terraform-aws-truefoundry-control-plane

Truefoundry AWS Control Plane Module

Requirements

Name	Version
terraform	>= 1.4
aws	5.44.0
random	3.5.1

Providers

Name	Version
aws	5.44.0
random	3.5.1

Modules

Name	Source	Version
truefoundry_bucket	terraform-aws-modules/s3-bucket/aws	3.14.0
truefoundry_oidc_iam	terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc	5.39.0

Resources

Name	Type
aws_db_instance.truefoundry_db	resource
aws_db_subnet_group.rds	resource
aws_iam_policy.svcfoundry_access_to_ecr	resource
aws_iam_policy.svcfoundry_access_to_multitenant_ssm	resource
aws_iam_policy.svcfoundry_access_to_ssm	resource
aws_iam_policy.truefoundry_assume_role_all	resource
aws_iam_policy.truefoundry_bucket_policy	resource
aws_iam_policy.truefoundry_db_iam_auth_policy	resource
aws_kms_alias.truefoundry_db_master_user_secret_kms	resource
aws_kms_key.truefoundry_db_master_user_secret_kms_key	resource
aws_secretsmanager_secret_rotation.turefoundry_db_secret_rotation	resource
aws_security_group.rds	resource
aws_security_group.rds-public	resource
random_password.truefoundry_db_password	resource
aws_iam_policy_document.svcfoundry_access_to_ecr	data source
aws_iam_policy_document.svcfoundry_access_to_multitenant_ssm	data source
aws_iam_policy_document.svcfoundry_access_to_ssm	data source
aws_iam_policy_document.truefoundry_assume_role_all	data source
aws_iam_policy_document.truefoundry_bucket_policy	data source
aws_iam_policy_document.truefoundry_db_iam_auth_policy_document	data source
aws_iam_policy_document.truefoundry_db_master_user_secret_kms_policy	data source

Inputs

Name	Description	Type	Default	Required
account_name	AWS Account Name	string	n/a	yes
aws_account_id	AWS Account ID	string	n/a	yes
aws_region	EKS Cluster region	string	n/a	yes
cluster_name	Cluster name	string	n/a	yes
cluster_oidc_issuer_url	The oidc url of the eks cluster	string	n/a	yes
iam_database_authentication_enabled	Enable IAM database authentication	bool	false	no
manage_master_user_password	Enable master user password management. If set to true master user management is done by RDS in secrets manager, if false a random password is generated	bool	false	no
manage_master_user_password_rotation	Enable master user password rotation	bool	false	no
master_user_password_rotate_immediately	Rotate master user password immediately	bool	false	no
master_user_password_rotation_automatically_after_days	Rotate master user password automatically after days	number	90	no
master_user_password_rotation_duration	Master user password rotation duration	string	"3h"	no
mlfoundry_k8s_namespace	The k8s mlfoundry namespace	string	n/a	yes
mlfoundry_k8s_service_account	The k8s mlfoundry service account name	string	n/a	yes
mlfoundry_name	Name of mlfoundry deployment	string	n/a	yes
svcfoundry_k8s_namespace	The k8s svcfoundry namespace	string	n/a	yes
svcfoundry_k8s_service_account	The k8s svcfoundry service account name	string	n/a	yes
svcfoundry_name	Name of svcfoundry deployment	string	n/a	yes
tags	AWS Tags common to all the resources created	map(string)	{}	no
truefoundry_artifact_buckets_will_read	A list of bucket IDs mlfoundry will need read access to, in order to show the stored artifacts. It accepts any valid IAM resource, including ARNs with wildcards, so you can do something like arn:aws:s3:::bucket-prefix-*	list(string)	[]	no
truefoundry_db_allocated_storage	Storage for RDS. Minimum storage allowed for gp3 volumes is 20GB	string	"20"	no
truefoundry_db_backup_retention_period	Backup retention period for RDS	number	14	no
truefoundry_db_deletion_protection	n/a	bool	true	no
truefoundry_db_enable_insights	Enable insights to truefoundry db	bool	false	no
truefoundry_db_enable_override	Enable override for truefoundry db name. You must pass truefoundry_db_override_name	bool	false	no
truefoundry_db_engine_version	Truefoundry DB Postgres version	string	"13.14"	no
truefoundry_db_ingress_security_group	SG allowed to connect to the database	string	n/a	yes
truefoundry_db_instance_class	Instance class for RDS	string	n/a	yes
truefoundry_db_max_allocated_storage	Max allowed storage for RDS when autoscaling is enabled	string	n/a	yes
truefoundry_db_multiple_az	Enable Multi-az (standby) instances for RDS instances	bool	false	no
truefoundry_db_override_name	Override name for truefoundry db. truefoundry_db_enable_override must be set true	string	""	no
truefoundry_db_publicly_accessible	Make database publicly accessible. Subnets and SG must match	string	false	no
truefoundry_db_skip_final_snapshot	n/a	bool	false	no
truefoundry_db_storage_encrypted	n/a	bool	true	no
truefoundry_db_storage_iops	Provisioned IOPS for the db	number	n/a	yes
truefoundry_db_storage_type	Storage type for truefoundry db	string	"gp3"	no
truefoundry_db_subnet_ids	List of subnets where the RDS database will be deployed	list(string)	n/a	yes
truefoundry_s3_cors_origins	List of CORS origins for Mlfoundry bucket	list(string)	[ "*" ]	no
truefoundry_s3_enable_override	Enable override for s3 bucket name. You must pass truefoundry_s3_override_name	bool	false	no
truefoundry_s3_encryption_algorithm	Algorithm used for encrypting the default bucket.	string	"AES256"	no
truefoundry_s3_encryption_key_arn	ARN of the key used to encrypt the bucket. Only needed if you set aws:kms as encryption algorithm.	string	null	no
truefoundry_s3_force_destroy	Force destroy for mlfoundry s3 bucket	bool	false	no
truefoundry_s3_override_name	Override name for s3 bucket. truefoundry_s3_enable_override must be set true	string	""	no
vpc_id	AWS VPC to deploy Truefoundry rds	string	n/a	yes

Outputs

Name	Description
truefoundry_bucket_id	n/a
truefoundry_db_address	n/a
truefoundry_db_database_name	n/a
truefoundry_db_endpoint	n/a
truefoundry_db_engine	n/a
truefoundry_db_id	n/a
truefoundry_db_password	n/a
truefoundry_db_port	n/a
truefoundry_db_username	n/a
truefoundry_iam_role_arn	n/a