A Terragrunt Template Catalog for EKS production Infrastructure as Code (IaC)
This is a catalog repository, a collection of reusable IaC components.
This toolkit uses two template repositories:
- This repository (catalog): Build a collection of reusable modules, units, and stacks
- Live repository: Reference these components your the infrastructure-live repository to deploy them in a multi-environment ecosystem with production CI/CD
You're new to Terragrunt best practices? Read Gruntwork's official production patterns to get the foundations required to use this extended repository.
The catalog follows a layered architecture where each layer builds upon the previous one:
Modules (modules/) → Units (units/) → Stacks (stacks/) → Examples (pipelines/examples/)
- Modules: Reusable Terraform modules that declare AWS resources (VPC, databases, compute instances, etc.)
- Units: Terragrunt wrappers around modules that add configuration and dependencies
- Stacks: Collections of units arranged in dependency graphs for pattern level re-use
- Examples: Simple configuration for testing and development
- Bootstrap: Contains pipelines that need to be run once per repository fork for authenticating GitHub Actions with AWS and creating a Route 53 hosted zone to sign TLS certificates with AWS ACM
- CI: Automated configuration validation, testing (
terratest) and documatentation (terraform-docs).
- AWS account with billing enabled
- GitHub account
- AWS IAM permissions to manage IAM roles, VPC resources, EKS resources, compute resources and S3 (see
policy_arnsin the bootstrap stack for a list of the specific IAM policies)
First, you'll need to fork this repository and make a few changes:
- Click on
Use this templateto create your own repository - Use your IDE of choice to replace every occurrence of
github.com/ConsciousML/terragrunt-template-catalog-eksandgit::git@github.com:ConsciousML/terragrunt-template-catalog-eks.gitby your GitHub repo URL following the same format - Change
pipelines/region.hclto match your desired AWS region - Change
pipelines/dns_config.hclto match your domain name where you'll use ACM to sign TLS certificates (if you don't have a domain name, you'll need to register one using a domain registrar such a GoDaddy or Namecheap)
Warning: If you skip step 2, the TG source links will still point to the original repository (on github.com/ConsciousML/).
Option 1: Use mise (recommended)
First, cd at the root of this repository.
Next, install mise:
curl https://mise.run | MISE_VERSION=v2026.4.0 shThen, install all the tools in the mise.toml file:
mise installFinally, run the following to automatically activate mise when starting a shell:
- For zsh:
echo 'eval "$(~/.local/bin/mise activate zsh)"' >> ~/.zshrc && source ~/.zshrc- For bash:
echo 'eval "$(~/.local/bin/mise activate bash)"' >> ~/.bashrc && source ~/.bashrcFor more information on how to use mise, read their getting started guide.
Option 2: Install Tools Manually
See mise.toml for specific versions.
Authenticate to the AWS CLI:
aws configure
For more information, read the AWS CLI authentication documentation.
Follow the enable Terragrunt in GitHub Actions and Setup DNS documentation to authenticate CI/CD with AWS and to setup your hosted zone to sign TLS certificates with ACM
Deploy a stack that creates a VPC and an EKS cluster:
cd pipelines/examples/stacks/eks
terragrunt stack generate
terragrunt stack run apply --backend-bootstrap --non-interactiveGo into the AWS console and check that your resources have been created.
After around 15 min, your dev EKS cluster will be created.
To connect kubectl to your EKS cluster, create a kubeconfig file by running the following and replacing <region-code> and <cluster-name>:
aws eks update-kubeconfig --region <region-code> --name <cluster-name>Next, verify kubectl is connected:
kubectl get pods -n kube-system
You should see and output similar to:
NAME READY STATUS RESTARTS AGE
aws-node-59ld8 2/2 Running 0 41m
aws-node-5bvc4 2/2 Running 0 41m
coredns-845b86cddf-pg8hk 1/1 Running 0 40m
coredns-845b86cddf-vngdb 1/1 Running 0 40m
eks-pod-identity-agent-9pq6k 1/1 Running 0 41m
eks-pod-identity-agent-fzfk9 1/1 Running 0 41m
kube-proxy-khhsj 1/1 Running 0 40m
kube-proxy-pvh7h 1/1 Running 0 40m
Finally, cleanup by destroying the infrastructure (cwd in pipelines/examples/stacks/eks):
terragrunt stack generate
terragrunt stack run destroy --non-interactiveCaution: This workflow is for development and testing. Use your catalog components in the infrastructure-live repository for multi-environment IaC, and production CI/CD.
- Create a feature branch
- Write/modify modules, units, and stacks
- Test locally using examples
- Create pull request
- Merge when CI passes
See the development guide for a detailed workflow with a step-by-step example on how to modify this template.
After creating your repository from this template, run the bootstrap process once to configure GitHub Actions authentication with AWS.
The CI provides automated checks and testing:
- Create a branch and make changes
- Open a pull request to trigger code quality checks
- Add the
run-terratestlabel for full infrastructure testing - Merge when all checks pass
Read more in our CI workflow guide.
The run-terratest label triggers automated infrastructure tests that deploy real AWS resources, validate functionality, and clean up automatically.
See the testing guide for writing custom tests.
pre-commit installThis runs the same checks as CI locally, catching issues before you push.
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.