Terragrunt configuration for GovCloud
By default, AWS CLI, Terraform, and Terragrunt rely on the AWS_REGION configuration to discover AWS service endpoints[1]. However, when dealing with government agencies in the US and Canada or using GovCloud, it is necessary to communicate over FIPS endpoints[2]. Terraform provides a guide on using custom endpoints[3] that can be followed to configure Terragrunt. To do this, open the root `terragrunt.hcl` file and locate the AWS provider section. In this section, you need to add custom endpoints specific to your region. Here's an example configuration for the AWS provider section in `terragrunt.hcl`: ``` provider "aws" { endpoints { acm = "https://acm-fips.us-east-1.amazonaws.com" acmpca = "https://acm-pca-fips.us-east-1.amazonaws.com" ... (fips endpoints for other services) } ``` By adding these custom endpoints, terragrunt/terraform will override the standard endpoints for the specified region and utilize the custom endpoints defined above. [1] https://docs.aws.amazon.com/general/latest/gr/rande.html [2] https://aws.amazon.com/compliance/fips/#FIPS_Endpoints_by_Service [3] https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/custom-service-endpoints --- <ins datetime="2023-06-10T01:45:54Z"> <p><a href="https://support.gruntwork.io/hc/requests/110249">Tracked in ticket #110249</a></p> </ins>
KB page with answer added