Pass env_vars to Terraform via CLI

Hey everyone,

I am newer to Terragrunt and have been using it in my home lab for the past 6 months, but I am trying to introduce it to work and establish better standards for our code. I have to support developers that use Linux, Windows and MacOS workstations. Many of these developers do not have the permissions on their workstations to manage their environment variables on their workstations. When people develop the code locally they will use their credentials, but then they will check the code into a repo for pipeline to perform the deployments that will use IAM users in AWS. With that I am attempting to reduce the code they have introduce into the Terragrunt code itself while developing locally and then check the code into the repo for the pipeline to perform the release.

While developing locally I can successfully get this to work great, but it contradicts my goal of not having them introduce code that is different while developing locally vs what the pipeline will be using for deployment.

terraform {

  source = "git::ssh://"

  extra_arguments "set_aws_profile" {

    commands = [










    env_vars = {

      AWS_PROFILE = "profile_name"




Is there a method to pass the env_vars via the CLI vs being in the terraform block in the Terragrunt code? I am happy to give my developers an added parameter they have to pass when developing locally to offset the need for them to put in temporary code that they have to ensure they remove before checking their code into the repo.

Hi @tenletters10,

I think what you are looking for is the get_env function, so you can do something like:

terraform {
  extra_arguments "set_aws_profile" {
    env_vars = (
      get_env("TERRAGRUNT_LOCAL", "false") == "true"
      ? {
        AWS_PROFILE = "profile_name"
      : {}
  # ... other attributes omitted for brevity ...

The idea is that now if the user sets the TERRAGRUNT_LOCAL environment variable (e.g., TERRAGRUNT_LOCAL=true terragrunt apply), then it will set that AWS_PROFILE env var as well.

That said, you can just as easily have the user set AWS_PROFILE at the top level, e.g. AWS_PROFILE=profile_name terragrunt apply to achieve the same effect. The terraform subprocess will inherit all the env vars set on the CLI when calling terragrunt.

Hope this helps!

Best regards,

Hey Yori,

Yeah didn’t know you could throw comparison operations in there like that. Totally makes sense. I have a few use cases outside of AWS_PROFILE that we want them to use while developing locally so this will help for those.

The second method was something I was thinking about in my original question, but like what you proposed in your first solution. I will give these a go.

Thanks for the help.


I have been using what you recommended with great success. I appreciate that help.

I want to understand more about the comparison operator logic that Terragrunt offers.

Another use case I am attempting to use it for remote_state to be local by detecting an env variable (like the TERRAGRUNT_LOCAL example you supplied) vs when not declared as ‘true’ it will switch to the s3 bucket.

I have tried many combos, but I am running into syntax issues trying to get something similar to what you shared to work with the remote_state block.

Could you point me to documentation that I could read?

I searched the Terraform doc site and found two small references to them being used for get_platform() and include block, but nothing that go over the syntax of it. I have also read all of the built-in function and CLI options to see if I am missing an easy way to switch backend targets like what I am looking for.



Terragrunt comparison operator works exactly like Terraform, so Conditional Expressions - Configuration Language - Terraform by HashiCorp is the best doc for it. That said, I know of a few gotchas with that expression, so if you can share what you are trying to do and some example code of what you tried but doesn’t work, I might be able to give more pointers.

Best regards,