Recommended approach to updating terraform, terragrunt, and Service Catalog modules?
Hello, we are looking to modernize our infrastructure code and want to upgrade our `terraform`, `terragrunt`, and service catalog module versions. We are currently on versions `0.12.29`, `0.26`, and `0.11.2`. Any recommendations on how to approach this? Should I update a particular tool first?
In general, the strategy described in https://github.com/gruntwork-io/knowledge-base/discussions/43 is the best approach for managing an upgrade of `terraform` and `terragrunt`. However, this is complicated by the introduction of upgrading the service catalog, which itself may have backward incompatibilities, especially when going from terraform version 0.12. Given that, I recommend the following approach to updating the three together: 1. Upgrade `terragrunt` to the latest version first, and make sure your configuration is compatible by running a `terragrunt run-all validate` and `terragrunt run-all plan`. Since `terragrunt` updates are mostly isolated to the `terragrunt` configuration, it is the least disruptive to your infrastructure to update `terragrunt`. 1. Next, you will want to upgrade `terraform-aws-service-catalog` to the last version supported before the next `terraform` version bump. Note that you will want to pay attention to the release notes in each backward incompatible version bump as you upgrade (the `x` in `0.x.y`) to make sure you take care of all the migration settings to avoid recreating resources. If you are starting with terraform `0.12`, then this will be `v0.16.0` of the service catalog. 2. Once you update to `v0.16.0`, you can start to upgrade the `terraform` version. - You will want to update one minor terraform version at a time, all the way up to `1.0.x`. To update each module, first install the next minor version on your local machine, and then run `terragrunt run-all init && terragrunt run-all plan` to make sure no changes are being made. Once you verify no changes are made, run `terragrunt run-all apply` to commit the version update to the state. - Note that when upgrading from 0.12 to 0.13, you will run into an issue with the provider versioning due to a change in how providers are labeled in the state file. To fix this, for each provider required by the module, run `terragrunt run-all state replace-provider -- -/PROVIDER_NAME hashicorp/PROVIDER_NAME` (e.g., for `aws`, the command is `terragrunt run-all state replace-provider -- -/aws hashicorp/aws`). **You will want to run this after the `terragrunt run-all init` call.** 3. At this point, you should be on terraform `1.0.x` and the latest terragrunt version. You are now free to upgrade the service catalog as far up as you would like. NOTE: If you are using the `ecs-deploy-runner`, you will also want to make sure the `deploy-runner` container is using the same versions of `terraform` and `terragrunt` as you are upgrading to.