Dependency cycle - Terragrunt sctracture

Gruntwork Customers
,
1

Hey Guys !!
I am facing a dependency cycle issue which drive me crazy …

This is my stracture :

├── environments
│   ├── prod
│   ├── qa
│   └── stage
│       ├── acm
│       │   └── terragrunt.hcl
│       ├── alb
│       │   └── terragrunt.hcl
│       ├── dns
│       │   └── terragrunt.hcl
│       ├── ec2
│       │   └── terragrunt.hcl
│       ├── sec-group
│       │   └── terragrunt.hcl
│       ├── terragrunt.hcl
│       └── vpc
│           └── terragrunt.hcl
└── modules
    ├── acm
    │   ├── main.tf
    │   ├── outputs.tf
    │   └── variables.tf
    ├── alb
    │   ├── main.tf
    │   ├── outputs.tf
    │   └── variables.tf
    ├── dns
    │   ├── main.tf
    │   ├── outputs.tf
    │   └── variables.tf
    ├── ec2
    │   ├── ansible.cfg
    │   ├── ansible-playbooks
    │   │   ├── inventory_ansible
    │   │   │   └── tf_aws_ec2.yml
    │   │   ├── jenkins-master-sample.yaml
    │   │   └── jenkins-worker-sample.yaml
    │   ├── main.tf
    │   ├── outputs.tf
    │   └── variables.tf
    ├── outputs.tf
    ├── sec-group
    │   ├── main.tf
    │   ├── outputs.tf
    │   └── varibales.tf
    ├── varibles.tf
    └── vpc
        ├── main.tf
        ├── outputs.tf
        └── variables.tf

Now when i go to environments/stage/dns and make terragrunt apply-all im getting this error :

[terragrunt] 2021/01/20 13:27:05 Found a dependency cycle between modules: /home/yahav/terragrunt/environments/stage/acm -> /home/yahav/terragrunt/environments/stage/dns -> /home/yahav/terragrunt/environments/stage/acm
[terragrunt] 2021/01/20 13:27:05 Unable to determine underlying exit code, so Terragrunt will exit with error code 1

** I know when i call the dns to apply all he calls the acm to apply too , now when the acm try to apply he needs the outputs from dns . and this is the cycle i think…

what should i do ? where to go from here? im trying to figure it out cuple of days and nothing works…
Please please your help … i am a BIG FAN of terragrunt and i will be happy to know how to fix this.

acm main.tf :

#DNS configuration
data "aws_route53_zone" "dns" {
  name     = var.data-dns-name
}


#Create ACM Certificate and requests validation via DNS(Route53)
resource "aws_acm_certificate" "jenkins-lb-https" {
  domain_name       = join(".", [var.domain-name, data.aws_route53_zone.dns.name])
  validation_method = "DNS"
  tags = {
    Name = var.acm-name
  }
}

#Validates ACM issued certificate via Route53
resource "aws_acm_certificate_validation" "cert" {
  certificate_arn         = aws_acm_certificate.jenkins-lb-https.arn
  for_each                = var.dns-cert-valid
  validation_record_fqdns = [var.dns-cert-valid[each.key].fqdn]
}

dns main.tf :

#DNS configuration
data "aws_route53_zone" "dns" {
  name     = var.dns-name
}


#Create alias record to this hosted zone to point to DNS name for the ALB!
resource "aws_route53_record" "cert_validation" {
  for_each = {
    for val in var.acm-lb-https.domain_validation_options : val.domain_name => {
      name   = val.resource_record_name
      record = val.resource_record_value
      type   = val.resource_record_type
    }
  }
  name    = each.value.name
  records = [each.value.record]
  ttl     = 60
  type    = each.value.type
  zone_id = data.aws_route53_zone.dns.zone_id
}


#Create Alias record towards ALB from route53
resource "aws_route53_record" "jenkins" {
  zone_id  = data.aws_route53_zone.dns.zone_id
  name     = join(".", [var.alias-name, data.aws_route53_zone.dns.name])
  type     = var.record-type
  alias {
    name                   = var.app-lb-dns-name
    zone_id                = var.app-lb-zone-id
    evaluate_target_health = true
  }
}

acm terragrunt.hcl :

terraform {

  source = "../../../modules/acm/"
}

include {
  path = find_in_parent_folders()
}

dependency "acm" {
  config_path = "/home/yahav/terragrunt/environments/stage/dns"
}

inputs = {
  domain-name          = "jenkins"
  acm-name             = "Jenkins-ACM"
  
  data-dns-name	       = "yahavhorev.com." 



  dns-cert-valid       = dependency.acm.outputs.dns_cert_valid

}

dns terragrunt.hcl :

terraform {

  source = "../../../modules/dns/"
}


include {
  path = find_in_parent_folders()
}


dependency "acm" {
  config_path = "/home/yahav/terragrunt/environments/stage/acm"
}


inputs = {
  dns-name                      = "yahavhorev.com."
  alias-name                    = "jenkins"
  record-type                   = "A"

  acm-lb-https			= dependency.acm.outputs.acm_lb_https
  

}
2

Hi @yahavhorev ,

Unfortunately, because terragrunt is operating on multiple terraform modules (and thus different state files), there is no way to break the dependency cycle with just terragrunt. A dependency cycle in terragrunt is usually a signal that those modules should actually be a single terraform module that terragrunt calls, so that you can cycle the dependency within terraform. My recommendation would be to create a single terraform module that contains the calls to acm and dns and have terragrunt call that.

Hope this helps!
- Yori

3

Hi @yoriy !! thanks for the replay :slight_smile:
if you say so… i guess i dont have any other option , At first i was thinking about it but i wondered if there is another way to deal with it.