Skip to content

truefoundry/terraform-aws-truefoundry-platform-features

Repository files navigation

terraform-aws-truefoundry-platform-features

Truefoundry AWS platform features

Requirements

Name Version
terraform ~> 1.4
aws ~> 5.57

Providers

Name Version
aws ~> 5.57

Modules

Name Source Version
truefoundry_bucket terraform-aws-modules/s3-bucket/aws 3.15.0

Resources

Name Type
aws_iam_access_key.truefoundry_platform_user_keys resource
aws_iam_policy.truefoundry_platform_feature_cluster_integration_policy resource
aws_iam_policy.truefoundry_platform_feature_ecr_policy resource
aws_iam_policy.truefoundry_platform_feature_parameter_store_policy resource
aws_iam_policy.truefoundry_platform_feature_s3_policy resource
aws_iam_policy.truefoundry_platform_feature_secrets_manager_policy resource
aws_iam_role.truefoundry_platform_feature_iam_role resource
aws_iam_role_policy_attachment.truefoundry_platform_cluster_integration_policy_attachment resource
aws_iam_role_policy_attachment.truefoundry_platform_ecr_policy_attachment resource
aws_iam_role_policy_attachment.truefoundry_platform_parameter_store_policy_attachment resource
aws_iam_role_policy_attachment.truefoundry_platform_s3_policy_attachment resource
aws_iam_role_policy_attachment.truefoundry_platform_secrets_manager_policy_attachment resource
aws_iam_user.truefoundry_platform_user resource
aws_iam_user_policy_attachment.truefoundry_platform_user_cluster_integration_policy_attachment resource
aws_iam_user_policy_attachment.truefoundry_platform_user_ecr_policy_attachment resource
aws_iam_user_policy_attachment.truefoundry_platform_user_parameter_store_policy_attachment resource
aws_iam_user_policy_attachment.truefoundry_platform_user_s3_policy_attachment resource
aws_iam_user_policy_attachment.truefoundry_platform_user_secrets_manager_policy_attachment resource
aws_iam_policy_document.truefoundry_platform_feature_cluster_integration_policy_document data source
aws_iam_policy_document.truefoundry_platform_feature_ecr_policy_document data source
aws_iam_policy_document.truefoundry_platform_feature_parameter_store_policy_document data source
aws_iam_policy_document.truefoundry_platform_feature_s3_policy_document data source
aws_iam_policy_document.truefoundry_platform_feature_secrets_manager_policy_document data source

Inputs

Name Description Type Default Required
aws_account_id AWS account id string n/a yes
aws_region AWS region string n/a yes
blob_storage_cors_origins List of CORS origins for Mlfoundry bucket list(string)
[
"*"
]
no
blob_storage_enable_override Enable overriding the name of s3 bucket. This will only be used if feature_blob_storage_enabled is enabled. You need to pass blob_storage_override_name to pass the bucket name bool false no
blob_storage_encryption_algorithm Algorithm used for encrypting the default bucket. string "AES256" no
blob_storage_encryption_key_arn ARN of the key used to encrypt the bucket. Only needed if you set aws:kms as encryption algorithm. string null no
blob_storage_force_destroy Force destroy for mlfoundry s3 bucket bool true no
blob_storage_override_name S3 bucket name. Only used if s3_enable_override is enabled string "" no
cluster_name Name of the EKS cluster string n/a yes
control_plane_roles Control plane roles that can assume your platform role list(string)
[
"arn:aws:iam::416964291864:role/tfy-ctl-euwe1-production-truefoundry-deps"
]
no
feature_blob_storage_enabled Enable blob storage feature in the platform bool true no
feature_cluster_integration_enabled Enable cluster integration feature in the platform bool true no
feature_docker_registry_enabled Enable docker registry feature in the platform bool true no
feature_parameter_store_enabled Enable parameter store feature in the platform bool true no
feature_secrets_manager_enabled Enable secrets manager feature in the platform bool false no
flyte_propeller_serviceaccount_name Name for the Flyte Propeller service account string "flytepropeller" no
flyte_propeller_serviceaccount_namespace Namespace for the Flyte Propeller service account string "tfy-workflow-propeller" no
oidc_provider_url OIDC provider URL string "" no
platform_role_enable_override Enable overriding the platform role name. You need to pass blob_storage_override_name to pass the bucket name bool false no
platform_role_override_name Platform IAM role name which will have access to S3 bucket, SSM and ECR string "" no
platform_user_enabled Enable creation of a platform feature user bool false no
platform_user_force_destroy Enable force destroy of the user bool true no
platform_user_name_override_enabled Enable overriding the platform user name. You need to pass platform_user_override_name to pass the user name bool false no
platform_user_override_name Username to override the default platform feature user string "" no
tags A map of tags to add to all resources map(string) {} no

Outputs

Name Description
blob_storage_uri URI of the S3 bucket
platform_bucket_arn ARN of the S3 bucket
platform_bucket_enabled Flag to enable S3 bucket for the platform
platform_bucket_name Name/ID of the S3 bucket
platform_cluster_integration_enabled Flag to enable cluster integration for the platform
platform_ecr_enabled Flag to enable ECR for the platform
platform_ecr_url The ECR url to connect
platform_iam_role_arn The platform IAM role arn
platform_iam_role_assume_role_arns The role arns that can assume the platform IAM role
platform_iam_role_enabled Flag to enable IAM role for the platform. If false, the user will be created.
platform_iam_role_policy_arns The platform IAM role policy arns
platform_secrets_manager_enabled Flag to enable Secrets Manager for the platform
platform_ssm_enabled Flag to enable Parameter Store for the platform
platform_user_access_key The user access key ID
platform_user_arn The user IAM resource arn
platform_user_enabled Flag to enable user for the platform. If false, the iam role will be created.
platform_user_secret_key The user secret key