docs/src/data/experiments/opt-out-auth.mdx
import Since from '@components/Since.astro'; import Before from '@components/Before.astro';
Opt out of running --auth-provider-cmd during the discovery phase.
opt-out-auth - What it doesBy default, Terragrunt runs --auth-provider-cmd once per parsed component during the discovery phase, so configuration parsing can reliably resolve HCL functions such as get_aws_account_id and run_cmd. On large repositories, this dominates wall-clock time because the auth command runs for every discovered unit rather than only the subset that will actually run.
Units whose discovery-relevant blocks depend on credentials produced by --auth-provider-cmd will fail to parse with the flag set. Use it when you know parsing will resolve successfully without any prior authentication.
terragrunt run --all \
--experiment opt-out-auth \
--no-discovery-auth-provider-cmd \
--queue-include-units-reading=./changed-file.txt \
plan
terragrunt run --all \
--no-discovery-auth-provider-cmd \
--queue-include-units-reading=./changed-file.txt \
plan
opt-out-auth - How to provide feedbackopt-out-auth - Criteria for stabilizationTo transition the opt-out-auth feature to a stable release, the following were completed:
run --all invocations with reading-based filters.