I see terragrunt can apply a lock on a statefile to prevent multiple users writing to the same state file at the same time, but is there a way to apply a lock permanently? Looking to lock down certain folders of our infrastructure.
Terragrunt doesn’t do any locking. Terraform itself does, depending on the backend you use. For example, the S3 backend can do locking using DynamoDB.
Unfortunately, I don’t think there is a built-in way to get a “permanent” lock at the moment. Can you describe your use case a bit more?
I’d like to hand off the repo for certain variables to be available for updating, but other parts I want locked down.
Ah, I don’t think either Terraform or Terragrunt currently support that. Probably best bet for now is to manage that by limiting commit access (e.g., require PRs) and IAM permissions (e.g., only allow a CI job to run apply).
Yea, I think that CI job is probably the best route. Thanks!