Terragrunt locking permanent

#1

I see terragrunt can apply a lock on a statefile to prevent multiple users writing to the same state file at the same time, but is there a way to apply a lock permanently? Looking to lock down certain folders of our infrastructure.

#2

Terragrunt doesn’t do any locking. Terraform itself does, depending on the backend you use. For example, the S3 backend can do locking using DynamoDB.

Unfortunately, I don’t think there is a built-in way to get a “permanent” lock at the moment. Can you describe your use case a bit more?

#3

I’d like to hand off the repo for certain variables to be available for updating, but other parts I want locked down.

#4

Ah, I don’t think either Terraform or Terragrunt currently support that. Probably best bet for now is to manage that by limiting commit access (e.g., require PRs) and IAM permissions (e.g., only allow a CI job to run apply).

#5

Yea, I think that CI job is probably the best route. Thanks!