Panfactum LogoPanfactum
ConfigurationTerragrunt Variables

Terragrunt Variables

These are variables that can be found in the global.yaml, environment.yaml, region.yaml or module.yaml files (or their *.user.yaml counterparts) inside the environments directory.

Metadata

Used for consistency across labels and tags.

VariableTypeDescriptionRecommended File
environmentstringThe name of the environmentenvironment.yaml
regionstringThe name of the regionregion.yaml
extra_tagsmap(string)An object containing extra tags to add to all resources in the current scopeAny

Module Source

Used to configure the terraform.source option when deploying a module.

VariableTypeDescriptionRecommended File
versionstringConfigures include.panfactum.locals.source. The version of the local modules from PF_IAC_DIR you are using. Must be a valid commit ref to the stack repo.environment.yaml
pf_stack_versionstringConfigures include.panfactum.locals.pf_stack_source. The version of the Panfactum stack you are using. Must be a valid commit ref to the stack repo.environment.yaml
modulestringIf using include.panfactum.locals.source, defines which module from PF_IAC_DIR to use. If using, include.panfactum.locals.pf_stack_source, defines which module from packages/infrastructure to use. Defaults to the name of the module directory.module.yaml

State Backend Setup

The Panfactum setup stores OpenTofu (Terraform) state files in an S3 bucket in each environment's AWS account. To configure this behavior, the following variables must be set:

VariableTypeDescriptionRecommended File
tf_state_account_idstringThe AWS account ID for the account containing the S3 backendenvironment.yaml
tf_state_profilestringThe AWS profile to use for authenticating with the S3 backendenvironment.yaml
tf_state_regionstringThe AWS region to use for the S3 bucketenvironment.yaml
tf_state_bucketstringThe name of the state bucketenvironment.yaml
tf_state_lock_tablestringThe name of the DynamoDB table for the state locksenvironment.yaml

Providers

Providers must be enabled via a providers key which is an array of string values. Each value represents a provider to enable for the module. As a result, this key is typically found in the module.yaml.

The following provider strings are available:

  • aws
  • helm
  • kubernetes
  • local
  • random
  • time
  • tls
  • vault
  • authentik

In addition, some providers have additional configuration values that must be set.

aws Provider

VariableTypeDescriptionRecommended File
aws_account_idstringThe AWS account ID to use for the providerenvironment.yaml
aws_profilestringThe AWS profile that will be used for provider authenticationenvironment.yaml
aws_regionstringThe AWS region to use for the providerregion.yaml
aws_secondary_account_idstringThe AWS account ID to use for the secondary providerenvironment.yaml
aws_secondary_profilestringThe AWS profile that will be used for secondary provider authenticationenvironment.yaml
aws_secondary_regionstringThe AWS region to use for the secondary providerregion.yaml

Note: The aws provider is actually a set of two different aws provider configurations: a primary and secondary. The secondary is used in some Panfactum modules to configure things like backups in a secondary region.

kubernetes Provider

VariableTypeDescriptionRecommended File
kube_api_serverstringThe https URL of the Kubernetes API server the provider should connect toregion.yaml
kube_config_contextstringThe name of the context the provider should use in your repo's kubeconfig fileregion.yaml

vault Provider

VariableTypeDescriptionRecommended File
vault_addrstringThe https URL of the Vault server the provider should connect toregion.yaml

authentik Provider

VariableTypeDescriptionRecommended File
authentik_urlstringThe https URL of the Authenik server the provider should connect toglobal.yaml