrap-dns.md
  • references/workspace-naming.md
  • references/auto-scaling-plan.md
  • references/troubleshooting-bootstrap.md
  • references/tfc-aws-oidc.md
  • references/vpn-access.md
  • references/vpn-subnet-scheme.md
  • references/runbook-shared-networking-apply.md
  • references/runbook-stack-selection.md