kubevela
/
kubevela.github.io
mirror of https://github.com/kubevela/kubevela.github.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update cloud resource list (#551) 

Added and updated some cloud resources and the overral list

Signed-off-by: Zheng Xi Zhou <zzxwill@gmail.com>
This commit is contained in:
Zheng Xi Zhou 2022-03-22 13:16:28 +08:00 committed by GitHub
parent 7594d1fd6f
commit 76b2daca41
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
304 changed files with 6865 additions and 3398 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

315
docs/end-user/components/cloud-services/cloud-resources-list.md
View File

@ -2,140 +2,181 @@
title: Supported Cloud Resource list
---
| Orchestration Type | Cloud Provider | Cloud Resource | Description |
|--------------------|-----------------------|---------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Terraform | Alibaba Cloud | [ack](./terraform/alibaba-ack.md) | Terraform configuration for Alibaba Cloud ACK cluster |
| | | [amqp](./terraform/alibaba-amqp.md) | Terraform configuration for Alibaba Cloud AMQP(RabbitMQ) |
| | | [ask](./terraform/alibaba-ask.md) | Terraform configuration for Alibaba Cloud Serverless Kubernetes (ASK) |
| | | [eip](./terraform/alibaba-eip.md) | Terraform configuration for Alibaba Cloud Elastic IP |
| | | [mongodb](./terraform/alibaba-mongodb.md) | Alibaba Cloud MongoDB |
| | | [mse](./terraform/alibaba-mse.md) | Terraform configuration for Alibaba Cloud MSE |
| | | [oss](./terraform/alibaba-oss.md) | Terraform configuration for Alibaba Cloud OSS |
| | | [rds](./terraform/alibaba-rds.md) | Terraform configuration for Alibaba Cloud RDS |
| | | [redis](./terraform/alibaba-redis.md) | Terraform configuration for Alibaba Cloud Redis |
| | | [rocketmq](./terraform/alibaba-rocketmq.md) | Terraform configuration for Alibaba Cloud RocketMQ |
| | | [sls project](./terraform/alibaba-sls-project.md) | Terraform configuration for Alibaba Cloud SLS Project |
| | | [sls store](./terraform/alibaba-sls-store.md) | Terraform configuration for Alibaba Cloud SLS Store |
| | | [vpc](./terraform/alibaba-vpc.md) | Terraform configuration for Alibaba Cloud VPC |
| | | [vswitch](./terraform/alibaba-vswitch.md) | Terraform configuration for Alibaba Cloud VSwitch |
| | AWS | [acm](./terraform/aws-acm.md) | Terraform module which creates and validates ACM certificate |
| | | [alb](./terraform/aws-alb.md) | Terraform module to create an AWS Application/Network Load Balancer (ALB/NLB) and associated resources |
| | | [autoscaling](./terraform/aws-autoscaling.md) | Terraform module which creates Auto Scaling resources on AWS |
| | | [bridgecrew read only](./terraform/aws-bridgecrew-read-only.md) | Bridgecrew READ ONLY integration module |
| | | [cloudfront s3 cdn](./terraform/aws-cloudfront-s3-cdn.md) | Terraform module to easily provision CloudFront CDN backed by an S3 origin |
| | | [cloudfront](./terraform/aws-cloudfront.md) | Terraform module which creates CloudFront resources on AWS |
| | | [cloudwatch cis alarms](./terraform/aws-cloudwatch-cis-alarms.md) | Terraform module which creates Cloudwatch resources on AWS |
| | | [cloudwatch log group](./terraform/aws-cloudwatch-log-group.md) | |
| | | [cloudwatch log metric filter](./terraform/aws-cloudwatch-log-metric-filter.md) | |
| | | [cloudwatch metric alarm](./terraform/aws-cloudwatch-metric-alarm.md) | |
| | | [cloudwatch metric alarms](./terraform/aws-cloudwatch-metric-alarms.md) | |
| | | [config](./terraform/aws-config.md) | This module configures AWS Config, a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. |
| | | [dynamodb table](./terraform/aws-dynamodb-table.md) | Terraform module which creates DynamoDB table on AWS |
| | | [ec2 instance](./terraform/aws-ec2-instance.md) | Terraform module which creates EC2 instance(s) on AWS |
| | | [ecs container definition](./terraform/aws-ecs-container-definition.md) | Terraform module to generate well-formed JSON documents (container definitions) that are passed to the aws_ecs_task_definition Terraform resource |
| | | [ecs](./terraform/aws-ecs.md) | Terraform module which creates AWS ECS resources |
| | | [eks cluster autoscaler](./terraform/aws-eks-cluster-autoscaler.md) | AWS Eks-Cluster-Autoscaler |
| | | [eks external dns](./terraform/aws-eks-external-dns.md) | AWS Eks-External-Dns |
| | | [eks kube state metrics](./terraform/aws-eks-kube-state-metrics.md) | AWS Eks-Kube-State-Metrics |
| | | [eks node problem detector](./terraform/aws-eks-node-problem-detector.md) | A terraform module to deploy a node problem detector on Amazon EKS cluster |
| | | [eks](./terraform/aws-eks.md) | Terraform module to create an Elastic Kubernetes (EKS) cluster and associated worker instances on AWS |
| | | [elasticache redis](./terraform/aws-elasticache-redis.md) | Terraform module to provision an ElastiCache Redis Cluster |
| | | [elb](./terraform/aws-elb.md) | Terraform module which creates ELB resources on AWS |
| | | [guardduty](./terraform/aws-guardduty.md) | Terraform module to provision AWS Guard Duty |
| | | [iam account](./terraform/aws-iam-account.md) | Terraform module which creates IAM resources on AWS |
| | | [iam assumable role with oidc](./terraform/aws-iam-assumable-role-with-oidc.md) | |
| | | [iam assumable role with saml](./terraform/aws-iam-assumable-role-with-saml.md) | |
| | | [iam assumable role](./terraform/aws-iam-assumable-role.md) | |
| | | [iam assumable roles with saml](./terraform/aws-iam-assumable-roles-with-saml.md) | |
| | | [iam assumable roles](./terraform/aws-iam-assumable-roles.md) | |
| | | [iam eks role](./terraform/aws-iam-eks-role.md) | |
| | | [iam group with assumable roles policy](./terraform/aws-iam-group-with-assumable-roles-policy.md) | |
| | | [iam group with policies](./terraform/aws-iam-group-with-policies.md) | |
| | | [iam nofile](./terraform/aws-iam-nofile.md) | Terraform module Terraform module for creating AWS IAM Roles with heredocs |
| | | [iam policy document aggregator](./terraform/aws-iam-policy-document-aggregator.md) | Terraform module to aggregate multiple IAM policy documents into single policy document. |
| | | [iam policy](./terraform/aws-iam-policy.md) | Terraform module which creates IAM resources on AWS |
| | | [iam read only policy](./terraform/aws-iam-read-only-policy.md) | |
| | | [iam role](./terraform/aws-iam-role.md) | A Terraform module that creates IAM role with provided JSON IAM polices documents. |
| | | [iam s3 user](./terraform/aws-iam-s3-user.md) | Terraform module to provision a basic IAM user with permissions to access S3 resources, e.g. to give the user read/write/delete access to the objects in an S3 bucket |
| | | [iam system user](./terraform/aws-iam-system-user.md) | Terraform Module to Provision a Basic IAM System User Suitable for CI/CD Systems (E.g. TravisCI, CircleCI) |
| | | [iam user](./terraform/aws-iam-user.md) | Terraform module which creates IAM resources on AWS |
| | | [key pair](./terraform/aws-key-pair.md) | Terraform module which creates EC2 key pair on AWS |
| | | [kms key](./terraform/aws-kms-key.md) | Terraform module to provision a KMS key with alias |
| | | [lambda do it all](./terraform/aws-lambda-do-it-all.md) | Terraform module to provision a lambda with full permissions |
| | | [lambda with inline code](./terraform/aws-lambda-with-inline-code.md) | Terraform module creating a Lambda function with inline code |
| | | [lambda](./terraform/aws-lambda.md) | Terraform module, which takes care of a lot of AWS Lambda/serverless tasks (build dependencies, packages, updates, deployments) in countless combinations |
| | | [notify slack](./terraform/aws-notify-slack.md) | Terraform module which creates SNS topic and Lambda function which sends notifications to Slack |
| | | [rds aurora](./terraform/aws-rds-aurora.md) | Terraform module which creates RDS Aurora resources on AWS |
| | | [rds](./terraform/aws-rds.md) | AWS RDS |
| | | [route53 alias](./terraform/aws-route53-alias.md) | Terraform Module to Define Vanity Host/Domain (e.g. ) as an ALIAS record |
| | | [route53 cluster hostname](./terraform/aws-route53-cluster-hostname.md) | Terraform module to define a consistent AWS Route53 hostname |
| | | [route53 delegation sets](./terraform/aws-route53-delegation-sets.md) | Terraform module which creates Route53 resources on AWS |
| | | [route53 records](./terraform/aws-route53-records.md) | |
| | | [route53 zones](./terraform/aws-route53-zones.md) | |
| | | [s3 log storage](./terraform/aws-s3-log-storage.md) | This module creates an S3 bucket suitable for receiving logs from other AWS services such as S3, CloudFront, and CloudTrail |
| | | [s3](./terraform/aws-s3.md) | Terraform configuration for AWS S3 |
| | | [secretsmanager for rollbar access tokens](./terraform/aws-secretsmanager-for-rollbar-access-tokens.md) | Terraform module creating a SecretsManager for Rollbar project access tokens |
| | | [security group](./terraform/aws-security-group.md) | Terraform module which creates EC2-VPC security groups on AWS |
| | | [security hub](./terraform/aws-security-hub.md) | Terraform module to provision AWS Security Hub |
| | | [sns topic](./terraform/aws-sns-topic.md) | Terraform Module to Provide an Amazon Simple Notification Service (SNS) |
| | | [sqs](./terraform/aws-sqs.md) | Terraform module which creates SQS resources on AWS |
| | | [ssm parameter store](./terraform/aws-ssm-parameter-store.md) | Terraform module to populate AWS Systems Manager (SSM) Parameter Store with values from Terraform. Works great with Chamber. |
| | | [subnet](./terraform/aws-subnet.md) | AWS Subnet |
| | | [utils](./terraform/aws-utils.md) | Utility functions for use with Terraform in the AWS environment |
| | | [vpc](./terraform/aws-vpc.md) | AWS VPC |
| | Azure | [database mariadb](./terraform/azure-database-mariadb.md) | Terraform configuration for Azure Database Mariadb |
| | | [resource group](./terraform/azure-resource-group.md) | Azure Resource Group |
| | | [storage account](./terraform/azure-storage-account.md) | Terraform configuration for Azure Blob Storage Account |
| | | [subnet](./terraform/azure-subnet.md) | Azure Subnet |
| | | [virtual network](./terraform/azure-virtual-network.md) | Azure Virtual Network |
| | Baidu Cloud | [vpc](./terraform/baidu-vpc.md) | Baidu Cloud VPC |
| | Google Cloud Platform | [appengine](./terraform/gcp-appengine.md) | Get your container running, simply. |
| | | [audit log](./terraform/gcp-audit-log.md) | Terraform module for configuring an integration with Google Cloud Platform Organziations and Projects for Audit Logs analysis |
| | | [backend service](./terraform/gcp-backend-service.md) | Create an ILB to be used for DC/OS for GCP |
| | | [basic vpc module](./terraform/gcp-basic-vpc-module.md) | GCP Basic_vpc_module |
| | | [bastion](./terraform/gcp-bastion.md) | Bastion for GCP |
| | | [bootstrap](./terraform/gcp-bootstrap.md) | Create a DC/OS Bootstrap instance and have conditional DC/OS prereqs for gcp |
| | | [cloudfunction](./terraform/gcp-cloudfunction.md) | For your cloud functions to GCP |
| | | [cloudsql](./terraform/gcp-cloudsql.md) | A module to create a private database setup |
| | | [cluster](./terraform/gcp-cluster.md) | Set up a GKE cluster connected as part of shared VPC |
| | | [compute firewall](./terraform/gcp-compute-firewall.md) | Create an ELB to be used for DC/OS for GCP |
| | | [compute forwarding rule dcos](./terraform/gcp-compute-forwarding-rule-dcos.md) | This module creates forwarding rules for DC/OS. |
| | | [compute forwarding rule masters](./terraform/gcp-compute-forwarding-rule-masters.md) | Creates an GCP forwarding rule for DC/OS masters |
| | | [compute forwarding rule public agents](./terraform/gcp-compute-forwarding-rule-public-agents.md) | This module creates an GCP forwarding rule for DC/OS public agents |
| | | [compute forwarding rule](./terraform/gcp-compute-forwarding-rule.md) | GCP Compute-Forwarding-Rule |
| | | [config](./terraform/gcp-config.md) | Terraform module for integrating Google Cloud Platform Organziations and Projects with Lacework for cloud resource configuration assessment |
| | | [custom role](./terraform/gcp-custom-role.md) | Base IAM role module to create GCP IAM Role from other roles and adhoc permissions |
| | | [dcos](./terraform/gcp-dcos.md) | Creates a DC/OS Cluster on GCP | Convenience Wrapper for GCP |
| | | [dns module](./terraform/gcp-dns-module.md) | GCP Dns-Module |
| | | [elasticsearch](./terraform/gcp-elasticsearch.md) | Terraform module for deploying Elasticsearch cluster on GCP |
| | | [environment setup](./terraform/gcp-environment-setup.md) | IAC for provisioning Infrastructure component like network, subnetworks, route |
| | | [firewall rules](./terraform/gcp-firewall-rules.md) | Terraform module for creating Firewall rules on Google Cloud |
| | | [gci](./terraform/gcp-gci.md) | Manages GCP compute engine instance |
| | | [gcs](./terraform/gcp-gcs.md) | GCP Gcs |
| | | [gke ecommerce](./terraform/gcp-gke-ecommerce.md) | Google Kubernetes Engine starter kit to bootstrap an e-commerce site based on microservices |
| | | [gke regional](./terraform/gcp-gke-regional.md) | Using Terraform to create a regional GKE cluster (Hosted Kubernetes offering of GCP) |
| | | [googlecomputeinstance](./terraform/gcp-googlecomputeinstance.md) | First step using GCP and Terraform |
| | | [hashicorp suite](./terraform/gcp-hashicorp-suite.md) | Terraform module to run Nomad on Google Cloud |
| | | [helmrepo](./terraform/gcp-helmrepo.md) | A helm repository |
| | | [infrastructure](./terraform/gcp-infrastructure.md) | Create DC/OS related GCP Infrastructure |
| | | [instance module](./terraform/gcp-instance-module.md) | Lazy GCP instance via Terraform |
| | | [instance](./terraform/gcp-instance.md) | GCP Instance |
| | | [kthw](./terraform/gcp-kthw.md) | Kubernetes Cluster On GCP with Terraform |
| | | [masters](./terraform/gcp-masters.md) | Create DC/OS Master instance and have conditional DC/OS Prereqs for GCP |
| | | [memorystore redis](./terraform/gcp-memorystore-redis.md) | Terraform gcp memorystore redis example |
| | | [network peering](./terraform/gcp-network-peering.md) | GCP Network-Peering |
| | | [network](./terraform/gcp-network.md) | Terraform configuration for GCP network |
| | | [openwisp](./terraform/gcp-openwisp.md) | Terraform files for deploying docker-openwisp infrastructure in Google Cloud. |
| | | [private agents](./terraform/gcp-private-agents.md) | Create DC/OS Private Agents instance and have conditional DC/OS Prereqs for gcp |
| | | [public agents](./terraform/gcp-public-agents.md) | Create DC/OS Public Agents instance and have conditional DC/OS prereqs for gcp |
| | | [service account](./terraform/gcp-service-account.md) | Terraform module that creates a service account to provide Lacework read-only access to Google Cloud Platform Organizations and Projects |
| | | [service](./terraform/gcp-service.md) | Creates a GCP service user |
| | | [sfabric](./terraform/gcp-sfabric.md) | Terraform module for launching a Service Fabric Dev Environment on GCP |
| | | [statebucket](./terraform/gcp-statebucket.md) | Contains a module to create a statebucket for use with Terraform |
| | | [staticip](./terraform/gcp-staticip.md) | A simple Terraform module to build an instance a static public IP |
| | | [storage](./terraform/gcp-storage.md) | A basic terraform module example, which the example uses for a helm repo |
| | | [subnet](./terraform/gcp-subnet.md) | Terraform module for creating Subnets on Google Cloud |
| | | [tested oses](./terraform/gcp-tested-oses.md) | GCP Tested-Oses |
| | | [vpc](./terraform/gcp-vpc.md) | Terraform module for creating VPCs on Google Cloud |
| | Tencent Cloud | [subnet](./terraform/tencent-subnet.md) | Tencent Cloud Subnet |
| | | [vpc](./terraform/tencent-vpc.md) | Terraform configuration for Tencent Cloud VPC |
| Orchestration Type | Cloud Provider | Cloud Resource | Description |
|--------------------|-----------------------|-----------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Terraform | Alibaba Cloud | [ack](./terraform/alibaba-ack.md) | Terraform configuration for Alibaba Cloud ACK cluster |
| | | [amqp](./terraform/alibaba-amqp.md) | Terraform configuration for Alibaba Cloud AMQP(RabbitMQ) |
| | | [ask](./terraform/alibaba-ask.md) | Terraform configuration for Alibaba Cloud Serverless Kubernetes (ASK) |
| | | [deploy website](./terraform/alibaba-deploy-website.md) | Deploy a Static Website in object stroage, like S3 and OSS |
| | | [dns](./terraform/alibaba-dns.md) | Terraform configuration for Alibaba Cloud DNS |
| | | [eip slb ecs rds](./terraform/alibaba-eip-slb-ecs-rds.md) | Create a lightweight web service based on Terraform under AliCloud's VPC, including: EIP, SLB, ECS, RDS |
| | | [eip](./terraform/alibaba-eip.md) | Terraform configuration for Alibaba Cloud Elastic IP |
| | | [kms](./terraform/alibaba-kms.md) | Create KMS on AliCloud based on Terraform module |
| | | [kubernetes networking](./terraform/alibaba-kubernetes-networking.md) | Create a set of network environment related resources for Kubernetes clusters on AliCloud based on Terraform module |
| | | [market tensorflow](./terraform/alibaba-market-tensorflow.md) | Based on Terraform module, create ECS instances on Ali cloud to achieve one-click deployment of cloud marketplace Tensorflow |
| | | [mns queue](./terraform/alibaba-mns-queue.md) | Create a queue instance based on the Terraform module |
| | | [mns topic](./terraform/alibaba-mns-topic.md) | Create a topic and a subscription based on Terraform module |
| | | [mongodb multi](./terraform/alibaba-mongodb-multi.md) | Terraform-based module for creating a MongoDB cloud database under AliCloud VPC |
| | | [mongodb](./terraform/alibaba-mongodb.md) | Alibaba Cloud MongoDB |
| | | [mse](./terraform/alibaba-mse.md) | Terraform configuration for Alibaba Cloud MSE |
| | | [nas](./terraform/alibaba-nas.md) | Terraform configuration for Alicloud NAS |
| | | [network with nat](./terraform/alibaba-network-with-nat.md) | Build VPC and Nat gateway network environment and bind EIP, add SNAT and DNAT entries on AliCloud based on Terraform module |
| | | [oss website](./terraform/alibaba-oss-website.md) | Alibaba Cloud OSS static webstie bucket |
| | | [oss](./terraform/alibaba-oss.md) | Terraform configuration for Alibaba Cloud OSS |
| | | [private zone](./terraform/alibaba-private-zone.md) | Terraform-based modules are used to create a Private Zone on AliCloud, while you can add records to the Zone and associate it with a VPC |
| | | [rabbitmq](./terraform/alibaba-rabbitmq.md) | Create a RabbitMQ based on Terraform module in Ali cloud |
| | | [ram fc](./terraform/alibaba-ram-fc.md) | Create a functional computing service based on Terraform under AliCloud's RAM role |
| | | [ram](./terraform/alibaba-ram.md) | Create RAM User instances on AliCloud based on Terraform module |
| | | [rds preview](./terraform/alibaba-rds-preview.md) | Alibaba RDS in a preview mode |
| | | [rds](./terraform/alibaba-rds.md) | Terraform configuration for Alibaba Cloud RDS |
| | | [redis](./terraform/alibaba-redis.md) | Terraform configuration for Alibaba Cloud Redis |
| | | [remote backend](./terraform/alibaba-remote-backend.md) | Deploy remote backend storage in Aliyun based on Terraform module |
| | | [rocketmq](./terraform/alibaba-rocketmq.md) | Terraform configuration for Alibaba Cloud RocketMQ |
| | | [sae application](./terraform/alibaba-sae-application.md) | Alibaba SAE application |
| | | [sae auto config application](./terraform/alibaba-sae-auto-config-application.md) | Alibaba SAE application to be deployed in auto-config mode |
| | | [sae namespace](./terraform/alibaba-sae-namespace.md) | Alibaba SAE namespace |
| | | [security group](./terraform/alibaba-security-group.md) | Terraform configuration for Alicloud SecurityGroup |
| | | [slb acl](./terraform/alibaba-slb-acl.md) | Terraform-based module supports creating access control lists for load balancers |
| | | [slb listener](./terraform/alibaba-slb-listener.md) | Quickly create slb listeners resources on AliCloud based on Terraform module |
| | | [slb rule](./terraform/alibaba-slb-rule.md) | Terraform-based module creates an SLB instance under AliCloud's VPC and configures rules |
| | | [slb](./terraform/alibaba-slb.md) | Terraform configuration for Alicloud SLB |
| | | [sls project](./terraform/alibaba-sls-project.md) | Terraform configuration for Alibaba Cloud SLS Project |
| | | [sls store](./terraform/alibaba-sls-store.md) | Terraform configuration for Alibaba Cloud SLS Store |
| | | [vpc ecs eip](./terraform/alibaba-vpc-ecs-eip.md) | Create a lightweight WEB service based on Terraform under AliCloud's VPC, including: VPC, ECS, EIP |
| | | [vpc privatelink connection](./terraform/alibaba-vpc-privatelink-connection.md) | Terraform-based for creating VPC networks in AliCloud and creating private network links |
| | | [vpc](./terraform/alibaba-vpc.md) | Terraform configuration for Alibaba Cloud VPC |
| | | [vpn gateway](./terraform/alibaba-vpn-gateway.md) | Create VPN resources on AliCloud based on Terraform module |
| | | [vswitch](./terraform/alibaba-vswitch.md) | Terraform configuration for Alibaba Cloud VSwitch |
| | AWS | [acm](./terraform/aws-acm.md) | Terraform module which creates and validates ACM certificate |
| | | [alb](./terraform/aws-alb.md) | Terraform module to create an AWS Application/Network Load Balancer (ALB/NLB) and associated resources |
| | | [autoscaling](./terraform/aws-autoscaling.md) | Terraform module which creates Auto Scaling resources on AWS |
| | | [bridgecrew read only](./terraform/aws-bridgecrew-read-only.md) | Bridgecrew READ ONLY integration module |
| | | [cis alarms](./terraform/aws-cis-alarms.md) | Terraform module which creates Cloudwatch resources on AWS |
| | | [cloudfront s3 cdn](./terraform/aws-cloudfront-s3-cdn.md) | Terraform module to easily provision CloudFront CDN backed by an S3 origin |
| | | [cloudfront](./terraform/aws-cloudfront.md) | Terraform module which creates CloudFront resources on AWS |
| | | [cloudwatch cis alarms](./terraform/aws-cloudwatch-cis-alarms.md) | Terraform module which creates Cloudwatch resources on AWS |
| | | [cloudwatch log group](./terraform/aws-cloudwatch-log-group.md) | |
| | | [cloudwatch log metric filter](./terraform/aws-cloudwatch-log-metric-filter.md) | |
| | | [cloudwatch metric alarm](./terraform/aws-cloudwatch-metric-alarm.md) | |
| | | [cloudwatch metric alarms by multiple dimensions](./terraform/aws-cloudwatch-metric-alarms-by-multiple-dimensions.md) | |
| | | [cloudwatch metric alarms](./terraform/aws-cloudwatch-metric-alarms.md) | |
| | | [config](./terraform/aws-config.md) | This module configures AWS Config, a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. |
| | | [delegation sets](./terraform/aws-delegation-sets.md) | Terraform module which creates Route53 resources on AWS |
| | | [dynamodb table](./terraform/aws-dynamodb-table.md) | Terraform module which creates DynamoDB table on AWS |
| | | [ec2 instance](./terraform/aws-ec2-instance.md) | Terraform module which creates EC2 instance(s) on AWS |
| | | [ecs container definition](./terraform/aws-ecs-container-definition.md) | Terraform module to generate well-formed JSON documents (container definitions) that are passed to the aws_ecs_task_definition Terraform resource |
| | | [ecs](./terraform/aws-ecs.md) | Terraform module which creates AWS ECS resources |
| | | [eks cluster autoscaler](./terraform/aws-eks-cluster-autoscaler.md) | AWS Eks-Cluster-Autoscaler |
| | | [eks external dns](./terraform/aws-eks-external-dns.md) | AWS Eks-External-Dns |
| | | [eks kube state metrics](./terraform/aws-eks-kube-state-metrics.md) | AWS Eks-Kube-State-Metrics |
| | | [eks node problem detector](./terraform/aws-eks-node-problem-detector.md) | A terraform module to deploy a node problem detector on Amazon EKS cluster |
| | | [eks](./terraform/aws-eks.md) | Terraform module to create an Elastic Kubernetes (EKS) cluster and associated worker instances on AWS |
| | | [elasticache redis](./terraform/aws-elasticache-redis.md) | Terraform module to provision an ElastiCache Redis Cluster |
| | | [elb](./terraform/aws-elb.md) | Terraform module which creates ELB resources on AWS |
| | | [emr](./terraform/aws-emr.md) | Terraform module which creates EMR on AWS |
| | | [guardduty](./terraform/aws-guardduty.md) | Terraform module to provision AWS Guard Duty |
| | | [iam account](./terraform/aws-iam-account.md) | Terraform module which creates IAM resources on AWS |
| | | [iam assumable role with oidc](./terraform/aws-iam-assumable-role-with-oidc.md) | |
| | | [iam assumable role with saml](./terraform/aws-iam-assumable-role-with-saml.md) | |
| | | [iam assumable role](./terraform/aws-iam-assumable-role.md) | |
| | | [iam assumable roles with saml](./terraform/aws-iam-assumable-roles-with-saml.md) | |
| | | [iam assumable roles](./terraform/aws-iam-assumable-roles.md) | |
| | | [iam eks role](./terraform/aws-iam-eks-role.md) | |
| | | [iam group with assumable roles policy](./terraform/aws-iam-group-with-assumable-roles-policy.md) | |
| | | [iam group with policies](./terraform/aws-iam-group-with-policies.md) | |
| | | [iam nofile](./terraform/aws-iam-nofile.md) | Terraform module Terraform module for creating AWS IAM Roles with heredocs |
| | | [iam policy document aggregator](./terraform/aws-iam-policy-document-aggregator.md) | Terraform module to aggregate multiple IAM policy documents into single policy document. |
| | | [iam policy](./terraform/aws-iam-policy.md) | Terraform module which creates IAM resources on AWS |
| | | [iam read only policy](./terraform/aws-iam-read-only-policy.md) | |
| | | [iam role](./terraform/aws-iam-role.md) | A Terraform module that creates IAM role with provided JSON IAM polices documents. |
| | | [iam s3 user](./terraform/aws-iam-s3-user.md) | Terraform module to provision a basic IAM user with permissions to access S3 resources, e.g. to give the user read/write/delete access to the objects in an S3 bucket |
| | | [iam system user](./terraform/aws-iam-system-user.md) | Terraform Module to Provision a Basic IAM System User Suitable for CI/CD Systems (E.g. TravisCI, CircleCI) |
| | | [iam user](./terraform/aws-iam-user.md) | Terraform module which creates IAM resources on AWS |
| | | [key pair](./terraform/aws-key-pair.md) | Terraform module which creates EC2 key pair on AWS |
| | | [kms key](./terraform/aws-kms-key.md) | Terraform module to provision a KMS key with alias |
| | | [lambda do it all](./terraform/aws-lambda-do-it-all.md) | Terraform module to provision a lambda with full permissions |
| | | [lambda with inline code](./terraform/aws-lambda-with-inline-code.md) | Terraform module creating a Lambda function with inline code |
| | | [lambda](./terraform/aws-lambda.md) | Terraform module, which takes care of a lot of AWS Lambda/serverless tasks (build dependencies, packages, updates, deployments) in countless combinations |
| | | [log group](./terraform/aws-log-group.md) | Terraform module which creates Cloudwatch resources on AWS |
| | | [log metric filter](./terraform/aws-log-metric-filter.md) | |
| | | [metric alarm](./terraform/aws-metric-alarm.md) | |
| | | [metric alarms by multiple dimensions](./terraform/aws-metric-alarms-by-multiple-dimensions.md) | |
| | | [mq](./terraform/aws-mq.md) | AWS MQ |
| | | [notify slack](./terraform/aws-notify-slack.md) | Terraform module which creates SNS topic and Lambda function which sends notifications to Slack |
| | | [rds aurora](./terraform/aws-rds-aurora.md) | Terraform module which creates RDS Aurora resources on AWS |
| | | [rds](./terraform/aws-rds.md) | AWS RDS |
| | | [records](./terraform/aws-records.md) | Terraform module which creates Route53 resources on AWS |
| | | [route53 alias](./terraform/aws-route53-alias.md) | Terraform Module to Define Vanity Host/Domain (e.g. ) as an ALIAS record |
| | | [route53 cluster hostname](./terraform/aws-route53-cluster-hostname.md) | Terraform module to define a consistent AWS Route53 hostname |
| | | [route53 delegation sets](./terraform/aws-route53-delegation-sets.md) | Terraform module which creates Route53 resources on AWS |
| | | [route53 records](./terraform/aws-route53-records.md) | |
| | | [route53 zones](./terraform/aws-route53-zones.md) | |
| | | [s3 log storage](./terraform/aws-s3-log-storage.md) | This module creates an S3 bucket suitable for receiving logs from other AWS services such as S3, CloudFront, and CloudTrail |
| | | [s3](./terraform/aws-s3.md) | Terraform configuration for AWS S3 |
| | | [secretsmanager for rollbar access tokens](./terraform/aws-secretsmanager-for-rollbar-access-tokens.md) | Terraform module creating a SecretsManager for Rollbar project access tokens |
| | | [security group](./terraform/aws-security-group.md) | Terraform module which creates EC2-VPC security groups on AWS |
| | | [security hub](./terraform/aws-security-hub.md) | Terraform module to provision AWS Security Hub |
| | | [sns topic](./terraform/aws-sns-topic.md) | Terraform Module to Provide an Amazon Simple Notification Service (SNS) |
| | | [sqs](./terraform/aws-sqs.md) | Terraform module which creates SQS resources on AWS |
| | | [ssm parameter store](./terraform/aws-ssm-parameter-store.md) | Terraform module to populate AWS Systems Manager (SSM) Parameter Store with values from Terraform. Works great with Chamber. |
| | | [subnet](./terraform/aws-subnet.md) | AWS Subnet |
| | | [utils](./terraform/aws-utils.md) | Utility functions for use with Terraform in the AWS environment |
| | | [vpc](./terraform/aws-vpc.md) | AWS VPC |
| | | [zones](./terraform/aws-zones.md) | Terraform module which creates Route53 resources on AWS |
| | Azure | [database mariadb](./terraform/azure-database-mariadb.md) | Terraform configuration for Azure Database Mariadb |
| | | [resource group](./terraform/azure-resource-group.md) | Azure Resource Group |
| | | [storage account](./terraform/azure-storage-account.md) | Terraform configuration for Azure Blob Storage Account |
| | | [subnet](./terraform/azure-subnet.md) | Azure Subnet |
| | | [virtual network](./terraform/azure-virtual-network.md) | Azure Virtual Network |
| | Baidu Cloud | [vpc](./terraform/baidu-vpc.md) | Baidu Cloud VPC |
| | Google Cloud Platform | [appengine](./terraform/gcp-appengine.md) | Get your container running, simply. |
| | | [audit log](./terraform/gcp-audit-log.md) | Terraform module for configuring an integration with Google Cloud Platform Organziations and Projects for Audit Logs analysis |
| | | [backend service](./terraform/gcp-backend-service.md) | Create an ILB to be used for DC/OS for GCP |
| | | [basic vpc module](./terraform/gcp-basic-vpc-module.md) | GCP Basic_vpc_module |
| | | [bastion](./terraform/gcp-bastion.md) | Bastion for GCP |
| | | [bootstrap](./terraform/gcp-bootstrap.md) | Create a DC/OS Bootstrap instance and have conditional DC/OS prereqs for gcp |
| | | [cloudfunction](./terraform/gcp-cloudfunction.md) | For your cloud functions to GCP |
| | | [cloudsql](./terraform/gcp-cloudsql.md) | A module to create a private database setup |
| | | [cluster](./terraform/gcp-cluster.md) | Set up a GKE cluster connected as part of shared VPC |
| | | [compute firewall](./terraform/gcp-compute-firewall.md) | Create an ELB to be used for DC/OS for GCP |
| | | [compute forwarding rule dcos](./terraform/gcp-compute-forwarding-rule-dcos.md) | This module creates forwarding rules for DC/OS. |
| | | [compute forwarding rule masters](./terraform/gcp-compute-forwarding-rule-masters.md) | Creates an GCP forwarding rule for DC/OS masters |
| | | [compute forwarding rule public agents](./terraform/gcp-compute-forwarding-rule-public-agents.md) | This module creates an GCP forwarding rule for DC/OS public agents |
| | | [compute forwarding rule](./terraform/gcp-compute-forwarding-rule.md) | GCP Compute-Forwarding-Rule |
| | | [config](./terraform/gcp-config.md) | Terraform module for integrating Google Cloud Platform Organziations and Projects with Lacework for cloud resource configuration assessment |
| | | [custom role](./terraform/gcp-custom-role.md) | Base IAM role module to create GCP IAM Role from other roles and adhoc permissions |
| | | [dcos](./terraform/gcp-dcos.md) | Creates a DC/OS Cluster on GCP | Convenience Wrapper for GCP |
| | | [dns module](./terraform/gcp-dns-module.md) | GCP Dns-Module |
| | | [elasticsearch](./terraform/gcp-elasticsearch.md) | Terraform module for deploying Elasticsearch cluster on GCP |
| | | [environment setup](./terraform/gcp-environment-setup.md) | IAC for provisioning Infrastructure component like network, subnetworks, route |
| | | [firewall rules](./terraform/gcp-firewall-rules.md) | Terraform module for creating Firewall rules on Google Cloud |
| | | [gci](./terraform/gcp-gci.md) | Manages GCP compute engine instance |
| | | [gcs](./terraform/gcp-gcs.md) | GCP Gcs |
| | | [gke ecommerce](./terraform/gcp-gke-ecommerce.md) | Google Kubernetes Engine starter kit to bootstrap an e-commerce site based on microservices |
| | | [gke regional](./terraform/gcp-gke-regional.md) | Using Terraform to create a regional GKE cluster (Hosted Kubernetes offering of GCP) |
| | | [googlecomputeinstance](./terraform/gcp-googlecomputeinstance.md) | First step using GCP and Terraform |
| | | [hashicorp suite](./terraform/gcp-hashicorp-suite.md) | Terraform module to run Nomad on Google Cloud |
| | | [helmrepo](./terraform/gcp-helmrepo.md) | A helm repository |
| | | [infrastructure](./terraform/gcp-infrastructure.md) | Create DC/OS related GCP Infrastructure |
| | | [instance module](./terraform/gcp-instance-module.md) | Lazy GCP instance via Terraform |
| | | [instance](./terraform/gcp-instance.md) | GCP Instance |
| | | [kthw](./terraform/gcp-kthw.md) | Kubernetes Cluster On GCP with Terraform |
| | | [masters](./terraform/gcp-masters.md) | Create DC/OS Master instance and have conditional DC/OS Prereqs for GCP |
| | | [memorystore redis](./terraform/gcp-memorystore-redis.md) | Terraform gcp memorystore redis example |
| | | [mq](./terraform/gcp-mq.md) | GCP MQ |
| | | [network peering](./terraform/gcp-network-peering.md) | GCP Network-Peering |
| | | [network](./terraform/gcp-network.md) | Terraform configuration for GCP network |
| | | [openwisp](./terraform/gcp-openwisp.md) | Terraform files for deploying docker-openwisp infrastructure in Google Cloud. |
| | | [private agents](./terraform/gcp-private-agents.md) | Create DC/OS Private Agents instance and have conditional DC/OS Prereqs for gcp |
| | | [public agents](./terraform/gcp-public-agents.md) | Create DC/OS Public Agents instance and have conditional DC/OS prereqs for gcp |
| | | [service account](./terraform/gcp-service-account.md) | Terraform module that creates a service account to provide Lacework read-only access to Google Cloud Platform Organizations and Projects |
| | | [service](./terraform/gcp-service.md) | Creates a GCP service user |
| | | [sfabric](./terraform/gcp-sfabric.md) | Terraform module for launching a Service Fabric Dev Environment on GCP |
| | | [statebucket](./terraform/gcp-statebucket.md) | Contains a module to create a statebucket for use with Terraform |
| | | [staticip](./terraform/gcp-staticip.md) | A simple Terraform module to build an instance a static public IP |
| | | [storage](./terraform/gcp-storage.md) | A basic terraform module example, which the example uses for a helm repo |
| | | [subnet](./terraform/gcp-subnet.md) | Terraform module for creating Subnets on Google Cloud |
| | | [tested oses](./terraform/gcp-tested-oses.md) | GCP Tested-Oses |
| | | [vpc](./terraform/gcp-vpc.md) | Terraform module for creating VPCs on Google Cloud |
| | Tencent Cloud | [subnet](./terraform/tencent-subnet.md) | Tencent Cloud Subnet |
| | | [vpc](./terraform/tencent-vpc.md) | Terraform configuration for Tencent Cloud VPC |

40
docs/end-user/components/cloud-services/terraform/alibaba-ack.md
View File

@ -30,29 +30,29 @@ spec:
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
install_cloud_monitor | Install cloud monitor agent on ECS. | bool | false |
k8s_service_cidr | The kubernetes service cidr block. It cannot be equals to vpc's or vswitch's or pod's and cannot be in them. | string | false |
cpu_core_count | CPU core count is used to fetch instance types. | number | false |
vswitch_name_prefix | The vswitch name prefix used to create several new vswitches. Default to variable 'example_name'. | string | false |
vswitch_ids | List of existing vswitch id. | list(any) | false |
master_instance_types | The ecs instance types used to launch master nodes. | list(any) | false |
node_cidr_mask | The node cidr block to specific how many pods can run on single node. Valid values: [24-28]. | number | false |
enable_ssh | Enable login to the node through SSH. | bool | false |
k8s_version | The version of the kubernetes version. Valid values: '1.16.6-aliyun.1','1.14.8-aliyun.1'. Default to '1.16.6-aliyun.1'. | string | false |
vpc_cidr | The cidr block used to launch a new vpc when 'vpc_id' is not specified. | string | false |
vswitch_cidrs | List of cidr blocks used to create several new vswitches when 'vswitch_ids' is not specified. | list(any) | false |
worker_instance_types | The ecs instance types used to launch worker nodes. | list(any) | false |
cpu_policy | kubelet cpu policy. Valid values: 'none','static'. Default to 'none'. | string | false |
password | The password of ECS instance. | string | false |
k8s_worker_number | The number of worker nodes in kubernetes cluster. | number | false |
zone_id | Availability Zone ID | string | false |
k8s_pod_cidr | The kubernetes pod cidr block. It cannot be equals to vpc's or vswitch's and cannot be in them. | string | false |
memory_size | Memory size used to fetch instance types. | number | false |
k8s_service_cidr | The kubernetes service cidr block. It cannot be equals to vpc's or vswitch's or pod's and cannot be in them. | string | false |
zone_id | Availability Zone ID | string | false |
vpc_name | The vpc name used to create a new vpc when 'vpc_id' is not specified. Default to variable `example_name` | string | false |
number_format | The number format used to output. | string | false |
k8s_name_prefix | The name prefix used to create several kubernetes clusters. Default to variable `example_name` | string | false |
new_nat_gateway | Whether to create a new nat gateway. In this template, a new nat gateway will create a nat gateway, eip and server snat entries. | bool | false |
password | The password of ECS instance. | string | false |
vswitch_name_prefix | The vswitch name prefix used to create several new vswitches. Default to variable 'example_name'. | string | false |
worker_instance_types | The ecs instance types used to launch worker nodes. | list(any) | false |
vswitch_ids | List of existing vswitch id. | list(any) | false |
master_instance_types | The ecs instance types used to launch master nodes. | list(any) | false |
cpu_policy | kubelet cpu policy. Valid values: 'none','static'. Default to 'none'. | string | false |
proxy_mode | Proxy mode is option of kube-proxy. Valid values: 'ipvs','iptables'. Default to 'iptables'. | string | false |
cpu_core_count | CPU core count is used to fetch instance types. | number | false |
memory_size | Memory size used to fetch instance types. | number | false |
vpc_cidr | The cidr block used to launch a new vpc when 'vpc_id' is not specified. | string | false |
number_format | The number format used to output. | string | false |
k8s_version | The version of the kubernetes version. Valid values: '1.16.6-aliyun.1','1.14.8-aliyun.1'. Default to '1.16.6-aliyun.1'. | string | false |
vswitch_cidrs | List of cidr blocks used to create several new vswitches when 'vswitch_ids' is not specified. | list(any) | false |
node_cidr_mask | The node cidr block to specific how many pods can run on single node. Valid values: [24-28]. | number | false |
enable_ssh | Enable login to the node through SSH. | bool | false |
install_cloud_monitor | Install cloud monitor agent on ECS. | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
@ -70,11 +70,11 @@ If `writeConnectionSecretToRef` is set, a secret will be generated with these ke
Name | Description
------------ | -------------
CLIENT_CERT | The client certificate of the kubernetes cluster.
CLIENT_KEY | The client key of the kubernetes cluster.
API_SERVER_INTERNET | The internet access of the kubernetes api server.
RESOURCE_IDENTIFIER | The identifier of the resource
CLUSTER_ID | The ID of the cluster
NAME | The name of the kubernetes cluster.
KUBECONFIG | The KubeConfig string of the kubernetes cluster.
CLUSTER_CA_CERT | The CA certificate of the kubernetes cluster.
CLIENT_CERT | The client certificate of the kubernetes cluster.
CLIENT_KEY | The client key of the kubernetes cluster.
API_SERVER_INTERNET | The internet access of the kubernetes api server.

22
docs/end-user/components/cloud-services/terraform/alibaba-amqp.md
View File

@ -13,21 +13,21 @@ Terraform configuration for Alibaba Cloud AMQP(RabbitMQ)
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
max_tps | The specification of the peak TPS traffic. The smallest valid value is 1000 and the largest value is 100,000. | number | false |
create | Whether to create instance. If false, you can specify an existing instance by setting 'instance_id'. | bool | false |
support_eip | The specification of support EIP. | bool | false |
internal | The specification of the internal. | bool | false |
binding_type | The specification of the binding type. Valid values: EXCHANGE, QUEUE. | string | false |
max_eip_tps | The specification of the max eip tps. It is valid when support_eip is true. The valid value is [128, 45000] with the step size 128 | number | false |
name | The specification of module name. | string | false |
instance_type | The specification of the instance type. Valid values: professional, vip. | string | false |
queue_capacity | The specification of the queue capacity. The smallest value is 50 and the step size 5. | number | false |
auto_delete_state | Specifies whether the Auto Delete attribute is configured. Valid values: true: The Auto Delete attributeis configured. If the last queue that is bound to an exchange is unbound, the exchange is automatically deleted. false: The Auto Delete attribute is not configured. If the last queue that is bound to an exchange is unbound, the exchange is not automatically deleted. | bool | false |
exchange_type | The specification of the exchange type. Valid values: FANOUT, DIRECT, TOPIC, HEADERS | string | false |
argument | The specification of the argument. | string | false |
internal | The specification of the internal. | bool | false |
payment_type | The specification of the payment type. | string | false |
period | The specification of the period. Valid values: 1, 12, 2, 24, 3, 6. | number | false |
instance_id | The instance_id used to RabbitMQ. If set, the 'create' will be ignored. | string | false |
argument | The specification of the argument. | string | false |
binding_type | The specification of the binding type. Valid values: EXCHANGE, QUEUE. | string | false |
auto_delete_state | Specifies whether the Auto Delete attribute is configured. Valid values: true: The Auto Delete attributeis configured. If the last queue that is bound to an exchange is unbound, the exchange is automatically deleted. false: The Auto Delete attribute is not configured. If the last queue that is bound to an exchange is unbound, the exchange is not automatically deleted. | bool | false |
instance_type | The specification of the instance type. Valid values: professional, vip. | string | false |
max_tps | The specification of the peak TPS traffic. The smallest valid value is 1000 and the largest value is 100,000. | number | false |
max_eip_tps | The specification of the max eip tps. It is valid when support_eip is true. The valid value is [128, 45000] with the step size 128 | number | false |
create | Whether to create instance. If false, you can specify an existing instance by setting 'instance_id'. | bool | false |
name | The specification of module name. | string | false |
support_eip | The specification of support EIP. | bool | false |
period | The specification of the period. Valid values: 1, 12, 2, 24, 3, 6. | number | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

4
docs/end-user/components/cloud-services/terraform/alibaba-ask.md
View File

@ -31,8 +31,8 @@ If `writeConnectionSecretToRef` is set, a secret will be generated with these ke
Name | Description
------------ | -------------
RESOURCE_IDENTIFIER | The identifier of the resource
Name | Cluster Name
API_SERVER_INTRANET | The API server intranet address of the kubernetes cluster.
API_SERVER_INTERNET | The API server internet address of the kubernetes cluster.
KUBECONFIG | The KubeConfig string of the kubernetes cluster.
RESOURCE_IDENTIFIER | The identifier of the resource
Name | Cluster Name

36
docs/end-user/components/cloud-services/terraform/alibaba-deploy-website.md Normal file
View File

@ -0,0 +1,36 @@
---
title: Alibaba Cloud DEPLOY-WEBSITE
---
## Description
Deploy a Static Website in object stroage, like S3 and OSS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
endpoint | OSS bucket endpoint | string | true |
static_web_url | The URL of the static website | string | false |
bucket | OSS bucket name | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |
### Outputs
If `writeConnectionSecretToRef` is set, a secret will be generated with these keys as below:
Name | Description
------------ | -------------
URL | The URL of the website

38
docs/end-user/components/cloud-services/terraform/alibaba-dns.md Normal file
View File

@ -0,0 +1,38 @@
---
title: Alibaba Cloud DNS
---
## Description
Terraform configuration for Alibaba Cloud DNS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
skip_region_validation | (Deprecated from version 1.5.0) Skip static validation of region ID. Used by users of alternative AlibabaCloud-like APIs or users w/ access to regions that are not public (yet). | bool | false |
existing_domain_name | The name of an existing domain. If set, 'create' will be ignored. | string | false |
domain_name | The name of domain. | string | false |
existing_group_name | Id of the group in which the domain will add. If not supplied, then use default group. | string | false |
add_records | Whether to add records to dns. Default to true. | bool | false |
create_group | Whether to create a DNS group. Default to false. | bool | false |
record_list | (Deprecated) It has been deprecated from 1.3.0, and use 'records' instead. | list(object({\n name = string\n host_record = string\n type = string\n ttl = number\n value = string\n priority = number\n })) | false |
profile | (Deprecated from version 1.5.0) The profile name as set in the shared credentials file. If not set, it will be sourced from the ALICLOUD_PROFILE environment variable. | string | false |
shared_credentials_file | (Deprecated from version 1.5.0) This is the path to the shared credentials file. If this is not set and a profile is specified, $HOME/.aliyun/config.json will be used. | string | false |
create | Whether to create a domain. Default to true. | bool | false |
resource_group_id | The Id of resource group which the DNS belongs. | string | false |
group_name | DNS domain's parrent group name, If not set, a default name with prefix 'terraform-dns-group-' will be returned. | string | false |
region | (Deprecated from version 1.5.0) The region used to launch this module resources. | string | false |
records | DNS record list.Each item can contains keys: 'rr'(The host record of the domain record. 'name' has been deprecated from 1.3.0, and use 'rr' instead.),'type'(The type of the domain. Valid values: A, NS, MX, TXT, CNAME, SRV, AAAA, CAA, REDIRECT_URL, FORWORD_URL. Default to A.),'value'(The value of domain record),'priority'(The priority of domain record. Valid values are `[1-10]`. When the `type` is `MX`, this parameter is required.),'ttl'(The ttl of the domain record. Default to 600.),'line'(The resolution line of domain record. Default value is default.). | list(map(string)) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

51
docs/end-user/components/cloud-services/terraform/alibaba-eip-slb-ecs-rds.md Normal file
View File

@ -0,0 +1,51 @@
---
title: Alibaba Cloud EIP-SLB-ECS-RDS
---
## Description
Create a lightweight web service based on Terraform under AliCloud's VPC, including: EIP, SLB, ECS, RDS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
eip_bandwidth | The specification of the eip bandwidth. | string | false |
data_disks_name | The name of the data disk. | string | false |
instance_storage | The specification of the instance storage. | string | false |
system_disk_name | The specification of the system disk name. | string | false |
image_id | The specification of the image id. | string | false |
engine | The specification of the engine. | string | false |
slb_spec | The specification of the slb spec. | string | false |
vswitch_id | VSwitch variables, if vswitch_id is empty, then the net_type = classic. | string | false |
description | The specification of module description. | string | false |
name | The specification of module name. | string | false |
slb_address_type | The specification of the slb intranet. | string | false |
internet_max_bandwidth_out | The specification of the internet max bandwidth out. | number | false |
ecs_size | The specification of the ecs size. | number | false |
slb_tags_info | The specification of the slb tags info. | string | false |
security_group_ids | A list of security group ids to associate with. | list(string) | false |
system_disk_description | The specification of the system disk description. | string | false |
monitoring_period | The specification of the monitoring period. | string | false |
eip_internet_charge_type | The specification of the eip internet charge type. | string | false |
category | The specification of the category. | string | false |
encrypted | Encrypted the data in this disk. | bool | false |
engine_version | The specification of the engine version. | string | false |
rds_instance_type | The specification of the rds instance type. | string | false |
instance_charge_type | The specification of the instance charge type. | string | false |
availability_zone | The available zone to launch modules. | string | false |
available_disk_category | The specification of available disk category. | string | false |
instance_type | The specification of the instance type. | string | false |
system_disk_category | The specification of the system disk category. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

24
docs/end-user/components/cloud-services/terraform/alibaba-kms.md Normal file
View File

@ -0,0 +1,24 @@
---
title: Alibaba Cloud KMS
---
## Description
Create KMS on AliCloud based on Terraform module
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

51
docs/end-user/components/cloud-services/terraform/alibaba-kubernetes-networking.md Normal file
View File

@ -0,0 +1,51 @@
---
title: Alibaba Cloud KUBERNETES-NETWORKING
---
## Description
Create a set of network environment related resources for Kubernetes clusters on AliCloud based on Terraform module
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
existing_vpc_id | An existing vpc id used to create several vswitches and other resources. | string | false |
vpc_cidr | The cidr block used to launch a new vpc when 'vpc_id' is not specified. | string | false |
nat_period | The charge duration of the PrePaid nat gateway, in month. | number | false |
eip_tags | The tags used to launch the eip. | map(string) | false |
nat_internet_charge_type | The internet charge type. Valid values PayByLcu and PayBySpec. | string | false |
region | (Deprecated from version 1.2.0) The region used to launch this module resources. | string | false |
create | Whether to create kubernetes networking resources. | bool | false |
eip_bandwidth | The eip bandwidth. | number | false |
eip_instance_charge_type | (Deprecated from version 1.3.0) Elastic IP instance charge type. | string | false |
shared_credentials_file | (Deprecated from version 1.2.0) This is the path to the shared credentials file. If this is not set and a profile is specified, $HOME/.aliyun/config.json will be used. | string | false |
nat_payment_type | The billing method of the NAT gateway. | string | false |
eip_payment_type | The billing method of the NAT gateway. | string | false |
eip_period | The duration that you will buy the EIP, in month. | number | false |
nat_instance_charge_type | (Deprecated from version 1.3.0) The charge type of the nat gateway. Choices are 'PostPaid' and 'PrePaid'. | string | false |
nat_type | The type of NAT gateway. | string | false |
skip_region_validation | (Deprecated from version 1.2.0) Skip static validation of region ID. Used by users of alternative AlibabaCloud-like APIs or users w/ access to regions that are not public (yet). | bool | false |
vswitch_cidrs | List of cidr blocks used to create several new vswitches when 'vswitch_ids' is not specified. | list(string) | false |
vswitch_name | The name prefix used to launch the vswitch. | string | false |
nat_gateway_name | The name prefix used to launch the nat gateway. | string | false |
eip_name | The name prefix used to launch the eip. | string | false |
vpc_name | The vpc name used to launch a new vpc. | string | false |
availability_zones | List available zones to launch several VSwitches. | list(string) | false |
vswitch_tags | The tags used to launch serveral vswitches. | map(string) | false |
nat_specification | The specification of nat gateway. | string | false |
eip_internet_charge_type | Internet charge type of the EIP, Valid values are `PayByBandwidth`, `PayByTraffic`. | string | false |
profile | (Deprecated from version 1.2.0) The profile name as set in the shared credentials file. If not set, it will be sourced from the ALICLOUD_PROFILE environment variable. | string | false |
vpc_tags | The tags used to launch a new vpc. | map(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

48
docs/end-user/components/cloud-services/terraform/alibaba-market-tensorflow.md Normal file
View File

@ -0,0 +1,48 @@
---
title: Alibaba Cloud MARKET-TENSORFLOW
---
## Description
Based on Terraform module, create ECS instances on Ali cloud to achieve one-click deployment of cloud marketplace Tensorflow
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
ecs_instance_password | The password of ECS instance. | string | false |
internet_charge_type | The internet charge type of ECS instance. Choices are 'PayByTraffic' and 'PayByBandwidth'. | string | false |
internet_max_bandwidth_out | The maximum internet out bandwidth of ECS instance. | number | false |
region | (Deprecated from version 1.1.0) The region used to launch this module resources. | string | false |
product_supplier_name_keyword | The name keyword of Market Product supplier name used to fetch the specified product image. | string | false |
create_instance | Whether to create ecs instance. | bool | false |
resource_group_id | The Id of resource group which the ECS instance belongs. | string | false |
deletion_protection | Whether enable the deletion protection or not. 'true': Enable deletion protection. 'false': Disable deletion protection. | bool | false |
force_delete | If it is true, the 'PrePaid' instance will be change to 'PostPaid' and then deleted forcibly. However, because of changing instance charge type has CPU core count quota limitation, so strongly recommand that 'Don't modify instance charge type frequentlly in one month'. | bool | false |
tags | A mapping of tags to assign to the ECS. | map(string) | false |
profile | (Deprecated from version 1.1.0) The profile name as set in the shared credentials file. If not set, it will be sourced from the ALICLOUD_PROFILE environment variable. | string | false |
vswitch_id | The virtual switch ID to launch ECS instance in VPC. | string | false |
description | Description of the instance, This description can have a string of 2 to 256 characters, It cannot begin with http:// or https://. Default value is null. | string | false |
system_disk_category | The system disk category used to launch one ecs instance. | string | false |
private_ip | Configure ECS Instance private IP address | string | false |
shared_credentials_file | (Deprecated from version 1.1.0) This is the path to the shared credentials file. If this is not set and a profile is specified, $HOME/.aliyun/config.json will be used. | string | false |
product_keyword | The name keyword of Market Product used to fetch the specified product image. | string | false |
ecs_instance_type | The instance type used to launch ecs instance. | string | false |
security_group_ids | A list of security group ids to associate with ECS. | list(string) | false |
ecs_instance_name | The name of ECS Instance. | string | false |
system_disk_size | The system disk size used to launch ecs instance. | number | false |
skip_region_validation | (Deprecated from version 1.1.0) Skip static validation of region ID. Used by users of alternative AlibabaCloud-like APIs or users w/ access to regions that are not public (yet). | bool | false |
product_suggested_price | The suggested price of Market Product used to fetch the specified product image. | number | false |
image_id | The image id used to launch one ecs instance. If not set, a fetched market place image by product_keyword will be used. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

31
docs/end-user/components/cloud-services/terraform/alibaba-mns-queue.md Normal file
View File

@ -0,0 +1,31 @@
---
title: Alibaba Cloud MNS-QUEUE
---
## Description
Create a queue instance based on the Terraform module
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
region | (Deprecated from version 1.2.0) The region used to launch this module resources. | string | false |
name | Two queues on a single account in the same region cannot have the same name. A queue name must start with an English letter or a digit, and can contain English letters, digits, and hyphens, with the length not exceeding 256 characters. | string | false |
delay_seconds | This attribute defines the length of time, in seconds, after which every message sent to the queue is dequeued. Valid value range: 0-604800 seconds, i.e., 0 to 7 days. | number | false |
maximum_message_size | This indicates the maximum length, in bytes, of any message body sent to the queue. Valid value range: 1024-65536, i.e., 1K to 64K. | number | false |
message_retention_period | Messages are deleted from the queue after a specified length of time, whether they have been activated or not. This attribute defines the viability period, in seconds, for every message in the queue. Valid value range: 60-259200 seconds, i.e., 1 minutes to 3 days. | number | false |
visibility_timeout | Dequeued messages change from active (visible) status to inactive (invisible) status. This attribute defines the length of time, in seconds, that messages remain invisible. Messages return to active status after the set period. Valid value range: 1-43200 seconds, i.e., 1 seconds to 12 hours. | number | false |
polling_wait_seconds | Long polling is measured in seconds. When this attribute is set to 0, long polling is disabled. When it is not set to 0, long polling is enabled and message dequeue requests will be processed only when valid messages are received or when long polling times out. The value range is 0-30 seconds. | number | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

33
docs/end-user/components/cloud-services/terraform/alibaba-mns-topic.md Normal file
View File

@ -0,0 +1,33 @@
---
title: Alibaba Cloud MNS-TOPIC
---
## Description
Create a topic and a subscription based on Terraform module
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
maximum_message_size | This indicates the maximum length, in bytes, of any message body sent to the topic. Valid value range: 1024-65536, i.e., 1K to 64K. | number | false |
subscription_name | the Subscription Name,Two subcription Name on a single topic in the same region cannot have the same name.A subscription name must start with an English letter or a digit, and can contain English letters, digits, and hyphens, with the length not exceeding 256 characters. | string | false |
filter_tag | Message Filter Label | string | false |
region | (Deprecated from version 1.2.0) The region used to launch this module resources. | string | false |
topic_name | Two topics on a single account in the same region cannot have the same name. A topic name must start with an English letter or a digit, and can contain English letters, digits, and hyphens, with the length not exceeding 256 characters. | string | false |
notify_strategy | The NotifyStrategy attribute of Subscription. This attribute specifies the retry strategy when message sending fails. the attribute has two value EXPONENTIAL_DECAY_RETR or BACKOFF_RETRY | string | false |
notify_content_format | The NotifyContentFormat attribute of Subscription. This attribute specifies the content format of the messages pushed to users. the attribute has two value SIMPLIFIED or XML | string | false |
logging_enabled | is log enabled ? | bool | false |
endpoint | Describe the terminal address of the message received in this subscription. email format: mail:directmail:XXX@YYY.com , queue format: http(s)://AccountId.mns.regionId.aliyuncs.com/, http format: http(s)://www.xxx.com/xxx | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

42
docs/end-user/components/cloud-services/terraform/alibaba-mongodb-multi.md Normal file
View File

@ -0,0 +1,42 @@
---
title: Alibaba Cloud MONGODB-MULTI
---
## Description
Terraform-based module for creating a MongoDB cloud database under AliCloud VPC
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
engine_version | The version number of the database. Valid value: 3.2, 3.4, 4.0. | string | false |
db_instance_storage | The storage space of the instance. Valid values: 10 to 3000. Unit: GB. You can only specify this value in 10 GB increments. | number | false |
zone_id | The ID of the zone. You can refer to https://www.alibabacloud.com/help/doc-detail/61933.htm. | string | false |
name | The name of DB instance. It a string of 2 to 256 characters | string | false |
db_instance_class | The specification of the instance. For more information about the value, see https://www.alibabacloud.com/help/doc-detail/57141.htm | string | false |
replication_factor | The number of nodes in the replica set instance. Valid values: 3, 5, 7. Default value: 3. | number | false |
account_password | Password of the root account. It is a string of 6 to 32 characters and is composed of letters, numbers, and underlines | string | false |
backup_time | MongoDB instance backup time. It is required when backup_period was existed. In the format of HH:mmZ- HH:mmZ. Time setting interval is one hour. Default to a random time, like '23:00Z-24:00Z'. | string | false |
region | The specification of the monitoring region. | string | false |
create_resources_size | The specification of the monitoring region. | string | false |
period | The duration that you will buy DB instance (in month). It is valid when instance_charge_type is PrePaid. Valid values: [1~9], 12, 24, 36. Default to 1 | number | false |
security_ip_list | List of IP addresses allowed to access all databases of an instance. The list contains up to 1,000 IP addresses, separated by commas. Supported formats include 0.0.0.0/0, 10.23.12.24 (IP), and 10.23.12.24/24 (Classless Inter-Domain Routing (CIDR) mode. /24 represents the length of the prefix in an IP address. The range of the prefix length is [1,32]). | list(string) | false |
vswitch_id | The virtual switch ID to launch DB instances in one VPC. | string | false |
backup_period | MongoDB Instance backup period. It is required when backup_time was existed. Valid values: [Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday]. Default to [Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday]. | list(string) | false |
instance_charge_type | The billing method of the instance. Valid values are Prepaid, PostPaid, Default to PostPaid | string | false |
storage_engine | The MongoDB storage engine, WiredTiger or RocksDB. Default value: WiredTiger. | string | false |
tags | A mapping of tags to assign to the mongodb instance resource. | map(string) | false |
instance_id | `(Deprecated)` It has been deprecated from version 1.2.0 and use `existing_instance_id` instead. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

30
docs/end-user/components/cloud-services/terraform/alibaba-mongodb.md
View File

@ -13,28 +13,28 @@ Alibaba Cloud MongoDB
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
profile | (Deprecated from version 1.4.0) The profile name as set in the shared credentials file. If not set, it will be sourced from the ALICLOUD_PROFILE environment variable. | string | false |
skip_region_validation | (Deprecated from version 1.4.0) Skip static validation of region ID. Used by users of alternative AlibabaCloud-like APIs or users w/ access to regions that are not public (yet). | bool | false |
engine_version | The version number of the database. Valid value: 3.4, 4.0, 4.2, 4.4, 5.0 | string | true |
zone_id | The ID of the zone. You can refer to https://www.alibabacloud.com/help/doc-detail/61933.htm. | string | false |
security_ip_list | List of IP addresses allowed to access all databases of an instance. The list contains up to 1,000 IP addresses, separated by commas. Supported formats include 0.0.0.0/0, 10.23.12.24 (IP), and 10.23.12.24/24 (Classless Inter-Domain Routing (CIDR) mode. /24 represents the length of the prefix in an IP address. The range of the prefix length is [1,32]). | list(string) | false |
existing_instance_id | The Id of an existing Mongodb instance. If set, the `create` will be ignored. | string | false |
tags | A mapping of tags to assign to the mongodb instance resource. | map(string) | false |
db_instance_class | The specification of the instance. For more information about the value, see https://www.alibabacloud.com/help/doc-detail/57141.htm | string | true |
storage_engine | The MongoDB storage engine, WiredTiger or RocksDB. Default value: WiredTiger. | string | false |
create | Whether to use an existing MongoDB. If false, you can use a existing Mongodb instance by setting `existing_instance_id`. | bool | false |
shared_credentials_file | (Deprecated from version 1.4.0) This is the path to the shared credentials file. If this is not set and a profile is specified, $HOME/.aliyun/config.json will be used. | string | false |
storage_engine | The MongoDB storage engine, WiredTiger or RocksDB. Default value: WiredTiger. | string | false |
instance_charge_type | The billing method of the instance. Valid values are Prepaid, PostPaid, Default to PostPaid | string | false |
vswitch_id | The virtual switch ID to launch DB instances in one VPC. | string | false |
backup_period | MongoDB Instance backup period. It is required when backup_time was existed. Valid values: [Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday]. Default to [Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday]. | list(string) | true |
account_password | Password of the root account. It is a string of 6 to 32 characters and is composed of letters, numbers, and underlines | string | true |
instance_id | `(Deprecated)` It has been deprecated from version 1.2.0 and use `existing_instance_id` instead. | string | false |
profile | (Deprecated from version 1.4.0) The profile name as set in the shared credentials file. If not set, it will be sourced from the ALICLOUD_PROFILE environment variable. | string | false |
region | (Deprecated from version 1.4.0) The region used to launch this module resources. | string | false |
db_instance_storage | The storage space of the instance. Valid values: 10 to 3000. Unit: GB. You can only specify this value in 10 GB increments. | number | false |
db_instance_class | The specification of the instance. For more information about the value, see https://www.alibabacloud.com/help/doc-detail/57141.htm | string | true |
period | The duration that you will buy DB instance (in month). It is valid when instance_charge_type is PrePaid. Valid values: [1~9], 12, 24, 36. Default to 1 | | false |
name | The name of DB instance. It a string of 2 to 256 characters | string | true |
security_ip_list | List of IP addresses allowed to access all databases of an instance. The list contains up to 1,000 IP addresses, separated by commas. Supported formats include 0.0.0.0/0, 10.23.12.24 (IP), and 10.23.12.24/24 (Classless Inter-Domain Routing (CIDR) mode. /24 represents the length of the prefix in an IP address. The range of the prefix length is [1,32]). | list(string) | false |
replication_factor | The number of nodes in the replica set instance. Valid values: 3, 5, 7. Default value: 3. | number | false |
backup_period | MongoDB Instance backup period. It is required when backup_time was existed. Valid values: [Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday]. Default to [Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday]. | list(string) | true |
existing_instance_id | The Id of an existing Mongodb instance. If set, the `create` will be ignored. | string | false |
name | The name of DB instance. It a string of 2 to 256 characters | string | true |
period | The duration that you will buy DB instance (in month). It is valid when instance_charge_type is PrePaid. Valid values: [1~9], 12, 24, 36. Default to 1 | | false |
zone_id | The ID of the zone. You can refer to https://www.alibabacloud.com/help/doc-detail/61933.htm. | string | false |
account_password | Password of the root account. It is a string of 6 to 32 characters and is composed of letters, numbers, and underlines | string | true |
backup_time | MongoDB instance backup time. It is required when backup_period was existed. In the format of HH:mmZ- HH:mmZ. Time setting interval is one hour. Default to a random time, like '23:00Z-24:00Z'. | string | false |
tags | A mapping of tags to assign to the mongodb instance resource. | map(string) | false |
region | (Deprecated from version 1.4.0) The region used to launch this module resources. | string | false |
engine_version | The version number of the database. Valid value: 3.4, 4.0, 4.2, 4.4, 5.0 | string | true |
db_instance_storage | The storage space of the instance. Valid values: 10 to 3000. Unit: GB. You can only specify this value in 10 GB increments. | number | false |
instance_id | `(Deprecated)` It has been deprecated from version 1.2.0 and use `existing_instance_id` instead. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

2
docs/end-user/components/cloud-services/terraform/alibaba-mse.md
View File

@ -36,9 +36,9 @@ If `writeConnectionSecretToRef` is set, a secret will be generated with these ke
Name | Description
------------ | -------------
INTRANET_DOMAIN | The intranet domain of the resource
INTRANET_PORT | The intranet port of the resource
Net_TYPE | The type of network
RESOURCE_IDENTIFIER | The identifier of the resource
INTERNET_DOMAIN | The internet domain of the resource
INTERNET_PORT | The internet port of the resource
INTRANET_DOMAIN | The intranet domain of the resource

41
docs/end-user/components/cloud-services/terraform/alibaba-nas.md Normal file
View File

@ -0,0 +1,41 @@
---
title: Alibaba Cloud NAS
---
## Description
Terraform configuration for Alicloud NAS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
zone_id | Availability Zone ID | string | false |
namePrefix | | string | false |
createNas | | bool | false |
name | The name of the security group rule | string | false |
description | The description of the security group rule | string | false |
port_range | The port range of the security group rule | string | false |
cidr_ip | cidr blocks used to create a new security group rule | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |
### Outputs
If `writeConnectionSecretToRef` is set, a secret will be generated with these keys as below:
Name | Description
------------ | -------------
nasId | NAS ID
nasMountTargetId | NAS Mount Target ID

79
docs/end-user/components/cloud-services/terraform/alibaba-network-with-nat.md Normal file
View File

@ -0,0 +1,79 @@
---
title: Alibaba Cloud NETWORK-WITH-NAT
---
## Description
Build VPC and Nat gateway network environment and bind EIP, add SNAT and DNAT entries on AliCloud based on Terraform module
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
nat_period | The charge duration of the PrePaid nat gateway, in month. | number | false |
region | (Deprecated from version 1.1.0) The region used to launch this module resources. | string | false |
profile | (Deprecated from version 1.1.0) The profile name as set in the shared credentials file. If not set, it will be sourced from the ALICLOUD_PROFILE environment variable. | string | false |
vpc_name | The vpc name used to launch a new vpc. | string | false |
use_num_suffix | Always append numerical suffix(like 001, 002 and so on) to vswitch name, even if the length of `vswitch_cidrs` is 1 | bool | false |
nat_type | The type of NAT gateway. | string | false |
snat_with_vswitch_ids | List of snat entries to create by vswitch ids. Each item valid keys: 'vswitch_ids'(required, using comma joinor to set multi vswitch ids), 'snat_ip'(if not, use root parameter 'snat_ips', using comma joinor to set multi ips), 'name'(if not, will return one automatically). | list(map(string)) | false |
vpc_cidr | The cidr block used to launch a new vpc. | string | false |
bandwidth_package_name | The name of the common bandwidth package. | string | false |
dnat_entries | A list of entries to create. Each item valid keys: 'name'(default to a string with prefix 'tf-dnat-entry' and numerical suffix), 'ip_protocol'(default to 'any'), 'external_ip'(if not, use root parameter 'external_ip'), 'external_port'(default to 'any'), 'internal_ip'(required), 'internal_port'(default to the 'external_port'). | list(map(string)) | false |
vpc_tags | The tags used to launch a new vpc. | map(string) | false |
number_of_snat_eip | Number of EIP instance used to bind with this Snat. | number | false |
eip_period | The duration that you will buy the EIP, in month. | number | false |
dnat_table_id | The value can get from alicloud_nat_gateway Attributes 'forward_table_ids'. | string | false |
create_vpc | Whether to create vpc. If false, you can specify an existing vpc by setting 'existing_vpc_id'. | bool | false |
vswitch_id | ID of the vswitch where to create nat gateway. | string | false |
payment_type | The billing method of the NAT gateway. | string | false |
dnat_eip_association_instance_id | The ID of the ECS or SLB instance or Nat Gateway or NetworkInterface or HaVip. | string | false |
computed_snat_with_source_cidr | List of computed snat entries to create by cidr blocks. Each item valid keys: 'source_cidr'(required), 'snat_ip'(if not, use root parameter 'snat_ips', using comma joinor to set multi ips), 'name'(if not, will return one automatically). | list(map(string)) | false |
dnat_external_ip | The public ip address to use on all dnat entries. | string | false |
create_nat | Whether to create nat gateway. | bool | false |
cbp_ratio | Ratio of the common bandwidth package. | number | false |
eip_isp | The line type of the Elastic IP instance. | string | false |
internet_charge_type | The internet charge type. | string | false |
cbp_bandwidth | The bandwidth of the common bandwidth package, in Mbps. | number | false |
cbp_internet_charge_type | The billing method of the common bandwidth package. Valid values are 'PayByBandwidth' and 'PayBy95' and 'PayByTraffic'. 'PayBy95' is pay by classic 95th percentile pricing. International Account doesn't supports 'PayByBandwidth' and 'PayBy95'. Default to 'PayByTraffic'. | string | false |
create_eip | Whether to create new EIP and bind it to this Nat gateway. If true, the 'number_of_dnat_eip' or 'number_of_snat_eip' should not be empty. | bool | false |
number_of_dnat_eip | Number of EIP instance used to bind with this Dnat. | number | false |
vswitch_cidrs | List of cidr blocks used to launch several new vswitches. If not set, there is no new vswitches will be created. | list(string) | false |
vswitch_ids | A list of virtual switch IDs to launch in. | list(string) | false |
snat_with_source_cidrs | List of snat entries to create by cidr blocks. Each item valid keys: 'source_cidrs'(required, using comma joinor to set multi cidrs), 'snat_ip'(if not, use root parameter 'snat_ips', using comma joinor to set multi ips), 'name'(if not, will return one automatically). | list(map(string)) | false |
vpc_description | The vpc description used to launch a new vpc. | string | false |
availability_zones | List available zones to launch several VSwitches. | list(string) | false |
create_snat | Whether to create snat entries. If true, the 'snat_with_source_cidrs' or 'snat_with_vswitch_ids' or 'snat_with_instance_ids' should be set. | bool | false |
nat_description | The description of nat gateway. | string | false |
shared_credentials_file | (Deprecated from version 1.1.0) This is the path to the shared credentials file. If this is not set and a profile is specified, $HOME/.aliyun/config.json will be used. | string | false |
existing_vpc_id | The vpc id used to launch several vswitches. | string | false |
nat_name | Name of a new nat gateway. | string | false |
eip_tags | A mapping of tags to assign to the EIP instance resource. | map(string) | false |
computed_snat_with_vswitch_id | List of computed snat entries to create by vswitch ids. Each item valid keys: 'vswitch_id'(required), 'snat_ip'(if not, use root parameter 'snat_ips', using comma joinor to set multi ips), 'name'(if not, will return one automatically). | list(map(string)) | false |
vswitch_tags | The tags used to launch serveral vswitches. | map(string) | false |
nat_specification | The specification of nat gateway. | string | false |
vswitch_name | The vswitch name prefix used to launch several new vswitches. | string | false |
eip_bandwidth | Maximum bandwidth to the elastic public network, measured in Mbps (Mega bit per second). | number | false |
eip_internet_charge_type | Internet charge type of the EIP, Valid values are 'PayByBandwidth', 'PayByTraffic'. | string | false |
tags | The common tags will apply to all of resources. | map(string) | false |
eip_name | Name to be used on all eip as prefix. Default to 'TF-EIP-for-Nat'. The final default name would be TF-EIP-for-Nat001, TF-EIP-for-Nat002 and so on. | string | false |
snat_ips | The public ip addresses to use on all snat entries. | list(string) | false |
nat_instance_charge_type | (Deprecated from version 1.2.0) The charge type of the nat gateway. Choices are 'PostPaid' and 'PrePaid'. | string | false |
use_existing_vpc | The vpc id used to launch several vswitches. If set, the 'create_vpc' will be ignored. | bool | false |
snat_with_instance_ids | List of snat entries to create by ecs instance ids. Each item valid keys: 'instance_ids'(required, using comma joinor to set multi instance ids), 'snat_ip'(if not, use root parameter 'snat_ips', using comma joinor to set multi ips), 'name'(if not, will return one automatically). | list(map(string)) | false |
skip_region_validation | (Deprecated from version 1.1.0) Skip static validation of region ID. Used by users of alternative AlibabaCloud-like APIs or users w/ access to regions that are not public (yet). | bool | false |
vswitch_description | The vswitch description used to launch several new vswitch. | string | false |
eip_instance_charge_type | Elastic IP instance charge type. | string | false |
create_dnat | Whether to create dnat entries. If true, the 'entries' should be set. | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

39
docs/end-user/components/cloud-services/terraform/alibaba-oss-website.md Normal file
View File

@ -0,0 +1,39 @@
---
title: Alibaba Cloud OSS-WEBSITE
---
## Description
Alibaba Cloud OSS static webstie bucket
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
bucket | OSS bucket name | string | false |
acl | OSS bucket ACL, supported 'private', 'public-read', 'public-read-write' | string | false |
index_document | OSS bucket static website index document | string | false |
error_document | OSS bucket static website error document | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |
### Outputs
If `writeConnectionSecretToRef` is set, a secret will be generated with these keys as below:
Name | Description
------------ | -------------
BUCKET_NAME |
EXTRANET_ENDPOINT | OSS bucket external endpoint
INTRANET_ENDPOINT | OSS bucket internal endpoint

2
docs/end-user/components/cloud-services/terraform/alibaba-oss.md
View File

@ -31,8 +31,8 @@ spec:
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
bucket | OSS bucket name | string | false |
acl | OSS bucket ACL, supported 'private', 'public-read', 'public-read-write' | string | false |
bucket | OSS bucket name | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

63
docs/end-user/components/cloud-services/terraform/alibaba-private-zone.md Normal file
View File

@ -0,0 +1,63 @@
---
title: Alibaba Cloud PRIVATE-ZONE
---
## Description
Terraform-based modules are used to create a Private Zone on AliCloud, while you can add records to the Zone and associate it with a VPC
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
alarm_description | The description for the alarm. | string | false |
scheduled_task_name | The name for scheduled task. Default to a random string prefixed with `terraform-scheduled-task-`. | string | false |
enable_scheduled_task | Whether to enable the scheduled task. | bool | false |
skip_region_validation | (Deprecated from version 1.1.0) Skip static validation of region ID. Used by users of alternative AlibabaCloud-like APIs or users w/ access to regions that are not public (yet). | bool | false |
adjustment_type | (Deprecated from version 1.2.0) The method only used by the simple and step scaling rule to adjust the number of ECS instances. Valid values: QuantityChangeInCapacity, PercentChangeInCapacity and TotalCapacity. Use simple_rule_adjustment_type and step_rule_adjustment_type instead. | string | false |
scaling_target_tracking_rule_name | The name for scaling rule. Default to a random string prefixed with `terraform-ess-<rule type>-`. | string | false |
create_alarm_task | If true, the module will create a scheduled task for each scaling rule | bool | false |
step_rule_estimated_instance_warmup | The warm-up period of the ECS instances. It is applicable to target tracking and step scaling rules. The system adds ECS instances that are in the warm-up state to the scaling group, but does not report monitoring data during the warm-up period to CloudMonitor. Valid values: 0 to 86400. Unit: seconds. | number | false |
alarm_task_name | The name for alarm task. Default to a random string prefixed with `terraform-alarm-task-`. | string | false |
region | (Deprecated from version 1.1.0) The region ID used to launch this module resources. If not set, it will be sourced from followed by ALICLOUD_REGION environment variable and profile. | string | false |
cooldown | The cooldown time of the simple scaling rule. Valid values: 0 to 86400. Unit: seconds. If not set, the scaling group's cooldown will be used. | number | false |
target_tracking_rule_estimated_instance_warmup | The warm-up period of the ECS instances. It is applicable to target tracking and step scaling rules. The system adds ECS instances that are in the warm-up state to the scaling group, but does not report monitoring data during the warm-up period to CloudMonitor. Valid values: 0 to 86400. Unit: seconds. | number | false |
disable_scale_in | Whether to disable scale-in. This parameter is applicable only to target tracking scaling rules. | bool | false |
shared_credentials_file | (Deprecated from version 1.1.0) This is the path to the shared credentials file. If this is not set and a profile is specified, $HOME/.aliyun/config.json will be used. | string | false |
create_scheduled_task | If true, the module will create a scheduled task for each scaling rule | bool | false |
scheduled_task_setting | The setting of running a scheduled task. It contains basic and recurrence setting. Deails see `run_at`(the time at which the scheduled task is triggered), `retry_interval`(the time period during which a failed scheduled task is retried, default to 600 seconds), `recurrence_type`(the recurrence type of the scheduled task: Daily, Weekly, Monthly or Cron, default to empty), `recurrence_value`(the recurrence frequency of the scheduled task, it must be set when `recurrence_type` is set) and `end_at`(the end time after which the scheduled task is no longer repeated. it will ignored if `recurrence_type` is not set) | map(string) | false |
alarm_task_setting | The setting of monitoring index setting. It contains the following parameters: `period`(A reference period used to collect, summary, and compute data. Default to 60 seconds), `method`(The method used to statistics data, default to Average), `threshold`(Verify whether the statistics data value of a metric exceeds the specified threshold. Default to 0), `comparison_operator`(The arithmetic operation to use when comparing the specified method and threshold. Default to >=), `trigger_after`(You can select one the following options, such as 1, 2, 3, and 5 times. When the value of a metric exceeds the threshold for specified times, an event is triggered, and the specified scaling rule is applied. Default to 3 times.) | map(string) | false |
scaling_rule_name | (Deprecated from version 1.2.0) The name for scaling rule. Default to a random string prefixed with `terraform-ess-<rule type>-`. Use scaling_simple_rule_name, scaling_target_tracking_rule_name and scaling_step_rule_name instead. | string | false |
simple_rule_adjustment_type | The method only used by the simple and step scaling rule to adjust the number of ECS instances. Valid values: QuantityChangeInCapacity, PercentChangeInCapacity and TotalCapacity. | string | false |
create_target_tracking_rule | Whether to create a target tracking scaling rule in the specified scaling group. | bool | false |
create_step_rule | Whether to create a step scaling rule in the specified scaling group. | bool | false |
scheduled_task_description | Description of the scheduled task, which is 2-200 characters (English or Chinese) long. | string | false |
profile | (Deprecated from version 1.1.0) The profile name as set in the shared credentials file. If not set, it will be sourced from the ALICLOUD_PROFILE environment variable. | string | false |
adjustment_value | The number of ECS instances to be adjusted in the simple scaling rule. The number of ECS instances to be adjusted in a single scaling activity cannot exceed 500. | number | false |
target_tracking_rule_metric_name | The predefined metric to monitor. This parameter is required and applicable only to target tracking scaling rules. See valid values: https://www.alibabacloud.com/help/doc-detail/25948.htm | string | false |
scaling_step_rule_name | The name for scaling rule. Default to a random string prefixed with `terraform-ess-<rule type>-`. | string | false |
enable_alarm_task | Whether to enable the alarm task. | bool | false |
task_actions | The list of actions to execute when this alarm transition into an ALARM state. | list(string) | false |
alarm_task_metric_name | The monitoring index name. Details see `[system monitoring index](https://help.aliyun.com/document_detail/141651.htm)` and `[custom monidoring index](https://www.alibabacloud.com/help/doc-detail/74861.htm)`. | string | false |
alarm_task_metric_type | The monitoring type for alarm task. Valid values system, custom. `system` means the metric data is collected by Aliyun Cloud Monitor Service(CMS); `custom` means the metric data is upload to CMS by users. | string | false |
metric_name | (Deprecated from version 1.2.0) The monitoring index name. Details see `[system monitoring index](https://help.aliyun.com/document_detail/141651.htm)` and `[custom monidoring index](https://www.alibabacloud.com/help/doc-detail/74861.htm)`. Use target_tracking_rule_metric_name instead. | string | false |
create_simple_rule | Whether to create a simple scaling rule in the specified scaling group. | bool | false |
scaling_group_id | Specifying existing autoscaling group ID. If not set, it can be retrieved automatically by specifying filter `scaling_group_name_regex`. | string | false |
target_value | The target value of a metric. This parameter is required and applicable only to target tracking scaling rules. It must be greater than 0 and can have a maximum of three decimal places. | string | false |
step_adjustments | The predefined metric to monitor. This parameter is required and applicable only to step scaling rules. Each item contains the following parameters: `lower_limit`(The lower limit value specified. Valid values: -9.999999E18 to 9.999999E18.), `upper_limit`(The upper limit value specified. Valid values: -9.999999E18 to 9.999999E18.), `adjustment_value`(The specified number of ECS instances to be adjusted) | list(map(string)) | false |
estimated_instance_warmup | (Deprecated from version 1.2.0) The warm-up period of the ECS instances. It is applicable to target tracking and step scaling rules. The system adds ECS instances that are in the warm-up state to the scaling group, but does not report monitoring data during the warm-up period to CloudMonitor. Valid values: 0 to 86400. Unit: seconds. Use target_tracking_rule_estimated_instance_warmup and step_rule_estimated_instance_warmup instead. | number | false |
scaling_simple_rule_name | The name for scaling rule. Default to a random string prefixed with `terraform-ess-<rule type>-`. | string | false |
scaling_group_name_regex | Using a name regex to retrieve existing scaling group automactially. | string | false |
step_rule_adjustment_type | The method only used by the simple and step scaling rule to adjust the number of ECS instances. Valid values: QuantityChangeInCapacity, PercentChangeInCapacity and TotalCapacity. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

44
docs/end-user/components/cloud-services/terraform/alibaba-rabbitmq.md Normal file
View File

@ -0,0 +1,44 @@
---
title: Alibaba Cloud RABBITMQ
---
## Description
Create a RabbitMQ based on Terraform module in Ali cloud
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
queue_capacity | The specification of the queue capacity. | number | false |
support_eip | The specification of support EIP. | bool | false |
max_eip_tps | The specification of the max eip tps. | number | false |
payment_type | The specification of the payment type. | string | false |
create | Whether to create instance. If false, you can specify an existing instance by setting 'instance_id'. | bool | false |
instance_id | The instance_id used to RabbitMQ. If 'create' is true, the 'instance ID' is invalid.If 'create' is false,you must specify an existing instance by setting 'instance_id'. | string | false |
queue_name | The name of the queue. | string | false |
instance_name | The specification of module name. | string | false |
binding_type | The specification of the binding type. | string | false |
exchange_name | The name of the exchange. | string | false |
auto_delete_state | The specification of the auto delete state. | bool | false |
exchange_type | The specification of the exchange type. | string | false |
internal | The specification of the internal. | bool | false |
modify_type | The modify type.It is required when updating other attributes. | string | false |
period | The specification of the period. | number | false |
virtual_host_name | VirtualHostName. | string | false |
argument | The specification of the argument. | string | false |
instance_type | The specification of the instance type. | string | false |
max_tps | The specification of the peak TPS traffic. | number | false |
name | (Deprecated from version 1.1.0) The specification of module name. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

33
docs/end-user/components/cloud-services/terraform/alibaba-ram-fc.md Normal file
View File

@ -0,0 +1,33 @@
---
title: Alibaba Cloud RAM-FC
---
## Description
Create a functional computing service based on Terraform under AliCloud's RAM role
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
policy_type | The specification of module policy type. | string | false |
logstore | The specification of logstore. | string | false |
project | The specification of project. | string | false |
name | The specification of module name. | string | false |
document | Authorization strategy of the RAM role. | string | false |
ram_role_description | The specification of module ram role description. | string | false |
force | This parameter is used for resource destroy | bool | false |
policy_name | The specification of module ram role description. | string | false |
fc_service_description | The specification of module fc service description. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

37
docs/end-user/components/cloud-services/terraform/alibaba-ram.md Normal file
View File

@ -0,0 +1,37 @@
---
title: Alibaba Cloud RAM
---
## Description
Create RAM User instances on AliCloud based on Terraform module
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
create_user | Whether to create ram user. | bool | false |
force_destroy | When destroying this user, destroy even if it has non-Terraform-managed ram access keys, login profile or MFA devices. Without force_destroy a user with non-Terraform-managed access keys and login profile will fail to be destroyed. | bool | false |
create_ram_user_login_profile | Whether to create ram user login profile | bool | false |
password | Login password of the user | string | false |
admin_name_regex | A regex string to filter resulting policies by name. | string | false |
is_reader | Whether to grant reader permission | bool | false |
policy_type | Type of the RAM policy. It must be Custom or System. | string | false |
reader_name_regex | A regex string to filter resulting policies by name. | string | false |
region | (Deprecated from version 1.3.0)The region used to launch this module resources. | string | false |
name | Desired name for the ram user. If not set, a default name with prefix `ram-user-` will be returned. | string | false |
create_ram_access_key | Whether to create ram access key | bool | false |
secret_file | A file used to store access key and secret key of ther user | string | false |
is_admin | Whether to grant admin permission | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

51
docs/end-user/components/cloud-services/terraform/alibaba-rds-preview.md Normal file
View File

@ -0,0 +1,51 @@
---
title: Alibaba Cloud RDS-PREVIEW
---
## Description
Alibaba RDS in a preview mode
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
instance_name | RDS instance name | string | false |
account_name | RDS instance user account name | string | false |
password | RDS instance account password | string | true |
allocate_public_connection | Whether to allocate public connection for a RDS instance. | bool | false |
security_ips | List of IP addresses allowed to access all databases of an instance | list(any) | false |
database_name | Database name | string | false |
privilege | The privilege of one account access database. | string | false |
sql_file | The name of SQL file in the bucket, like `db.sql` | string | false |
sql_bucket_name | The bucket name of the SQL file. like `oss://example` | string | false |
sql_bucket_endpoint | The endpoint of the bucket. like `oss-cn-hangzhou.aliyuncs.com` | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |
### Outputs
If `writeConnectionSecretToRef` is set, a secret will be generated with these keys as below:
Name | Description
------------ | -------------
DB_PUBLIC_HOST | RDS Instance Public Host
DATABASE_NAME | RDS Database Name
DB_ID | RDS Instance ID
DB_USER | RDS Instance User
DB_PORT | RDS Instance Port
DB_PASSWORD | RDS Instance Password
RESOURCE_IDENTIFIER | The identifier of the resource
DB_NAME | RDS Instance Name
DB_HOST | RDS Instance Host

23
docs/end-user/components/cloud-services/terraform/alibaba-rds.md
View File

@ -32,14 +32,15 @@ spec:
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
security_ips | List of IP addresses allowed to access all databases of an instance | list(any) | false |
database_name | Database name | string | false |
privilege | The privilege of one account access database. | string | false |
vswitch_id | The vswitch id of the RDS instance. If set, the RDS instance will be created in VPC, or it will be created in classic network. | string | false |
instance_name | RDS instance name | string | false |
account_name | RDS instance user account name | string | false |
password | RDS instance account password | string | true |
allocate_public_connection | Whether to allocate public connection for a RDS instance. | bool | false |
security_ips | List of IP addresses allowed to access all databases of an instance | list(any) | false |
database_name | Database name | string | false |
password | RDS instance account password | string | true |
privilege | The privilege of one account access database. | string | false |
vswitch_id | The vswitch id of the RDS instance. If set, the RDS instance will be created in VPC, or it will be created in classic network. | string | false |
databases | The database list, each database is a map, the map contains the following attributes: name, character_set, description, like `[{"name":"test","character_set":"utf8","description":"test database"},]`. It conflicts with `database_name`. | list(map(string)) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
@ -57,12 +58,12 @@ If `writeConnectionSecretToRef` is set, a secret will be generated with these ke
Name | Description
------------ | -------------
DB_PUBLIC_HOST | RDS Instance Public Host
DB_NAME | RDS Instance Name
DB_USER | RDS Instance User
RESOURCE_IDENTIFIER | The identifier of the resource
DB_HOST | RDS Instance Host
DB_PASSWORD | RDS Instance Password
RESOURCE_IDENTIFIER | The identifier of the resource
DB_ID | RDS Instance ID
DB_PORT | RDS Instance Port
DATABASE_NAME | RDS Database Name
DB_ID | RDS Instance ID
DB_NAME | RDS Instance Name
DB_USER | RDS Instance User
DB_PORT | RDS Instance Port
DB_PUBLIC_HOST | RDS Instance Public Host

2
docs/end-user/components/cloud-services/terraform/alibaba-redis.md
View File

@ -52,8 +52,8 @@ If `writeConnectionSecretToRef` is set, a secret will be generated with these ke
Name | Description
------------ | -------------
REDIS_CONNECT_ADDRESS | Redis connect address
REDIS_USER | Redis user
REDIS_PASSWORD | Redis password
RESOURCE_IDENTIFIER | The identifier of the resource
REDIS_NAME | Redis instance name
REDIS_CONNECT_ADDRESS | Redis connect address

35
docs/end-user/components/cloud-services/terraform/alibaba-remote-backend.md Normal file
View File

@ -0,0 +1,35 @@
---
title: Alibaba Cloud REMOTE-BACKEND
---
## Description
Deploy remote backend storage in Aliyun based on Terraform module
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
region | The region used to launch this module resources. | | false |
create_ots_lock_instance | Boolean: If you have a OTS instance already, use that one, else make this true and one will be created | | false |
backend_ots_lock_instance | The name of OTS instance to which table belongs. | | false |
backend_ots_lock_table | OTS table to hold state lock when updating. If not set, the module will craete one with prefix `terraform-remote-backend` | | false |
create_backend_bucket | Boolean. If you have a OSS bucket already, use that one, else make this true and one will be created | | false |
backend_oss_bucket | Name of OSS bucket prepared to hold your terraform state(s). If not set, the module will craete one with prefix `terraform-remote-backend` | | false |
create_ots_lock_table | Boolean: If you have a ots table already, use that one, else make this true and one will be created | | false |
state_acl | Canned ACL applied to bucket. | | false |
encrypt_state | Boolean. Whether to encrypt terraform state. | | false |
state_path | The path directory of the state file will be stored. Examples: dev/frontend, prod/db, etc.. | | false |
state_name | The name of the state file. Examples: dev/tf.state, dev/frontend/tf.tfstate, etc.. | | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

6
docs/end-user/components/cloud-services/terraform/alibaba-rocketmq.md
View File

@ -13,14 +13,14 @@ Terraform configuration for Alibaba Cloud RocketMQ
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
message_type | The type of the message. Read [Ons Topic Create](https://www.alibabacloud.com/help/doc-detail/29591.html) for further details. | number | false |
group_name | The name of MQ group | string | false |
group_type | Specify the protocol applicable to the created Group ID. Valid values: tcp, http. Default to tcp | string | false |
perm | The permission of MQ topic | string | false |
ons_instance_name | The name of ons instance. The length must be 3 to 64 characters. Chinese characters, English letters digits and hyphen are allowed. | string | false |
topic | The specification of ons topic name. Two topics on a single instance cannot have the same name and the name cannot start with 'GID' or 'CID'. The length cannot exceed 64 characters. | string | false |
ons_instance_remark | The specification of ons instance remark. | string | false |
ons_topic_remark | The specification of ons topic remark. | string | false |
message_type | The type of the message. Read [Ons Topic Create](https://www.alibabacloud.com/help/doc-detail/29591.html) for further details. | number | false |
group_name | The name of MQ group | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
@ -38,9 +38,9 @@ If `writeConnectionSecretToRef` is set, a secret will be generated with these ke
Name | Description
------------ | -------------
INSTANCE_ID | The id of ons instance
TOPIC_ID | The id of ons topic
GROUP_ID | The id of ons group
HTTP_ENDPOINT_INTERNET | The internet http endpoint of ons instance
HTTP_ENDPOINT_INTERNAL | The internal http endpoint of ons instance
TCP_ENDPOINT | The tcp endpoint of ons instance
INSTANCE_ID | The id of ons instance

50
docs/end-user/components/cloud-services/terraform/alibaba-sae-application.md Normal file
View File

@ -0,0 +1,50 @@
---
title: Alibaba Cloud SAE-APPLICATION
---
## Description
Alibaba SAE application
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
namespace_name | Namespace Name | string | true |
namespace_id | Namespace ID | string | true |
description | The description of the security group rule | string | false |
app_name | The name of the application | string | true |
memory | The memory of the application, in unit of MB | string | false |
package_type | The package type of the application | string | false |
namespace_description | Namespace Description | | false |
port_range | The port range of the security group rule | string | false |
zone_id | Availability Zone ID | string | false |
image_url | The image url of the application, like `registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-slim:0.9` | string | true |
name | The name of the security group rule | string | false |
cidr_ip | cidr blocks used to create a new security group rule | string | false |
app_description | The description of the application | string | false |
cpu | The cpu of the application, in unit of millicore | string | false |
replicas | The replicas of the application | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |
### Outputs
If `writeConnectionSecretToRef` is set, a secret will be generated with these keys as below:
Name | Description
------------ | -------------
namespace_id | Namespace ID
app_id | The id of the application
app_name | The name of the application

41
docs/end-user/components/cloud-services/terraform/alibaba-sae-auto-config-application.md Normal file
View File

@ -0,0 +1,41 @@
---
title: Alibaba Cloud SAE-AUTO-CONFIG-APPLICATION
---
## Description
Alibaba SAE application to be deployed in auto-config mode
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
cpu | The cpu of the application, in unit of millicore | string | false |
memory | The memory of the application, in unit of MB | string | false |
image_url | The image url of the application, like `registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-slim:0.9` | string | true |
replicas | The replicas of the application | string | false |
app_name | The name of the application | string | true |
app_description | The description of the application | string | false |
package_type | The package type of the application | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |
### Outputs
If `writeConnectionSecretToRef` is set, a secret will be generated with these keys as below:
Name | Description
------------ | -------------
app_id | The id of the application
app_name | The name of the application

36
docs/end-user/components/cloud-services/terraform/alibaba-sae-namespace.md Normal file
View File

@ -0,0 +1,36 @@
---
title: Alibaba Cloud SAE-NAMESPACE
---
## Description
Alibaba SAE namespace
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
namespace_description | Namespace Description | | false |
namespace_name | Namespace Name | string | true |
namespace_id | Namespace ID | string | true |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |
### Outputs
If `writeConnectionSecretToRef` is set, a secret will be generated with these keys as below:
Name | Description
------------ | -------------
namespace_id | Namespace ID

40
docs/end-user/components/cloud-services/terraform/alibaba-security-group.md Normal file
View File

@ -0,0 +1,40 @@
---
title: Alibaba Cloud SECURITY-GROUP
---
## Description
Terraform configuration for Alicloud SecurityGroup
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
port_range | The port range of the security group rule | string | false |
cidr_ip | cidr blocks used to create a new security group rule | string | false |
zone_id | Availability Zone ID | string | false |
name | The name of the security group rule | string | false |
description | The description of the security group rule | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |
### Outputs
If `writeConnectionSecretToRef` is set, a secret will be generated with these keys as below:
Name | Description
------------ | -------------
SECURITY_GROUP_ID | Security Group ID
VSWITCH_ID | VSwitch ID
VPC_ID | VPC ID

28
docs/end-user/components/cloud-services/terraform/alibaba-slb-acl.md Normal file
View File

@ -0,0 +1,28 @@
---
title: Alibaba Cloud SLB-ACL
---
## Description
Terraform-based module supports creating access control lists for load balancers
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
region | (Deprecated from version 1.2.0) The region used to launch this module resources. | string | false |
name | the Name of the access control list. | string | false |
ip_version | The IP Version of access control list is the type of its entry (IP addresses or CIDR blocks). It values ipv4/ipv6. Our plugin provides a default ip_version: ipv4. | string | false |
entry_list | A list of entry (IP addresses or CIDR blocks) to be added. At most 50 etnry can be supported in one resource. It contains two sub-fields as: entry(IP addresses or CIDR blocks), comment(the comment of the entry) | list(object({\n entry = string\n comment = string\n })) | true |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

54
docs/end-user/components/cloud-services/terraform/alibaba-slb-listener.md Normal file
View File

@ -0,0 +1,54 @@
---
title: Alibaba Cloud SLB-LISTENER
---
## Description
Quickly create slb listeners resources on AliCloud based on Terraform module
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
region | (Deprecated from version 1.3.0)The region used to launch this module resources. | string | false |
slb | The load balancer ID used to add one or more listeners. | string | false |
create | Whether to create load balancer listeners. | bool | false |
health_check_timeout | (Deprecated) It has been deprecated from 1.2.0, use 'listeners' and 'health_check' instead. | number | false |
cookie_timeout | (Deprecated) It has been deprecated from 1.2.0, use 'listeners' and 'advance_setting' instead. | number | false |
health_check | The slb listener health check settings to use on listeners. It's supports fields 'healthy_threshold','unhealthy_threshold','health_check_timeout', 'health_check', 'health_check_type', 'health_check_connect_port', 'health_check_domain', 'health_check_uri', 'health_check_http_code', 'health_check_method' and 'health_check_interval' | map(string) | false |
unhealthy_threshold | (Deprecated) It has been deprecated from 1.2.0, use 'listeners' and 'health_check' instead. | number | false |
skip_region_validation | (Deprecated from version 1.3.0)Skip static validation of region ID. Used by users of alternative AlibabaCloud-like APIs or users w/ access to regions that are not public (yet). | bool | false |
enable_health_check | (Deprecated) It has been deprecated from 1.2.0, use 'listeners' and 'advance_setting' instead. | bool | false |
enable_gzip | (Deprecated) It has been deprecated from 1.2.0, use 'listeners' and 'advance_setting' instead. | bool | false |
retrive_slb_id | (Deprecated) It has been deprecated from 1.2.0, use 'listeners' and 'advance_setting' instead. | bool | false |
health_check_connect_port | (Deprecated) It has been deprecated from 1.2.0, use 'listeners' and 'advance_setting' instead. | string | false |
health_check_type | (Deprecated) It has been deprecated from 1.2.0, use 'listeners' and 'advance_setting' instead. | string | false |
profile | (Deprecated from version 1.3.0)The profile name as set in the shared credentials file. If not set, it will be sourced from the ALICLOUD_PROFILE environment variable. | string | false |
shared_credentials_file | (Deprecated from version 1.3.0)This is the path to the shared credentials file. If this is not set and a profile is specified, $HOME/.aliyun/config.json will be used. | string | false |
advanced_setting | The slb listener advanced settings to use on listeners. It's supports fields 'sticky_session', 'sticky_session_type', 'cookie', 'cookie_timeout', 'gzip', 'persistence_timeout', 'acl_status', 'acl_type', 'acl_id', 'idle_timeout' and 'request_timeout'. | map(string) | false |
healthy_threshold | (Deprecated) It has been deprecated from 1.2.0, use 'listeners' and 'health_check' instead. | number | false |
sticky_session_type | (Deprecated) It has been deprecated from 1.2.0, use 'listeners' and 'advance_setting' instead. | string | false |
x_forwarded_for | Additional HTTP Header field 'X-Forwarded-For' to use on listeners. It's supports fields 'retrive_slb_ip', 'retrive_slb_id' and 'retrive_slb_proto' | map(bool) | false |
ssl_certificates | SLB Server certificate settings to use on listeners. It's supports fields 'tls_cipher_policy', 'server_certificate_id' and 'enable_http2' | map(string) | false |
health_check_interval | (Deprecated) It has been deprecated from 1.2.0, use 'listeners' and 'health_check' instead. | number | false |
retrive_slb_ip | (Deprecated) It has been deprecated from 1.2.0, use 'listeners' and 'advance_setting' instead. | bool | false |
health_check_uri | (Deprecated) It has been deprecated from 1.2.0, use 'listeners' and 'advance_setting' instead. | string | false |
health_check_http_code | (Deprecated) It has been deprecated from 1.2.0, use 'listeners' and 'advance_setting' instead. | string | false |
persistence_timeout | (Deprecated) It has been deprecated from 1.2.0, use 'listeners' and 'advance_setting' instead. | number | false |
listeners | List of slb listeners. Each item can set all or part fields of alicloud_slb_listener resource. | list(map(string)) | false |
enable_sticky_session | (Deprecated) It has been deprecated from 1.2.0, use 'listeners' and 'advance_setting' instead. | bool | false |
cookie | (Deprecated) It has been deprecated from 1.2.0, use 'listeners' and 'advance_setting' instead. | string | false |
retrive_slb_proto | (Deprecated) It has been deprecated from 1.2.0, use 'listeners' and 'advance_setting' instead. | bool | false |
health_check_domain | (Deprecated) It has been deprecated from 1.2.0, use 'listeners' and 'advance_setting' instead. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

61
docs/end-user/components/cloud-services/terraform/alibaba-slb-rule.md Normal file
View File

@ -0,0 +1,61 @@
---
title: Alibaba Cloud SLB-RULE
---
## Description
Terraform-based module creates an SLB instance under AliCloud's VPC and configures rules
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
domain | Domain name of the forwarding rule. It can contain letters a-z, numbers 0-9, hyphens (-), and periods (.), and wildcard characters. | string | false |
cookie_timeout | Cookie timeout. It is mandatory when sticky_session is `on` and sticky_session_type is `insert`. Otherwise, it will be ignored. Valid value range: [1-86400] in seconds. | number | false |
unhealthy_threshold | Threshold determining the result of the health check is fail. It is required when `health_check` is on. Valid value range: [1-10] in seconds. Default to 3. | number | false |
name | The name of a new load balancer. | string | false |
spec | The specification of the SLB instance. | string | false |
images_owners | Filter results by a specific image owner. Valid items are `system`, `self`, `others`, `marketplace`. | string | false |
protocol | The protocol to listen on. | string | false |
rule_health_check_connect_port | Port used for health check. Valid value range: [1-65535]. Default to `None` means the backend server port is used. | number | false |
cidr_block | The CIDR block for the VPC. The cidr_block is Optional and default value is `172.16.0.0/12` after `v1.119.0+`. | string | false |
images_most_recent | If more than one result are returned, select the most recent one. | bool | false |
health_check_domain | Domain name used for health check. When it used to launch TCP listener, health_check_type must be `http`. Its length is limited to 1-80 and only characters such as letters, digits, - and . are allowed. When it is not set or empty, Server Load Balancer uses the private network IP address of each backend server as Domain used for health check. | string | false |
internal | It has been deprecated from 1.6.0 and 'address_type' instead. If true, SLB instance will be an internal SLB. | bool | false |
available_resource_creation | Type of resources that can be created. | string | false |
images_name_regex | A regex string to filter resulting images by name. | string | false |
cpu_core_count | Number of CPU cores. | number | false |
memory_size | Size of memory, measured in GB. | number | false |
frontend_port | Port used by the Server Load Balancer instance frontend. | number | false |
url | Domain of the forwarding rule. It must be 2-80 characters in length. Only letters a-z, numbers 0-9, and characters '-' '/' '?' '%' '#' and '&' are allowed. URLs must be started with the character '/', but cannot be '/' alone. | string | false |
health_check_uri | URI used for health check. When it used to launch TCP listener, health_check_type must be `http`. Its length is limited to 1-80 and it must start with /. Only characters such as letters, digits, -, /, ., %, ?, # and & are allowed. | string | false |
address_type | The type of address. Choices are 'intranet' and 'internet'. Default to 'internet'. | string | false |
tags | A mapping of tags to assign to the resource. | map(string) | false |
health_check | Whether to enable health check. Valid values are `on` and `off`. TCP and UDP listener's HealthCheck is always on, so it will be ignore when launching TCP or UDP listener. This parameter is required and takes effect only when ListenerSync is set to off. | string | false |
listener_sync | Indicates whether a forwarding rule inherits the settings of a health check , session persistence, and scheduling algorithm from a listener. Default to on. | string | false |
healthy_threshold | Threshold determining the result of the health check is success. It is required when `health_check` is on. Valid value range: [1-10] in seconds. Default to 3. | number | false |
sticky_session_type | Mode for handling the cookie. If sticky_session is `on`, it is mandatory. Otherwise, it will be ignored. Valid values are insert and server. insert means it is inserted from Server Load Balancer; server means the Server Load Balancer learns from the backend server. | string | false |
health_check_interval | Time interval of health checks. It is required when `health_check` is on. Valid value range: [1-50] in seconds. Default to 2. | number | false |
health_check_timeout | Maximum timeout of each health check response. It is required when `health_check` is on. Valid value range: [1-300] in seconds. Default to 5. Note: If `health_check_timeout` < `health_check_interval`, its will be replaced by `health_check_interval`. | number | false |
sticky_session | Whether to enable session persistence, Valid values are `on` and `off`. Default to `off`. This parameter is required and takes effect only when ListenerSync is set to `off`. | string | false |
available_disk_category | Filter the results by a specific disk category. Can be either `cloud`, `cloud_efficiency`, `cloud_ssd`, `ephemeral_ssd`. | string | false |
cookie | The cookie configured on the server. It is mandatory when `sticky_session` is `on` and `sticky_session_type` is `server`. Otherwise, it will be ignored. Valid valueString in line with RFC 2965, with length being 1- 200. It only contains characters such as ASCII codes, English letters and digits instead of the comma, semicolon or spacing, and it cannot start with $. | string | false |
health_check_http_code | Regular health check HTTP status code. Multiple codes are segmented by “,”. It is required when health_check is on. Default to `http_2xx`. Valid values are: `http_2xx`, `http_3xx`, `http_4xx` and `http_5xx`. | string | false |
availability_zone | The available zone to launch modules. | string | false |
backend_port | Port used by the Server Load Balancer instance backend. Valid value range: [1-65535]. | number | false |
health_check_connect_port | Port used for health check. Valid value range: [1-65535]. Default to `None` means the backend server port is used. | string | false |
vswitch_id | VSwitch variables, if vswitch_id is empty, then the net_type = classic. | string | false |
bandwidth | Bandwidth peak of Listener. | number | false |
scheduler | Scheduling algorithm, Valid values are `wrr`, `rr` and `wlc`. Default to `wrr`. This parameter is required and takes effect only when ListenerSync is set to `off`. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

36
docs/end-user/components/cloud-services/terraform/alibaba-slb.md Normal file
View File

@ -0,0 +1,36 @@
---
title: Alibaba Cloud SLB
---
## Description
Terraform configuration for Alicloud SLB
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
namePrefix | | string | false |
createSlb | | bool | false |
zone_id | Availability Zone ID | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |
### Outputs
If `writeConnectionSecretToRef` is set, a secret will be generated with these keys as below:
Name | Description
------------ | -------------
slbId | SLB ID

8
docs/end-user/components/cloud-services/terraform/alibaba-sls-store.md
View File

@ -35,14 +35,14 @@ spec:
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
store_auto_split | Determines whether to automatically split a shard. Default to true. | bool | false |
store_max_split_shard_count | The maximum number of shards for automatic split, which is in the range of 1 to 64. You must specify this parameter when autoSplit is true. | number | false |
store_append_meta | Determines whether to append log meta automatically. The meta includes log receive time and client IP address. Default to true. | bool | false |
project_name | Name of security group. It is used to create a new security group. | string | false |
description | Description of security group | string | false |
store_shard_count | The number of shards in this log store. Default to 2. You can modify it by 'Split' or 'Merge' operations. | number | false |
create_project | Whether to create log resources | string | false |
store_name | Log store name. | string | false |
store_retention_period | The data retention time (in days). Valid values: [1-3650]. Default to 30. Log store data will be stored permanently when the value is '3650'. | number | false |
store_shard_count | The number of shards in this log store. Default to 2. You can modify it by 'Split' or 'Merge' operations. | number | false |
project_name | Name of security group. It is used to create a new security group. | string | false |
store_name | Log store name. | string | false |
store_max_split_shard_count | The maximum number of shards for automatic split, which is in the range of 1 to 64. You must specify this parameter when autoSplit is true. | number | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

44
docs/end-user/components/cloud-services/terraform/alibaba-vpc-ecs-eip.md Normal file
View File

@ -0,0 +1,44 @@
---
title: Alibaba Cloud VPC-ECS-EIP
---
## Description
Create a lightweight WEB service based on Terraform under AliCloud's VPC, including: VPC, ECS, EIP
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
eip_payment_type | The payment type of EIP address. | string | false |
primary_ip_address | The primary private IP address of the ENI. The specified IP address must be available within the CIDR block of the VSwitch. If this parameter is not specified, an available IP address is assigned from the VSwitch CIDR block at random. | string | false |
description | The specification of module description. | string | false |
category | The specification of the category. | string | false |
name | The specification of module name. | string | false |
cidr_block | The cidr block of VPC | string | false |
secondary_private_ip_address_count | The secondary private ip address count of EIP. | number | false |
eip_instance_type | The instance type of EIP. | string | false |
instance_type | The specification of the instance type. | string | false |
system_disk_category | The specification of the system disk category. | string | false |
system_disk_name | The specification of the system disk name. | string | false |
availability_zone | The available zone to launch modules. | string | false |
eip_isp | The ISP of EIP address. | string | false |
image_id | The specification of the image id. | string | false |
internet_max_bandwidth_out | The specification of the internet max bandwidth out. | number | false |
eip_internet_charge_type | The specification of the eip internet charge type. | string | false |
system_disk_description | The specification of the system disk description. | string | false |
data_disks_name | The name of the data disk. | string | false |
ecs_size | The specification of the ecs size. | number | false |
encrypted | Encrypted the data in this disk. | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

33
docs/end-user/components/cloud-services/terraform/alibaba-vpc-privatelink-connection.md Normal file
View File

@ -0,0 +1,33 @@
---
title: Alibaba Cloud VPC-PRIVATELINK-CONNECTION
---
## Description
Terraform-based for creating VPC networks in AliCloud and creating private network links
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
vpc_cidr_block | The secondary CIDR blocks for the VPC. | string | false |
vpc_privatelink_endpoint_service_description | The description of the VPC privatelink service. | string | false |
auto_accept_connection | Whether to automatically accept terminal node connections. | bool | false |
vpc_security_group_name | The security group name of the VPC. | string | false |
vpc_name | The name of the VPC. | string | false |
connect_bandwidth | The connection bandwidth. | number | false |
vpc_privatelink_endpoint_name | The name of the VPC privatelink. | string | false |
vpc_privatelink_bandwidth | The bandwidth of VPC privatelink. | string | false |
vpc_security_group_description | The security group description of the VPC. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

2
docs/end-user/components/cloud-services/terraform/alibaba-vpc.md
View File

@ -31,9 +31,9 @@ spec:
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
vpc_name | The vpc name used to launch a new vpc. | string | false |
vpc_description | The vpc description used to launch a new vpc. | string | false |
vpc_cidr | The cidr block used to launch a new vpc. | string | false |
vpc_name | The vpc name used to launch a new vpc. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

63
docs/end-user/components/cloud-services/terraform/alibaba-vpn-gateway.md Normal file
View File

@ -0,0 +1,63 @@
---
title: Alibaba Cloud VPN-GATEWAY
---
## Description
Create VPN resources on AliCloud based on Terraform module
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
ssl_protocol | The protocol used by the SSL-VPN server. Valid value: UDP(default) |TCP. | string | false |
ssl_cipher | The encryption algorithm used by the SSL-VPN server. Valid value: AES-128-CBC (default)| AES-192-CBC | AES-256-CBC | none. | string | false |
ssl_compress | Specify whether to compress the communication. Valid value: true (default) | false. | bool | false |
ipsec_local_subnet | The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation. | list(string) | false |
psk | Used for authentication between the IPsec VPN gateway and the customer gateway. | string | false |
region | (Deprecated from version 1.2.0) The region used to launch this module resources. | string | false |
vpn_ssl_connections | The max connections of SSL VPN. Default to 5. This field is ignored when enable_ssl is false. | number | false |
ssl_client_ip_pool | The CIDR block from which access addresses are allocated to the virtual network interface card of the client. | string | false |
ike_pfs | The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2. | string | false |
ipsec_pfs | The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2. | string | false |
vpn_period | The filed is only required while the InstanceChargeType is prepaid. | number | false |
ike_enc_alg | The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes. | string | false |
ike_remote_id | The identification of the customer gateway. | string | false |
cgw_description | The description of the VPN customer gateway instance. | string | false |
ike_version | The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1. | string | false |
ike_lifetime | The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400. | number | false |
ike_auth_alg | The authentication algorithm of phase-one negotiation. Valid value: md5 | sha1. Default value: sha1. | string | false |
ipsec_enc_alg | The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes. | string | false |
vpn_name | Name of the VPN gateway. | string | false |
vpn_charge_type | The charge type for instance. Valid value: PostPaid, PrePaid. Default to PostPaid. | string | false |
ssl_local_subnet | The CIDR block to be accessed by the client through the SSL-VPN connection. | string | false |
cgw_id | The customer gateway id used to connect with vpn gateway. | string | false |
cgw_ip_address | The IP address of the customer gateway. | string | false |
ssl_vpn_server_name | The name of the SSL-VPN server. | string | false |
ipsec_remote_subnet | The CIDR block of the local data center. This parameter is used for phase-two negotiation. | list(string) | false |
ike_mode | The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main. | string | false |
vpc_id | The VPN belongs the vpc_id, the field can't be changed. | string | false |
vpn_enable_ssl | Enable or Disable SSL VPN. At least one type of VPN should be enabled. | bool | false |
vpn_enable_ipsec | Enable or Disable IPSec VPN. At least one type of VPN should be enabled. | bool | false |
ike_local_id | The identification of the VPN gateway. | string | false |
ipsec_auth_alg | The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1. Default value: sha1. | string | false |
vpn_description | The description of the VPN instance. | string | false |
cgw_name | The name of the VPN customer gateway. Defaults to null. | string | false |
ipsec_connection_name | The name of the IPsec connection. | string | false |
ssl_port | The port used by the SSL-VPN server. The default value is 1194.The following ports cannot be used: [22, 2222, 22222, 9000, 9001, 9002, 7505, 80, 443, 53, 68, 123, 4510, 4560, 500, 4500]. | number | false |
ssl_client_cert_names | The names of the client certificates. | list(string) | false |
ipsec_lifetime | The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400. | number | false |
vpn_bandwidth | The value should be 10, 100, 200, 500, 1000 if the user is postpaid, otherwise it can be 5, 10, 20, 50, 100, 200, 500, 1000. | number | false |
ipsec_effect_immediately | Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false. | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

10
docs/end-user/components/cloud-services/terraform/alibaba-vswitch.md
View File

@ -13,14 +13,14 @@ Terraform configuration for Alibaba Cloud VSwitch
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
vswitch_description | The vswitch description used to launch several new vswitch. | string | false |
vpc_name | The vpc name used to launch a new vpc. | string | false |
vpc_description | The vpc description used to launch a new vpc. | string | false |
vpc_cidr | The cidr block used to launch a new vpc. | string | false |
vswitch_cidr | cidr blocks used to launch a new vswitch. | string | false |
create_vpc | Whether to create vpc. If false, you can specify an existing vpc by setting 'vpc_id'. | bool | false |
vpc_id | The vpc id used to launch several vswitches. If set, the 'create' will be ignored. | string | false |
vswitch_description | The vswitch description used to launch several new vswitch. | string | false |
zone_id | Availability Zone ID | string | false |
create_vpc | Whether to create vpc. If false, you can specify an existing vpc by setting 'vpc_id'. | bool | false |
vpc_name | The vpc name used to launch a new vpc. | string | false |
vpc_description | The vpc description used to launch a new vpc. | string | false |
vpc_id | The vpc id used to launch several vswitches. If set, the 'create' will be ignored. | string | false |
vswitch_name | The vswitch name prefix used to launch several new vswitches. | | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

19
docs/end-user/components/cloud-services/terraform/aws-acm.md
View File

@ -13,19 +13,20 @@ Terraform module which creates and validates ACM certificate
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
create_route53_records | When validation is set to DNS, define whether to create the DNS records internally via Route53 or externally using any DNS provider | bool | false |
validation_record_fqdns | When validation is set to DNS and the DNS validation records are set externally, provide the fqdns for the validation | list(string) | false |
validate_certificate | Whether to validate certificate by creating Route53 record | bool | false |
validation_allow_overwrite_records | Whether to allow overwrite of Route53 records | bool | false |
wait_for_validation | Whether to wait for the validation to complete | bool | false |
certificate_transparency_logging_preference | Specifies whether certificate details should be added to a certificate transparency log | bool | false |
subject_alternative_names | A list of domains that should be SANs in the issued certificate | list(string) | false |
tags | A mapping of tags to assign to the resource | map(string) | false |
dns_ttl | The TTL of DNS recursive resolvers to cache information about this record. | number | false |
putin_khuylo | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | bool | false |
create_certificate | Whether to create ACM certificate | bool | false |
validate_certificate | Whether to validate certificate by creating Route53 record | bool | false |
wait_for_validation | Whether to wait for the validation to complete | bool | false |
subject_alternative_names | A list of domains that should be SANs in the issued certificate | list(string) | false |
create_route53_records | When validation is set to DNS, define whether to create the DNS records internally via Route53 or externally using any DNS provider | bool | false |
zone_id | The ID of the hosted zone to contain this record. Required when validating via Route53 | string | false |
validation_allow_overwrite_records | Whether to allow overwrite of Route53 records | bool | false |
certificate_transparency_logging_preference | Specifies whether certificate details should be added to a certificate transparency log | bool | false |
domain_name | A domain name for which the certificate should be issued | string | false |
validation_method | Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into Terraform. | string | false |
zone_id | The ID of the hosted zone to contain this record. Required when validating via Route53 | string | false |
tags | A mapping of tags to assign to the resource | map(string) | false |
validation_record_fqdns | When validation is set to DNS and the DNS validation records are set externally, provide the fqdns for the validation | list(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

63
docs/end-user/components/cloud-services/terraform/aws-alb.md
View File

@ -13,41 +13,42 @@ Terraform module to create an AWS Application/Network Load Balancer (ALB/NLB) an
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
enable_http2 | Indicates whether HTTP/2 is enabled in application load balancers. | bool | false |
http_tcp_listener_rules | A list of maps describing the Listener Rules for this ALB. Required key/values: actions, conditions. Optional key/values: priority, http_tcp_listener_index (default to http_tcp_listeners[count.index]) | any | false |
load_balancer_delete_timeout | Timeout value when deleting the ALB. | string | false |
target_group_tags | A map of tags to add to all target groups | map(string) | false |
extra_ssl_certs | A list of maps describing any extra SSL certificates to apply to the HTTPS listeners. Required key/values: certificate_arn, https_listener_index (the index of the listener within https_listeners which the cert applies toward). | list(map(string)) | false |
http_tcp_listeners | A list of maps describing the HTTP listeners or TCP ports for this ALB. Required key/values: port, protocol. Optional key/values: target_group_index (defaults to http_tcp_listeners[count.index]) | any | false |
ip_address_type | The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 and dualstack. | string | false |
name_prefix | The resource name prefix and Name tag of the load balancer. Cannot be longer than 6 characters | string | false |
https_listeners_tags | A map of tags to add to all https listeners | map(string) | false |
https_listener_rules | A list of maps describing the Listener Rules for this ALB. Required key/values: actions, conditions. Optional key/values: priority, https_listener_index (default to https_listeners[count.index]) | any | false |
listener_ssl_policy_default | The security policy if using HTTPS externally on the load balancer. [See](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html). | string | false |
load_balancer_create_timeout | Timeout value when creating the ALB. | string | false |
load_balancer_type | The type of load balancer to create. Possible values are application or network. | string | false |
enable_cross_zone_load_balancing | Indicates whether cross zone load balancing should be enabled in application load balancers. | bool | false |
lb_tags | A map of tags to add to load balancer | map(string) | false |
desync_mitigation_mode | Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. | string | false |
security_groups | The security groups to attach to the load balancer. e.g. ["sg-edcd9784","sg-edcd9785"] | list(string) | false |
enable_waf_fail_open | Indicates whether to route requests to targets if lb fails to forward the request to AWS WAF | bool | false |
tags | A map of tags to add to all resources | map(string) | false |
http_tcp_listener_rules_tags | A map of tags to add to all http listener rules | map(string) | false |
vpc_id | VPC id where the load balancer and other resources will be deployed. | string | false |
enable_deletion_protection | If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. Defaults to false. | bool | false |
internal | Boolean determining if the load balancer is internal or externally facing. | bool | false |
name | The resource name and Name tag of the load balancer. | string | false |
subnets | A list of subnets to associate with the load balancer. e.g. ['subnet-1a2b3c4d','subnet-1a2b3c4e','subnet-1a2b3c4f'] | list(string) | false |
https_listener_rules_tags | A map of tags to add to all https listener rules | map(string) | false |
https_listeners_tags | A map of tags to add to all https listeners | map(string) | false |
http_tcp_listeners_tags | A map of tags to add to all http listeners | map(string) | false |
drop_invalid_header_fields | Indicates whether invalid header fields are dropped in application load balancers. Defaults to false. | bool | false |
idle_timeout | The time in seconds that the connection is allowed to be idle. | number | false |
load_balancer_update_timeout | Timeout value when updating the ALB. | string | false |
access_logs | Map containing access logging configuration for load balancer. | map(string) | false |
create_lb | Controls if the Load Balancer should be created | bool | false |
https_listeners | A list of maps describing the HTTPS listeners for this ALB. Required key/values: port, certificate_arn. Optional key/values: ssl_policy (defaults to ELBSecurityPolicy-2016-08), target_group_index (defaults to https_listeners[count.index]) | any | false |
enable_deletion_protection | If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. Defaults to false. | bool | false |
enable_http2 | Indicates whether HTTP/2 is enabled in application load balancers. | bool | false |
name | The resource name and Name tag of the load balancer. | string | false |
https_listener_rules_tags | A map of tags to add to all https listener rules | map(string) | false |
enable_waf_fail_open | Indicates whether to route requests to targets if lb fails to forward the request to AWS WAF | bool | false |
desync_mitigation_mode | Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. | string | false |
putin_khuylo | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | bool | false |
subnet_mapping | A list of subnet mapping blocks describing subnets to attach to network load balancer | list(map(string)) | false |
http_tcp_listener_rules_tags | A map of tags to add to all http listener rules | map(string) | false |
http_tcp_listener_rules | A list of maps describing the Listener Rules for this ALB. Required key/values: actions, conditions. Optional key/values: priority, http_tcp_listener_index (default to http_tcp_listeners[count.index]) | any | false |
internal | Boolean determining if the load balancer is internal or externally facing. | bool | false |
vpc_id | VPC id where the load balancer and other resources will be deployed. | string | false |
create_lb | Controls if the Load Balancer should be created | bool | false |
extra_ssl_certs | A list of maps describing any extra SSL certificates to apply to the HTTPS listeners. Required key/values: certificate_arn, https_listener_index (the index of the listener within https_listeners which the cert applies toward). | list(map(string)) | false |
security_groups | The security groups to attach to the load balancer. e.g. ["sg-edcd9784","sg-edcd9785"] | list(string) | false |
access_logs | Map containing access logging configuration for load balancer. | map(string) | false |
target_group_tags | A map of tags to add to all target groups | map(string) | false |
name_prefix | The resource name prefix and Name tag of the load balancer. Cannot be longer than 6 characters | string | false |
load_balancer_update_timeout | Timeout value when updating the ALB. | string | false |
subnets | A list of subnets to associate with the load balancer. e.g. ['subnet-1a2b3c4d','subnet-1a2b3c4e','subnet-1a2b3c4f'] | list(string) | false |
lb_tags | A map of tags to add to load balancer | map(string) | false |
target_groups | A list of maps containing key/value pairs that define the target groups to be created. Order of these maps is important and the index of these are to be referenced in listener definitions. Required key/values: name, backend_protocol, backend_port | any | false |
http_tcp_listeners | A list of maps describing the HTTP listeners or TCP ports for this ALB. Required key/values: port, protocol. Optional key/values: target_group_index (defaults to http_tcp_listeners[count.index]) | any | false |
load_balancer_delete_timeout | Timeout value when deleting the ALB. | string | false |
https_listener_rules | A list of maps describing the Listener Rules for this ALB. Required key/values: actions, conditions. Optional key/values: priority, https_listener_index (default to https_listeners[count.index]) | any | false |
load_balancer_type | The type of load balancer to create. Possible values are application or network. | string | false |
drop_invalid_header_fields | Indicates whether invalid header fields are dropped in application load balancers. Defaults to false. | bool | false |
enable_cross_zone_load_balancing | Indicates whether cross zone load balancing should be enabled in application load balancers. | bool | false |
ip_address_type | The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 and dualstack. | string | false |
listener_ssl_policy_default | The security policy if using HTTPS externally on the load balancer. [See](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html). | string | false |
tags | A map of tags to add to all resources | map(string) | false |
https_listeners | A list of maps describing the HTTPS listeners for this ALB. Required key/values: port, certificate_arn. Optional key/values: ssl_policy (defaults to ELBSecurityPolicy-2016-08), target_group_index (defaults to https_listeners[count.index]) | any | false |
idle_timeout | The time in seconds that the connection is allowed to be idle. | number | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

149
docs/end-user/components/cloud-services/terraform/aws-autoscaling.md
View File

@ -13,94 +13,81 @@ Terraform module which creates Auto Scaling resources on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
min_elb_capacity | Setting this causes Terraform to wait for this number of instances to show up healthy in the ELB only on creation. Updates will not wait on ELB instance number changes | number | false |
user_data | (LC) The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument nor when using Launch Templates; see `user_data_base64` instead | string | false |
launch_template | Name of an existing launch template to be used (created outside of this module) | string | false |
user_data_base64 | The Base64-encoded user data to provide when launching the instance | string | false |
enable_monitoring | Enables/disables detailed monitoring | bool | false |
protect_from_scale_in | Allows setting instance protection. The autoscaling group will not select instances with this setting for termination during scale in events. | bool | false |
block_device_mappings | (LT) Specify volumes to attach to the instance besides the volumes specified by the AMI | list(any) | false |
create_scaling_policy | Determines whether to create target scaling policy schedule or not | bool | false |
use_name_prefix | Determines whether to use `name` as is or create a unique name beginning with the `name` as the prefix | bool | false |
wait_for_elb_capacity | Setting this will cause Terraform to wait for exactly this number of healthy instances in all attached load balancers on both create and update operations. Takes precedence over `min_elb_capacity` behavior. | number | false |
placement_group | The name of the placement group into which you'll launch your instances, if any | string | false |
termination_policies | A list of policies to decide how the instances in the Auto Scaling Group should be terminated. The allowed values are `OldestInstance`, `NewestInstance`, `OldestLaunchConfiguration`, `ClosestToNextInstanceHour`, `OldestLaunchTemplate`, `AllocationStrategy`, `Default` | list(string) | false |
key_name | The key name that should be used for the instance | string | false |
security_groups | A list of security group IDs to associate | list(string) | false |
instance_initiated_shutdown_behavior | (LT) Shutdown behavior for the instance. Can be `stop` or `terminate`. (Default: `stop`) | string | false |
service_linked_role_arn | The ARN of the service-linked role that the ASG will use to call other AWS services | string | false |
warm_pool | If this block is configured, add a Warm Pool to the specified Auto Scaling group | any | false |
ebs_optimized | If true, the launched EC2 instance will be EBS-optimized | bool | false |
create_launch_template | Determines whether to create launch template or not | bool | false |
launch_template_description | Description of the launch template | string | false |
capacity_reservation_specification | Targeting for EC2 capacity reservations | any | false |
hibernation_options | The hibernation options for the instance | map(string) | false |
availability_zone | A list of one or more availability zones for the group. Used for EC2-Classic and default subnets when not specified with `vpc_zone_identifier` argument. Conflicts with `vpc_zone_identifier` | list(string) | false |
default_cooldown | The amount of time, in seconds, after a scaling activity completes before another scaling activity can start | number | false |
load_balancers | A list of elastic load balancer names to add to the autoscaling group names. Only valid for classic load balancers. For ALBs, use `target_group_arns` instead | list(string) | false |
tags | A list of tag blocks. Each element should have keys named key, value, and propagate_at_launch | list(map(string)) | false |
propagate_name | Determines whether to propagate the `var.instance_name`/`var.name` tag to launch instances | bool | false |
placement | (LT) The placement of the instance | map(string) | false |
license_specifications | (LT) A list of license specifications to associate with | map(string) | false |
tags_as_map | A map of tags and values in the same format as other resources accept. This will be converted into the non-standard format that the aws_autoscaling_group requires. | map(string) | false |
iam_instance_profile_name | The name attribute of the IAM instance profile to associate with launched instances | string | false |
enable_monitoring | Enables/disables detailed monitoring | bool | false |
create_lc | Determines whether to create launch configuration or not | bool | false |
create_lt | Determines whether to create launch template or not | bool | false |
lt_use_name_prefix | Determines whether to use `lt_name` as is or create a unique name beginning with the `lt_name` as the prefix | bool | false |
elastic_inference_accelerator | (LT) Configuration block containing an Elastic Inference Accelerator to attach to the instance | map(string) | false |
capacity_rebalance | Indicates whether capacity rebalance is enabled | bool | false |
initial_lifecycle_hooks | One or more Lifecycle Hooks to attach to the Auto Scaling Group before instances are launched. The syntax is exactly the same as the separate `aws_autoscaling_lifecycle_hook` resource, without the `autoscaling_group_name` attribute. Please note that this will only work when creating a new Auto Scaling Group. For all other use-cases, please use `aws_autoscaling_lifecycle_hook` resource | list(map(string)) | false |
instance_refresh | If this block is configured, start an Instance Refresh when this Auto Scaling Group is updated | any | false |
ebs_optimized | If true, the launched EC2 instance will be EBS-optimized | bool | false |
lc_name | Name of launch configuration to be created | string | false |
wait_for_capacity_timeout | A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. (See also Waiting for Capacity below.) Setting this to '0' causes Terraform to skip all Capacity Waiting behavior. | string | false |
suspended_processes | A list of processes to suspend for the Auto Scaling Group. The allowed values are `Launch`, `Terminate`, `HealthCheck`, `ReplaceUnhealthy`, `AZRebalance`, `AlarmNotification`, `ScheduledActions`, `AddToLoadBalancer`. Note that if you suspend either the `Launch` or `Terminate` process types, it can prevent your Auto Scaling Group from functioning properly | list(string) | false |
associate_public_ip_address | (LC) Associate a public ip address with an instance in a VPC | bool | false |
description | (LT) Description of the launch template | string | false |
disable_api_termination | (LT) If true, enables EC2 instance termination protection | bool | false |
lt_version | Launch template version. Can be version number, `$Latest`, or `$Default` | string | false |
min_size | The minimum size of the autoscaling group | number | false |
desired_capacity | The number of Amazon EC2 instances that should be running in the autoscaling group | number | false |
max_instance_lifetime | The maximum amount of time, in seconds, that an instance can be in service, values must be either equal to 0 or between 86400 and 31536000 seconds | number | false |
lc_use_name_prefix | Determines whether to use `lc_name` as is or create a unique name beginning with the `lc_name` as the prefix | bool | false |
network_interfaces | (LT) Customize network interfaces to be attached at instance boot time | list(any) | false |
create_schedule | Determines whether to create autoscaling group schedule or not | bool | false |
schedules | Map of autoscaling group schedule to create | map(any) | false |
create_asg | Determines whether to create autoscaling group or not | bool | false |
launch_configuration | Name of an existing launch configuration to be used (created outside of this module) | string | false |
target_group_arns | A set of `aws_alb_target_group` ARNs, for use with Application or Network Load Balancing | list(string) | false |
ebs_block_device | (LC) Additional EBS block devices to attach to the instance | list(map(string)) | false |
kernel_id | (LT) The kernel ID | string | false |
iam_instance_profile_arn | (LT) The IAM Instance Profile ARN to launch the instance with | string | false |
instance_market_options | (LT) The market (purchasing) option for the instance | any | false |
instance_name | Name that is propogated to launched EC2 instances via a tag - if not provided, defaults to `var.name` | string | false |
health_check_grace_period | Time (in seconds) after instance comes into service before checking health | number | false |
force_delete | Allows deleting the Auto Scaling Group without waiting for all instances in the pool to terminate. You can force an Auto Scaling Group to delete even if it's in the process of scaling a resource. Normally, Terraform drains all the instances before deleting the group. This bypasses that behavior and potentially leaves resources dangling | bool | false |
root_block_device | (LC) Customize details about the root block device of the instance | list(map(string)) | false |
default_version | (LT) Default Version of the launch template | string | false |
name | Name used across the resources created | string | true |
update_default_version | (LT) Whether to update Default Version each update. Conflicts with `default_version` | string | false |
delete_timeout | Delete timeout to wait for destroying autoscaling group | string | false |
instance_type | The type of the instance to launch | string | false |
lt_name | Name of launch template to be created | string | false |
max_size | The maximum size of the autoscaling group | number | false |
metrics_granularity | The granularity to associate with the metrics to collect. The only valid value is `1Minute` | string | false |
use_lt | Determines whether to use a launch template in the autoscaling group or not | bool | false |
capacity_reservation_specification | (LT) Targeting for EC2 capacity reservations | any | false |
cpu_options | (LT) The CPU options for the instance | map(string) | false |
credit_specification | (LT) Customize the credit specification of the instance | map(string) | false |
vpc_zone_identifier | A list of subnet IDs to launch resources in. Subnets automatically determine which availability zones the group will reside. Conflicts with `availability_zones` | list(string) | false |
warm_pool | If this block is configured, add a Warm Pool to the specified Auto Scaling group | any | false |
metadata_options | Customize the metadata options for the instance | map(string) | false |
placement_tenancy | (LC) The tenancy of the instance. Valid values are `default` or `dedicated` | string | false |
ephemeral_block_device | (LC) Customize Ephemeral (also known as 'Instance Store') volumes on the instance | list(map(string)) | false |
elastic_gpu_specifications | (LT) The elastic GPU to attach to the instance | map(string) | false |
hibernation_options | (LT) The hibernation options for the instance | map(string) | false |
scaling_policies | Map of target scaling policy schedule to create | any | false |
spot_price | (LC) The maximum price to use for reserving spot instances (defaults to on-demand price) | string | false |
tag_specifications | (LT) The tags to apply to the resources during launch | list(any) | false |
health_check_type | `EC2` or `ELB`. Controls how health checking is done | string | false |
mixed_instances_policy | Configuration block containing settings to define launch targets for Auto Scaling groups | any | false |
launch_template_name | Name of launch template to be created | string | false |
enclave_options | Enable Nitro Enclaves on launched instances | map(string) | false |
wait_for_elb_capacity | Setting this will cause Terraform to wait for exactly this number of healthy instances in all attached load balancers on both create and update operations. Takes precedence over `min_elb_capacity` behavior. | number | false |
wait_for_capacity_timeout | A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. (See also Waiting for Capacity below.) Setting this to '0' causes Terraform to skip all Capacity Waiting behavior. | string | false |
instance_initiated_shutdown_behavior | Shutdown behavior for the instance. Can be `stop` or `terminate`. (Default: `stop`) | string | false |
elastic_inference_accelerator | Configuration block containing an Elastic Inference Accelerator to attach to the instance | map(string) | false |
instance_market_options | The market (purchasing) option for the instance | any | false |
capacity_rebalance | Indicates whether capacity rebalance is enabled | bool | false |
delete_timeout | Delete timeout to wait for destroying autoscaling group | string | false |
health_check_grace_period | Time (in seconds) after instance comes into service before checking health | number | false |
instance_refresh | If this block is configured, start an Instance Refresh when this Auto Scaling Group is updated | any | false |
tag_specifications | The tags to apply to the resources during launch | list(any) | false |
create_schedule | Determines whether to create autoscaling group schedule or not | bool | false |
use_name_prefix | Determines whether to use `name` as is or create a unique name beginning with the `name` as the prefix | bool | false |
launch_template_version | Launch template version. Can be version number, `$Latest`, or `$Default` | string | false |
key_name | The key name that should be used for the instance | string | false |
ram_disk_id | The ID of the ram disk | string | false |
credit_specification | Customize the credit specification of the instance | map(string) | false |
schedules | Map of autoscaling group schedule to create | map(any) | false |
ignore_desired_capacity_changes | Determines whether the `desired_capacity` value is ignored after initial apply. See README note for more details | bool | false |
vpc_zone_identifier | A list of subnet IDs to launch resources in. Subnets automatically determine which availability zones the group will reside. Conflicts with `availability_zones` | list(string) | false |
block_device_mappings | Specify volumes to attach to the instance besides the volumes specified by the AMI | list(any) | false |
license_specifications | A list of license specifications to associate with | map(string) | false |
placement_group | The name of the placement group into which you'll launch your instances, if any | string | false |
metrics_granularity | The granularity to associate with the metrics to collect. The only valid value is `1Minute` | string | false |
initial_lifecycle_hooks | One or more Lifecycle Hooks to attach to the Auto Scaling Group before instances are launched. The syntax is exactly the same as the separate `aws_autoscaling_lifecycle_hook` resource, without the `autoscaling_group_name` attribute. Please note that this will only work when creating a new Auto Scaling Group. For all other use-cases, please use `aws_autoscaling_lifecycle_hook` resource | list(map(string)) | false |
update_default_version | Whether to update Default Version each update. Conflicts with `default_version` | string | false |
iam_instance_profile_arn | The IAM Instance Profile ARN to launch the instance with | string | false |
placement | The placement of the instance | map(string) | false |
name | Name used across the resources created | string | true |
load_balancers | A list of elastic load balancer names to add to the autoscaling group names. Only valid for classic load balancers. For ALBs, use `target_group_arns` instead | list(string) | false |
max_instance_lifetime | The maximum amount of time, in seconds, that an instance can be in service, values must be either equal to 0 or between 86400 and 31536000 seconds | number | false |
instance_type | The type of the instance to launch | string | false |
max_size | The maximum size of the autoscaling group | number | false |
force_delete | Allows deleting the Auto Scaling Group without waiting for all instances in the pool to terminate. You can force an Auto Scaling Group to delete even if it's in the process of scaling a resource. Normally, Terraform drains all the instances before deleting the group. This bypasses that behavior and potentially leaves resources dangling | bool | false |
create_scaling_policy | Determines whether to create target scaling policy schedule or not | bool | false |
create | Determines whether to create autoscaling group or not | bool | false |
launch_template | Name of an existing launch template to be used (created outside of this module) | string | false |
tags | A map of tags to assign to resources | map(string) | false |
launch_template_use_name_prefix | Determines whether to use `launch_template_name` as is or create a unique name beginning with the `launch_template_name` as the prefix | bool | false |
kernel_id | The kernel ID | string | false |
cpu_options | The CPU options for the instance | map(string) | false |
enabled_metrics | A list of metrics to collect. The allowed values are `GroupDesiredCapacity`, `GroupInServiceCapacity`, `GroupPendingCapacity`, `GroupMinSize`, `GroupMaxSize`, `GroupInServiceInstances`, `GroupPendingInstances`, `GroupStandbyInstances`, `GroupStandbyCapacity`, `GroupTerminatingCapacity`, `GroupTerminatingInstances`, `GroupTotalCapacity`, `GroupTotalInstances` | list(string) | false |
service_linked_role_arn | The ARN of the service-linked role that the ASG will use to call other AWS services | string | false |
security_groups | A list of security group IDs to associate | list(string) | false |
suspended_processes | A list of processes to suspend for the Auto Scaling Group. The allowed values are `Launch`, `Terminate`, `HealthCheck`, `ReplaceUnhealthy`, `AZRebalance`, `AlarmNotification`, `ScheduledActions`, `AddToLoadBalancer`. Note that if you suspend either the `Launch` or `Terminate` process types, it can prevent your Auto Scaling Group from functioning properly | list(string) | false |
iam_instance_profile_name | The name attribute of the IAM instance profile to associate with launched instances | string | false |
metadata_options | Customize the metadata options for the instance | map(string) | false |
disable_api_termination | If true, enables EC2 instance termination protection | bool | false |
network_interfaces | Customize network interfaces to be attached at instance boot time | list(any) | false |
instance_name | Name that is propogated to launched EC2 instances via a tag - if not provided, defaults to `var.name` | string | false |
min_elb_capacity | Setting this causes Terraform to wait for this number of instances to show up healthy in the ELB only on creation. Updates will not wait on ELB instance number changes | number | false |
termination_policies | A list of policies to decide how the instances in the Auto Scaling Group should be terminated. The allowed values are `OldestInstance`, `NewestInstance`, `OldestLaunchConfiguration`, `ClosestToNextInstanceHour`, `OldestLaunchTemplate`, `AllocationStrategy`, `Default` | list(string) | false |
elastic_gpu_specifications | The elastic GPU to attach to the instance | map(string) | false |
putin_khuylo | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | bool | false |
min_size | The minimum size of the autoscaling group | number | false |
target_group_arns | A set of `aws_alb_target_group` ARNs, for use with Application or Network Load Balancing | list(string) | false |
use_mixed_instances_policy | Determines whether to use a mixed instances policy in the autoscaling group or not | bool | false |
image_id | The AMI from which to launch the instance | string | false |
mixed_instances_policy | Configuration block containing settings to define launch targets for Auto Scaling groups | any | false |
user_data_base64 | The Base64-encoded user data to provide when launching the instance. You should use this for Launch Templates instead user_data | string | false |
use_lc | Determines whether to use a launch configuration in the autoscaling group or not | bool | false |
ram_disk_id | (LT) The ID of the ram disk | string | false |
enclave_options | (LT) Enable Nitro Enclaves on launched instances | map(string) | false |
default_version | Default Version of the launch template | string | false |
desired_capacity | The number of Amazon EC2 instances that should be running in the autoscaling group | number | false |
health_check_type | `EC2` or `ELB`. Controls how health checking is done | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

6
docs/end-user/components/cloud-services/terraform/aws-bridgecrew-read-only.md
View File

@ -13,14 +13,14 @@ Bridgecrew READ ONLY integration module
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
org_name | The name of the company the integration is for. Must be alphanumeric. | string | true |
account_alias | The alias of the account the CF is deployed in. This will be prepended to all the resources in the stack. Default is {org_name}-bc | string | false |
aws_profile | The profile that was used to deploy this module. If the default profile / default credentials are used, seet this value to null. | string | true |
api_token | This is your Bridgecrew platform Api token Set as and Environment variable TF_VAR_api_token | string | true |
common_tags | Implements the common tags scheme | map(any) | false |
topic_name | The name of the SNS topic for Bridgecrew to receive notifications. This value should not typically be modified, but is provided here to support testing and troubleshooting, if needed. | string | false |
bridgecrew_account_id | The Bridgecrew AWS account ID from which scans will originate. This value should not typically be modified, but is provided here to support testing and troubleshooting, if needed. | string | false |
role_name | The name for the Bridgecrew read-only IAM role. | string | false |
org_name | The name of the company the integration is for. Must be alphanumeric. | string | true |
account_alias | The alias of the account the CF is deployed in. This will be prepended to all the resources in the stack. Default is {org_name}-bc | string | false |
aws_profile | The profile that was used to deploy this module. If the default profile / default credentials are used, seet this value to null. | string | true |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

33
docs/end-user/components/cloud-services/terraform/aws-cis-alarms.md Normal file
View File

@ -0,0 +1,33 @@
---
title: AWS CIS-ALARMS
---
## Description
Terraform module which creates Cloudwatch resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
log_group_name | The name of the log group to associate the metric filter with | string | false |
alarm_actions | List of ARNs to put as Cloudwatch Alarms actions (eg, ARN of SNS topic) | list(string) | false |
actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. | bool | false |
tags | A mapping of tags to assign to all resources | map(string) | false |
use_random_name_prefix | Whether to prefix resource names with random prefix | bool | false |
disabled_controls | List of IDs of disabled CIS controls | list(string) | false |
namespace | The namespace where metric filter and metric alarm should be cleated | string | false |
create | Whether to create the Cloudwatch log metric filter and metric alarms | bool | false |
name_prefix | A name prefix for the cloudwatch alarm (if use_random_name_prefix is true, this will be ignored) | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

146
docs/end-user/components/cloud-services/terraform/aws-cloudfront-s3-cdn.md
View File

@ -13,91 +13,91 @@ Terraform module to easily provision CloudFront CDN backed by an S3 origin
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
log_standard_transition_days | Number of days after object creation to move Cloudfront Access Log objects to the infrequent access tier.\nOnly effective if `cloudfront_access_log_create_bucket` is `true`.\n | number | false |
cache_policy_id | The unique identifier of the existing cache policy to attach to the default cache behavior.\nIf not provided, this module will add a default cache policy using other provided inputs.\n | string | false |
parent_zone_id | ID of the hosted zone to contain this record (or specify `parent_zone_name`). Requires `dns_alias_enabled` set to true | string | false |
error_document | An absolute path to the document to return in case of a 4XX error | string | false |
realtime_log_config_arn | The ARN of the real-time log configuration that is attached to this cache behavior | string | false |
query_string_cache_keys | When `forward_query_string` is enabled, only the query string keys listed in this argument are cached (incompatible with `cache_policy_id`) | list(string) | false |
cors_allowed_methods | List of allowed methods (e.g. GET, PUT, POST, DELETE, HEAD) for S3 bucket | list(string) | false |
allowed_methods | List of allowed methods (e.g. GET, PUT, POST, DELETE, HEAD) for AWS CloudFront | list(string) | false |
cloudfront_origin_access_identity_iam_arn | Existing cloudfront origin access identity iam arn that is supplied in the s3 bucket policy | string | false |
cloudfront_access_logging_enabled | Set true to enable delivery of Cloudfront Access Logs to an S3 bucket | bool | false |
s3_website_password_enabled | If set to true, and `website_enabled` is also true, a password will be required in the `Referrer` field of the\nHTTP request in order to access the website, and Cloudfront will be configured to pass this password in its requests.\nThis will make it much harder for people to bypass Cloudfront and access the S3 website directly via its website endpoint.\n | bool | false |
override_origin_bucket_policy | When using an existing origin bucket (through var.origin_bucket), setting this to 'false' will make it so the existing bucket policy will not be overriden | bool | false |
viewer_protocol_policy | Limit the protocol users can use to access content. One of `allow-all`, `https-only`, or `redirect-to-https` | string | false |
trusted_signers | The AWS accounts, if any, that you want to allow to create signed URLs for private content. 'self' is acceptable. | list(string) | false |
custom_origins | A list of additional custom website [origins](https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#origin-arguments) for this distribution.\n | list(object({\n domain_name = string\n origin_id = string\n origin_path = string\n custom_headers = list(object({\n name = string\n value = string\n }))\n custom_origin_config = object({\n http_port = number\n https_port = number\n origin_protocol_policy = string\n origin_ssl_protocols = list(string)\n origin_keepalive_timeout = number\n origin_read_timeout = number\n })\n })) | false |
custom_origin_headers | A list of origin header parameters that will be sent to origin | list(object({ name = string, value = string })) | false |
minimum_protocol_version | Cloudfront TLS minimum protocol version.\nIf `var.acm_certificate_arn` is unset, only "TLSv1" can be specified. See: [AWS Cloudfront create-distribution documentation](https://docs.aws.amazon.com/cli/latest/reference/cloudfront/create-distribution.html)\nand [Supported protocols and ciphers between viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers) for more information.\nDefaults to "TLSv1.2_2019" unless `var.acm_certificate_arn` is unset, in which case it defaults to `TLSv1`\n | string | false |
log_glacier_transition_days | Number of days after object creation to move Cloudfront Access Log objects to the glacier tier.\nOnly effective if `cloudfront_access_log_create_bucket` is `true`.\n | number | false |
default_ttl | Default amount of time (in seconds) that an object is in a CloudFront cache | number | false |
trusted_key_groups | A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies. | list(string) | false |
deployment_actions | List of actions to permit `deployment_principal_arns` to perform on bucket and bucket prefixes (see `deployment_principal_arns`) | list(string) | false |
redirect_all_requests_to | A hostname to redirect all website requests for this distribution to. If this is set, it overrides other website settings | string | false |
block_origin_public_access_enabled | When set to 'true' the s3 origin bucket will have public access block enabled | bool | false |
s3_access_log_bucket_name | Name of the existing S3 bucket where S3 Access Logs will be delivered. Default is not to enable S3 Access Logging. | string | false |
external_aliases | List of FQDN's - Used to set the Alternate Domain Names (CNAMEs) setting on Cloudfront. No new route53 records will be created for these | list(string) | false |
additional_bucket_policy | Additional policies for the bucket. If included in the policies, the variables `${bucket_name}`, `${origin_path}` and `${cloudfront_origin_access_identity_iam_arn}` will be substituted.\nIt is also possible to override the default policy statements by providing statements with `S3GetObjectForCloudFront` and `S3ListBucketForCloudFront` sid.\n | string | false |
comment | Comment for the origin access identity | string | false |
cors_max_age_seconds | Time in seconds that browser can cache the response for S3 bucket | number | false |
function_association | A config block that triggers a CloudFront function with specific actions.\nSee the [aws_cloudfront_distribution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#function-association)\ndocumentation for more information.\n | list(object({\n event_type = string\n function_arn = string\n })) | false |
s3_access_logging_enabled | Set `true` to deliver S3 Access Logs to the `s3_access_log_bucket_name` bucket.\nDefaults to `false` if `s3_access_log_bucket_name` is empty (the default), `true` otherwise.\nMust be set explicitly if the access log bucket is being created at the same time as this module is being invoked.\n | bool | false |
cors_allowed_origins | List of allowed origins (e.g. example.com, test.com) for S3 bucket | list(string) | false |
max_ttl | Maximum amount of time (in seconds) that an object is in a CloudFront cache | number | false |
geo_restriction_locations | List of country codes for which CloudFront either to distribute content (whitelist) or not distribute your content (blacklist) | list(string) | false |
ordered_cache | An ordered list of [cache behaviors](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#cache-behavior-arguments) resource for this distribution.\nList in order of precedence (first match wins). This is in addition to the default cache policy.\nSet `target_origin_id` to `""` to specify the S3 bucket origin created by this module.\n | list(object({\n target_origin_id = string\n path_pattern = string\n\n allowed_methods = list(string)\n cached_methods = list(string)\n compress = bool\n trusted_signers = list(string)\n trusted_key_groups = list(string)\n\n cache_policy_id = string\n origin_request_policy_id = string\n\n viewer_protocol_policy = string\n min_ttl = number\n default_ttl = number\n max_ttl = number\n response_headers_policy_id = string\n\n forward_query_string = bool\n forward_header_values = list(string)\n forward_cookies = string\n forward_cookies_whitelisted_names = list(string)\n\n lambda_function_association = list(object({\n event_type = string\n include_body = bool\n lambda_arn = string\n }))\n\n function_association = list(object({\n event_type = string\n function_arn = string\n }))\n })) | false |
cloudfront_origin_access_identity_path | Existing cloudfront origin access identity path used in the cloudfront distribution's s3_origin_config content | string | false |
cloudfront_access_log_include_cookies | Set true to include cookies in Cloudfront Access Logs | bool | false |
compress | Compress content for web requests that include Accept-Encoding: gzip in the request header | bool | false |
price_class | Price class for this distribution: `PriceClass_All`, `PriceClass_200`, `PriceClass_100` | string | false |
response_headers_policy_id | The identifier for a response headers policy | string | false |
website_enabled | Set to true to enable the created S3 bucket to serve as a website independently of Cloudfront,\nand to use that website as the origin. See the README for details and caveats. See also `s3_website_password_enabled`.\n | bool | false |
deployment_principal_arns | (Optional) Map of IAM Principal ARNs to lists of S3 path prefixes to grant `deployment_actions` permissions.\nResource list will include the bucket itself along with all the prefixes. Prefixes should not begin with '/'.\n | map(list(string)) | false |
minimum_protocol_version | Cloudfront TLS minimum protocol version.\nIf `var.acm_certificate_arn` is unset, only "TLSv1" can be specified. See: [AWS Cloudfront create-distribution documentation](https://docs.aws.amazon.com/cli/latest/reference/cloudfront/create-distribution.html)\nand [Supported protocols and ciphers between viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers) for more information.\nDefaults to "TLSv1.2_2019" unless `var.acm_certificate_arn` is unset, in which case it defaults to `TLSv1`\n | string | false |
default_root_object | Object that CloudFront return when requests the root URL | string | false |
s3_access_log_bucket_name | Name of the existing S3 bucket where S3 Access Logs will be delivered. Default is not to enable S3 Access Logging. | string | false |
cache_policy_id | The unique identifier of the existing cache policy to attach to the default cache behavior.\nIf not provided, this module will add a default cache policy using other provided inputs.\n | string | false |
web_acl_id | ID of the AWS WAF web ACL that is associated with the distribution | string | false |
cloudfront_access_log_prefix | Prefix to use for Cloudfront Access Log object keys. Defaults to no prefix. | string | false |
log_include_cookies | DEPRECATED. Use `cloudfront_access_log_include_cookies` instead. | bool | false |
custom_error_response | List of one or more custom error response element maps | list(object({\n error_caching_min_ttl = string\n error_code = string\n response_code = string\n response_page_path = string\n })) | false |
routing_rules | A json array containing routing rules describing redirect behavior and when redirects are applied | string | false |
ipv6_enabled | Set to true to enable an AAAA DNS record to be set as well as the A record | bool | false |
origin_force_destroy | Delete all objects from the bucket so that the bucket can be destroyed without error (e.g. `true` or `false`) | bool | false |
log_expiration_days | Number of days after object creation to expire Cloudfront Access Log objects.\nOnly effective if `cloudfront_access_log_create_bucket` is `true`.\n | number | false |
forward_header_values | A list of whitelisted header values to forward to the origin (incompatible with `cache_policy_id`) | list(string) | false |
origin_request_policy_id | The unique identifier of the origin request policy that is attached to the behavior.\nShould be used in conjunction with `cache_policy_id`.\n | string | false |
min_ttl | Minimum amount of time that you want objects to stay in CloudFront caches | number | false |
origin_ssl_protocols | The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. | list(string) | false |
s3_access_log_prefix | Prefix to use for S3 Access Log object keys. Defaults to `logs/${module.this.id}` | string | false |
origin_path | An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. It must begin with a /. Do not add a / at the end of the path. | string | false |
parent_zone_name | Name of the hosted zone to contain this record (or specify `parent_zone_id`). Requires `dns_alias_enabled` set to true | string | false |
versioning_enabled | When set to 'true' the s3 origin bucket will have versioning enabled | bool | false |
origin_groups | List of [Origin Groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#origin-group-arguments) to create in the distribution.\nThe values of `primary_origin_id` and `failover_origin_id` must correspond to origin IDs existing in `var.s3_origins` or `var.custom_origins`.\n\nIf `primary_origin_id` is set to `null` or `""`, then the origin id of the origin created by this module will be used in its place.\nThis is to allow for the use case of making the origin created by this module the primary origin in an origin group.\n | list(object({\n primary_origin_id = string\n failover_origin_id = string\n failover_criteria = list(string)\n })) | false |
logging_enabled | DEPRECATED. Use `cloudfront_access_logging_enabled` instead. | bool | false |
web_acl_id | ID of the AWS WAF web ACL that is associated with the distribution | string | false |
wait_for_deployment | When set to 'true' the resource will wait for the distribution status to change from InProgress to Deployed | bool | false |
extra_logs_attributes | Additional attributes to add to the end of the generated Cloudfront Access Log S3 Bucket name.\nOnly effective if `cloudfront_access_log_create_bucket` is `true`.\n | list(string) | false |
encryption_enabled | When set to 'true' the resource will have aes256 encryption enabled by default | bool | false |
extra_origin_attributes | Additional attributes to put onto the origin label | list(string) | false |
aliases | List of FQDN's - Used to set the Alternate Domain Names (CNAMEs) setting on Cloudfront | list(string) | false |
default_root_object | Object that CloudFront return when requests the root URL | string | false |
allowed_methods | List of allowed methods (e.g. GET, PUT, POST, DELETE, HEAD) for AWS CloudFront | list(string) | false |
cached_methods | List of cached methods (e.g. GET, PUT, POST, DELETE, HEAD) | list(string) | false |
dns_alias_enabled | Create a DNS alias for the CDN. Requires `parent_zone_id` or `parent_zone_name` | bool | false |
origin_bucket | Name of an existing S3 bucket to use as the origin. If this is not provided, it will create a new s3 bucket using `var.name` and other context related inputs | string | false |
cloudfront_access_log_create_bucket | When `true` and `cloudfront_access_logging_enabled` is also true, this module will create a new,\nseparate S3 bucket to receive Cloudfront Access Logs.\n | bool | false |
allow_ssl_requests_only | Set to `true` to require requests to use Secure Socket Layer (HTTPS/SSL). This will explicitly deny access to HTTP requests | bool | false |
origin_request_policy_id | The unique identifier of the origin request policy that is attached to the behavior.\nShould be used in conjunction with `cache_policy_id`.\n | string | false |
wait_for_deployment | When set to 'true' the resource will wait for the distribution status to change from InProgress to Deployed | bool | false |
custom_origins | A list of additional custom website [origins](https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#origin-arguments) for this distribution.\n | list(object({\n domain_name = string\n origin_id = string\n origin_path = string\n custom_headers = list(object({\n name = string\n value = string\n }))\n custom_origin_config = object({\n http_port = number\n https_port = number\n origin_protocol_policy = string\n origin_ssl_protocols = list(string)\n origin_keepalive_timeout = number\n origin_read_timeout = number\n })\n })) | false |
s3_access_logging_enabled | Set `true` to deliver S3 Access Logs to the `s3_access_log_bucket_name` bucket.\nDefaults to `false` if `s3_access_log_bucket_name` is empty (the default), `true` otherwise.\nMust be set explicitly if the access log bucket is being created at the same time as this module is being invoked.\n | bool | false |
origin_force_destroy | Delete all objects from the bucket so that the bucket can be destroyed without error (e.g. `true` or `false`) | bool | false |
cors_allowed_headers | List of allowed headers for S3 bucket | list(string) | false |
geo_restriction_type | Method that use to restrict distribution of your content by country: `none`, `whitelist`, or `blacklist` | string | false |
s3_origins | A list of S3 [origins](https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#origin-arguments) (in addition to the one created by this module) for this distribution.\nS3 buckets configured as websites are `custom_origins`, not `s3_origins`.\nSpecifying `s3_origin_config.origin_access_identity` as `null` or `""` will have it translated to the `origin_access_identity` used by the origin created by the module.\n | list(object({\n domain_name = string\n origin_id = string\n origin_path = string\n s3_origin_config = object({\n origin_access_identity = string\n })\n })) | false |
cloudfront_access_log_bucket_name | When `cloudfront_access_log_create_bucket` is `false`, this is the name of the existing S3 Bucket where\nCloudfront Access Logs are to be delivered and is required. IGNORED when `cloudfront_access_log_create_bucket` is `true`.\n | string | false |
acm_certificate_arn | Existing ACM Certificate ARN | string | false |
lambda_function_association | A config block that triggers a lambda@edge function with specific actions | list(object({\n event_type = string\n include_body = bool\n lambda_arn = string\n })) | false |
index_document | Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders | string | false |
access_log_bucket_name | DEPRECATED. Use `s3_access_log_bucket_name` instead. | string | false |
cloudfront_access_log_prefix | Prefix to use for Cloudfront Access Log object keys. Defaults to no prefix. | string | false |
logging_enabled | DEPRECATED. Use `cloudfront_access_logging_enabled` instead. | bool | false |
ipv6_enabled | Set to true to enable an AAAA DNS record to be set as well as the A record | bool | false |
s3_origins | A list of S3 [origins](https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#origin-arguments) (in addition to the one created by this module) for this distribution.\nS3 buckets configured as websites are `custom_origins`, not `s3_origins`.\nSpecifying `s3_origin_config.origin_access_identity` as `null` or `""` will have it translated to the `origin_access_identity` used by the origin created by the module.\n | list(object({\n domain_name = string\n origin_id = string\n origin_path = string\n s3_origin_config = object({\n origin_access_identity = string\n })\n })) | false |
deployment_actions | List of actions to permit `deployment_principal_arns` to perform on bucket and bucket prefixes (see `deployment_principal_arns`) | list(string) | false |
cloudfront_access_logging_enabled | Set true to enable delivery of Cloudfront Access Logs to an S3 bucket | bool | false |
acm_certificate_arn | Existing ACM Certificate ARN | string | false |
cors_allowed_methods | List of allowed methods (e.g. GET, PUT, POST, DELETE, HEAD) for S3 bucket | list(string) | false |
forward_header_values | A list of whitelisted header values to forward to the origin (incompatible with `cache_policy_id`) | list(string) | false |
response_headers_policy_id | The identifier for a response headers policy | string | false |
geo_restriction_locations | List of country codes for which CloudFront either to distribute content (whitelist) or not distribute your content (blacklist) | list(string) | false |
parent_zone_name | Name of the hosted zone to contain this record (or specify `parent_zone_id`). Requires `dns_alias_enabled` set to true | string | false |
lambda_function_association | A config block that triggers a lambda@edge function with specific actions | list(object({\n event_type = string\n include_body = bool\n lambda_arn = string\n })) | false |
redirect_all_requests_to | A hostname to redirect all website requests for this distribution to. If this is set, it overrides other website settings | string | false |
origin_bucket | Name of an existing S3 bucket to use as the origin. If this is not provided, it will create a new s3 bucket using `var.name` and other context related inputs | string | false |
log_expiration_days | Number of days after object creation to expire Cloudfront Access Log objects.\nOnly effective if `cloudfront_access_log_create_bucket` is `true`.\n | number | false |
cloudfront_access_log_bucket_name | When `cloudfront_access_log_create_bucket` is `false`, this is the name of the existing S3 Bucket where\nCloudfront Access Logs are to be delivered and is required. IGNORED when `cloudfront_access_log_create_bucket` is `true`.\n | string | false |
versioning_enabled | When set to 'true' the s3 origin bucket will have versioning enabled | bool | false |
extra_logs_attributes | Additional attributes to add to the end of the generated Cloudfront Access Log S3 Bucket name.\nOnly effective if `cloudfront_access_log_create_bucket` is `true`.\n | list(string) | false |
allow_ssl_requests_only | Set to `true` to require requests to use Secure Socket Layer (HTTPS/SSL). This will explicitly deny access to HTTP requests | bool | false |
default_ttl | Default amount of time (in seconds) that an object is in a CloudFront cache | number | false |
trusted_signers | The AWS accounts, if any, that you want to allow to create signed URLs for private content. 'self' is acceptable. | list(string) | false |
distribution_enabled | Set to `false` to create the distribution but still prevent CloudFront from serving requests. | bool | false |
log_include_cookies | DEPRECATED. Use `cloudfront_access_log_include_cookies` instead. | bool | false |
log_versioning_enabled | Set `true` to enable object versioning in the created Cloudfront Access Log S3 Bucket.\nOnly effective if `cloudfront_access_log_create_bucket` is `true`.\n | bool | false |
parent_zone_id | ID of the hosted zone to contain this record (or specify `parent_zone_name`). Requires `dns_alias_enabled` set to true | string | false |
cloudfront_access_log_include_cookies | Set true to include cookies in Cloudfront Access Logs | bool | false |
forward_query_string | Forward query strings to the origin that is associated with this cache behavior (incompatible with `cache_policy_id`) | bool | false |
cors_expose_headers | List of expose header in the response for S3 bucket | list(string) | false |
viewer_protocol_policy | Limit the protocol users can use to access content. One of `allow-all`, `https-only`, or `redirect-to-https` | string | false |
min_ttl | Minimum amount of time that you want objects to stay in CloudFront caches | number | false |
dns_alias_enabled | Create a DNS alias for the CDN. Requires `parent_zone_id` or `parent_zone_name` | bool | false |
custom_origin_headers | A list of origin header parameters that will be sent to origin | list(object({ name = string, value = string })) | false |
comment | Comment for the origin access identity | string | false |
log_standard_transition_days | Number of days after object creation to move Cloudfront Access Log objects to the infrequent access tier.\nOnly effective if `cloudfront_access_log_create_bucket` is `true`.\n | number | false |
cloudfront_access_log_create_bucket | When `true` and `cloudfront_access_logging_enabled` is also true, this module will create a new,\nseparate S3 bucket to receive Cloudfront Access Logs.\n | bool | false |
s3_website_password_enabled | If set to true, and `website_enabled` is also true, a password will be required in the `Referrer` field of the\nHTTP request in order to access the website, and Cloudfront will be configured to pass this password in its requests.\nThis will make it much harder for people to bypass Cloudfront and access the S3 website directly via its website endpoint.\n | bool | false |
price_class | Price class for this distribution: `PriceClass_All`, `PriceClass_200`, `PriceClass_100` | string | false |
s3_access_log_prefix | Prefix to use for S3 Access Log object keys. Defaults to `logs/${module.this.id}` | string | false |
max_ttl | Maximum amount of time (in seconds) that an object is in a CloudFront cache | number | false |
encryption_enabled | When set to 'true' the resource will have aes256 encryption enabled by default | bool | false |
cloudfront_origin_access_identity_path | Existing cloudfront origin access identity path used in the cloudfront distribution's s3_origin_config content | string | false |
origin_groups | List of [Origin Groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#origin-group-arguments) to create in the distribution.\nThe values of `primary_origin_id` and `failover_origin_id` must correspond to origin IDs existing in `var.s3_origins` or `var.custom_origins`.\n\nIf `primary_origin_id` is set to `null` or `""`, then the origin id of the origin created by this module will be used in its place.\nThis is to allow for the use case of making the origin created by this module the primary origin in an origin group.\n | list(object({\n primary_origin_id = string\n failover_origin_id = string\n failover_criteria = list(string)\n })) | false |
extra_origin_attributes | Additional attributes to put onto the origin label | list(string) | false |
external_aliases | List of FQDN's - Used to set the Alternate Domain Names (CNAMEs) setting on Cloudfront. No new route53 records will be created for these | list(string) | false |
ordered_cache | An ordered list of [cache behaviors](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#cache-behavior-arguments) resource for this distribution.\nList in order of precedence (first match wins). This is in addition to the default cache policy.\nSet `target_origin_id` to `""` to specify the S3 bucket origin created by this module.\n | list(object({\n target_origin_id = string\n path_pattern = string\n\n allowed_methods = list(string)\n cached_methods = list(string)\n compress = bool\n trusted_signers = list(string)\n trusted_key_groups = list(string)\n\n cache_policy_id = string\n origin_request_policy_id = string\n\n viewer_protocol_policy = string\n min_ttl = number\n default_ttl = number\n max_ttl = number\n response_headers_policy_id = string\n\n forward_query_string = bool\n forward_header_values = list(string)\n forward_cookies = string\n forward_cookies_whitelisted_names = list(string)\n\n lambda_function_association = list(object({\n event_type = string\n include_body = bool\n lambda_arn = string\n }))\n\n function_association = list(object({\n event_type = string\n function_arn = string\n }))\n })) | false |
deployment_principal_arns | (Optional) Map of IAM Principal ARNs to lists of S3 path prefixes to grant `deployment_actions` permissions.\nResource list will include the bucket itself along with all the prefixes. Prefixes should not begin with '/'.\n | map(list(string)) | false |
additional_bucket_policy | Additional policies for the bucket. If included in the policies, the variables `${bucket_name}`, `${origin_path}` and `${cloudfront_origin_access_identity_iam_arn}` will be substituted.\nIt is also possible to override the default policy statements by providing statements with `S3GetObjectForCloudFront` and `S3ListBucketForCloudFront` sid.\n | string | false |
log_versioning_enabled | Set `true` to enable object versioning in the created Cloudfront Access Log S3 Bucket.\nOnly effective if `cloudfront_access_log_create_bucket` is `true`.\n | bool | false |
cors_allowed_origins | List of allowed origins (e.g. example.com, test.com) for S3 bucket | list(string) | false |
forward_cookies | Specifies whether you want CloudFront to forward all or no cookies to the origin. Can be 'all' or 'none' | string | false |
origin_path | An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. It must begin with a /. Do not add a / at the end of the path. | string | false |
compress | Compress content for web requests that include Accept-Encoding: gzip in the request header | bool | false |
cors_expose_headers | List of expose header in the response for S3 bucket | list(string) | false |
cors_max_age_seconds | Time in seconds that browser can cache the response for S3 bucket | number | false |
trusted_key_groups | A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies. | list(string) | false |
geo_restriction_type | Method that use to restrict distribution of your content by country: `none`, `whitelist`, or `blacklist` | string | false |
index_document | Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders | string | false |
cloudfront_origin_access_identity_iam_arn | Existing cloudfront origin access identity iam arn that is supplied in the s3 bucket policy | string | false |
aliases | List of FQDN's - Used to set the Alternate Domain Names (CNAMEs) setting on Cloudfront | list(string) | false |
override_origin_bucket_policy | When using an existing origin bucket (through var.origin_bucket), setting this to 'false' will make it so the existing bucket policy will not be overriden | bool | false |
realtime_log_config_arn | The ARN of the real-time log configuration that is attached to this cache behavior | string | false |
function_association | A config block that triggers a CloudFront function with specific actions.\nSee the [aws_cloudfront_distribution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#function-association)\ndocumentation for more information.\n | list(object({\n event_type = string\n function_arn = string\n })) | false |
origin_ssl_protocols | The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. | list(string) | false |
block_origin_public_access_enabled | When set to 'true' the s3 origin bucket will have public access block enabled | bool | false |
s3_object_ownership | Specifies the S3 object ownership control on the origin bucket. Valid values are `ObjectWriter`, `BucketOwnerPreferred`, and 'BucketOwnerEnforced'. | string | false |
log_prefix | DEPRECATED. Use `cloudfront_access_log_prefix` instead. | string | false |
log_glacier_transition_days | Number of days after object creation to move Cloudfront Access Log objects to the glacier tier.\nOnly effective if `cloudfront_access_log_create_bucket` is `true`.\n | number | false |
query_string_cache_keys | When `forward_query_string` is enabled, only the query string keys listed in this argument are cached (incompatible with `cache_policy_id`) | list(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

36
docs/end-user/components/cloud-services/terraform/aws-cloudfront.md
View File

@ -13,30 +13,30 @@ Terraform module which creates CloudFront resources on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
create_distribution | Controls if CloudFront distribution should be created | bool | false |
wait_for_deployment | If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. | bool | false |
web_acl_id | If you're using AWS WAF to filter CloudFront requests, the Id of the AWS WAF web ACL that is associated with the distribution. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned. If using WAFv2, provide the ARN of the web ACL. | string | false |
viewer_certificate | The SSL configuration for this distribution | any | false |
create_monitoring_subscription | If enabled, the resource for monitoring subscription will created. | bool | false |
default_root_object | The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. | string | false |
is_ipv6_enabled | Whether the IPv6 is enabled for the distribution. | bool | false |
retain_on_delete | Disables the distribution instead of deleting it when destroying the resource through Terraform. If this is set, the distribution needs to be deleted manually afterwards. | bool | false |
origin_group | One or more origin_group for this distribution (multiples allowed). | any | false |
geo_restriction | The restriction configuration for this distribution (geo_restrictions) | any | false |
ordered_cache_behavior | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0. | any | false |
realtime_metrics_subscription_status | A flag that indicates whether additional CloudWatch metrics are enabled for a given CloudFront distribution. Valid values are `Enabled` and `Disabled`. | string | false |
origin_access_identities | Map of CloudFront origin access identities (value as a comment) | map(string) | false |
aliases | Extra CNAMEs (alternate domain names), if any, for this distribution. | list(string) | false |
comment | Any comments you want to include about the distribution. | string | false |
default_root_object | The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. | string | false |
enabled | Whether the distribution is enabled to accept end user requests for content. | bool | false |
price_class | The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100 | string | false |
tags | A map of tags to assign to the resource. | map(string) | false |
viewer_certificate | The SSL configuration for this distribution | any | false |
create_monitoring_subscription | If enabled, the resource for monitoring subscription will created. | bool | false |
retain_on_delete | Disables the distribution instead of deleting it when destroying the resource through Terraform. If this is set, the distribution needs to be deleted manually afterwards. | bool | false |
custom_error_response | One or more custom error response elements | any | false |
create_origin_access_identity | Controls if CloudFront origin access identity should be created | bool | false |
http_version | The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2. | string | false |
origin | One or more origins for this distribution (multiples allowed). | any | false |
logging_config | The logging configuration that controls how logs are written to your distribution (maximum one). | any | false |
default_cache_behavior | The default cache behavior for this distribution | any | false |
ordered_cache_behavior | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0. | any | false |
create_distribution | Controls if CloudFront distribution should be created | bool | false |
comment | Any comments you want to include about the distribution. | string | false |
wait_for_deployment | If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. | bool | false |
origin | One or more origins for this distribution (multiples allowed). | any | false |
origin_group | One or more origin_group for this distribution (multiples allowed). | any | false |
logging_config | The logging configuration that controls how logs are written to your distribution (maximum one). | any | false |
create_origin_access_identity | Controls if CloudFront origin access identity should be created | bool | false |
origin_access_identities | Map of CloudFront origin access identities (value as a comment) | map(string) | false |
http_version | The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2. | string | false |
is_ipv6_enabled | Whether the IPv6 is enabled for the distribution. | bool | false |
web_acl_id | If you're using AWS WAF to filter CloudFront requests, the Id of the AWS WAF web ACL that is associated with the distribution. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned. If using WAFv2, provide the ARN of the web ACL. | string | false |
geo_restriction | The restriction configuration for this distribution (geo_restrictions) | any | false |
realtime_metrics_subscription_status | A flag that indicates whether additional CloudWatch metrics are enabled for a given CloudFront distribution. Valid values are `Enabled` and `Disabled`. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

8
docs/end-user/components/cloud-services/terraform/aws-cloudwatch-cis-alarms.md
View File

@ -13,15 +13,15 @@ Terraform module which creates Cloudwatch resources on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
log_group_name | The name of the log group to associate the metric filter with | string | false |
actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. | bool | false |
namespace | The namespace where metric filter and metric alarm should be cleated | string | false |
tags | A mapping of tags to assign to all resources | map(string) | false |
create | Whether to create the Cloudwatch log metric filter and metric alarms | bool | false |
use_random_name_prefix | Whether to prefix resource names with random prefix | bool | false |
name_prefix | A name prefix for the cloudwatch alarm (if use_random_name_prefix is true, this will be ignored) | string | false |
disabled_controls | List of IDs of disabled CIS controls | list(string) | false |
namespace | The namespace where metric filter and metric alarm should be cleated | string | false |
create | Whether to create the Cloudwatch log metric filter and metric alarms | bool | false |
log_group_name | The name of the log group to associate the metric filter with | string | false |
alarm_actions | List of ARNs to put as Cloudwatch Alarms actions (eg, ARN of SNS topic) | list(string) | false |
actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

2
docs/end-user/components/cloud-services/terraform/aws-cloudwatch-log-group.md
View File

@ -13,12 +13,12 @@ Terraform module which creates Cloudwatch resources on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
retention_in_days | Specifies the number of days you want to retain log events in the specified log group | number | false |
kms_key_id | The ARN of the KMS Key to use when encrypting logs | string | false |
tags | A map of tags to add to Cloudwatch log group | map(string) | false |
create | Whether to create the Cloudwatch log group | bool | false |
name | A name for the log group | string | false |
name_prefix | A name prefix for the log group | string | false |
retention_in_days | Specifies the number of days you want to retain log events in the specified log group | number | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

2
docs/end-user/components/cloud-services/terraform/aws-cloudwatch-log-metric-filter.md
View File

@ -13,7 +13,6 @@ Terraform module which creates Cloudwatch resources on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
metric_transformation_value | What to publish to the metric. For example, if you're counting the occurrences of a particular term like 'Error', the value will be '1' for each occurrence. If you're counting the bytes transferred the published value will be the value in the log event. | string | false |
metric_transformation_default_value | The value to emit when a filter pattern does not match a log event. | string | false |
create_cloudwatch_log_metric_filter | Whether to create the Cloudwatch log metric filter | bool | false |
name | A name for the metric filter. | string | true |
@ -21,6 +20,7 @@ Terraform module which creates Cloudwatch resources on AWS
log_group_name | The name of the log group to associate the metric filter with | string | true |
metric_transformation_name | The name of the CloudWatch metric to which the monitored log information should be published (e.g. ErrorCount) | string | true |
metric_transformation_namespace | The destination namespace of the CloudWatch metric. | string | true |
metric_transformation_value | What to publish to the metric. For example, if you're counting the occurrences of a particular term like 'Error', the value will be '1' for each occurrence. If you're counting the bytes transferred the published value will be the value in the log event. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

35
docs/end-user/components/cloud-services/terraform/aws-cloudwatch-metric-alarm.md
View File

@ -13,28 +13,29 @@ Terraform module which creates Cloudwatch resources on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
threshold | The value against which the specified statistic is compared. | number | true |
actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. Defaults to true. | bool | false |
alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
extended_statistic | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | string | false |
treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |
threshold_metric_id | If this is an alarm based on an anomaly detection model, make this value match the ID of the ANOMALY_DETECTION_BAND function. | string | false |
namespace | The namespace for the alarm's associated metric. See docs for the list of namespaces. See docs for supported metrics. | string | false |
statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |
evaluation_periods | The number of periods over which data is compared to the specified threshold. | number | true |
metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |
unit | The unit for the alarm's associated metric. | string | false |
metric_name | The name for the alarm's associated metric. See docs for supported metrics. | string | false |
dimensions | The dimensions for the alarm's associated metric. | any | false |
ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
tags | A mapping of tags to assign to all resources | map(string) | false |
create_metric_alarm | Whether to create the Cloudwatch metric alarm | bool | false |
alarm_description | The description for the alarm. | string | false |
period | The period in seconds over which the specified statistic is applied. | string | false |
statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |
treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |
evaluation_periods | The number of periods over which data is compared to the specified threshold. | number | true |
unit | The unit for the alarm's associated metric. | string | false |
datapoints_to_alarm | The number of datapoints that must be breaching to trigger the alarm. | number | false |
insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
extended_statistic | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | string | false |
evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |
metric_name | The name for the alarm's associated metric. See docs for supported metrics. | string | false |
namespace | The namespace for the alarm's associated metric. See docs for the list of namespaces. See docs for supported metrics. | string | false |
dimensions | The dimensions for the alarm's associated metric. | any | false |
alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |
alarm_name | The descriptive name for the alarm. This name must be unique within the user's AWS account. | string | true |
threshold | The value against which the specified statistic is compared. | number | false |
datapoints_to_alarm | The number of datapoints that must be breaching to trigger the alarm. | number | false |
evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |
alarm_description | The description for the alarm. | string | false |
comparison_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. | string | true |
period | The period in seconds over which the specified statistic is applied. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

46
docs/end-user/components/cloud-services/terraform/aws-cloudwatch-metric-alarms-by-multiple-dimensions.md Normal file
View File

@ -0,0 +1,46 @@
---
title: AWS CLOUDWATCH-METRIC-ALARMS-BY-MULTIPLE-DIMENSIONS
---
## Description
Terraform module which creates Cloudwatch resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |
tags | A mapping of tags to assign to all resources | map(string) | false |
evaluation_periods | The number of periods over which data is compared to the specified threshold. | number | true |
threshold | The value against which the specified statistic is compared. | number | true |
metric_name | The name for the alarm's associated metric. See docs for supported metrics. | string | false |
period | The period in seconds over which the specified statistic is applied. | string | false |
actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. Defaults to true. | bool | false |
dimensions | The dimensions for the alarm's associated metric. | any | false |
create_metric_alarm | Whether to create the Cloudwatch metric alarm | bool | false |
alarm_description | The description for the alarm. | string | false |
comparison_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. | string | true |
metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |
datapoints_to_alarm | The number of datapoints that must be breaching to trigger the alarm. | number | false |
extended_statistic | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | string | false |
evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |
statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |
insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
alarm_name | The descriptive name for the alarm. This name must be unique within the user's AWS account. | string | true |
unit | The unit for the alarm's associated metric. | string | false |
namespace | The namespace for the alarm's associated metric. See docs for the list of namespaces. See docs for supported metrics. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

34
docs/end-user/components/cloud-services/terraform/aws-cloudwatch-metric-alarms.md
View File

@ -13,28 +13,28 @@ Terraform module which creates Cloudwatch resources on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
alarm_name | The descriptive name for the alarm. This name must be unique within the user's AWS account. | string | true |
comparison_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. | string | true |
evaluation_periods | The number of periods over which data is compared to the specified threshold. | number | true |
namespace | The namespace for the alarm's associated metric. See docs for the list of namespaces. See docs for supported metrics. | string | false |
alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
create_metric_alarm | Whether to create the Cloudwatch metric alarm | bool | false |
insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
extended_statistic | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | string | false |
metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |
unit | The unit for the alarm's associated metric. | string | false |
period | The period in seconds over which the specified statistic is applied. | string | false |
ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |
tags | A mapping of tags to assign to all resources | map(string) | false |
alarm_description | The description for the alarm. | string | false |
threshold | The value against which the specified statistic is compared. | number | true |
metric_name | The name for the alarm's associated metric. See docs for supported metrics. | string | false |
statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |
metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |
tags | A mapping of tags to assign to all resources | map(string) | false |
alarm_name | The descriptive name for the alarm. This name must be unique within the user's AWS account. | string | true |
evaluation_periods | The number of periods over which data is compared to the specified threshold. | number | true |
unit | The unit for the alarm's associated metric. | string | false |
actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. Defaults to true. | bool | false |
datapoints_to_alarm | The number of datapoints that must be breaching to trigger the alarm. | number | false |
dimensions | The dimensions for the alarm's associated metric. | any | false |
alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
alarm_description | The description for the alarm. | string | false |
comparison_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. | string | true |
threshold | The value against which the specified statistic is compared. | number | true |
insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |
evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |
actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. Defaults to true. | bool | false |
ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
extended_statistic | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | string | false |
create_metric_alarm | Whether to create the Cloudwatch metric alarm | bool | false |
namespace | The namespace for the alarm's associated metric. See docs for the list of namespaces. See docs for supported metrics. | string | false |
period | The period in seconds over which the specified statistic is applied. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

20
docs/end-user/components/cloud-services/terraform/aws-config.md
View File

@ -13,22 +13,22 @@ This module configures AWS Config, a service that enables you to assess, audit,
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
s3_key_prefix | The prefix for AWS Config objects stored in the the S3 bucket. If this variable is set to null, the default, no\nprefix will be used.\n\nExamples:\n\nwith prefix: {S3_BUCKET NAME}:/{S3_KEY_PREFIX}/AWSLogs/{ACCOUNT_ID}/Config/*.\nwithout prefix: {S3_BUCKET NAME}:/AWSLogs/{ACCOUNT_ID}/Config/*.\n | string | false |
disabled_aggregation_regions | A list of regions where config aggregation is disabled | list(string) | false |
s3_bucket_arn | The ARN of the S3 bucket used to store the configuration history | string | true |
sns_encryption_key_id | The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK. | string | false |
sqs_queue_kms_master_key_id | The ID of an AWS-managed customer master key (CMK) for Amazon SQS Queue or a custom CMK | string | false |
findings_notification_arn | The ARN for an SNS topic to send findings notifications to. This is only used if create_sns_topic is false.\nIf you want to send findings to an existing SNS topic, set the value of this to the ARN of the existing topic and set\ncreate_sns_topic to false.\n | string | false |
iam_role_arn | The ARN for an IAM Role AWS Config uses to make read or write requests to the delivery channel and to describe the\nAWS resources associated with the account. This is only used if create_iam_role is false.\n\nIf you want to use an existing IAM Role, set the value of this to the ARN of the existing topic and set\ncreate_iam_role to false.\n\nSee the AWS Docs for further information:\nhttp://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html\n | string | false |
subscribers | A map of subscription configurations for SNS topics\n\nFor more information, see:\nhttps://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription#argument-reference\n\nprotocol:\n The protocol to use. The possible values for this are: sqs, sms, lambda, application. (http or https are partially\n supported, see link) (email is an option but is unsupported in terraform, see link).\nendpoint:\n The endpoint to send data to, the contents will vary with the protocol. (see link for more information)\nendpoint_auto_confirms (Optional):\n Boolean indicating whether the end point is capable of auto confirming subscription e.g., PagerDuty. Default is\n false\nraw_message_delivery (Optional):\n Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property). Default is false.\n | map(any) | false |
create_sns_topic | Flag to indicate whether an SNS topic should be created for notifications\nIf you want to send findings to a new SNS topic, set this to true and provide a valid configuration for subscribers\n | bool | false |
global_resource_collector_region | The region that collects AWS Config data for global resources such as IAM | string | true |
central_resource_collector_account | The account ID of a central account that will aggregate AWS Config from other accounts | string | false |
sns_encryption_key_id | The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK. | string | false |
s3_bucket_arn | The ARN of the S3 bucket used to store the configuration history | string | true |
create_iam_role | Flag to indicate whether an IAM Role should be created to grant the proper permissions for AWS Config | bool | false |
s3_key_prefix | The prefix for AWS Config objects stored in the the S3 bucket. If this variable is set to null, the default, no\nprefix will be used.\n\nExamples:\n\nwith prefix: {S3_BUCKET NAME}:/{S3_KEY_PREFIX}/AWSLogs/{ACCOUNT_ID}/Config/*.\nwithout prefix: {S3_BUCKET NAME}:/AWSLogs/{ACCOUNT_ID}/Config/*.\n | string | false |
s3_bucket_id | The id (name) of the S3 bucket used to store the configuration history | string | true |
force_destroy | A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable | bool | false |
managed_rules | A list of AWS Managed Rules that should be enabled on the account.\n\nSee the following for a list of possible rules to enable:\nhttps://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html\n | map(object({\n description = string\n identifier = string\n input_parameters = any\n tags = map(string)\n enabled = bool\n })) | false |
subscribers | A map of subscription configurations for SNS topics\n\nFor more information, see:\nhttps://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription#argument-reference\n\nprotocol:\n The protocol to use. The possible values for this are: sqs, sms, lambda, application. (http or https are partially\n supported, see link) (email is an option but is unsupported in terraform, see link).\nendpoint:\n The endpoint to send data to, the contents will vary with the protocol. (see link for more information)\nendpoint_auto_confirms (Optional):\n Boolean indicating whether the end point is capable of auto confirming subscription e.g., PagerDuty. Default is\n false\nraw_message_delivery (Optional):\n Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property). Default is false.\n | map(any) | false |
sqs_queue_kms_master_key_id | The ID of an AWS-managed customer master key (CMK) for Amazon SQS Queue or a custom CMK | string | false |
s3_bucket_id | The id (name) of the S3 bucket used to store the configuration history | string | true |
create_iam_role | Flag to indicate whether an IAM Role should be created to grant the proper permissions for AWS Config | bool | false |
child_resource_collector_accounts | The account IDs of other accounts that will send their AWS Configuration to this account | set(string) | false |
disabled_aggregation_regions | A list of regions where config aggregation is disabled | list(string) | false |
create_sns_topic | Flag to indicate whether an SNS topic should be created for notifications\nIf you want to send findings to a new SNS topic, set this to true and provide a valid configuration for subscribers\n | bool | false |
force_destroy | A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

26
docs/end-user/components/cloud-services/terraform/aws-delegation-sets.md Normal file
View File

@ -0,0 +1,26 @@
---
title: AWS DELEGATION-SETS
---
## Description
Terraform module which creates Route53 resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
create | Whether to create Route53 delegation sets | bool | false |
delegation_sets | Map of Route53 delegation set parameters | any | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

36
docs/end-user/components/cloud-services/terraform/aws-dynamodb-table.md
View File

@ -13,31 +13,31 @@ Terraform module which creates DynamoDB table on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
ttl_attribute_name | The name of the table attribute to store the TTL timestamp in | string | false |
local_secondary_indexes | Describe an LSI on the table; these can only be allocated at creation so you cannot change this definition after you have created the resource. | any | false |
stream_view_type | When an item in the table is modified, StreamViewType determines what information is written to the table's stream. Valid values are KEYS_ONLY, NEW_IMAGE, OLD_IMAGE, NEW_AND_OLD_IMAGES. | string | false |
server_side_encryption_enabled | Whether or not to enable encryption at rest using an AWS managed KMS customer master key (CMK) | bool | false |
autoscaling_enabled | Whether or not to enable autoscaling. See note in README about this setting | bool | false |
attributes | List of nested attribute definitions. Only required for hash_key and range_key attributes. Each attribute has two properties: name - (Required) The name of the attribute, type - (Required) Attribute type, which must be a scalar type: S, N, or B for (S)tring, (N)umber or (B)inary data | list(map(string)) | false |
hash_key | The attribute to use as the hash (partition) key. Must also be defined as an attribute | string | false |
point_in_time_recovery_enabled | Whether to enable point-in-time recovery | bool | false |
autoscaling_read | A map of read autoscaling settings. `max_capacity` is the only required key. See example in examples/autoscaling | map(string) | false |
create_table | Controls if DynamoDB table and associated resources are created | bool | false |
range_key | The attribute to use as the range (sort) key. Must also be defined as an attribute | string | false |
billing_mode | Controls how you are billed for read/write throughput and how you manage capacity. The valid values are PROVISIONED or PAY_PER_REQUEST | string | false |
local_secondary_indexes | Describe an LSI on the table; these can only be allocated at creation so you cannot change this definition after you have created the resource. | any | false |
replica_regions | Region names for creating replicas for a global DynamoDB table. | any | false |
server_side_encryption_enabled | Whether or not to enable encryption at rest using an AWS managed KMS customer master key (CMK) | bool | false |
timeouts | Updated Terraform resource management timeouts | map(string) | false |
autoscaling_write | A map of write autoscaling settings. `max_capacity` is the only required key. See example in examples/autoscaling | map(string) | false |
autoscaling_indexes | A map of index autoscaling configurations. See example in examples/autoscaling | map(map(string)) | false |
create_table | Controls if DynamoDB table and associated resources are created | bool | false |
ttl_attribute_name | The name of the table attribute to store the TTL timestamp in | string | false |
stream_enabled | Indicates whether Streams are to be enabled (true) or disabled (false). | bool | false |
tags | A map of tags to add to all resources | map(string) | false |
autoscaling_defaults | A map of default autoscaling settings | map(string) | false |
attributes | List of nested attribute definitions. Only required for hash_key and range_key attributes. Each attribute has two properties: name - (Required) The name of the attribute, type - (Required) Attribute type, which must be a scalar type: S, N, or B for (S)tring, (N)umber or (B)inary data | list(map(string)) | false |
point_in_time_recovery_enabled | Whether to enable point-in-time recovery | bool | false |
ttl_enabled | Indicates whether ttl is enabled | bool | false |
stream_view_type | When an item in the table is modified, StreamViewType determines what information is written to the table's stream. Valid values are KEYS_ONLY, NEW_IMAGE, OLD_IMAGE, NEW_AND_OLD_IMAGES. | string | false |
autoscaling_read | A map of read autoscaling settings. `max_capacity` is the only required key. See example in examples/autoscaling | map(string) | false |
name | Name of the DynamoDB table | string | false |
hash_key | The attribute to use as the hash (partition) key. Must also be defined as an attribute | string | false |
write_capacity | The number of write units for this table. If the billing_mode is PROVISIONED, this field should be greater than 0 | number | false |
read_capacity | The number of read units for this table. If the billing_mode is PROVISIONED, this field should be greater than 0 | number | false |
server_side_encryption_kms_key_arn | The ARN of the CMK that should be used for the AWS KMS encryption. This attribute should only be specified if the key is different from the default DynamoDB CMK, alias/aws/dynamodb. | string | false |
tags | A map of tags to add to all resources | map(string) | false |
timeouts | Updated Terraform resource management timeouts | map(string) | false |
billing_mode | Controls how you are billed for read/write throughput and how you manage capacity. The valid values are PROVISIONED or PAY_PER_REQUEST | string | false |
ttl_enabled | Indicates whether ttl is enabled | bool | false |
stream_enabled | Indicates whether Streams are to be enabled (true) or disabled (false). | bool | false |
autoscaling_defaults | A map of default autoscaling settings | map(string) | false |
name | Name of the DynamoDB table | string | false |
range_key | The attribute to use as the range (sort) key. Must also be defined as an attribute | string | false |
global_secondary_indexes | Describe a GSI for the table; subject to the normal limits on the number of GSIs, projected attributes, etc. | any | false |
server_side_encryption_kms_key_arn | The ARN of the CMK that should be used for the AWS KMS encryption. This attribute should only be specified if the key is different from the default DynamoDB CMK, alias/aws/dynamodb. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

87
docs/end-user/components/cloud-services/terraform/aws-ec2-instance.md
View File

@ -13,56 +13,57 @@ Terraform module which creates EC2 instance(s) on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
vpc_security_group_ids | A list of security group IDs to associate with | list(string) | false |
network_interface | Customize network interfaces to be attached at instance boot time | list(map(string)) | false |
placement_group | The Placement Group to start the instance in | string | false |
root_block_device | Customize details about the root block device of the instance. See Block Devices below for details | list(any) | false |
ebs_block_device | Additional EBS block devices to attach to the instance | list(map(string)) | false |
enclave_options_enabled | Whether Nitro Enclaves will be enabled on the instance. Defaults to `false` | bool | false |
get_password_data | If true, wait for password data to become available and retrieve it. | bool | false |
ipv6_address_count | A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet | number | false |
tenancy | The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host. | string | false |
enable_volume_tags | Whether to enable volume tags (if enabled it conflicts with root_block_device tags) | bool | false |
spot_price | The maximum price to request on the spot market. Defaults to on-demand price | string | false |
spot_launch_group | A launch group is a group of spot instances that launch together and terminate together. If left empty instances are launched and terminated individually | string | false |
availability_zone | AZ to start the instance in | string | false |
ephemeral_block_device | Customize Ephemeral (also known as Instance Store) volumes on the instance | list(map(string)) | false |
iam_instance_profile | IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile | string | false |
source_dest_check | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. | bool | false |
user_data | The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user_data_base64 instead. | string | false |
user_data_base64 | Can be used instead of user_data to pass base64-encoded binary data directly. Use this instead of user_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. | string | false |
get_password_data | If true, wait for password data to become available and retrieve it. | bool | false |
volume_tags | A mapping of tags to assign to the devices created by the instance at launch time | map(string) | false |
cpu_threads_per_core | Sets the number of CPU threads per core for an instance (has no effect unless cpu_core_count is also set). | number | false |
spot_wait_for_fulfillment | If set, Terraform will wait for the Spot Request to be fulfilled, and will throw an error if the timeout of 10m is reached | bool | false |
disable_api_termination | If true, enables EC2 Instance Termination Protection | bool | false |
instance_type | The type of instance to start | string | false |
private_ip | Private IP address to associate with the instance in a VPC | string | false |
tags | A mapping of tags to assign to the resource | map(string) | false |
spot_type | If set to one-time, after the instance is terminated, the spot request will be closed. Default `persistent` | string | false |
spot_launch_group | A launch group is a group of spot instances that launch together and terminate together. If left empty instances are launched and terminated individually | string | false |
spot_valid_until | The end date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ) | string | false |
subnet_id | The VPC Subnet ID to launch in | string | false |
timeouts | Define maximum timeout for creating, updating, and deleting EC2 instance resources | map(string) | false |
create | Whether to create an instance | bool | false |
ami | ID of AMI to use for the instance | string | false |
instance_initiated_shutdown_behavior | Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instance | string | false |
launch_template | Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template | map(string) | false |
create_spot_instance | Depicts if the instance is a spot instance | bool | false |
ebs_optimized | If true, the launched EC2 instance will be EBS-optimized | bool | false |
monitoring | If true, the launched EC2 instance will have detailed monitoring enabled | bool | false |
secondary_private_ips | A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a `network_interface block` | list(string) | false |
cpu_core_count | Sets the number of CPU cores for an instance. | number | false |
key_name | Key name of the Key Pair to use for the instance; which can be managed using the `aws_key_pair` resource | string | false |
metadata_options | Customize the metadata options of the instance | map(string) | false |
spot_valid_from | The start date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ) | string | false |
associate_public_ip_address | Whether to associate a public IP address with an instance in a VPC | bool | false |
capacity_reservation_specification | Describes an instance's Capacity Reservation targeting option | any | false |
hibernation | If true, the launched EC2 instance will support hibernation | bool | false |
host_id | ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host | string | false |
metadata_options | Customize the metadata options of the instance | map(string) | false |
network_interface | Customize network interfaces to be attached at instance boot time | list(map(string)) | false |
spot_wait_for_fulfillment | If set, Terraform will wait for the Spot Request to be fulfilled, and will throw an error if the timeout of 10m is reached | bool | false |
source_dest_check | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. | bool | false |
tags | A mapping of tags to assign to the resource | map(string) | false |
timeouts | Define maximum timeout for creating, updating, and deleting EC2 instance resources | map(string) | false |
ami | ID of AMI to use for the instance | string | false |
availability_zone | AZ to start the instance in | string | false |
launch_template | Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template | map(string) | false |
monitoring | If true, the launched EC2 instance will have detailed monitoring enabled | bool | false |
spot_block_duration_minutes | The required duration for the Spot instances, in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360) | number | false |
instance_initiated_shutdown_behavior | Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instance | string | false |
private_ip | Private IP address to associate with the instance in a VPC | string | false |
tenancy | The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host. | string | false |
user_data_base64 | Can be used instead of user_data to pass base64-encoded binary data directly. Use this instead of user_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. | string | false |
vpc_security_group_ids | A list of security group IDs to associate with | list(string) | false |
create_spot_instance | Depicts if the instance is a spot instance | bool | false |
spot_price | The maximum price to request on the spot market. Defaults to on-demand price | string | false |
spot_valid_from | The start date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ) | string | false |
create | Whether to create an instance | bool | false |
key_name | Key name of the Key Pair to use for the instance; which can be managed using the `aws_key_pair` resource | string | false |
root_block_device | Customize details about the root block device of the instance. See Block Devices below for details | list(any) | false |
subnet_id | The VPC Subnet ID to launch in | string | false |
putin_khuylo | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | bool | false |
placement_group | The Placement Group to start the instance in | string | false |
secondary_private_ips | A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a `network_interface block` | list(string) | false |
user_data | The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user_data_base64 instead. | string | false |
cpu_credits | The credit option for CPU usage (unlimited or standard) | string | false |
ebs_optimized | If true, the launched EC2 instance will be EBS-optimized | bool | false |
enclave_options_enabled | Whether Nitro Enclaves will be enabled on the instance. Defaults to `false` | bool | false |
hibernation | If true, the launched EC2 instance will support hibernation | bool | false |
spot_type | If set to one-time, after the instance is terminated, the spot request will be closed. Default `persistent` | string | false |
iam_instance_profile | IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile | string | false |
ipv6_address_count | A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet | number | false |
ipv6_addresses | Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface | list(string) | false |
enable_volume_tags | Whether to enable volume tags (if enabled it conflicts with root_block_device tags) | bool | false |
host_id | ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host | string | false |
instance_type | The type of instance to start | string | false |
cpu_core_count | Sets the number of CPU cores for an instance. | number | false |
spot_instance_interruption_behavior | Indicates Spot instance behavior when it is interrupted. Valid values are `terminate`, `stop`, or `hibernate` | string | false |
name | Name to be used on EC2 instance created | string | false |
cpu_credits | The credit option for CPU usage (unlimited or standard) | string | false |
ipv6_addresses | Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface | list(string) | false |
volume_tags | A mapping of tags to assign to the devices created by the instance at launch time | map(string) | false |
associate_public_ip_address | Whether to associate a public IP address with an instance in a VPC | bool | false |
disable_api_termination | If true, enables EC2 Instance Termination Protection | bool | false |
ebs_block_device | Additional EBS block devices to attach to the instance | list(map(string)) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

66
docs/end-user/components/cloud-services/terraform/aws-ecs-container-definition.md
View File

@ -13,48 +13,48 @@ Terraform module to generate well-formed JSON documents (container definitions)
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
links | List of container names this container can communicate with without port mappings | list(string) | false |
docker_labels | The configuration options to send to the `docker_labels` | map(string) | false |
container_memory | The amount of memory (in MiB) to allow the container to use. This is a hard limit, if the container attempts to exceed the container_memory, the container is killed. This field is optional for Fargate launch type and the total amount of container_memory of all containers in a task will need to be lower than the task memory value | number | false |
secrets | The secrets to pass to the container. This is a list of maps | list(object({\n name = string\n valueFrom = string\n })) | false |
readonly_root_filesystem | Determines whether a container is given read-only access to its root filesystem. Due to how Terraform type casts booleans in json it is required to double quote this value | bool | false |
repository_credentials | Container repository credentials; required when using a private repo. This map currently supports a single key; "credentialsParameter", which should be the ARN of a Secrets Manager's secret holding the credentials | map(string) | false |
user | The user to run as inside the container. Can be any of these formats: user, user:group, uid, uid:gid, user:gid, uid:group. The default (null) will use the container's configured `USER` directive or root if not set. | string | false |
start_timeout | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | number | false |
privileged | When this variable is `true`, the container is given elevated privileges on the host container instance (similar to the root user). This parameter is not supported for Windows containers or tasks using the Fargate launch type. | bool | false |
working_directory | The working directory to run commands inside the container | string | false |
linux_parameters | Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more details, see https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LinuxParameters.html | object({\n capabilities = object({\n add = list(string)\n drop = list(string)\n })\n devices = list(object({\n containerPath = string\n hostPath = string\n permissions = list(string)\n }))\n initProcessEnabled = bool\n maxSwap = number\n sharedMemorySize = number\n swappiness = number\n tmpfs = list(object({\n containerPath = string\n mountOptions = list(string)\n size = number\n }))\n }) | false |
ulimits | Container ulimit settings. This is a list of maps, where each map should contain "name", "hardLimit" and "softLimit" | list(object({\n name = string\n hardLimit = number\n softLimit = number\n })) | false |
pseudo_terminal | When this parameter is true, a TTY is allocated. | bool | false |
resource_requirements | The type and amount of a resource to assign to a container. The only supported resource is a GPU. | list(object({\n type = string\n value = string\n })) | false |
port_mappings | The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort | list(object({\n containerPort = number\n hostPort = number\n protocol = string\n })) | false |
extra_hosts | A list of hostnames and IP address mappings to append to the /etc/hosts file on the container. This is a list of maps | list(object({\n ipAddress = string\n hostname = string\n })) | false |
map_secrets | The secrets variables to pass to the container. This is a map of string: {key: value}. map_secrets overrides secrets | map(string) | false |
firelens_configuration | The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more details, see https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_FirelensConfiguration.html | object({\n type = string\n options = map(string)\n }) | false |
dns_servers | Container DNS servers. This is a list of strings specifying the IP addresses of the DNS servers | list(string) | false |
volumes_from | A list of VolumesFrom maps which contain "sourceContainer" (name of the container that has the volumes to mount) and "readOnly" (whether the container can write to the volume) | list(object({\n sourceContainer = string\n readOnly = bool\n })) | false |
hostname | The hostname to use for your container. | string | false |
container_memory_reservation | The amount of memory (in MiB) to reserve for the container. If container needs to exceed this threshold, it can do so up to the set container_memory hard limit | number | false |
healthcheck | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | object({\n command = list(string)\n retries = number\n timeout = number\n interval = number\n startPeriod = number\n }) | false |
pseudo_terminal | When this parameter is true, a TTY is allocated. | bool | false |
extra_hosts | A list of hostnames and IP address mappings to append to the /etc/hosts file on the container. This is a list of maps | list(object({\n ipAddress = string\n hostname = string\n })) | false |
readonly_root_filesystem | Determines whether a container is given read-only access to its root filesystem. Due to how Terraform type casts booleans in json it is required to double quote this value | bool | false |
log_configuration | Log configuration options to send to a custom log driver for the container. For more details, see https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LogConfiguration.html | any | false |
container_name | The name of the container. Up to 255 characters ([a-z], [A-Z], [0-9], -, _ allowed) | string | true |
container_cpu | The number of cpu units to reserve for the container. This is optional for tasks using Fargate launch type and the total amount of container_cpu of all containers in a task will need to be lower than the task-level cpu value | number | false |
container_depends_on | The dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed. The condition can be one of START, COMPLETE, SUCCESS or HEALTHY | list(object({\n containerName = string\n condition = string\n })) | false |
system_controls | A list of namespaced kernel parameters to set in the container, mapping to the --sysctl option to docker run. This is a list of maps: { namespace = "", value = ""} | list(map(string)) | false |
privileged | When this variable is `true`, the container is given elevated privileges on the host container instance (similar to the root user). This parameter is not supported for Windows containers or tasks using the Fargate launch type. | bool | false |
map_secrets | The secrets variables to pass to the container. This is a map of string: {key: value}. map_secrets overrides secrets | map(string) | false |
resource_requirements | The type and amount of a resource to assign to a container. The only supported resource is a GPU. | list(object({\n type = string\n value = string\n })) | false |
disable_networking | When this parameter is true, networking is disabled within the container. | bool | false |
docker_security_options | A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. | list(string) | false |
port_mappings | The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort | list(object({\n containerPort = number\n hostPort = number\n protocol = string\n })) | false |
repository_credentials | Container repository credentials; required when using a private repo. This map currently supports a single key; "credentialsParameter", which should be the ARN of a Secrets Manager's secret holding the credentials | map(string) | false |
docker_labels | The configuration options to send to the `docker_labels` | map(string) | false |
system_controls | A list of namespaced kernel parameters to set in the container, mapping to the --sysctl option to docker run. This is a list of maps: { namespace = "", value = ""} | list(map(string)) | false |
ulimits | Container ulimit settings. This is a list of maps, where each map should contain "name", "hardLimit" and "softLimit" | list(object({\n name = string\n hardLimit = number\n softLimit = number\n })) | false |
start_timeout | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | number | false |
container_definition | Container definition overrides which allows for extra keys or overriding existing keys. | map(any) | false |
environment | The environment variables to pass to the container. This is a list of maps. map_environment overrides environment | list(object({\n name = string\n value = string\n })) | false |
healthcheck | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | object({\n command = list(string)\n retries = number\n timeout = number\n interval = number\n startPeriod = number\n }) | false |
entrypoint | The entry point that is passed to the container | list(string) | false |
working_directory | The working directory to run commands inside the container | string | false |
firelens_configuration | The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more details, see https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_FirelensConfiguration.html | object({\n type = string\n options = map(string)\n }) | false |
dns_search_domains | Container DNS search domains. A list of DNS search domains that are presented to the container | list(string) | false |
user | The user to run as inside the container. Can be any of these formats: user, user:group, uid, uid:gid, user:gid, uid:group. The default (null) will use the container's configured `USER` directive or root if not set. | string | false |
interactive | When this parameter is true, this allows you to deploy containerized applications that require stdin or a tty to be allocated. | bool | false |
docker_security_options | A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. | list(string) | false |
container_name | The name of the container. Up to 255 characters ([a-z], [A-Z], [0-9], -, _ allowed) | string | true |
container_memory | The amount of memory (in MiB) to allow the container to use. This is a hard limit, if the container attempts to exceed the container_memory, the container is killed. This field is optional for Fargate launch type and the total amount of container_memory of all containers in a task will need to be lower than the task memory value | number | false |
environment | The environment variables to pass to the container. This is a list of maps. map_environment overrides environment | list(object({\n name = string\n value = string\n })) | false |
stop_timeout | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | number | false |
volumes_from | A list of VolumesFrom maps which contain "sourceContainer" (name of the container that has the volumes to mount) and "readOnly" (whether the container can write to the volume) | list(object({\n sourceContainer = string\n readOnly = bool\n })) | false |
links | List of container names this container can communicate with without port mappings | list(string) | false |
container_depends_on | The dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed. The condition can be one of START, COMPLETE, SUCCESS or HEALTHY | list(object({\n containerName = string\n condition = string\n })) | false |
container_image | The image used to start the container. Images in the Docker Hub registry available by default | string | true |
container_cpu | The number of cpu units to reserve for the container. This is optional for tasks using Fargate launch type and the total amount of container_cpu of all containers in a task will need to be lower than the task-level cpu value | number | false |
map_environment | The environment variables to pass to the container. This is a map of string: {key: value}. map_environment overrides environment | map(string) | false |
linux_parameters | Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more details, see https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LinuxParameters.html | object({\n capabilities = object({\n add = list(string)\n drop = list(string)\n })\n devices = list(object({\n containerPath = string\n hostPath = string\n permissions = list(string)\n }))\n initProcessEnabled = bool\n maxSwap = number\n sharedMemorySize = number\n swappiness = number\n tmpfs = list(object({\n containerPath = string\n mountOptions = list(string)\n size = number\n }))\n }) | false |
secrets | The secrets to pass to the container. This is a list of maps | list(object({\n name = string\n valueFrom = string\n })) | false |
mount_points | Container mount points. This is a list of maps, where each map should contain `containerPath`, `sourceVolume` and `readOnly` | list(object({\n containerPath = string\n sourceVolume = string\n readOnly = bool\n })) | false |
dns_servers | Container DNS servers. This is a list of strings specifying the IP addresses of the DNS servers | list(string) | false |
container_memory_reservation | The amount of memory (in MiB) to reserve for the container. If container needs to exceed this threshold, it can do so up to the set container_memory hard limit | number | false |
essential | Determines whether all other containers in a task are stopped, if this container fails or stops for any reason. Due to how Terraform type casts booleans in json it is required to double quote this value | bool | false |
command | The command that is passed to the container | list(string) | false |
environment_files | One or more files containing the environment variables to pass to the container. This maps to the --env-file option to docker run. The file must be hosted in Amazon S3. This option is only available to tasks using the EC2 launch type. This is a list of maps | list(object({\n value = string\n type = string\n })) | false |
mount_points | Container mount points. This is a list of maps, where each map should contain `containerPath`, `sourceVolume` and `readOnly` | list(object({\n containerPath = string\n sourceVolume = string\n readOnly = bool\n })) | false |
interactive | When this parameter is true, this allows you to deploy containerized applications that require stdin or a tty to be allocated. | bool | false |
container_image | The image used to start the container. Images in the Docker Hub registry available by default | string | true |
entrypoint | The entry point that is passed to the container | list(string) | false |
map_environment | The environment variables to pass to the container. This is a map of string: {key: value}. map_environment overrides environment | map(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

4
docs/end-user/components/cloud-services/terraform/aws-ecs.md
View File

@ -13,12 +13,12 @@ Terraform module which creates AWS ECS resources
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
capacity_providers | List of short names of one or more capacity providers to associate with the cluster. Valid values also include FARGATE and FARGATE_SPOT. | list(string) | false |
default_capacity_provider_strategy | The capacity provider strategy to use by default for the cluster. Can be one or more. | list(map(any)) | false |
container_insights | Controls if ECS Cluster has container insights enabled | bool | false |
tags | A map of tags to add to ECS Cluster | map(string) | false |
create_ecs | Controls if ECS should be created | bool | false |
name | Name to be used on all the resources as identifier, also the name of the ECS cluster | string | false |
capacity_providers | List of short names of one or more capacity providers to associate with the cluster. Valid values also include FARGATE and FARGATE_SPOT. | list(string) | false |
default_capacity_provider_strategy | The capacity provider strategy to use by default for the cluster. Can be one or more. | list(map(any)) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

32
docs/end-user/components/cloud-services/terraform/aws-eks-cluster-autoscaler.md
View File

@ -13,30 +13,30 @@ AWS Eks-Cluster-Autoscaler
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
helm_create_namespace | Create the namespace if it does not yet exist | bool | false |
argo_sync_policy | ArgoCD syncPolicy manifest parameter | | false |
enabled | Variable indicating whether deployment is enabled | bool | false |
cluster_identity_oidc_issuer | The OIDC Identity issuer for the cluster | string | true |
helm_chart_name | Helm chart name to be installed | string | false |
helm_chart_version | Version of the Helm chart | string | false |
k8s_rbac_create | Whether to create and use RBAC resources | bool | false |
cluster_name | The name of the cluster | string | true |
argo_application_enabled | If set to true, the module will be deployed as ArgoCD application, otherwise it will be deployed as a Helm release | bool | false |
k8s_service_account_create | Whether to create Service Account | bool | false |
argo_project | ArgoCD Application project | string | false |
helm_release_name | Helm release name | string | false |
helm_repo_url | Helm repository | string | false |
argo_application_use_helm | If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See Readme for more info | bool | false |
argo_info | ArgoCD info manifest parameter | | false |
cluster_identity_oidc_issuer_arn | The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service account | string | true |
helm_create_namespace | Create the namespace if it does not yet exist | bool | false |
k8s_namespace | The K8s namespace in which the node-problem-detector service account has been created | string | false |
k8s_irsa_role_create | Whether to create IRSA role and annotate service account | bool | false |
argo_destionation_server | Destination server for ArgoCD Application | string | false |
cluster_name | The name of the cluster | string | true |
k8s_service_account_name | The k8s cluster-autoscaler service account name | | false |
settings | Additional settings which will be passed to the Helm chart values, see https://hub.helm.sh/charts/stable/cluster-autoscaler | map(any) | false |
values | Additional yaml encoded values which will be passed to the Helm chart, see https://hub.helm.sh/charts/stable/cluster-autoscaler | string | false |
enabled | Variable indicating whether deployment is enabled | bool | false |
helm_chart_name | Helm chart name to be installed | string | false |
helm_chart_version | Version of the Helm chart | string | false |
argo_namespace | Namespace to deploy ArgoCD application CRD to | string | false |
argo_application_enabled | If set to true, the module will be deployed as ArgoCD application, otherwise it will be deployed as a Helm release | bool | false |
argo_application_values | Value overrides to use when deploying argo application object with helm | | false |
k8s_service_account_create | Whether to create Service Account | bool | false |
k8s_irsa_role_create | Whether to create IRSA role and annotate service account | bool | false |
argo_application_use_helm | If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See Readme for more info | bool | false |
argo_destionation_server | Destination server for ArgoCD Application | string | false |
argo_project | ArgoCD Application project | string | false |
cluster_identity_oidc_issuer | The OIDC Identity issuer for the cluster | string | true |
cluster_identity_oidc_issuer_arn | The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service account | string | true |
helm_release_name | Helm release name | string | false |
argo_info | ArgoCD info manifest parameter | | false |
argo_sync_policy | ArgoCD syncPolicy manifest parameter | | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

56
docs/end-user/components/cloud-services/terraform/aws-eks-external-dns.md
View File

@ -13,36 +13,36 @@ AWS Eks-External-Dns
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
argo_application_values | Value overrides to use when deploying argo application object with helm | | false |
tags | AWS resources tags | map(string) | false |
k8s_irsa_additional_policies | Map of the additional policies to be attached to default role. Where key is arbiraty id and value is policy arn. | map(string) | false |
argo_namespace | Namespace to deploy ArgoCD application CRD to | string | false |
helm_repo_url | Helm repository | string | false |
k8s_assume_role_enabled | Whether IRSA is allowed to assume role defined by k8s_assume_role_arn. Useful for hosted zones in another AWS account. | bool | false |
policy_allowed_zone_ids | List of the Route53 zone ids for service account IAM role access | list(string) | false |
cluster_identity_oidc_issuer_arn | The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service account | string | true |
helm_chart_name | Helm chart name to be installed | string | false |
k8s_irsa_role_create | Whether to create IRSA role and annotate service account | bool | false |
k8s_irsa_policy_enabled | Whether to create opinionated policy to allow operations on specified zones in `policy_allowed_zone_ids`. | bool | false |
argo_info | ArgoCD info manifest parameter | | false |
enabled | Variable indicating whether deployment is enabled | bool | false |
helm_release_name | Helm release name | string | false |
k8s_irsa_role_name_prefix | The IRSA role name prefix for prometheus | string | false |
k8s_namespace | The K8s namespace in which the external-dns will be installed | string | false |
k8s_service_account_create | Whether to create Service Account | bool | false |
argo_application_enabled | If set to true, the module will be deployed as ArgoCD application, otherwise it will be deployed as a Helm release | bool | false |
argo_application_use_helm | If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See Readme for more info | bool | false |
argo_project | ArgoCD Application project | string | false |
cluster_identity_oidc_issuer | The OIDC Identity issuer for the cluster | string | true |
values | Additional yaml encoded values which will be passed to the Helm chart, see https://hub.helm.sh/charts/bitnami/external-dns | string | false |
argo_sync_policy | ArgoCD syncPolicy manifest parameter | | false |
k8s_rbac_create | Whether to create and use RBAC resources | bool | false |
k8s_service_account_name | The k8s external-dns service account name | | false |
settings | Additional settings which will be passed to the Helm chart values, see https://hub.helm.sh/charts/bitnami/external-dns | map(any) | false |
argo_destionation_server | Destination server for ArgoCD Application | string | false |
helm_chart_version | Version of the Helm chart | string | false |
helm_create_namespace | Whether to create k8s namespace with name defined by `k8s_namespace` | bool | false |
k8s_service_account_create | Whether to create Service Account | bool | false |
k8s_irsa_role_create | Whether to create IRSA role and annotate service account | bool | false |
policy_allowed_zone_ids | List of the Route53 zone ids for service account IAM role access | list(string) | false |
settings | Additional settings which will be passed to the Helm chart values, see https://hub.helm.sh/charts/bitnami/external-dns | map(any) | false |
cluster_identity_oidc_issuer_arn | The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service account | string | true |
k8s_assume_role_arn | Assume role arn. Assume role must be enabled. | | false |
k8s_irsa_policy_enabled | Whether to create opinionated policy to allow operations on specified zones in `policy_allowed_zone_ids`. | bool | false |
argo_application_enabled | If set to true, the module will be deployed as ArgoCD application, otherwise it will be deployed as a Helm release | bool | false |
k8s_irsa_role_name_prefix | The IRSA role name prefix for prometheus | string | false |
k8s_service_account_name | The k8s external-dns service account name | | false |
argo_application_values | Value overrides to use when deploying argo application object with helm | | false |
argo_project | ArgoCD Application project | string | false |
argo_info | ArgoCD info manifest parameter | | false |
k8s_namespace | The K8s namespace in which the external-dns will be installed | string | false |
k8s_rbac_create | Whether to create and use RBAC resources | bool | false |
argo_namespace | Namespace to deploy ArgoCD application CRD to | string | false |
argo_destionation_server | Destination server for ArgoCD Application | string | false |
cluster_identity_oidc_issuer | The OIDC Identity issuer for the cluster | string | true |
argo_application_use_helm | If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See Readme for more info | bool | false |
tags | AWS resources tags | map(string) | false |
k8s_assume_role_enabled | Whether IRSA is allowed to assume role defined by k8s_assume_role_arn. Useful for hosted zones in another AWS account. | bool | false |
values | Additional yaml encoded values which will be passed to the Helm chart, see https://hub.helm.sh/charts/bitnami/external-dns | string | false |
helm_chart_name | Helm chart name to be installed | string | false |
helm_create_namespace | Whether to create k8s namespace with name defined by `k8s_namespace` | bool | false |
k8s_irsa_additional_policies | Map of the additional policies to be attached to default role. Where key is arbiraty id and value is policy arn. | map(string) | false |
argo_sync_policy | ArgoCD syncPolicy manifest parameter | | false |
enabled | Variable indicating whether deployment is enabled | bool | false |
helm_repo_url | Helm repository | string | false |
helm_release_name | Helm release name | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

8
docs/end-user/components/cloud-services/terraform/aws-eks-kube-state-metrics.md
View File

@ -13,15 +13,15 @@ AWS Eks-Kube-State-Metrics
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
settings | Additional settings which will be passed to the Helm chart values, see https://hub.helm.sh/charts/stable/kube-state-metrics | map(any) | false |
values | Additional yaml encoded values which will be passed to the Helm chart. | string | false |
enabled | Variable indicating whether deployment is enabled | bool | false |
helm_release_name | Helm release name | string | false |
helm_repo_url | Helm repository | string | false |
values | Additional yaml encoded values which will be passed to the Helm chart. | string | false |
helm_create_namespace | Create the namespace if it does not yet exist | bool | false |
helm_chart_name | Helm chart name to be installed | string | false |
helm_chart_version | Version of the Helm chart | string | false |
helm_repo_url | Helm repository | string | false |
k8s_namespace | The K8s namespace in which the kube-state-metrics service account has been created | string | false |
enabled | Variable indicating whether deployment is enabled | bool | false |
settings | Additional settings which will be passed to the Helm chart values, see https://hub.helm.sh/charts/stable/kube-state-metrics | map(any) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

22
docs/end-user/components/cloud-services/terraform/aws-eks-node-problem-detector.md
View File

@ -13,23 +13,23 @@ A terraform module to deploy a node problem detector on Amazon EKS cluster
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
settings | Additional settings which will be passed to the Helm chart values, see https://hub.helm.sh/charts/stable/node-problem-detector | map(any) | false |
values | Additional yaml encoded values which will be passed to the Helm chart | string | false |
argo_application_use_helm | If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See Readme for more info | bool | false |
argo_project | ArgoCD Application project | string | false |
enabled | Variable indicating whether deployment is enabled | bool | false |
helm_create_namespace | Create the namespace if it does not yet exist | bool | false |
helm_chart_version | Version of the Helm chart | string | false |
helm_repo_url | Helm repository | string | false |
helm_chart_name | Helm chart name to be installed | string | false |
k8s_namespace | The K8s namespace in which the node-problem-detector service account has been created | string | false |
argo_namespace | Namespace to deploy ArgoCD application CRD to | string | false |
argo_application_use_helm | If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See Readme for more info | bool | false |
argo_destionation_server | Destination server for ArgoCD Application | string | false |
helm_chart_version | Version of the Helm chart | string | false |
helm_release_name | Helm release name | string | false |
argo_project | ArgoCD Application project | string | false |
argo_sync_policy | ArgoCD syncPolicy manifest parameter | | false |
helm_repo_url | Helm repository | string | false |
argo_application_enabled | If set to true, the module will be deployed as ArgoCD application, otherwise it will be deployed as a Helm release | bool | false |
argo_application_values | Value overrides to use when deploying argo application object with helm | | false |
argo_info | ArgoCD info manifest parameter | | false |
enabled | Variable indicating whether deployment is enabled | bool | false |
settings | Additional settings which will be passed to the Helm chart values, see https://hub.helm.sh/charts/stable/node-problem-detector | map(any) | false |
values | Additional yaml encoded values which will be passed to the Helm chart | string | false |
helm_release_name | Helm release name | string | false |
argo_application_enabled | If set to true, the module will be deployed as ArgoCD application, otherwise it will be deployed as a Helm release | bool | false |
argo_destionation_server | Destination server for ArgoCD Application | string | false |
argo_sync_policy | ArgoCD syncPolicy manifest parameter | | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

103
docs/end-user/components/cloud-services/terraform/aws-eks.md
View File

@ -13,60 +13,69 @@ Terraform module to create an Elastic Kubernetes (EKS) cluster and associated wo
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
cluster_security_group_name | Name to use on cluster security group created | string | false |
cluster_name | Name of the EKS cluster | string | false |
cluster_service_ipv4_cidr | The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks | string | false |
iam_role_arn | Existing IAM role ARN for the cluster. Required if `create_iam_role` is set to `false` | string | false |
node_security_group_description | Description of the node security group created | string | false |
subnet_ids | A list of subnet IDs where the EKS cluster (ENIs) will be provisioned along with the nodes/node groups. Node groups can be deployed within a different set of subnet IDs from within the node group configuration | list(string) | false |
cloudwatch_log_group_kms_key_id | If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) | string | false |
node_security_group_use_name_prefix | Determines whether node security group name (`node_security_group_name`) is used as a prefix | string | false |
cluster_security_group_tags | A map of additional tags to add to the cluster security group created | map(string) | false |
cluster_ip_family | The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created | string | false |
cluster_security_group_description | Description of the cluster security group created | string | false |
cluster_identity_providers | Map of cluster identity provider configurations to enable for the cluster. Note - this is different/separate from IRSA | any | false |
fargate_profiles | Map of Fargate Profile definitions to create | any | false |
self_managed_node_groups | Map of self-managed node group definitions to create | any | false |
vpc_id | ID of the VPC where the cluster and its nodes will be provisioned | string | false |
node_security_group_name | Name to use on node security group created | string | false |
cluster_additional_security_group_ids | List of additional, externally created security group IDs to attach to the cluster control plane | list(string) | false |
cluster_tags | A map of additional tags to add to the cluster | map(string) | false |
iam_role_description | Description of the role | string | false |
iam_role_additional_policies | Additional policies to be added to the IAM role | list(string) | false |
iam_role_path | Cluster IAM role path | string | false |
cluster_encryption_config | Configuration block with encryption configuration for the cluster | list(object({\n provider_key_arn = string\n resources = list(string)\n })) | false |
cloudwatch_log_group_retention_in_days | Number of days to retain log events. Default retention - 90 days | number | false |
node_security_group_additional_rules | List of additional security group rules to add to the node security group created. Set `source_cluster_security_group = true` inside rules to set the `cluster_security_group` as source | any | false |
cluster_enabled_log_types | A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | list(string) | false |
cluster_endpoint_public_access | Indicates whether or not the Amazon EKS public API server endpoint is enabled | bool | false |
iam_role_permissions_boundary | ARN of the policy that is used to set the permissions boundary for the IAM role | string | false |
create_cluster_security_group | Determines if a security group is created for the cluster or use the existing `cluster_security_group_id` | bool | false |
tags | A map of tags to add to all resources | map(string) | false |
cluster_endpoint_public_access_cidrs | List of CIDR blocks which can access the Amazon EKS public API server endpoint | list(string) | false |
cluster_security_group_use_name_prefix | Determines whether cluster security group name (`cluster_security_group_name`) is used as a prefix | string | false |
iam_role_tags | A map of additional tags to add to the IAM role created | map(string) | false |
eks_managed_node_groups | Map of EKS managed node group definitions to create | any | false |
eks_managed_node_group_defaults | Map of EKS managed node group default configurations | any | false |
create_cni_ipv6_iam_policy | Determines whether to create an [`AmazonEKS_CNI_IPv6_Policy`](https://docs.aws.amazon.com/eks/latest/userguide/cni-iam-role.html#cni-iam-role-create-ipv6-policy) | bool | false |
create_node_security_group | Determines whether to create a security group for the node groups or use the existing `node_security_group_id` | bool | false |
iam_role_description | Description of the role | string | false |
iam_role_tags | A map of additional tags to add to the IAM role created | map(string) | false |
fargate_profiles | Map of Fargate Profile definitions to create | any | false |
cluster_endpoint_private_access | Indicates whether or not the Amazon EKS private API server endpoint is enabled | bool | false |
cluster_endpoint_public_access | Indicates whether or not the Amazon EKS public API server endpoint is enabled | bool | false |
cloudwatch_log_group_kms_key_id | If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) | string | false |
create_iam_role | Determines whether a an IAM role is created or to use an existing IAM role | bool | false |
cluster_additional_security_group_ids | List of additional, externally created security group IDs to attach to the cluster control plane | list(string) | false |
node_security_group_tags | A map of additional tags to add to the node security group created | map(string) | false |
eks_managed_node_groups | Map of EKS managed node group definitions to create | any | false |
cluster_encryption_config | Configuration block with encryption configuration for the cluster | list(object({\n provider_key_arn = string\n resources = list(string)\n })) | false |
vpc_id | ID of the VPC where the cluster and its nodes will be provisioned | string | false |
cluster_encryption_policy_tags | A map of additional tags to add to the cluster encryption policy created | map(string) | false |
cluster_identity_providers | Map of cluster identity provider configurations to enable for the cluster. Note - this is different/separate from IRSA | any | false |
tags | A map of tags to add to all resources | map(string) | false |
cluster_security_group_additional_rules | List of additional security group rules to add to the cluster security group created. Set `source_node_security_group = true` inside rules to set the `node_security_group` as source | any | false |
create_cni_ipv6_iam_policy | Determines whether to create an [`AmazonEKS_CNI_IPv6_Policy`](https://docs.aws.amazon.com/eks/latest/userguide/cni-iam-role.html#cni-iam-role-create-ipv6-policy) | bool | false |
fargate_profile_defaults | Map of Fargate Profile default configurations | any | false |
cluster_encryption_policy_path | Cluster encryption policy path | string | false |
self_managed_node_group_defaults | Map of self-managed node group default configurations | any | false |
cluster_security_group_use_name_prefix | Determines whether cluster security group name (`cluster_security_group_name`) is used as a prefix | string | false |
node_security_group_description | Description of the node security group created | string | false |
openid_connect_audiences | List of OpenID Connect audience client IDs to add to the IRSA provider | list(string) | false |
iam_role_permissions_boundary | ARN of the policy that is used to set the permissions boundary for the IAM role | string | false |
cluster_enabled_log_types | A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | list(string) | false |
subnet_ids | A list of subnet IDs where the EKS cluster (ENIs) will be provisioned along with the nodes/node groups. Node groups can be deployed within a different set of subnet IDs from within the node group configuration | list(string) | false |
cluster_endpoint_public_access_cidrs | List of CIDR blocks which can access the Amazon EKS public API server endpoint | list(string) | false |
create_cloudwatch_log_group | Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled | bool | false |
iam_role_arn | Existing IAM role ARN for the cluster. Required if `create_iam_role` is set to `false` | string | false |
cluster_encryption_policy_name | Name to use on cluster encryption policy created | string | false |
create | Controls if EKS resources should be created (affects nearly all resources) | bool | false |
cluster_timeouts | Create, update, and delete timeout configurations for the cluster | map(string) | false |
prefix_separator | The separator to use between the prefix and the generated timestamp for resource names | string | false |
self_managed_node_group_defaults | Map of self-managed node group default configurations | any | false |
cluster_endpoint_private_access | Indicates whether or not the Amazon EKS private API server endpoint is enabled | bool | false |
create_iam_role | Determines whether a an IAM role is created or to use an existing IAM role | bool | false |
iam_role_use_name_prefix | Determines whether the IAM role name (`iam_role_name`) is used as a prefix | string | false |
fargate_profile_defaults | Map of Fargate Profile default configurations | any | false |
create_cloudwatch_log_group | Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled | bool | false |
node_security_group_additional_rules | List of additional security group rules to add to the node security group created. Set `source_cluster_security_group = true` inside rules to set the `cluster_security_group` as source | any | false |
custom_oidc_thumbprints | Additional list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s) | list(string) | false |
cluster_name | Name of the EKS cluster | string | false |
cloudwatch_log_group_retention_in_days | Number of days to retain log events. Default retention - 90 days | number | false |
node_security_group_use_name_prefix | Determines whether node security group name (`node_security_group_name`) is used as a prefix | string | false |
eks_managed_node_group_defaults | Map of EKS managed node group default configurations | any | false |
cluster_iam_role_dns_suffix | Base DNS domain name for the current partition (e.g., amazonaws.com in AWS Commercial, amazonaws.com.cn in AWS China) | string | false |
self_managed_node_groups | Map of self-managed node group definitions to create | any | false |
putin_khuylo | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | bool | false |
cluster_ip_family | The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created | string | false |
cluster_tags | A map of additional tags to add to the cluster | map(string) | false |
cluster_security_group_id | Existing security group ID to be attached to the cluster. Required if `create_cluster_security_group` = `false` | string | false |
enable_irsa | Determines whether to create an OpenID Connect Provider for EKS to enable IRSA | bool | false |
cluster_addons | Map of cluster addon configurations to enable for the cluster. Addon name can be the map keys or set with `name` | any | false |
iam_role_name | Name to use on IAM role created | string | false |
iam_role_additional_policies | Additional policies to be added to the IAM role | list(string) | false |
cluster_security_group_tags | A map of additional tags to add to the cluster security group created | map(string) | false |
cluster_version | Kubernetes `<major>.<minor>` version to use for the EKS cluster (i.e.: `1.21`) | string | false |
cluster_security_group_additional_rules | List of additional security group rules to add to the cluster security group created. Set `source_node_security_group = true` inside rules to set the `node_security_group` as source | any | false |
cluster_addons | Map of cluster addon configurations to enable for the cluster. Addon name can be the map keys or set with `name` | any | false |
attach_cluster_encryption_policy | Indicates whether or not to attach an additional policy for the cluster IAM role to utilize the encryption key provided | bool | false |
node_security_group_id | ID of an existing security group to attach to the node groups created | string | false |
node_security_group_tags | A map of additional tags to add to the node security group created | map(string) | false |
iam_role_path | Cluster IAM role path | string | false |
cluster_encryption_policy_use_name_prefix | Determines whether cluster encryption policy name (`cluster_encryption_policy_name`) is used as a prefix | string | false |
iam_role_name | Name to use on IAM role created | string | false |
cluster_encryption_policy_description | Description of the cluster encryption policy created | string | false |
prefix_separator | The separator to use between the prefix and the generated timestamp for resource names | string | false |
create_cluster_security_group | Determines if a security group is created for the cluster or use the existing `cluster_security_group_id` | bool | false |
cluster_security_group_description | Description of the cluster security group created | string | false |
iam_role_use_name_prefix | Determines whether the IAM role name (`iam_role_name`) is used as a prefix | string | false |
cluster_service_ipv4_cidr | The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks | string | false |
cluster_security_group_name | Name to use on cluster security group created | string | false |
node_security_group_name | Name to use on node security group created | string | false |
enable_irsa | Determines whether to create an OpenID Connect Provider for EKS to enable IRSA | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

52
docs/end-user/components/cloud-services/terraform/aws-elasticache-redis.md
View File

@ -13,41 +13,41 @@ Terraform module to provision an ElastiCache Redis Cluster
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
parameter | A list of Redis parameters to apply. Note that parameters may differ from one Redis family to another | list(object({\n name = string\n value = string\n })) | false |
automatic_failover_enabled | Automatic failover (Not available for T1/T2 instances) | bool | false |
availability_zones | Availability zone IDs | list(string) | false |
auth_token | Auth token for password protecting redis, `transit_encryption_enabled` must be set to `true`. Password must be longer than 16 chars | string | false |
zone_id | Route53 DNS Zone ID as list of string (0 or 1 items). If empty, no custom DNS name will be published.\nIf the list contains a single Zone ID, a custom DNS name will be pulished in that zone.\nCan also be a plain string, but that use is DEPRECATED because of Terraform issues.\n | any | false |
dns_subdomain | The subdomain to use for the CNAME record. If not provided then the CNAME record will use var.name. | string | false |
subnets | Subnet IDs | list(string) | false |
maintenance_window | Maintenance window | string | false |
family | Redis family | string | false |
instance_type | Elastic cache instance type | string | false |
notification_topic_arn | Notification topic arn | string | false |
alarm_memory_threshold_bytes | Ram threshold alarm level | number | false |
ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Number (ARN) | list(string) | false |
apply_immediately | Apply changes immediately | bool | false |
snapshot_arns | A single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. Example: arn:aws:s3:::my_bucket/snapshot1.rdb | list(string) | false |
alarm_cpu_threshold_percent | CPU threshold alarm level | number | false |
alarm_actions | Alarm action list | list(string) | false |
replication_group_id | Replication group ID with the following constraints: \nA name must contain from 1 to 20 alphanumeric characters or hyphens. \n The first character must be a letter. \n A name cannot end with a hyphen or contain two consecutive hyphens. | string | false |
cluster_mode_replicas_per_node_group | Number of replica nodes in each node group. Valid values are 0 to 5. Changing this number will force a new resource | number | false |
engine_version | Redis engine version | string | false |
at_rest_encryption_enabled | Enable encryption at rest | bool | false |
transit_encryption_enabled | Set `true` to enable encryption in transit. Forced `true` if `var.auth_token` is set.\nIf this is enabled, use the [following guide](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html#connect-tls) to access redis.\n | bool | false |
kms_key_id | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. `at_rest_encryption_enabled` must be set to `true` | string | false |
snapshot_retention_limit | The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. | number | false |
cloudwatch_metric_alarms_enabled | Boolean flag to enable/disable CloudWatch metrics alarms | bool | false |
cluster_mode_num_node_groups | Number of node groups (shards) for this Redis replication group. Changing this number will trigger an online resizing operation before other settings modifications | number | false |
vpc_id | VPC ID | string | true |
cluster_size | Number of nodes in cluster. *Ignored when `cluster_mode_enabled` == `true`* | number | false |
instance_type | Elastic cache instance type | string | false |
alarm_memory_threshold_bytes | Ram threshold alarm level | number | false |
auth_token | Auth token for password protecting redis, `transit_encryption_enabled` must be set to `true`. Password must be longer than 16 chars | string | false |
snapshot_name | The name of a snapshot from which to restore data into the new node group. Changing the snapshot_name forces a new resource. | string | false |
snapshot_window | The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. | string | false |
elasticache_subnet_group_name | Subnet group name for the ElastiCache instance | string | false |
port | Redis port | number | false |
ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Number (ARN) | list(string) | false |
notification_topic_arn | Notification topic arn | string | false |
multi_az_enabled | Multi AZ (Automatic Failover must also be enabled. If Cluster Mode is enabled, Multi AZ is on by default, and this setting is ignored) | bool | false |
dns_subdomain | The subdomain to use for the CNAME record. If not provided then the CNAME record will use var.name. | string | false |
snapshot_retention_limit | The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. | number | false |
cluster_size | Number of nodes in cluster. *Ignored when `cluster_mode_enabled` == `true`* | number | false |
automatic_failover_enabled | Automatic failover (Not available for T1/T2 instances) | bool | false |
alarm_cpu_threshold_percent | CPU threshold alarm level | number | false |
maintenance_window | Maintenance window | string | false |
engine_version | Redis engine version | string | false |
availability_zones | Availability zone IDs | list(string) | false |
kms_key_id | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. `at_rest_encryption_enabled` must be set to `true` | string | false |
snapshot_name | The name of a snapshot from which to restore data into the new node group. Changing the snapshot_name forces a new resource. | string | false |
snapshot_window | The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. | string | false |
parameter | A list of Redis parameters to apply. Note that parameters may differ from one Redis family to another | list(object({\n name = string\n value = string\n })) | false |
at_rest_encryption_enabled | Enable encryption at rest | bool | false |
transit_encryption_enabled | Set `true` to enable encryption in transit. Forced `true` if `var.auth_token` is set.\nIf this is enabled, use the [following guide](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html#connect-tls) to access redis.\n | bool | false |
alarm_actions | Alarm action list | list(string) | false |
final_snapshot_identifier | The name of your final node group (shard) snapshot. ElastiCache creates the snapshot from the primary node in the cluster. If omitted, no final snapshot will be made. | string | false |
cluster_mode_enabled | Flag to enable/disable creation of a native redis cluster. `automatic_failover_enabled` must be set to `true`. Only 1 `cluster_mode` block is allowed | bool | false |
cluster_mode_replicas_per_node_group | Number of replica nodes in each node group. Valid values are 0 to 5. Changing this number will force a new resource | number | false |
cluster_mode_num_node_groups | Number of node groups (shards) for this Redis replication group. Changing this number will trigger an online resizing operation before other settings modifications | number | false |
vpc_id | VPC ID | string | true |
family | Redis family | string | false |
cloudwatch_metric_alarms_enabled | Boolean flag to enable/disable CloudWatch metrics alarms | bool | false |
replication_group_id | Replication group ID with the following constraints: \nA name must contain from 1 to 20 alphanumeric characters or hyphens. \n The first character must be a letter. \n A name cannot end with a hyphen or contain two consecutive hyphens. | string | false |
parameter_group_description | Managed by Terraform | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

18
docs/end-user/components/cloud-services/terraform/aws-elb.md
View File

@ -13,19 +13,19 @@ Terraform module which creates ELB resources on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
subnets | A list of subnet IDs to attach to the ELB | list(string) | true |
cross_zone_load_balancing | Enable cross-zone load balancing | bool | false |
health_check | A health check block | map(string) | true |
create_elb | Create the elb or not | bool | false |
security_groups | A list of security group IDs to assign to the ELB | list(string) | true |
number_of_instances | Number of instances to attach to ELB | number | false |
name_prefix | The prefix name of the ELB | string | false |
internal | If true, ELB will be an internal ELB | bool | false |
connection_draining | Boolean to enable connection draining | bool | false |
tags | A mapping of tags to assign to the resource | map(string) | false |
listener | A list of listener blocks | list(map(string)) | true |
name | The name of the ELB | string | false |
security_groups | A list of security group IDs to assign to the ELB | list(string) | true |
health_check | A health check block | map(string) | true |
number_of_instances | Number of instances to attach to ELB | number | false |
name_prefix | The prefix name of the ELB | string | false |
idle_timeout | The time in seconds that the connection is allowed to be idle | number | false |
connection_draining | Boolean to enable connection draining | bool | false |
tags | A mapping of tags to assign to the resource | map(string) | false |
create_elb | Create the elb or not | bool | false |
subnets | A list of subnet IDs to attach to the ELB | list(string) | true |
cross_zone_load_balancing | Enable cross-zone load balancing | bool | false |
connection_draining_timeout | The time in seconds to allow for connections to drain | number | false |
access_logs | An access logs block | map(string) | false |
instances | List of instances ID to place in the ELB pool | list(string) | false |

102
docs/end-user/components/cloud-services/terraform/aws-emr.md Normal file
View File

@ -0,0 +1,102 @@
---
title: AWS EMR
---
## Description
Terraform module which creates EMR on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
keep_job_flow_alive_when_no_steps | Switch on/off run cluster with no steps or when all steps are complete | bool | false |
ec2_autoscaling_role_enabled | If set to `false`, will use `existing_ec2_autoscaling_role_arn` for an existing EC2 autoscaling IAM role that was created outside of this module | bool | false |
existing_ec2_instance_profile_arn | ARN of an existing EC2 instance profile | string | false |
core_instance_group_autoscaling_policy | String containing the EMR Auto Scaling Policy JSON for the Core instance group | string | false |
task_instance_group_autoscaling_policy | String containing the EMR Auto Scaling Policy JSON for the Task instance group | string | false |
master_allowed_security_groups | List of security groups to be allowed to connect to the master instances | list(string) | false |
custom_ami_id | A custom Amazon Linux AMI for the cluster (instead of an EMR-owned AMI). Available in Amazon EMR version 5.7.0 and later | string | false |
master_instance_group_instance_count | Target number of instances for the Master instance group. Must be at least 1 | number | false |
task_instance_group_bid_price | Bid price for each EC2 instance in the Task instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances | string | false |
kerberos_kdc_admin_password | The password used within the cluster for the kadmin service on the cluster-dedicated KDC, which maintains Kerberos principals, password policies, and keytabs for the cluster. Terraform cannot perform drift detection of this configuration. | string | false |
ec2_role_permissions_boundary | The Permissions Boundary ARN to apply to the EC2 Role. | string | false |
ec2_autoscaling_role_permissions_boundary | The Permissions Boundary ARN to apply to the EC2 Autoscaling Role. | string | false |
step_concurrency_level | The number of steps that can be executed concurrently. You can specify a maximum of 256 steps. Only valid for EMR clusters with release_label 5.28.0 or greater. | number | false |
use_existing_additional_slave_security_group | If set to `true`, will use variable `additional_slave_security_group` using an existing security group that was created outside of this module | bool | false |
slave_allowed_cidr_blocks | List of CIDR blocks to be allowed to access the slave instances | list(string) | false |
existing_ec2_autoscaling_role_arn | ARN of an existing EC2 autoscaling role to attach to the cluster | string | false |
additional_info | A JSON string for selecting additional features such as adding proxy information. Note: Currently there is no API to retrieve the value of this argument after EMR cluster creation from provider, therefore Terraform cannot detect drift from the actual EMR cluster if its value is changed outside Terraform | string | false |
create_task_instance_group | Whether to create an instance group for Task nodes. For more info: https://www.terraform.io/docs/providers/aws/r/emr_instance_group.html, https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-master-core-task-nodes.html | bool | false |
task_instance_group_instance_count | Target number of instances for the Task instance group. Must be at least 1 | number | false |
zone_id | Route53 parent zone ID. If provided (not empty), the module will create sub-domain DNS records for the masters and slaves | string | false |
service_role_enabled | If set to `false`, will use `existing_service_role_arn` for an existing IAM role that was created outside of this module | bool | false |
core_instance_group_ebs_size | Core instances volume size, in gibibytes (GiB) | number | true |
core_instance_group_ebs_type | Core instances volume type. Valid options are `gp2`, `io1`, `standard` and `st1` | string | false |
master_instance_group_ebs_size | Master instances volume size, in gibibytes (GiB) | number | true |
master_instance_group_ebs_volumes_per_instance | The number of EBS volumes with this configuration to attach to each EC2 instance in the Master instance group | number | false |
task_instance_group_ebs_iops | The number of I/O operations per second (IOPS) that the Task volume supports | number | false |
steps | List of steps to run when creating the cluster. | list(object({\n name = string\n action_on_failure = string\n hadoop_jar_step = object({\n args = list(string)\n jar = string\n main_class = string\n properties = map(string)\n })\n })) | false |
managed_master_security_group | The name of the existing managed security group that will be used for EMR master node. If empty, a new security group will be created | string | false |
subnet_id | VPC subnet ID where you want the job flow to launch. Cannot specify the `cc1.4xlarge` instance type for nodes of a job flow launched in a Amazon VPC | string | true |
task_instance_group_instance_type | EC2 instance type for all instances in the Task instance group | string | false |
use_existing_managed_slave_security_group | If set to `true`, will use variable `managed_slave_security_group` using an existing security group that was created outside of this module | bool | false |
task_instance_group_ebs_optimized | Indicates whether an Amazon EBS volume in the Task instance group is EBS-optimized. Changing this forces a new resource to be created | bool | false |
kerberos_realm | The name of the Kerberos realm to which all nodes in a cluster belong. For example, EC2.INTERNAL | string | false |
configurations_json | A JSON string for supplying list of configurations for the EMR cluster. See https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-configure-apps.html for more details | string | false |
master_allowed_cidr_blocks | List of CIDR blocks to be allowed to access the master instances | list(string) | false |
ec2_role_enabled | If set to `false`, will use `existing_ec2_instance_profile_arn` for an existing EC2 IAM role that was created outside of this module | bool | false |
master_instance_group_bid_price | Bid price for each EC2 instance in the Master instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances | string | false |
managed_slave_security_group | The name of the existing managed security group that will be used for EMR core & task nodes. If empty, a new security group will be created | string | false |
use_existing_service_access_security_group | If set to `true`, will use variable `service_access_security_group` using an existing security group that was created outside of this module | bool | false |
slave_allowed_security_groups | List of security groups to be allowed to connect to the slave instances | list(string) | false |
ebs_root_volume_size | Size in GiB of the EBS root device volume of the Linux AMI that is used for each EC2 instance. Available in Amazon EMR version 4.x and later | number | false |
applications | A list of applications for the cluster. Valid values are: Flink, Ganglia, Hadoop, HBase, HCatalog, Hive, Hue, JupyterHub, Livy, Mahout, MXNet, Oozie, Phoenix, Pig, Presto, Spark, Sqoop, TensorFlow, Tez, Zeppelin, and ZooKeeper (as of EMR 5.25.0). Case insensitive | list(string) | true |
kerberos_enabled | Set to true if EMR cluster will use kerberos_attributes | bool | false |
use_existing_additional_master_security_group | If set to `true`, will use variable `additional_master_security_group` using an existing security group that was created outside of this module | bool | false |
master_instance_group_ebs_type | Master instances volume type. Valid options are `gp2`, `io1`, `standard` and `st1` | string | false |
bootstrap_action | List of bootstrap actions that will be run before Hadoop is started on the cluster nodes | list(object({\n path = string\n name = string\n args = list(string)\n })) | false |
kerberos_ad_domain_join_user | Required only when establishing a cross-realm trust with an Active Directory domain. A user with sufficient privileges to join resources to the domain. Terraform cannot perform drift detection of this configuration. | string | false |
kerberos_cross_realm_trust_principal_password | Required only when establishing a cross-realm trust with a KDC in a different realm. The cross-realm principal password, which must be identical across realms. Terraform cannot perform drift detection of this configuration. | string | false |
region | AWS region | string | true |
route_table_id | Route table ID for the VPC S3 Endpoint when launching the EMR cluster in a private subnet. Required when `subnet_type` is `private` | string | false |
core_instance_group_ebs_iops | The number of I/O operations per second (IOPS) that the Core volume supports | number | false |
master_instance_group_instance_type | EC2 instance type for all instances in the Master instance group | string | true |
security_configuration | The security configuration name to attach to the EMR cluster. Only valid for EMR clusters with `release_label` 4.8.0 or greater. See https://www.terraform.io/docs/providers/aws/r/emr_security_configuration.html for more info | string | false |
task_instance_group_ebs_size | Task instances volume size, in gibibytes (GiB) | number | false |
task_instance_group_ebs_type | Task instances volume type. Valid options are `gp2`, `io1`, `standard` and `st1` | string | false |
emr_role_permissions_boundary | The Permissions Boundary ARN to apply to the EMR Role. | string | false |
additional_slave_security_group | The name of the existing additional security group that will be used for EMR core & task nodes. If empty, a new security group will be created | string | false |
visible_to_all_users | Whether the job flow is visible to all IAM users of the AWS account associated with the job flow | bool | false |
create_vpc_endpoint_s3 | Set to false to prevent the module from creating VPC S3 Endpoint | bool | false |
core_instance_group_instance_count | Target number of instances for the Core instance group. Must be at least 1 | number | false |
core_instance_group_instance_type | EC2 instance type for all instances in the Core instance group | string | true |
existing_service_role_arn | ARN of an existing EMR service role to attach to the cluster | string | false |
additional_master_security_group | The name of the existing additional security group that will be used for EMR master node. If empty, a new security group will be created | string | false |
subnet_type | Type of VPC subnet ID where you want the job flow to launch. Supported values are `private` or `public` | string | false |
use_existing_managed_master_security_group | If set to `true`, will use variable `managed_master_security_group` using an existing security group that was created outside of this module | bool | false |
vpc_id | VPC ID to create the cluster in (e.g. `vpc-a22222ee`) | string | true |
termination_protection | Switch on/off termination protection (default is false, except when using multiple master nodes). Before attempting to destroy the resource when termination protection is enabled, this configuration must be applied with its value set to false | bool | false |
release_label | The release label for the Amazon EMR release. https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-release-5x.html | string | false |
key_name | Amazon EC2 key pair that can be used to ssh to the master node as the user called `hadoop` | string | false |
log_uri | The path to the Amazon S3 location where logs for this cluster are stored | string | false |
master_instance_group_ebs_iops | The number of I/O operations per second (IOPS) that the Master volume supports | number | false |
scale_down_behavior | The way that individual Amazon EC2 instances terminate when an automatic scale-in activity occurs or an instance group is resized | string | false |
service_access_security_group | The name of the existing additional security group that will be used for EMR core & task nodes. If empty, a new security group will be created | string | false |
kerberos_ad_domain_join_password | The Active Directory password for ad_domain_join_user. Terraform cannot perform drift detection of this configuration. | string | false |
core_instance_group_ebs_volumes_per_instance | The number of EBS volumes with this configuration to attach to each EC2 instance in the Core instance group | number | false |
core_instance_group_bid_price | Bid price for each EC2 instance in the Core instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances | string | false |
task_instance_group_ebs_volumes_per_instance | The number of EBS volumes with this configuration to attach to each EC2 instance in the Task instance group | number | false |
master_dns_name | Name of the cluster CNAME record to create in the parent DNS zone specified by `zone_id`. If left empty, the name will be auto-asigned using the format `emr-master-var.name` | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

4
docs/end-user/components/cloud-services/terraform/aws-guardduty.md
View File

@ -13,12 +13,12 @@ Terraform module to provision AWS Guard Duty
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
cloudwatch_event_rule_pattern_detail_type | The detail-type pattern used to match events that will be sent to SNS.\n\nFor more information, see:\nhttps://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEventsandEventPatterns.html\nhttps://docs.aws.amazon.com/eventbridge/latest/userguide/event-types.html\nhttps://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html\n | string | false |
create_sns_topic | Flag to indicate whether an SNS topic should be created for notifications.\nIf you want to send findings to a new SNS topic, set this to true and provide a valid configuration for subscribers.\n | bool | false |
subscribers | A map of subscription configurations for SNS topics\n\nFor more information, see:\nhttps://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription#argument-reference\n\nprotocol:\n The protocol to use. The possible values for this are: sqs, sms, lambda, application. (http or https are partially\n supported, see link) (email is an option but is unsupported in terraform, see link).\nendpoint:\n The endpoint to send data to, the contents will vary with the protocol. (see link for more information)\nendpoint_auto_confirms:\n Boolean indicating whether the end point is capable of auto confirming subscription e.g., PagerDuty. Default is\n false\nraw_message_delivery:\n Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property).\n Default is false\n | map(object({\n protocol = string\n endpoint = string\n endpoint_auto_confirms = bool\n raw_message_delivery = bool\n })) | false |
findings_notification_arn | The ARN for an SNS topic to send findings notifications to. This is only used if create_sns_topic is false.\nIf you want to send findings to an existing SNS topic, set the value of this to the ARN of the existing topic and set\ncreate_sns_topic to false.\n | string | false |
finding_publishing_frequency | The frequency of notifications sent for finding occurrences. If the detector is a GuardDuty member account, the value\nis determined by the GuardDuty master account and cannot be modified, otherwise it defaults to SIX_HOURS.\n\nFor standalone and GuardDuty master accounts, it must be configured in Terraform to enable drift detection.\nValid values for standalone and master accounts: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS."\n\nFor more information, see:\nhttps://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html#guardduty_findings_cloudwatch_notification_frequency\n | string | false |
enable_cloudwatch | Flag to indicate whether an CloudWatch logging should be enabled for GuardDuty\n | bool | false |
cloudwatch_event_rule_pattern_detail_type | The detail-type pattern used to match events that will be sent to SNS.\n\nFor more information, see:\nhttps://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEventsandEventPatterns.html\nhttps://docs.aws.amazon.com/eventbridge/latest/userguide/event-types.html\nhttps://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html\n | string | false |
create_sns_topic | Flag to indicate whether an SNS topic should be created for notifications.\nIf you want to send findings to a new SNS topic, set this to true and provide a valid configuration for subscribers.\n | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

12
docs/end-user/components/cloud-services/terraform/aws-iam-account.md
View File

@ -13,18 +13,18 @@ Terraform module which creates IAM resources on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
create_account_password_policy | Whether to create AWS IAM account password policy | bool | false |
minimum_password_length | Minimum length to require for user passwords | number | false |
require_lowercase_characters | Whether to require lowercase characters for user passwords | bool | false |
require_uppercase_characters | Whether to require uppercase characters for user passwords | bool | false |
require_numbers | Whether to require numbers for user passwords | bool | false |
account_alias | AWS IAM account alias for this account | string | true |
max_password_age | The number of days that an user password is valid. | number | false |
minimum_password_length | Minimum length to require for user passwords | number | false |
allow_users_to_change_password | Whether to allow users to change their own password | bool | false |
hard_expiry | Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset) | bool | false |
require_lowercase_characters | Whether to require lowercase characters for user passwords | bool | false |
password_reuse_prevention | The number of previous passwords that users are prevented from reusing | number | false |
require_uppercase_characters | Whether to require uppercase characters for user passwords | bool | false |
require_symbols | Whether to require symbols for user passwords | bool | false |
get_caller_identity | Whether to get AWS account ID, User ID, and ARN in which Terraform is authorized | bool | false |
account_alias | AWS IAM account alias for this account | string | true |
create_account_password_policy | Whether to create AWS IAM account password policy | bool | false |
hard_expiry | Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset) | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

14
docs/end-user/components/cloud-services/terraform/aws-iam-assumable-role-with-oidc.md
View File

@ -13,23 +13,23 @@ Terraform module which creates IAM resources on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
role_description | IAM Role description | string | false |
number_of_role_policy_arns | Number of IAM policies to attach to IAM role | number | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
oidc_subjects_with_wildcards | The OIDC subject using wildcards to be added to the role policy | set(string) | false |
aws_account_id | The AWS account ID where the OIDC provider lives, leave empty to use the account for the AWS provider | string | false |
tags | A map of tags to add to IAM role resources | map(string) | false |
oidc_fully_qualified_subjects | The fully qualified OIDC subjects to be added to the role policy | set(string) | false |
role_path | Path of IAM role | string | false |
role_permissions_boundary_arn | Permissions boundary ARN to use for IAM role | string | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
number_of_role_policy_arns | Number of IAM policies to attach to IAM role | number | false |
oidc_subjects_with_wildcards | The OIDC subject using wildcards to be added to the role policy | set(string) | false |
role_description | IAM Role description | string | false |
role_policy_arns | List of ARNs of IAM policies to attach to IAM role | list(string) | false |
oidc_fully_qualified_audiences | The audience to be added to the role policy. Set to sts.amazonaws.com for cross-account assumable role. Leave empty otherwise. | set(string) | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
create_role | Whether to create a role | bool | false |
provider_url | URL of the OIDC Provider. Use provider_urls to specify several URLs. | string | false |
provider_urls | List of URLs of the OIDC Providers | list(string) | false |
role_name | IAM role name | string | false |
role_name_prefix | IAM role name prefix | string | false |
role_policy_arns | List of ARNs of IAM policies to attach to IAM role | list(string) | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
oidc_fully_qualified_subjects | The fully qualified OIDC subjects to be added to the role policy | set(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

18
docs/end-user/components/cloud-services/terraform/aws-iam-assumable-role-with-saml.md
View File

@ -13,20 +13,20 @@ Terraform module which creates IAM resources on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
create_role | Whether to create a role | bool | false |
number_of_role_policy_arns | Number of IAM policies to attach to IAM role | number | false |
role_name_prefix | IAM role name prefix | string | false |
role_policy_arns | List of ARNs of IAM policies to attach to IAM role | list(string) | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
provider_id | ID of the SAML Provider. Use provider_ids to specify several IDs. | string | false |
aws_saml_endpoint | AWS SAML Endpoint | string | false |
tags | A map of tags to add to IAM role resources | map(string) | false |
role_description | IAM Role description | string | false |
role_name | IAM role name | string | false |
role_name_prefix | IAM role name prefix | string | false |
role_path | Path of IAM role | string | false |
role_permissions_boundary_arn | Permissions boundary ARN to use for IAM role | string | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
role_description | IAM Role description | string | false |
number_of_role_policy_arns | Number of IAM policies to attach to IAM role | number | false |
create_role | Whether to create a role | bool | false |
provider_ids | List of SAML Provider IDs | list(string) | false |
role_policy_arns | List of ARNs of IAM policies to attach to IAM role | list(string) | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
tags | A map of tags to add to IAM role resources | map(string) | false |
role_name | IAM role name | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

36
docs/end-user/components/cloud-services/terraform/aws-iam-assumable-role.md
View File

@ -13,30 +13,30 @@ Terraform module which creates IAM resources on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
readonly_role_policy_arn | Policy ARN to use for readonly role | string | false |
mfa_age | Max age of valid MFA (in seconds) for roles which require MFA | number | false |
role_permissions_boundary_arn | Permissions boundary ARN to use for IAM role | string | false |
tags | A map of tags to add to IAM role resources | map(string) | false |
custom_role_trust_policy | A custorm role trust policy | string | false |
number_of_custom_role_policy_arns | Number of IAM policies to attach to IAM role | number | false |
attach_poweruser_policy | Whether to attach a poweruser policy to a role | bool | false |
create_role | Whether to create a role | bool | false |
trusted_role_arns | ARNs of AWS entities who can assume these roles | list(string) | false |
role_path | Path of IAM role | string | false |
custom_role_policy_arns | List of ARNs of IAM policies to attach to IAM role | list(string) | false |
admin_role_policy_arn | Policy ARN to use for admin role | string | false |
attach_admin_policy | Whether to attach an admin policy to a role | bool | false |
attach_readonly_policy | Whether to attach a readonly policy to a role | bool | false |
role_description | IAM Role description | string | false |
role_sts_externalid | STS ExternalId condition values to use with a role (when MFA is not required) | any | false |
trusted_role_actions | Actions of STS | list(string) | false |
create_instance_profile | Whether to create an instance profile | bool | false |
role_name | IAM role name | string | false |
role_path | Path of IAM role | string | false |
role_requires_mfa | Whether role requires MFA | bool | false |
admin_role_policy_arn | Policy ARN to use for admin role | string | false |
poweruser_role_policy_arn | Policy ARN to use for poweruser role | string | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
custom_role_trust_policy | A custom role trust policy | string | false |
readonly_role_policy_arn | Policy ARN to use for readonly role | string | false |
tags | A map of tags to add to IAM role resources | map(string) | false |
number_of_custom_role_policy_arns | Number of IAM policies to attach to IAM role | number | false |
trusted_role_arns | ARNs of AWS entities who can assume these roles | list(string) | false |
trusted_role_services | AWS Services that can assume these roles | list(string) | false |
mfa_age | Max age of valid MFA (in seconds) for roles which require MFA | number | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
create_role | Whether to create a role | bool | false |
role_permissions_boundary_arn | Permissions boundary ARN to use for IAM role | string | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
create_instance_profile | Whether to create an instance profile | bool | false |
custom_role_policy_arns | List of ARNs of IAM policies to attach to IAM role | list(string) | false |
poweruser_role_policy_arn | Policy ARN to use for poweruser role | string | false |
attach_poweruser_policy | Whether to attach a poweruser policy to a role | bool | false |
attach_readonly_policy | Whether to attach a readonly policy to a role | bool | false |
role_description | IAM Role description | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

40
docs/end-user/components/cloud-services/terraform/aws-iam-assumable-roles-with-saml.md
View File

@ -13,29 +13,29 @@ Terraform module which creates IAM resources on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
poweruser_role_policy_arns | List of policy ARNs to use for poweruser role | list(string) | false |
poweruser_role_permissions_boundary_arn | Permissions boundary ARN to use for poweruser role | string | false |
poweruser_role_tags | A map of tags to add to poweruser role resource. | map(string) | false |
readonly_role_policy_arns | List of policy ARNs to use for readonly role | list(string) | false |
readonly_role_tags | A map of tags to add to readonly role resource. | map(string) | false |
aws_saml_endpoint | AWS SAML Endpoint | string | false |
admin_role_policy_arns | List of policy ARNs to use for admin role | list(string) | false |
admin_role_permissions_boundary_arn | Permissions boundary ARN to use for admin role | string | false |
poweruser_role_name | IAM role with poweruser access | string | false |
poweruser_role_path | Path of poweruser IAM role | string | false |
poweruser_role_policy_arns | List of policy ARNs to use for poweruser role | list(string) | false |
readonly_role_path | Path of readonly IAM role | string | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
provider_id | ID of the SAML Provider. Use provider_ids to specify several IDs. | string | false |
admin_role_path | Path of admin IAM role | string | false |
admin_role_name | IAM role with admin access | string | false |
admin_role_tags | A map of tags to add to admin role resource. | map(string) | false |
create_poweruser_role | Whether to create poweruser role | bool | false |
create_readonly_role | Whether to create readonly role | bool | false |
readonly_role_name | IAM role with readonly access | string | false |
readonly_role_permissions_boundary_arn | Permissions boundary ARN to use for readonly role | string | false |
provider_ids | List of SAML Provider IDs | list(string) | false |
create_admin_role | Whether to create admin role | bool | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
admin_role_policy_arns | List of policy ARNs to use for admin role | list(string) | false |
admin_role_tags | A map of tags to add to admin role resource. | map(string) | false |
poweruser_role_path | Path of poweruser IAM role | string | false |
create_readonly_role | Whether to create readonly role | bool | false |
readonly_role_permissions_boundary_arn | Permissions boundary ARN to use for readonly role | string | false |
provider_id | ID of the SAML Provider. Use provider_ids to specify several IDs. | string | false |
admin_role_permissions_boundary_arn | Permissions boundary ARN to use for admin role | string | false |
readonly_role_name | IAM role with readonly access | string | false |
readonly_role_policy_arns | List of policy ARNs to use for readonly role | list(string) | false |
create_poweruser_role | Whether to create poweruser role | bool | false |
poweruser_role_name | IAM role with poweruser access | string | false |
readonly_role_path | Path of readonly IAM role | string | false |
provider_ids | List of SAML Provider IDs | list(string) | false |
aws_saml_endpoint | AWS SAML Endpoint | string | false |
create_admin_role | Whether to create admin role | bool | false |
admin_role_name | IAM role with admin access | string | false |
admin_role_path | Path of admin IAM role | string | false |
readonly_role_tags | A map of tags to add to readonly role resource. | map(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

40
docs/end-user/components/cloud-services/terraform/aws-iam-assumable-roles.md
View File

@ -13,31 +13,31 @@ Terraform module which creates IAM resources on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
admin_role_path | Path of admin IAM role | string | false |
poweruser_role_path | Path of poweruser IAM role | string | false |
readonly_role_permissions_boundary_arn | Permissions boundary ARN to use for readonly role | string | false |
trusted_role_arns | ARNs of AWS entities who can assume these roles | list(string) | false |
admin_role_permissions_boundary_arn | Permissions boundary ARN to use for admin role | string | false |
readonly_role_name | IAM role with readonly access | string | false |
readonly_role_policy_arns | List of policy ARNs to use for readonly role | list(string) | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
poweruser_role_tags | A map of tags to add to poweruser role resource. | map(string) | false |
readonly_role_path | Path of readonly IAM role | string | false |
admin_role_name | IAM role with admin access | string | false |
admin_role_policy_arns | List of policy ARNs to use for admin role | list(string) | false |
admin_role_tags | A map of tags to add to admin role resource. | map(string) | false |
create_poweruser_role | Whether to create poweruser role | bool | false |
poweruser_role_requires_mfa | Whether poweruser role requires MFA | bool | false |
poweruser_role_policy_arns | List of policy ARNs to use for poweruser role | list(string) | false |
poweruser_role_path | Path of poweruser IAM role | string | false |
poweruser_role_permissions_boundary_arn | Permissions boundary ARN to use for poweruser role | string | false |
readonly_role_path | Path of readonly IAM role | string | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
create_readonly_role | Whether to create readonly role | bool | false |
readonly_role_requires_mfa | Whether readonly role requires MFA | bool | false |
trusted_role_services | AWS Services that can assume these roles | list(string) | false |
mfa_age | Max age of valid MFA (in seconds) for roles which require MFA | number | false |
readonly_role_policy_arns | List of policy ARNs to use for readonly role | list(string) | false |
trusted_role_arns | ARNs of AWS entities who can assume these roles | list(string) | false |
create_admin_role | Whether to create admin role | bool | false |
admin_role_requires_mfa | Whether admin role requires MFA | bool | false |
admin_role_policy_arns | List of policy ARNs to use for admin role | list(string) | false |
poweruser_role_name | IAM role with poweruser access | string | false |
poweruser_role_permissions_boundary_arn | Permissions boundary ARN to use for poweruser role | string | false |
poweruser_role_policy_arns | List of policy ARNs to use for poweruser role | list(string) | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
poweruser_role_requires_mfa | Whether poweruser role requires MFA | bool | false |
poweruser_role_tags | A map of tags to add to poweruser role resource. | map(string) | false |
readonly_role_name | IAM role with readonly access | string | false |
trusted_role_services | AWS Services that can assume these roles | list(string) | false |
mfa_age | Max age of valid MFA (in seconds) for roles which require MFA | number | false |
admin_role_name | IAM role with admin access | string | false |
admin_role_path | Path of admin IAM role | string | false |
admin_role_permissions_boundary_arn | Permissions boundary ARN to use for admin role | string | false |
create_poweruser_role | Whether to create poweruser role | bool | false |
readonly_role_requires_mfa | Whether readonly role requires MFA | bool | false |
readonly_role_permissions_boundary_arn | Permissions boundary ARN to use for readonly role | string | false |
readonly_role_tags | A map of tags to add to readonly role resource. | map(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

16
docs/end-user/components/cloud-services/terraform/aws-iam-eks-role.md
View File

@ -13,18 +13,18 @@ Terraform module which creates IAM resources on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
tags | A map of tags to add the the IAM role | map(any) | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
role_path | Path of IAM role | string | false |
role_description | IAM Role description | string | false |
role_name_prefix | IAM role name prefix | string | false |
role_policy_arns | ARNs of any policies to attach to the IAM role | list(string) | false |
cluster_service_accounts | EKS cluster and k8s ServiceAccount pairs. Each EKS cluster can have multiple k8s ServiceAccount. See README for details | map(list(string)) | false |
provider_url_sa_pairs | OIDC provider URL and k8s ServiceAccount pairs. If the assume role policy requires a mix of EKS clusters and other OIDC providers then this can be used | map(list(string)) | false |
create_role | Whether to create a role | bool | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
role_path | Path of IAM role | string | false |
role_name | Name of IAM role | string | false |
role_permissions_boundary_arn | Permissions boundary ARN to use for IAM role | string | false |
role_description | IAM Role description | string | false |
role_name_prefix | IAM role name prefix | string | false |
provider_url_sa_pairs | OIDC provider URL and k8s ServiceAccount pairs. If the assume role policy requires a mix of EKS clusters and other OIDC providers then this can be used | map(list(string)) | false |
tags | A map of tags to add the the IAM role | map(any) | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
create_role | Whether to create a role | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

10
docs/end-user/components/cloud-services/terraform/aws-iam-group-with-policies.md
View File

@ -13,15 +13,15 @@ Terraform module which creates IAM resources on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
iam_self_management_policy_name_prefix | Name prefix for IAM policy to create with IAM self-management permissions | string | false |
group_users | List of IAM users to have in an IAM group which can assume the role | list(string) | false |
custom_group_policy_arns | List of IAM policies ARNs to attach to IAM group | list(string) | false |
attach_iam_self_management_policy | Whether to attach IAM policy which allows IAM users to manage their credentials and MFA | bool | false |
aws_account_id | AWS account id to use inside IAM policies. If empty, current AWS account ID will be used. | string | false |
name | Name of IAM group | string | false |
custom_group_policies | List of maps of inline IAM policies to attach to IAM group. Should have `name` and `policy` keys in each element. | list(map(string)) | false |
iam_self_management_policy_name_prefix | Name prefix for IAM policy to create with IAM self-management permissions | string | false |
tags | A map of tags to add to all resources. | map(string) | false |
attach_iam_self_management_policy | Whether to attach IAM policy which allows IAM users to manage their credentials and MFA | bool | false |
create_group | Whether to create IAM group | bool | false |
name | Name of IAM group | string | false |
aws_account_id | AWS account id to use inside IAM policies. If empty, current AWS account ID will be used. | string | false |
tags | A map of tags to add to all resources. | map(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

2
docs/end-user/components/cloud-services/terraform/aws-iam-nofile.md
View File

@ -13,9 +13,9 @@ Terraform module Terraform module for creating AWS IAM Roles with heredocs
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
policy_json | IAM Role Policy Document (JSON) | string | true |
name | Resource name | string | true |
type | IAM Role type: ec2/lambda/etc. Used for assume_role_policy principal; service names that have *.amazonaws.com identifiers should work. | string | true |
policy_json | IAM Role Policy Document (JSON) | string | true |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

6
docs/end-user/components/cloud-services/terraform/aws-iam-policy.md
View File

@ -13,12 +13,12 @@ Terraform module which creates IAM resources on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
description | The description of the policy | string | false |
policy | The path of the policy in IAM (tpl file) | string | false |
tags | A map of tags to add to all resources. | map(string) | false |
create_policy | Whether to create the IAM policy | bool | false |
name | The name of the policy | string | false |
path | The path of the policy in IAM | string | false |
description | The description of the policy | string | false |
policy | The path of the policy in IAM (tpl file) | string | false |
tags | A map of tags to add to all resources. | map(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

12
docs/end-user/components/cloud-services/terraform/aws-iam-read-only-policy.md
View File

@ -13,17 +13,17 @@ Terraform module which creates IAM resources on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
create_policy | Whether to create the IAM policy | bool | false |
name | The name of the policy | string | false |
path | The path of the policy in IAM | string | false |
additional_policy_json | JSON policy document if you want to add custom actions | string | false |
allow_cloudwatch_logs_query | Allows StartQuery/StopQuery/FilterLogEvents CloudWatch actions | bool | false |
description | The description of the policy | string | false |
allowed_services | List of services to allow Get/List/Describe/View options. Service name should be the same as corresponding service IAM prefix. See what it is for each service here https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html | list(string) | true |
tags | A map of tags to add to all resources. | map(string) | false |
allow_predefined_sts_actions | Allows GetCallerIdentity/GetSessionToken/GetAccessKeyInfo sts actions | bool | false |
allow_web_console_services | Allows List/Get/Describe/View actions for services used when browsing AWS console (e.g. resource-groups, tag, health services) | bool | false |
web_console_services | List of web console services to allow | list(string) | false |
create_policy | Whether to create the IAM policy | bool | false |
description | The description of the policy | string | false |
allowed_services | List of services to allow Get/List/Describe/View options. Service name should be the same as corresponding service IAM prefix. See what it is for each service here https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html | list(string) | true |
additional_policy_json | JSON policy document if you want to add custom actions | string | false |
tags | A map of tags to add to all resources. | map(string) | false |
name | The name of the policy | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

16
docs/end-user/components/cloud-services/terraform/aws-iam-role.md
View File

@ -13,19 +13,19 @@ A Terraform module that creates IAM role with provided JSON IAM polices document
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
assume_role_actions | The IAM action to be granted by the AssumeRole policy | list(string) | false |
instance_profile_enabled | Create EC2 Instance Profile for the role | bool | false |
path | Path to the role and policy. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) for more information. | string | false |
use_fullname | If set to 'true' then the full ID for the IAM role name (e.g. `[var.namespace]-[var.environment]-[var.stage]`) will be used.\n\nOtherwise, `var.name` will be used for the IAM role name.\n | bool | false |
policy_document_count | Number of policy documents (length of policy_documents list) | number | false |
managed_policy_arns | List of managed policies to attach to created role | set(string) | false |
max_session_duration | The maximum session duration (in seconds) for the role. Can have a value from 1 hour to 12 hours | number | false |
permissions_boundary | ARN of the policy that is used to set the permissions boundary for the role | string | false |
policy_description | The description of the IAM policy that is visible in the IAM policy manager | string | false |
assume_role_actions | The IAM action to be granted by the AssumeRole policy | list(string) | false |
assume_role_conditions | List of conditions for the assume role policy | list(object({\n test = string\n variable = string\n values = list(string)\n })) | false |
use_fullname | If set to 'true' then the full ID for the IAM role name (e.g. `[var.namespace]-[var.environment]-[var.stage]`) will be used.\n\nOtherwise, `var.name` will be used for the IAM role name.\n | bool | false |
policy_documents | List of JSON IAM policy documents | list(string) | false |
path | Path to the role and policy. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) for more information. | string | false |
role_description | The description of the IAM role that is visible in the IAM role manager | string | true |
instance_profile_enabled | Create EC2 Instance Profile for the role | bool | false |
principals | Map of service name as key and a list of ARNs to allow assuming the role as value (e.g. map(`AWS`, list(`arn:aws:iam:::role/admin`))) | map(list(string)) | false |
max_session_duration | The maximum session duration (in seconds) for the role. Can have a value from 1 hour to 12 hours | number | false |
policy_documents | List of JSON IAM policy documents | list(string) | false |
managed_policy_arns | List of managed policies to attach to created role | set(string) | false |
role_description | The description of the IAM role that is visible in the IAM role manager | string | true |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

4
docs/end-user/components/cloud-services/terraform/aws-iam-s3-user.md
View File

@ -13,10 +13,10 @@ Terraform module to provision a basic IAM user with permissions to access S3 res
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
force_destroy | Destroy even if it has non-Terraform-managed IAM access keys, login profiles or MFA devices | bool | false |
path | Path in which to create the user | string | false |
s3_actions | Actions to allow in the policy | list(string) | false |
s3_resources | S3 resources to apply the actions specified in the policy | list(string) | true |
force_destroy | Destroy even if it has non-Terraform-managed IAM access keys, login profiles or MFA devices | bool | false |
path | Path in which to create the user | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

10
docs/end-user/components/cloud-services/terraform/aws-iam-system-user.md
View File

@ -13,16 +13,16 @@ Terraform Module to Provision a Basic IAM System User Suitable for CI/CD Systems
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
permissions_boundary | Permissions Boundary ARN to attach to our created user | string | false |
ssm_enabled | Whether or not to write the IAM access key and secret key to SSM Parameter Store | bool | false |
inline_policies_map | Inline policies to attach (descriptive key => policy) | map(string) | false |
policy_arns | Policy ARNs to attach to our created user | list(string) | false |
inline_policies | Inline policies to attach to our created user | list(string) | false |
policy_arns_map | Policy ARNs to attach (descriptive key => arn) | map(string) | false |
create_iam_access_key | Whether or not to create IAM access keys | bool | false |
permissions_boundary | Permissions Boundary ARN to attach to our created user | string | false |
iam_access_key_max_age | Maximum age of IAM access key (seconds). Defaults to 30 days. Set to 0 to disable expiration. | number | false |
ssm_enabled | Whether or not to write the IAM access key and secret key to SSM Parameter Store | bool | false |
force_destroy | Destroy the user even if it has non-Terraform-managed IAM access keys, login profile or MFA devices | bool | false |
path | Path in which to create the user | string | false |
inline_policies | Inline policies to attach to our created user | list(string) | false |
policy_arns | Policy ARNs to attach to our created user | list(string) | false |
create_iam_access_key | Whether or not to create IAM access keys | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

18
docs/end-user/components/cloud-services/terraform/aws-iam-user.md
View File

@ -13,20 +13,20 @@ Terraform module which creates IAM resources on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
ssh_public_key | The SSH public key. The public key must be encoded in ssh-rsa format or PEM format | string | false |
upload_iam_user_ssh_key | Whether to upload a public ssh key to the IAM user | bool | false |
password_length | The length of the generated password | number | false |
name | Desired name for the IAM user | string | true |
path | Desired path for the IAM user | string | false |
create_iam_user_login_profile | Whether to create IAM user login profile | bool | false |
tags | A map of tags to add to all resources. | map(string) | false |
force_destroy | When destroying this user, destroy even if it has non-Terraform-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-Terraform-managed access keys and login profile will fail to be destroyed. | bool | false |
pgp_key | Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:username`. Used to encrypt password and access key. `pgp_key` is required when `create_iam_user_login_profile` is set to `true` | string | false |
password_reset_required | Whether the user should be forced to reset the generated password on first login. | bool | false |
upload_iam_user_ssh_key | Whether to upload a public ssh key to the IAM user | bool | false |
ssh_key_encoding | Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM | string | false |
ssh_public_key | The SSH public key. The public key must be encoded in ssh-rsa format or PEM format | string | false |
permissions_boundary | The ARN of the policy that is used to set the permissions boundary for the user. | string | false |
create_user | Whether to create the IAM user | bool | false |
create_iam_access_key | Whether to create IAM access key | bool | false |
force_destroy | When destroying this user, destroy even if it has non-Terraform-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-Terraform-managed access keys and login profile will fail to be destroyed. | bool | false |
password_length | The length of the generated password | number | false |
ssh_key_encoding | Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM | string | false |
permissions_boundary | The ARN of the policy that is used to set the permissions boundary for the user. | string | false |
tags | A map of tags to add to all resources. | map(string) | false |
create_iam_user_login_profile | Whether to create IAM user login profile | bool | false |
path | Desired path for the IAM user | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

4
docs/end-user/components/cloud-services/terraform/aws-key-pair.md
View File

@ -13,11 +13,11 @@ Terraform module which creates EC2 key pair on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
public_key | The public key material. | string | false |
tags | A map of tags to add to key pair resource. | map(string) | false |
create_key_pair | Controls if key pair should be created | bool | false |
key_name | The name for the key pair. | string | false |
key_name_prefix | Creates a unique name beginning with the specified prefix. Conflicts with key_name. | string | false |
public_key | The public key material. | string | false |
tags | A map of tags to add to key pair resource. | map(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

44
docs/end-user/components/cloud-services/terraform/aws-lambda-do-it-all.md
View File

@ -13,34 +13,34 @@ Terraform module to provision a lambda with full permissions
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
aws_region | The region in which to deploy the lambda function | string | true |
aws_profile | The account profile to deploy the lamnda function within | string | true |
dead_letter_target | Target ARN for an SQS queue or SNS topic to notify on failed invocations | string | false |
environment_vars | | map(string) | false |
additional_assume_role_policies | List of objects defining additional non-Lambda IAM trust relationship statements | list(object({\n Action = list(string)\n Principal = object({\n Service = string\n })\n Effect = string\n })) | false |
publish | Should this be published as a version | bool | false |
log_retention | Time in days to retain logs for | number | false |
architecture | The CPU architecture to use | | false |
layers | List of lambda layer ARNs to attach | list(string) | false |
instant_alias_update | Whether to immediately point the alias at the latest version | bool | false |
name | The name to give to the lambda function | string | true |
lambda_runtime | Runtime to invoke the lambda with | string | true |
vpc_security_groups | VPC security groups to apply to the lambda | list(string) | false |
handler | Path to the lambda handler | string | true |
lambda_concurrency | Limit concurrent executions of the lambda fn | number | false |
s3_bucket | The S3 bucket your lambda artifact is stored in | string | true |
vpc_security_groups | VPC security groups to apply to the lambda | list(string) | false |
dead_letter_target | Target ARN for an SQS queue or SNS topic to notify on failed invocations | string | false |
lambda_runtime | Runtime to invoke the lambda with | string | true |
name | The name to give to the lambda function | string | true |
architecture | The CPU architecture to use | | false |
environment_vars | | map(string) | false |
vpc_subnets | VPC subnets to run the lambda in | list(string) | false |
additional_assume_role_policies | List of objects defining additional non-Lambda IAM trust relationship statements | list(object({\n Action = list(string)\n Principal = object({\n Service = string\n })\n Effect = string\n })) | false |
aws_region | The region in which to deploy the lambda function | string | true |
s3_key | The name of the lambda artifact in the bucket | string | true |
policies | List of objects defining IAM policy statements | list(object({\n Action = list(string)\n Resource = list(string)\n Effect = string\n })) | false |
log_retention | Time in days to retain logs for | number | false |
memory_size | Memory allocation for the lambda function | number | false |
tracing_config_mode | X Ray tracing mode to use | string | false |
dead_letter_target_type | The type of the dlq target, must be 'SNS' or 'SQS' | string | false |
alias | Lambda alias name | string | false |
description | Description of what the Lambda Function does | string | false |
custom_role_name | Override for the default lambda role name | string | false |
memory_size | Memory allocation for the lambda function | number | false |
timeout | Function timeout, execution gets cancelled after this many seconds | number | false |
vpc_subnets | VPC subnets to run the lambda in | list(string) | false |
policies | List of objects defining IAM policy statements | list(object({\n Action = list(string)\n Resource = list(string)\n Effect = string\n })) | false |
alias | Lambda alias name | string | false |
aws_profile | The account profile to deploy the lamnda function within | string | true |
publish | Should this be published as a version | bool | false |
insights_enabled | Turn on Lambda insights for the Lambda (limited regions only) | bool | false |
tags | Tags to attach to all resources | map(string) | true |
s3_bucket | The S3 bucket your lambda artifact is stored in | string | true |
s3_key | The name of the lambda artifact in the bucket | string | true |
timeout | Function timeout, execution gets cancelled after this many seconds | number | false |
lambda_concurrency | Limit concurrent executions of the lambda fn | number | false |
instant_alias_update | Whether to immediately point the alias at the latest version | bool | false |
dead_letter_target_type | The type of the dlq target, must be 'SNS' or 'SQS' | string | false |
layers | List of lambda layer ARNs to attach | list(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

14
docs/end-user/components/cloud-services/terraform/aws-lambda-with-inline-code.md
View File

@ -13,20 +13,20 @@ Terraform module creating a Lambda function with inline code
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
runtime | The identifier of the Lambda function [runtime](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). | string | true |
secret_environment_variables | Map of environment variable names to ARNs of AWS Secret Manager secrets.\n\nEach ARN will be passed as environment variable to the lambda function with the key's name extended by suffix _SECRET_ARN. When initializing the Lambda run time environment, the Lambda function or a [wrapper script](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-modify.html#runtime-wrapper) can look up the secret value.\n\nPermission will be added allowing the Lambda function to read the secret values.\n | map(string) | false |
tags | Tags which will be assigned to all resources. | map(string) | false |
cloudwatch_log_group_retention_in_days | The number of days to retain the log of the Lambda function. | number | false |
function_name | Name of the Lambda function. | string | true |
environment_variables | Environment variable key-value pairs. | map(string) | false |
memory_size | The amount of memory (in MB) available to the function at runtime. Increasing the Lambda function memory also increases its CPU allocation. | number | true |
reserved_concurrent_executions | The number of simultaneous executions to reserve for the Lambda function. | number | true |
source_dir | Path of the directory which shall be packed as code of the Lambda function. Conflicts with `archive_file`. | string | false |
runtime | The identifier of the Lambda function [runtime](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). | string | true |
secret_environment_variables | Map of environment variable names to ARNs of AWS Secret Manager secrets.\n\nEach ARN will be passed as environment variable to the lambda function with the key's name extended by suffix _SECRET_ARN. When initializing the Lambda run time environment, the Lambda function or a [wrapper script](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-modify.html#runtime-wrapper) can look up the secret value.\n\nPermission will be added allowing the Lambda function to read the secret values.\n | map(string) | false |
archive_file | An instance of the `archive_file` data source containing the code of the Lambda function. Conflicts with `source_dir`. | object({\n output_path = string\n output_base64sha256 = string\n }) | false |
handler | The name of the method within your code that Lambda calls to execute your function. | string | true |
layers | List of up to five Lambda layer ARNs. | list(string) | false |
function_name | Name of the Lambda function. | string | true |
timeout | The amount of time (in seconds) per execution before stopping it. | number | true |
description | Description of the Lambda function. | string | true |
environment_variables | Environment variable key-value pairs. | map(string) | false |
source_dir | Path of the directory which shall be packed as code of the Lambda function. Conflicts with `archive_file`. | string | false |
handler | The name of the method within your code that Lambda calls to execute your function. | string | true |
layers | List of up to five Lambda layer ARNs. | list(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

171
docs/end-user/components/cloud-services/terraform/aws-lambda.md
View File

@ -13,105 +13,106 @@ Terraform module, which takes care of a lot of AWS Lambda/serverless tasks (buil
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
s3_bucket | S3 bucket to store artifacts | string | false |
source_path | The absolute path to a local file or directory containing your Lambda source code | any | false |
architectures | Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. | list(string) | false |
image_config_command | The CMD for the docker image | list(string) | false |
attach_policy | Controls whether policy should be added to IAM role for Lambda Function | bool | false |
s3_object_tags | A map of tags to assign to S3 bucket object. | map(string) | false |
s3_object_tags_only | Set to true to not merge tags with s3_object_tags. Useful to avoid breaching S3 Object 10 tag limit. | bool | false |
compatible_architectures | A list of Architectures Lambda layer is compatible with. Currently x86_64 and arm64 can be specified. | list(string) | false |
attach_policies | Controls whether list of policies should be added to IAM role for Lambda Function | bool | false |
number_of_policy_jsons | Number of policies JSON to attach to IAM role for Lambda Function | number | false |
lambda_role | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | string | false |
tracing_mode | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | string | false |
vpc_subnet_ids | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. | list(string) | false |
local_existing_package | The absolute path to an existing zip-file to use | string | false |
cloudwatch_logs_tags | A map of tags to assign to the resource. | map(string) | false |
kms_key_arn | The ARN of KMS key to use by your Lambda Function | string | false |
create_async_event_config | Controls whether async event configuration for Lambda Function/Alias should be created | bool | false |
allowed_triggers | Map of allowed triggers to create Lambda permissions | map(any) | false |
role_path | Path of IAM role to use for Lambda Function | string | false |
file_system_local_mount_path | The path where the function can access the file system, starting with /mnt/. | string | false |
s3_prefix | Directory name where artifacts should be stored in the S3 bucket. If unset, the path from `artifacts_dir` is used | string | false |
docker_pip_cache | Whether to mount a shared pip cache folder into docker environment or not | any | false |
lambda_at_edge | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | bool | false |
publish | Whether to publish creation/change as new Lambda Function Version. | bool | false |
image_uri | The ECR image URI containing the function's deployment package. | string | false |
tags | A map of tags to assign to resources. | map(string) | false |
provisioned_concurrent_executions | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | number | false |
role_permissions_boundary | The ARN of the policy that is used to set the permissions boundary for the IAM role used by Lambda Function | string | false |
attach_tracing_policy | Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function | bool | false |
policy_path | Path of policies to that should be added to IAM role for Lambda Function | string | false |
store_on_s3 | Whether to store produced artifacts on S3 or locally. | bool | false |
memory_size | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. | number | false |
create_current_version_async_event_config | Whether to allow async event configuration on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | bool | false |
role_description | Description of IAM role to use for Lambda Function | string | false |
build_in_docker | Whether to build dependencies in Docker | bool | false |
maximum_event_age_in_seconds | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | number | false |
attach_cloudwatch_logs_policy | Controls whether CloudWatch Logs policy should be added to IAM role for Lambda Function | bool | false |
attach_policy_json | Controls whether policy_json should be added to IAM role for Lambda Function | bool | false |
policy | An additional policy document ARN to attach to the Lambda Function role | string | false |
kms_key_arn | The ARN of KMS key to use by your Lambda Function | string | false |
publish | Whether to publish creation/change as new Lambda Function Version. | bool | false |
timeout | The amount of time your Lambda Function has to run in seconds. | number | false |
compatible_runtimes | A list of Runtimes this layer is compatible with. Up to 5 runtimes can be specified. | list(string) | false |
cloudwatch_logs_tags | A map of tags to assign to the resource. | map(string) | false |
assume_role_policy_statements | Map of dynamic policy statements for assuming Lambda Function role (trust relationship) | any | false |
policies | List of policy statements ARN to attach to Lambda Function role | list(string) | false |
docker_image | Docker image to use for the build | string | false |
description | Description of your Lambda Function (or Layer) | string | false |
vpc_subnet_ids | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. | list(string) | false |
vpc_security_group_ids | List of security group ids when Lambda Function should run in the VPC. | list(string) | false |
number_of_policies | Number of policies to attach to IAM role for Lambda Function | number | false |
attach_policy_statements | Controls whether policy_statements should be added to IAM role for Lambda Function | bool | false |
policy_json | An additional policy document as JSON to attach to the Lambda Function role | string | false |
s3_object_storage_class | Specifies the desired Storage Class for the artifact uploaded to S3. Can be either STANDARD, REDUCED_REDUNDANCY, ONEZONE_IA, INTELLIGENT_TIERING, or STANDARD_IA. | string | false |
function_name | A unique name for your Lambda Function | string | false |
lambda_role | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | string | false |
memory_size | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. | number | false |
destination_on_failure | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | string | false |
artifacts_dir | Directory name where artifacts should be stored | string | false |
hash_extra | The string to add into hashing function. Useful when building same source path for different functions. | string | false |
create_role | Controls whether IAM role for Lambda Function should be created | bool | false |
layer_name | Name of Lambda Layer to create | string | false |
ignore_source_code_hash | Whether to ignore changes to the function's source code hash. Set to true if you manage infrastructure and code deployments separately. | bool | false |
create_unqualified_alias_async_event_config | Whether to allow async event configuration on unqualified alias pointing to $LATEST version | bool | false |
image_uri | The ECR image URI containing the function's deployment package. | string | false |
maximum_retry_attempts | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | number | false |
event_source_mapping | Map of event source mapping | any | false |
attach_async_event_policy | Controls whether async event policy should be added to IAM role for Lambda Function | bool | false |
create_package | Controls whether Lambda package should be created | bool | false |
function_name | A unique name for your Lambda Function | string | false |
license_info | License info for your Lambda Layer. Eg, MIT or full url of a license. | string | false |
attach_dead_letter_policy | Controls whether SNS/SQS dead letter notification policy should be added to IAM role for Lambda Function | bool | false |
policies | List of policy statements ARN to attach to Lambda Function role | list(string) | false |
s3_acl | The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, and bucket-owner-full-control. Defaults to private. | string | false |
handler | Lambda Function entrypoint in your code | string | false |
layers | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | list(string) | false |
role_force_detach_policies | Specifies to force detaching any policies the IAM role has before destroying it. | bool | false |
artifacts_dir | Directory name where artifacts should be stored | string | false |
package_type | The Lambda deployment package type. Valid options: Zip or Image | string | false |
image_config_entry_point | The ENTRYPOINT for the docker image | list(string) | false |
cloudwatch_logs_kms_key_id | The ARN of the KMS Key to use when encrypting log data. | string | false |
number_of_policies | Number of policies to attach to IAM role for Lambda Function | number | false |
policy | An additional policy document ARN to attach to the Lambda Function role | string | false |
create_function | Controls whether Lambda Function resource should be created | bool | false |
image_config_working_directory | The working directory for the docker image | string | false |
provisioned_concurrent_executions | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | number | false |
create_current_version_allowed_triggers | Whether to allow triggers on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | bool | false |
create_unqualified_alias_allowed_triggers | Whether to allow triggers on unqualified alias pointing to $LATEST version | bool | false |
attach_policy_statements | Controls whether policy_statements should be added to IAM role for Lambda Function | bool | false |
s3_existing_package | The S3 bucket object with keys bucket, key, version pointing to an existing zip-file to use | map(string) | false |
hash_extra | The string to add into hashing function. Useful when building same source path for different functions. | string | false |
create_layer | Controls whether Lambda Layer resource should be created | bool | false |
dead_letter_target_arn | The ARN of an SNS topic or SQS queue to notify when an invocation fails. | string | false |
layer_skip_destroy | Whether to retain the old version of a previously deployed Lambda Layer. | bool | false |
docker_build_root | Root dir where to build in Docker | string | false |
recreate_missing_package | Whether to recreate missing Lambda package if it is missing locally or not | bool | false |
cloudwatch_logs_retention_in_days | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | number | false |
role_tags | A map of tags to assign to IAM role | map(string) | false |
policy_jsons | List of additional policy documents as JSON to attach to Lambda Function role | list(string) | false |
s3_server_side_encryption | Specifies server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms". | string | false |
docker_image | Docker image to use for the build | string | false |
timeout | The amount of time your Lambda Function has to run in seconds. | number | false |
role_description | Description of IAM role to use for Lambda Function | string | false |
number_of_policy_jsons | Number of policies JSON to attach to IAM role for Lambda Function | number | false |
lambda_at_edge | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | bool | false |
architectures | Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. | list(string) | false |
environment_variables | A map that defines environment variables for the Lambda Function. | map(string) | false |
compatible_runtimes | A list of Runtimes this layer is compatible with. Up to 5 runtimes can be specified. | list(string) | false |
docker_file | Path to a Dockerfile when building in Docker | string | false |
create | Controls whether resources should be created | bool | false |
vpc_security_group_ids | List of security group ids when Lambda Function should run in the VPC. | list(string) | false |
attach_policy_jsons | Controls whether policy_jsons should be added to IAM role for Lambda Function | bool | false |
store_on_s3 | Whether to store produced artifacts on S3 or locally. | bool | false |
docker_build_root | Root dir where to build in Docker | string | false |
docker_pip_cache | Whether to mount a shared pip cache folder into docker environment or not | any | false |
attach_network_policy | Controls whether VPC/network policy should be added to IAM role for Lambda Function | bool | false |
policy_statements | Map of dynamic policy statements to attach to Lambda Function role | any | false |
file_system_arn | The Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. | string | false |
description | Description of your Lambda Function (or Layer) | string | false |
destination_on_failure | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | string | false |
s3_prefix | Directory name where artifacts should be stored in the S3 bucket. If unset, the path from `artifacts_dir` is used | string | false |
s3_bucket | S3 bucket to store artifacts | string | false |
build_in_docker | Whether to build dependencies in Docker | bool | false |
create | Controls whether resources should be created | bool | false |
allowed_triggers | Map of allowed triggers to create Lambda permissions | map(any) | false |
role_path | Path of IAM role to use for Lambda Function | string | false |
docker_with_ssh_agent | Whether to pass SSH_AUTH_SOCK into docker environment or not | bool | false |
attach_dead_letter_policy | Controls whether SNS/SQS dead letter notification policy should be added to IAM role for Lambda Function | bool | false |
s3_server_side_encryption | Specifies server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms". | string | false |
s3_object_tags | A map of tags to assign to S3 bucket object. | map(string) | false |
image_config_working_directory | The working directory for the docker image | string | false |
event_source_mapping | Map of event source mapping | any | false |
attach_policy_json | Controls whether policy_json should be added to IAM role for Lambda Function | bool | false |
policy_jsons | List of additional policy documents as JSON to attach to Lambda Function role | list(string) | false |
ignore_source_code_hash | Whether to ignore changes to the function's source code hash. Set to true if you manage infrastructure and code deployments separately. | bool | false |
create_package | Controls whether Lambda package should be created | bool | false |
dead_letter_target_arn | The ARN of an SNS topic or SQS queue to notify when an invocation fails. | string | false |
role_name | Name of IAM role to use for Lambda Function | string | false |
license_info | License info for your Lambda Layer. Eg, MIT or full url of a license. | string | false |
s3_existing_package | The S3 bucket object with keys bucket, key, version pointing to an existing zip-file to use | map(string) | false |
destination_on_success | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | string | false |
use_existing_cloudwatch_log_group | Whether to use an existing CloudWatch log group or create new | bool | false |
trusted_entities | List of additional trusted entities for assuming Lambda Function role (trust relationship) | any | false |
assume_role_policy_statements | Map of dynamic policy statements for assuming Lambda Function role (trust relationship) | any | false |
policy_json | An additional policy document as JSON to attach to the Lambda Function role | string | false |
role_force_detach_policies | Specifies to force detaching any policies the IAM role has before destroying it. | bool | false |
attach_async_event_policy | Controls whether async event policy should be added to IAM role for Lambda Function | bool | false |
local_existing_package | The absolute path to an existing zip-file to use | string | false |
recreate_missing_package | Whether to recreate missing Lambda package if it is missing locally or not | bool | false |
layers | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | list(string) | false |
tracing_mode | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | string | false |
image_config_command | The CMD for the docker image | list(string) | false |
create_unqualified_alias_allowed_triggers | Whether to allow triggers on unqualified alias pointing to $LATEST version | bool | false |
source_path | The absolute path to a local file or directory containing your Lambda source code | any | false |
runtime | Lambda Function runtime | string | false |
reserved_concurrent_executions | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | number | false |
tags | A map of tags to assign to resources. | map(string) | false |
s3_object_storage_class | Specifies the desired Storage Class for the artifact uploaded to S3. Can be either STANDARD, REDUCED_REDUNDANCY, ONEZONE_IA, INTELLIGENT_TIERING, or STANDARD_IA. | string | false |
docker_with_ssh_agent | Whether to pass SSH_AUTH_SOCK into docker environment or not | bool | false |
maximum_event_age_in_seconds | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | number | false |
compatible_architectures | A list of Architectures Lambda layer is compatible with. Currently x86_64 and arm64 can be specified. | list(string) | false |
use_existing_cloudwatch_log_group | Whether to use an existing CloudWatch log group or create new | bool | false |
attach_tracing_policy | Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function | bool | false |
trusted_entities | List of additional trusted entities for assuming Lambda Function role (trust relationship) | any | false |
create_function | Controls whether Lambda Function resource should be created | bool | false |
putin_khuylo | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | bool | false |
layer_skip_destroy | Whether to retain the old version of a previously deployed Lambda Layer. | bool | false |
file_system_arn | The Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. | string | false |
file_system_local_mount_path | The path where the function can access the file system, starting with /mnt/. | string | false |
s3_acl | The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, and bucket-owner-full-control. Defaults to private. | string | false |
s3_object_tags_only | Set to true to not merge tags with s3_object_tags. Useful to avoid breaching S3 Object 10 tag limit. | bool | false |
image_config_entry_point | The ENTRYPOINT for the docker image | list(string) | false |
attach_policy_jsons | Controls whether policy_jsons should be added to IAM role for Lambda Function | bool | false |
package_type | The Lambda deployment package type. Valid options: Zip or Image | string | false |
cloudwatch_logs_retention_in_days | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | number | false |
attach_policy | Controls whether policy should be added to IAM role for Lambda Function | bool | false |
docker_file | Path to a Dockerfile when building in Docker | string | false |
create_current_version_async_event_config | Whether to allow async event configuration on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | bool | false |
create_current_version_allowed_triggers | Whether to allow triggers on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | bool | false |
role_tags | A map of tags to assign to IAM role | map(string) | false |
attach_policies | Controls whether list of policies should be added to IAM role for Lambda Function | bool | false |
policy_path | Path of policies to that should be added to IAM role for Lambda Function | string | false |
create_layer | Controls whether Lambda Layer resource should be created | bool | false |
handler | Lambda Function entrypoint in your code | string | false |
create_async_event_config | Controls whether async event configuration for Lambda Function/Alias should be created | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

30
docs/end-user/components/cloud-services/terraform/aws-log-group.md Normal file
View File

@ -0,0 +1,30 @@
---
title: AWS LOG-GROUP
---
## Description
Terraform module which creates Cloudwatch resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | A name for the log group | string | false |
name_prefix | A name prefix for the log group | string | false |
retention_in_days | Specifies the number of days you want to retain log events in the specified log group | number | false |
kms_key_id | The ARN of the KMS Key to use when encrypting logs | string | false |
tags | A map of tags to add to Cloudwatch log group | map(string) | false |
create | Whether to create the Cloudwatch log group | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

32
docs/end-user/components/cloud-services/terraform/aws-log-metric-filter.md Normal file
View File

@ -0,0 +1,32 @@
---
title: AWS LOG-METRIC-FILTER
---
## Description
Terraform module which creates Cloudwatch resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
metric_transformation_namespace | The destination namespace of the CloudWatch metric. | string | true |
metric_transformation_value | What to publish to the metric. For example, if you're counting the occurrences of a particular term like 'Error', the value will be '1' for each occurrence. If you're counting the bytes transferred the published value will be the value in the log event. | string | false |
metric_transformation_default_value | The value to emit when a filter pattern does not match a log event. | string | false |
create_cloudwatch_log_metric_filter | Whether to create the Cloudwatch log metric filter | bool | false |
name | A name for the metric filter. | string | true |
pattern | A valid CloudWatch Logs filter pattern for extracting metric data out of ingested log events. | string | true |
log_group_name | The name of the log group to associate the metric filter with | string | true |
metric_transformation_name | The name of the CloudWatch metric to which the monitored log information should be published (e.g. ErrorCount) | string | true |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

47
docs/end-user/components/cloud-services/terraform/aws-metric-alarm.md Normal file
View File

@ -0,0 +1,47 @@
---
title: AWS METRIC-ALARM
---
## Description
Terraform module which creates Cloudwatch resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
namespace | The namespace for the alarm's associated metric. See docs for the list of namespaces. See docs for supported metrics. | string | false |
period | The period in seconds over which the specified statistic is applied. | string | false |
statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |
ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |
alarm_description | The description for the alarm. | string | false |
unit | The unit for the alarm's associated metric. | string | false |
metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |
threshold_metric_id | If this is an alarm based on an anomaly detection model, make this value match the ID of the ANOMALY_DETECTION_BAND function. | string | false |
datapoints_to_alarm | The number of datapoints that must be breaching to trigger the alarm. | number | false |
evaluation_periods | The number of periods over which data is compared to the specified threshold. | number | true |
threshold | The value against which the specified statistic is compared. | number | false |
actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. Defaults to true. | bool | false |
dimensions | The dimensions for the alarm's associated metric. | any | false |
alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
alarm_name | The descriptive name for the alarm. This name must be unique within the user's AWS account. | string | true |
comparison_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. | string | true |
treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |
tags | A mapping of tags to assign to all resources | map(string) | false |
extended_statistic | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | string | false |
create_metric_alarm | Whether to create the Cloudwatch metric alarm | bool | false |
metric_name | The name for the alarm's associated metric. See docs for supported metrics. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

46
docs/end-user/components/cloud-services/terraform/aws-metric-alarms-by-multiple-dimensions.md Normal file
View File

@ -0,0 +1,46 @@
---
title: AWS METRIC-ALARMS-BY-MULTIPLE-DIMENSIONS
---
## Description
Terraform module which creates Cloudwatch resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
namespace | The namespace for the alarm's associated metric. See docs for the list of namespaces. See docs for supported metrics. | string | false |
insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |
alarm_name | The descriptive name for the alarm. This name must be unique within the user's AWS account. | string | true |
alarm_description | The description for the alarm. | string | false |
threshold | The value against which the specified statistic is compared. | number | true |
unit | The unit for the alarm's associated metric. | string | false |
actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. Defaults to true. | bool | false |
datapoints_to_alarm | The number of datapoints that must be breaching to trigger the alarm. | number | false |
dimensions | The dimensions for the alarm's associated metric. | any | false |
create_metric_alarm | Whether to create the Cloudwatch metric alarm | bool | false |
evaluation_periods | The number of periods over which data is compared to the specified threshold. | number | true |
treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |
metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |
tags | A mapping of tags to assign to all resources | map(string) | false |
metric_name | The name for the alarm's associated metric. See docs for supported metrics. | string | false |
statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |
alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
extended_statistic | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | string | false |
comparison_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. | string | true |
period | The period in seconds over which the specified statistic is applied. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

54
docs/end-user/components/cloud-services/terraform/aws-mq.md Normal file
View File

@ -0,0 +1,54 @@
---
title: AWS MQ
---
## Description
AWS MQ
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
engine_type | Type of broker engine, `ActiveMQ` or `RabbitMQ` | string | false |
engine_version | The version of the broker engine. See https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html for more details | string | false |
ssm_path | SSM path | string | false |
security_group_use_name_prefix | Whether to create a default Security Group with unique name beginning with the normalized prefix. | bool | false |
overwrite_ssm_parameter | Whether to overwrite an existing SSM parameter | bool | false |
host_instance_type | The broker's instance type. e.g. mq.t2.micro or mq.m4.large | string | false |
general_log_enabled | Enables general logging via CloudWatch | bool | false |
security_group_rules | A list of maps of Security Group rules. \nThe values of map is fully complated with `aws_security_group_rule` resource. \nTo get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule .\n | list(any) | false |
subnet_ids | List of VPC subnet IDs | list(string) | true |
mq_application_password | Application password | string | false |
security_group_description | The Security Group description. | string | false |
vpc_id | VPC ID to create the broker in | string | true |
auto_minor_version_upgrade | Enables automatic upgrades to new minor versions for brokers, as Apache releases the versions | bool | false |
mq_application_user | Application username | string | false |
audit_log_enabled | Enables audit logging. User management action made using JMX or the ActiveMQ Web Console is logged | bool | false |
security_groups | A list of Security Group IDs to associate with AmazonMQ. | list(string) | false |
kms_mq_key_arn | ARN of the AWS KMS key used for Amazon MQ encryption | string | false |
deployment_mode | The deployment mode of the broker. Supported: SINGLE_INSTANCE and ACTIVE_STANDBY_MULTI_AZ | string | false |
publicly_accessible | Whether to enable connections from applications outside of the VPC that hosts the broker's subnets | bool | false |
maintenance_time_zone | The maintenance time zone, in either the Country/City format, or the UTC offset format. e.g. CET | string | false |
mq_admin_user | Admin username | string | false |
kms_ssm_key_arn | ARN of the AWS KMS key used for SSM encryption | string | false |
encryption_enabled | Flag to enable/disable Amazon MQ encryption at rest | bool | false |
use_aws_owned_key | Boolean to enable an AWS owned Key Management Service (KMS) Customer Master Key (CMK) for Amazon MQ encryption that is not in your account | bool | false |
apply_immediately | Specifies whether any cluster modifications are applied immediately, or during the next maintenance window | bool | false |
maintenance_time_of_day | The maintenance time, in 24-hour format. e.g. 02:00 | string | false |
security_group_enabled | Whether to create Security Group. | bool | false |
ssm_parameter_name_format | SSM parameter name format | string | false |
maintenance_day_of_week | The maintenance day of the week. e.g. MONDAY, TUESDAY, or WEDNESDAY | string | false |
mq_admin_password | Admin password | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

44
docs/end-user/components/cloud-services/terraform/aws-notify-slack.md
View File

@ -13,37 +13,37 @@ Terraform module which creates SNS topic and Lambda function which sends notific
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
slack_webhook_url | The URL of Slack webhook | string | true |
iam_policy_path | Path of policies to that should be added to IAM role for Lambda Function | string | false |
lambda_function_s3_bucket | S3 bucket to store artifacts | string | false |
iam_role_boundary_policy_arn | The ARN of the policy that is used to set the permissions boundary for the role | string | false |
sns_topic_kms_key_id | ARN of the KMS key used for enabling SSE on the topic | string | false |
slack_username | The username that will appear on Slack messages | string | true |
reserved_concurrent_executions | The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations | number | false |
create | Whether to create all resources | bool | false |
lambda_function_name | The name of the Lambda function to create | string | false |
create_sns_topic | Whether to create new SNS topic | bool | false |
iam_role_path | Path of IAM role to use for Lambda Function | string | false |
lambda_function_vpc_security_group_ids | List of security group ids when Lambda Function should run in the VPC. | list(string) | false |
sns_topic_tags | Additional tags for the SNS topic | map(string) | false |
iam_role_tags | Additional tags for the IAM role | map(string) | false |
lambda_function_tags | Additional tags for the Lambda function | map(string) | false |
subscription_filter_policy | (Optional) A valid filter policy that will be used in the subscription to filter messages seen by the target resource. | string | false |
tags | A map of tags to add to all resources | map(string) | false |
lambda_function_store_on_s3 | Whether to store produced artifacts on S3 or locally. | bool | false |
sns_topic_name | The name of the SNS topic to create | string | true |
slack_emoji | A custom emoji that will appear on Slack messages | string | false |
kms_key_arn | ARN of the KMS key used for decrypting slack webhook url | string | false |
tags | A map of tags to add to all resources | map(string) | false |
lambda_function_vpc_subnet_ids | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. | list(string) | false |
iam_role_path | Path of IAM role to use for Lambda Function | string | false |
slack_channel | The name of the channel in Slack for notifications | string | true |
cloudwatch_log_group_kms_key_id | The ARN of the KMS Key to use when encrypting log data for Lambda | string | false |
iam_policy_path | Path of policies to that should be added to IAM role for Lambda Function | string | false |
cloudwatch_log_group_retention_in_days | Specifies the number of days you want to retain log events in log group for Lambda. | number | false |
subscription_filter_policy | (Optional) A valid filter policy that will be used in the subscription to filter messages seen by the target resource. | string | false |
lambda_function_name | The name of the Lambda function to create | string | false |
sns_topic_kms_key_id | ARN of the KMS key used for enabling SSE on the topic | string | false |
recreate_missing_package | Whether to recreate missing Lambda package if it is missing locally or not | bool | false |
reserved_concurrent_executions | The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations | number | false |
lambda_function_store_on_s3 | Whether to store produced artifacts on S3 or locally. | bool | false |
cloudwatch_log_group_tags | Additional tags for the Cloudwatch log group | map(string) | false |
sns_topic_name | The name of the SNS topic to create | string | true |
slack_username | The username that will appear on Slack messages | string | true |
log_events | Boolean flag to enabled/disable logging of incoming events | bool | false |
create | Whether to create all resources | bool | false |
iam_role_tags | Additional tags for the IAM role | map(string) | false |
cloudwatch_log_group_kms_key_id | The ARN of the KMS Key to use when encrypting log data for Lambda | string | false |
lambda_function_vpc_subnet_ids | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. | list(string) | false |
lambda_function_vpc_security_group_ids | List of security group ids when Lambda Function should run in the VPC. | list(string) | false |
sns_topic_tags | Additional tags for the SNS topic | map(string) | false |
lambda_description | The description of the Lambda function | string | false |
iam_role_name_prefix | A unique role name beginning with the specified prefix | string | false |
recreate_missing_package | Whether to recreate missing Lambda package if it is missing locally or not | bool | false |
log_events | Boolean flag to enabled/disable logging of incoming events | bool | false |
lambda_role | IAM role attached to the Lambda Function. If this is set then a role will not be created for you. | string | false |
slack_webhook_url | The URL of Slack webhook | string | true |
iam_role_boundary_policy_arn | The ARN of the policy that is used to set the permissions boundary for the role | string | false |
iam_role_name_prefix | A unique role name beginning with the specified prefix | string | false |
cloudwatch_log_group_tags | Additional tags for the Cloudwatch log group | map(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

155
docs/end-user/components/cloud-services/terraform/aws-rds-aurora.md
View File

@ -13,89 +13,90 @@ Terraform module which creates RDS Aurora resources on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
final_snapshot_identifier_prefix | The prefix name to use when creating a final snapshot on cluster destroy; a 8 random digits are appended to name to ensure it's unique | string | false |
iam_role_force_detach_policies | Whether to force detaching any policies the monitoring role has before destroying it | bool | false |
s3_import | Configuration map used to restore from a Percona Xtrabackup in S3 (only MySQL is supported) | map(string) | false |
auto_minor_version_upgrade | Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Default `true` | bool | false |
iam_role_use_name_prefix | Determines whether to use `iam_role_name` as is or create a unique name beginning with the `iam_role_name` as the prefix | bool | false |
predefined_metric_type | The metric type to scale on. Valid values are `RDSReaderAverageCPUUtilization` and `RDSReaderAverageDatabaseConnections` | string | false |
autoscaling_target_cpu | CPU threshold which will initiate autoscaling | number | false |
security_group_tags | Additional tags for the security group | map(string) | false |
engine | The name of the database engine to be used for this DB cluster. Defaults to `aurora`. Valid Values: `aurora`, `aurora-mysql`, `aurora-postgresql` | string | false |
kms_key_id | The ARN for the KMS encryption key. When specifying `kms_key_id`, `storage_encrypted` needs to be set to `true` | string | false |
iam_database_authentication_enabled | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | bool | false |
monitoring_role_arn | IAM role used by RDS to send enhanced monitoring metrics to CloudWatch | string | false |
vpc_id | ID of the VPC where to create security group | string | false |
create_db_subnet_group | Determines whether to create the databae subnet group or use existing | bool | false |
restore_to_point_in_time | Map of nested attributes for cloning Aurora cluster | map(string) | false |
engine_version | The database engine version. Updating this argument results in an outage | string | false |
deletion_protection | If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to `true`. The default is `false` | bool | false |
instances | Map of cluster instances and any specific/overriding attributes to be created | any | false |
performance_insights_enabled | Specifies whether Performance Insights is enabled or not | bool | false |
ca_cert_identifier | The identifier of the CA certificate for the DB instance | string | false |
endpoints | Map of additional cluster endpoints and their attributes to be created | any | false |
iam_roles | Map of IAM roles and supported feature names to associate with the cluster | map(map(string)) | false |
autoscaling_scale_out_cooldown | Cooldown in seconds before allowing further scaling operations after a scale out | number | false |
create_security_group | Determines whether to create security group for RDS cluster | bool | false |
security_group_egress_rules | A map of security group egress rule defintions to add to the security group created | map(any) | false |
global_cluster_identifier | The global cluster identifier specified on `aws_rds_global_cluster` | string | false |
db_cluster_parameter_group_name | A cluster parameter group to associate with the cluster | string | false |
scaling_configuration | Map of nested attributes with scaling properties. Only valid when `engine_mode` is set to `serverless` | map(string) | false |
is_primary_cluster | Determines whether cluster is primary cluster with writer instance (set to `false` for global cluster and replica clusters) | bool | false |
instance_class | Instance type to use at master instance. Note: if `autoscaling_enabled` is `true`, this will be the same instance class used on instances created by autoscaling | string | false |
name | Name used across resources created | string | false |
master_password | Password for the master DB user. Note - when specifying a value here, 'create_random_password' should be set to `false` | string | false |
replication_source_identifier | ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica | string | false |
master_username | Username for the master DB user | string | false |
backtrack_window | The target backtrack window, in seconds. Only available for `aurora` engine currently. To disable backtracking, set this value to 0. Must be between 0 and 259200 (72 hours) | number | false |
monitoring_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for instances. Set to `0` to disble. Default is `0` | number | false |
performance_insights_retention_period | Amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years) | number | false |
iam_role_permissions_boundary | The ARN of the policy that is used to set the permissions boundary for the monitoring role | string | false |
autoscaling_enabled | Determines whether autoscaling of the cluster read replicas is enabled | bool | false |
autoscaling_scale_in_cooldown | Cooldown in seconds before allowing further scaling operations after a scale in | number | false |
autoscaling_target_connections | Average number of connections threshold which will initiate autoscaling. Default value is 70% of db.r4/r5/r6g.large's default max_connections | number | false |
random_password_length | Length of random password to create. Defaults to `10` | number | false |
db_parameter_group_name | The name of the DB parameter group to associate with instances | string | false |
autoscaling_max_capacity | Maximum number of read replicas permitted when autoscaling is enabled | number | false |
allowed_cidr_blocks | A list of CIDR blocks which are allowed to access the database | list(string) | false |
db_subnet_group_name | The name of the subnet group name (existing or created) | string | false |
enable_http_endpoint | Enable HTTP endpoint (data API). Only valid when engine_mode is set to `serverless` | bool | false |
backup_retention_period | The days to retain backups for. Default `7` | number | false |
apply_immediately | Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is `false` | bool | false |
instances_use_identifier_prefix | Determines whether cluster instance identifiers are used as prefixes | bool | false |
iam_role_name | Friendly name of the monitoring role | string | false |
iam_role_path | Path for the monitoring role | string | false |
enable_global_write_forwarding | Whether cluster should forward writes to an associated global cluster. Applied to secondary clusters to enable them to forward writes to an `aws_rds_global_cluster`'s primary cluster | bool | false |
preferred_backup_window | The daily time range during which automated backups are created if automated backups are enabled using the `backup_retention_period` parameter. Time in UTC | string | false |
create_monitoring_role | Determines whether to create the IAM role for RDS enhanced monitoring | bool | false |
security_group_description | The description of the security group. If value is set to empty string it will contain cluster name in the description | string | false |
allow_major_version_upgrade | Enable to allow major engine version upgrades when changing engine versions. Defaults to `false` | bool | false |
create_random_password | Determines whether to create random password for RDS primary cluster | bool | false |
skip_final_snapshot | Determines whether a final snapshot is created before the cluster is deleted. If true is specified, no snapshot is created | bool | false |
iam_role_managed_policy_arns | Set of exclusive IAM managed policy ARNs to attach to the monitoring role | list(string) | false |
allowed_security_groups | A list of Security Group ID's to allow access to | list(string) | false |
tags | A map of tags to add to all resources | map(string) | false |
create_cluster | Whether cluster should be created (affects nearly all resources) | bool | false |
engine_mode | The database engine mode. Valid values: `global`, `multimaster`, `parallelquery`, `provisioned`, `serverless`. Defaults to: `provisioned` | string | false |
database_name | Name for an automatically created database on cluster creation | string | false |
publicly_accessible | Determines whether instances are publicly accessible. Default false | bool | false |
instance_timeouts | Create, update, and delete timeout configurations for the cluster instance(s) | map(string) | false |
preferred_maintenance_window | The weekly time range during which system maintenance can occur, in (UTC) | string | false |
snapshot_identifier | Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot | string | false |
enabled_cloudwatch_logs_exports | Set of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: `audit`, `error`, `general`, `slowquery`, `postgresql` | list(string) | false |
cluster_timeouts | Create, update, and delete timeout configurations for the cluster | map(string) | false |
performance_insights_kms_key_id | The ARN for the KMS key to encrypt Performance Insights data | string | false |
iam_role_max_session_duration | Maximum session duration (in seconds) that you want to set for the monitoring role | number | false |
autoscaling_min_capacity | Minimum number of read replicas permitted when autoscaling is enabled | number | false |
subnets | List of subnet IDs used by database subnet group created | list(string) | false |
source_region | The source region for an encrypted replica DB cluster | string | false |
port | The port on which the DB accepts connections | string | false |
master_username | Username for the master DB user | string | false |
iam_role_permissions_boundary | The ARN of the policy that is used to set the permissions boundary for the monitoring role | string | false |
security_group_tags | Additional tags for the security group | map(string) | false |
engine_mode | The database engine mode. Valid values: `global`, `multimaster`, `parallelquery`, `provisioned`, `serverless`. Defaults to: `provisioned` | string | false |
enable_http_endpoint | Enable HTTP endpoint (data API). Only valid when engine_mode is set to `serverless` | bool | false |
kms_key_id | The ARN for the KMS encryption key. When specifying `kms_key_id`, `storage_encrypted` needs to be set to `true` | string | false |
vpc_security_group_ids | List of VPC security groups to associate to the cluster in addition to the SG we create in this module | list(string) | false |
storage_encrypted | Specifies whether the DB cluster is encrypted. The default is `true` | bool | false |
performance_insights_kms_key_id | The ARN for the KMS key to encrypt Performance Insights data | string | false |
create_monitoring_role | Determines whether to create the IAM role for RDS enhanced monitoring | bool | false |
master_password | Password for the master DB user. Note - when specifying a value here, 'create_random_password' should be set to `false` | string | false |
preferred_maintenance_window | The weekly time range during which system maintenance can occur, in (UTC) | string | false |
autoscaling_target_cpu | CPU threshold which will initiate autoscaling | number | false |
endpoints | Map of additional cluster endpoints and their attributes to be created | any | false |
autoscaling_enabled | Determines whether autoscaling of the cluster read replicas is enabled | bool | false |
vpc_id | ID of the VPC where to create security group | string | false |
db_parameter_group_name | The name of the DB parameter group to associate with instances | string | false |
monitoring_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for instances. Set to `0` to disble. Default is `0` | number | false |
auto_minor_version_upgrade | Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Default `true` | bool | false |
engine | The name of the database engine to be used for this DB cluster. Defaults to `aurora`. Valid Values: `aurora`, `aurora-mysql`, `aurora-postgresql` | string | false |
instances | Map of cluster instances and any specific/overriding attributes to be created | any | false |
autoscaling_min_capacity | Minimum number of read replicas permitted when autoscaling is enabled | number | false |
allowed_cidr_blocks | A list of CIDR blocks which are allowed to access the database | list(string) | false |
random_password_length | Length of random password to create. Defaults to `10` | number | false |
scaling_configuration | Map of nested attributes with scaling properties. Only valid when `engine_mode` is set to `serverless` | map(string) | false |
publicly_accessible | Determines whether instances are publicly accessible. Default false | bool | false |
iam_role_force_detach_policies | Whether to force detaching any policies the monitoring role has before destroying it | bool | false |
iam_role_max_session_duration | Maximum session duration (in seconds) that you want to set for the monitoring role | number | false |
instance_timeouts | Create, update, and delete timeout configurations for the cluster instance(s) | map(string) | false |
create_security_group | Determines whether to create security group for RDS cluster | bool | false |
skip_final_snapshot | Determines whether a final snapshot is created before the cluster is deleted. If true is specified, no snapshot is created | bool | false |
deletion_protection | If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to `true`. The default is `false` | bool | false |
preferred_backup_window | The daily time range during which automated backups are created if automated backups are enabled using the `backup_retention_period` parameter. Time in UTC | string | false |
s3_import | Configuration map used to restore from a Percona Xtrabackup in S3 (only MySQL is supported) | map(string) | false |
performance_insights_enabled | Specifies whether Performance Insights is enabled or not | bool | false |
performance_insights_retention_period | Amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years) | number | false |
final_snapshot_identifier_prefix | The prefix name to use when creating a final snapshot on cluster destroy; a 8 random digits are appended to name to ensure it's unique | string | false |
db_cluster_db_instance_parameter_group_name | Instance parameter group to associate with all instances of the DB cluster. The `db_cluster_db_instance_parameter_group_name` is only valid in combination with `allow_major_version_upgrade` | string | false |
copy_tags_to_snapshot | Copy all Cluster `tags` to snapshots | bool | false |
cluster_tags | A map of tags to add to only the cluster. Used for AWS Instance Scheduler tagging | map(string) | false |
restore_to_point_in_time | Map of nested attributes for cloning Aurora cluster | map(string) | false |
iam_role_managed_policy_arns | Set of exclusive IAM managed policy ARNs to attach to the monitoring role | list(string) | false |
autoscaling_max_capacity | Maximum number of read replicas permitted when autoscaling is enabled | number | false |
autoscaling_scale_in_cooldown | Cooldown in seconds before allowing further scaling operations after a scale in | number | false |
subnets | List of subnet IDs used by database subnet group created | list(string) | false |
is_primary_cluster | Determines whether cluster is primary cluster with writer instance (set to `false` for global cluster and replica clusters) | bool | false |
database_name | Name for an automatically created database on cluster creation | string | false |
instances_use_identifier_prefix | Determines whether cluster instance identifiers are used as prefixes | bool | false |
instance_class | Instance type to use at master instance. Note: if `autoscaling_enabled` is `true`, this will be the same instance class used on instances created by autoscaling | string | false |
ca_cert_identifier | The identifier of the CA certificate for the DB instance | string | false |
replication_source_identifier | ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica | string | false |
create_random_password | Determines whether to create random password for RDS primary cluster | bool | false |
snapshot_identifier | Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot | string | false |
iam_role_name | Friendly name of the monitoring role | string | false |
predefined_metric_type | The metric type to scale on. Valid values are `RDSReaderAverageCPUUtilization` and `RDSReaderAverageDatabaseConnections` | string | false |
monitoring_role_arn | IAM role used by RDS to send enhanced monitoring metrics to CloudWatch | string | false |
iam_role_description | Description of the monitoring role | string | false |
allowed_security_groups | A list of Security Group ID's to allow access to | list(string) | false |
tags | A map of tags to add to all resources | map(string) | false |
db_subnet_group_name | The name of the subnet group name (existing or created) | string | false |
engine_version | The database engine version. Updating this argument results in an outage | string | false |
apply_immediately | Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is `false` | bool | false |
iam_database_authentication_enabled | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | bool | false |
iam_roles | Map of IAM roles and supported feature names to associate with the cluster | map(map(string)) | false |
putin_khuylo | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | bool | false |
allow_major_version_upgrade | Enable to allow major engine version upgrades when changing engine versions. Defaults to `false` | bool | false |
backup_retention_period | The days to retain backups for. Default `7` | number | false |
storage_encrypted | Specifies whether the DB cluster is encrypted. The default is `true` | bool | false |
iam_role_path | Path for the monitoring role | string | false |
autoscaling_scale_out_cooldown | Cooldown in seconds before allowing further scaling operations after a scale out | number | false |
create_db_subnet_group | Determines whether to create the databae subnet group or use existing | bool | false |
autoscaling_target_connections | Average number of connections threshold which will initiate autoscaling. Default value is 70% of db.r4/r5/r6g.large's default max_connections | number | false |
security_group_description | The description of the security group. If value is set to empty string it will contain cluster name in the description | string | false |
enabled_cloudwatch_logs_exports | Set of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: `audit`, `error`, `general`, `slowquery`, `postgresql` | list(string) | false |
cluster_timeouts | Create, update, and delete timeout configurations for the cluster | map(string) | false |
name | Name used across resources created | string | false |
global_cluster_identifier | The global cluster identifier specified on `aws_rds_global_cluster` | string | false |
enable_global_write_forwarding | Whether cluster should forward writes to an associated global cluster. Applied to secondary clusters to enable them to forward writes to an `aws_rds_global_cluster`'s primary cluster | bool | false |
port | The port on which the DB accepts connections | string | false |
db_cluster_parameter_group_name | A cluster parameter group to associate with the cluster | string | false |
backtrack_window | The target backtrack window, in seconds. Only available for `aurora` engine currently. To disable backtracking, set this value to 0. Must be between 0 and 259200 (72 hours) | number | false |
cluster_tags | A map of tags to add to only the cluster. Used for AWS Instance Scheduler tagging | map(string) | false |
iam_role_use_name_prefix | Determines whether to use `iam_role_name` as is or create a unique name beginning with the `iam_role_name` as the prefix | bool | false |
security_group_egress_rules | A map of security group egress rule defintions to add to the security group created | map(any) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

143
docs/end-user/components/cloud-services/terraform/aws-rds.md
View File

@ -13,84 +13,87 @@ AWS RDS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
port | The port on which the DB accepts connections | string | false |
availability_zone | The Availability Zone of the RDS instance | string | false |
tags | A mapping of tags to assign to all resources | map(string) | false |
parameter_group_description | Description of the DB parameter group to create | string | false |
performance_insights_retention_period | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). | number | false |
allocated_storage | The allocated storage in gigabytes | string | false |
s3_import | Restore from a Percona Xtrabackup in S3 (only MySQL is supported) | map(string) | false |
create_db_subnet_group | Whether to create a database subnet group | bool | false |
parameter_group_name | Name of the DB parameter group to associate or create | string | false |
deletion_protection | The database can't be deleted when this value is set to true. | bool | false |
performance_insights_kms_key_id | The ARN for the KMS key to encrypt Performance Insights data. | string | false |
monitoring_role_name | Name of the IAM role which will be created when create_monitoring_role is enabled. | string | false |
restore_to_point_in_time | Restore to a point in time (MySQL is NOT supported) | map(string) | false |
db_subnet_group_name | Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. If unspecified, will be created in the default VPC | string | false |
create_db_parameter_group | Whether to create a database parameter group | bool | false |
create_db_option_group | Create a database option group | bool | false |
option_group_name | Name of the option group | string | false |
create_db_instance | Whether to create a database instance | bool | false |
replicate_source_db | Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the identifier of another Amazon RDS Database to replicate. | string | false |
domain | The ID of the Directory Service Active Directory domain to create the instance in | string | false |
snapshot_identifier | Specifies whether or not to create this database from a snapshot. This correlates to the snapshot ID you'd find in the RDS console, e.g: rds:production-2015-06-26-06-05. | string | false |
options | A list of Options to apply. | any | false |
domain_iam_role_name | (Required if domain is provided) The name of the IAM role to be used when making API calls to the Directory Service | string | false |
copy_tags_to_snapshot | On delete, copy all Instance tags to the final snapshot (if final_snapshot_identifier is specified) | bool | false |
name | The DB name to create. If omitted, no database is created initially | string | false |
timeouts | (Optional) Updated Terraform resource management timeouts. Applies to `aws_db_instance` in particular to permit resource management times | map(string) | false |
engine_version | The engine version to use | string | false |
skip_final_snapshot | Determines whether a final DB snapshot is created before the DB instance is deleted. If true is specified, no DBSnapshot is created. If false is specified, a DB snapshot is created before the DB instance is deleted, using the value from final_snapshot_identifier | bool | false |
db_subnet_group_description | Description of the DB subnet group to create | string | false |
create_random_password | Whether to create random password for RDS primary cluster | bool | false |
monitoring_role_description | Description of the monitoring IAM role | string | false |
kms_key_id | The ARN for the KMS encryption key. If creating an encrypted replica, set this to the destination KMS ARN. If storage_encrypted is set to true and kms_key_id is not specified the default KMS key created in your account will be used | string | false |
iam_database_authentication_enabled | Specifies whether or not the mappings of AWS Identity and Access Management (IAM) accounts to database accounts are enabled | bool | false |
final_snapshot_identifier_prefix | The name which is prefixed to the final snapshot on cluster destroy | string | false |
identifier | The name of the RDS instance | string | true |
storage_encrypted | Specifies whether the DB instance is encrypted | bool | false |
domain | The ID of the Directory Service Active Directory domain to create the instance in | string | false |
instance_class | The instance type of the RDS instance | string | false |
monitoring_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60. | number | false |
monitoring_role_arn | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. Must be specified if monitoring_interval is non-zero. | string | false |
password | Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file | string | false |
vpc_security_group_ids | List of VPC security groups to associate | list(string) | false |
subnet_ids | A list of VPC subnet IDs | list(string) | false |
character_set_name | (Optional) The character set name to use for DB encoding in Oracle instances. This can't be changed. See Oracle Character Sets Supported in Amazon RDS and Collations and Character Sets for Microsoft SQL Server for more information. This can only be set on creation. | string | false |
ca_cert_identifier | Specifies the identifier of the CA certificate for the DB instance | string | false |
port | The port on which the DB accepts connections | string | false |
monitoring_role_name | Name of the IAM role which will be created when create_monitoring_role is enabled | string | false |
maintenance_window | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi'. Eg: 'Mon:00:00-Mon:03:00' | string | false |
character_set_name | The character set name to use for DB encoding in Oracle instances. This can't be changed. See Oracle Character Sets Supported in Amazon RDS and Collations and Character Sets for Microsoft SQL Server for more information. This can only be set on creation | string | false |
performance_insights_enabled | Specifies whether Performance Insights are enabled | bool | false |
storage_type | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD). The default is 'io1' if iops is specified, 'gp2' if not | string | false |
replicate_source_db | Specifies that this resource is a Replicate database, and to use this value as the source database. This correlates to the identifier of another Amazon RDS Database to replicate | string | false |
iam_database_authentication_enabled | Specifies whether or not the mappings of AWS Identity and Access Management (IAM) accounts to database accounts are enabled | bool | false |
timezone | Time zone of the DB instance. timezone is currently only supported by Microsoft SQL Server. The timezone can only be set on creation. See MSSQL User Guide for more information | string | false |
deletion_protection | The database can't be deleted when this value is set to true | bool | false |
restore_to_point_in_time | Restore to a point in time (MySQL is NOT supported) | map(string) | false |
s3_import | Restore from a Percona Xtrabackup in S3 (only MySQL is supported) | map(string) | false |
parameter_group_use_name_prefix | Determines whether to use `parameter_group_name` as is or create a unique name beginning with the `parameter_group_name` as the prefix | bool | false |
identifier | The name of the RDS instance, if omitted, Terraform will assign a random, unique identifier | string | true |
final_snapshot_identifier | The name of your final DB snapshot when this DB instance is deleted. | string | false |
iops | The amount of provisioned IOPS. Setting this implies a storage_type of 'io1' | number | false |
allow_major_version_upgrade | Indicates that major version upgrades are allowed. Changing this parameter does not result in an outage and the change is asynchronously applied as soon as possible | bool | false |
availability_zone | The Availability Zone of the RDS instance | string | false |
multi_az | Specifies if the RDS instance is multi-AZ | bool | false |
monitoring_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60 | number | false |
backup_retention_period | The days to retain backups for | number | false |
backup_window | The daily time range (in UTC) during which automated backups are created if they are enabled. Example: '09:46-10:16'. Must not overlap with maintenance_window | string | false |
performance_insights_enabled | Specifies whether Performance Insights are enabled | bool | false |
max_allocated_storage | Specifies the value for Storage Autoscaling | number | false |
license_model | License model information for this DB instance. Optional, but required for some DB engines, i.e. Oracle SE1 | string | false |
multi_az | Specifies if the RDS instance is multi-AZ | bool | false |
publicly_accessible | Bool to control if instance is publicly accessible | bool | false |
db_instance_tags | Additional tags for the DB instance | map(string) | false |
db_subnet_group_use_name_prefix | Determines whether to use `subnet_group_name` as is or create a unique name beginning with the `subnet_group_name` as the prefix | bool | false |
timezone | (Optional) Time zone of the DB instance. timezone is currently only supported by Microsoft SQL Server. The timezone can only be set on creation. See MSSQL User Guide for more information. | string | false |
create_monitoring_role | Create IAM role with a defined name that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. | bool | false |
auto_minor_version_upgrade | Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window | bool | false |
major_engine_version | Specifies the major version of the engine that this option group should be associated with | string | false |
maintenance_window | The window to perform maintenance in. Syntax: 'ddd:hh24:mi-ddd:hh24:mi'. Eg: 'Mon:00:00-Mon:03:00' | string | false |
db_option_group_tags | Additional tags for the DB option group | map(string) | false |
db_subnet_group_tags | Additional tags for the DB subnet group | map(string) | false |
random_password_length | (Optional) Length of random password to create. (default: 10) | number | false |
storage_type | One of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD). The default is 'io1' if iops is specified, 'gp2' if not. | string | false |
family | The family of the DB parameter group | string | false |
storage_encrypted | Specifies whether the DB instance is encrypted | bool | false |
username | Username for the master DB user | string | false |
parameters | A list of DB parameters (map) to apply | list(map(string)) | false |
option_group_name | Name of the option group | string | false |
enabled_cloudwatch_logs_exports | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL). | list(string) | false |
delete_automated_backups | Specifies whether to remove automated backups immediately after the DB instance is deleted | bool | false |
apply_immediately | Specifies whether any database modifications are applied immediately, or during the next maintenance window | bool | false |
db_parameter_group_tags | Additional tags for the DB parameter group | map(string) | false |
create_db_option_group | (Optional) Create a database option group | bool | false |
option_group_use_name_prefix | Determines whether to use `option_group_name` as is or create a unique name beginning with the `option_group_name` as the prefix | bool | false |
cross_region_replica | Specifies if the replica should be cross region. It allows the use of a subnet group in a region different than the master instance | bool | false |
subnet_ids | A list of VPC subnet IDs | list(string) | false |
parameter_group_description | Description of the DB parameter group to create | string | false |
engine | The database engine to use | string | false |
option_group_description | The description of the option group | string | false |
apply_immediately | Specifies whether any database modifications are applied immediately, or during the next maintenance window | bool | false |
db_option_group_tags | Additional tags for the DB option group | map(string) | false |
parameter_group_name | Name of the DB parameter group to associate or create | string | false |
parameters | A list of DB parameters (map) to apply | list(map(string)) | false |
allocated_storage | The allocated storage in gigabytes | string | false |
snapshot_identifier | Specifies whether or not to create this database from a snapshot. This correlates to the snapshot ID you'd find in the RDS console, e.g: rds:production-2015-06-26-06-05 | string | false |
db_instance_tags | Additional tags for the DB instance | map(string) | false |
db_subnet_group_tags | Additional tags for the DB subnet group | map(string) | false |
db_subnet_group_name | Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. If unspecified, will be created in the default VPC | string | false |
performance_insights_kms_key_id | The ARN for the KMS key to encrypt Performance Insights data | string | false |
cloudwatch_log_group_retention_in_days | The number of days to retain CloudWatch logs for the DB instance | number | false |
db_name | The DB name to create. If omitted, no database is created initially | string | false |
username | Username for the master DB user | string | false |
vpc_security_group_ids | List of VPC security groups to associate | list(string) | false |
option_group_timeouts | Define maximum timeout for deletion of `aws_db_option_group` resource | map(string) | false |
putin_khuylo | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | bool | false |
monitoring_role_description | Description of the monitoring IAM role | string | false |
auto_minor_version_upgrade | Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window | bool | false |
options | A list of Options to apply | any | false |
kms_key_id | The ARN for the KMS encryption key. If creating an encrypted replica, set this to the destination KMS ARN. If storage_encrypted is set to true and kms_key_id is not specified the default KMS key created in your account will be used | string | false |
copy_tags_to_snapshot | On delete, copy all Instance tags to the final snapshot | bool | false |
password | Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file | string | false |
create_db_subnet_group | Whether to create a database subnet group | bool | false |
db_subnet_group_description | Description of the DB subnet group to create | string | false |
create_db_parameter_group | Whether to create a database parameter group | bool | false |
option_group_use_name_prefix | Determines whether to use `option_group_name` as is or create a unique name beginning with the `option_group_name` as the prefix | bool | false |
major_engine_version | Specifies the major version of the engine that this option group should be associated with | string | false |
timeouts | Updated Terraform resource management timeouts. Applies to `aws_db_instance` in particular to permit resource management times | map(string) | false |
license_model | License model information for this DB instance. Optional, but required for some DB engines, i.e. Oracle SE1 | string | false |
domain_iam_role_name | (Required if domain is provided) The name of the IAM role to be used when making API calls to the Directory Service | string | false |
allow_major_version_upgrade | Indicates that major version upgrades are allowed. Changing this parameter does not result in an outage and the change is asynchronously applied as soon as possible | bool | false |
db_subnet_group_use_name_prefix | Determines whether to use `subnet_group_name` as is or create a unique name beginning with the `subnet_group_name` as the prefix | bool | false |
performance_insights_retention_period | The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years) | number | false |
random_password_length | Length of random password to create | number | false |
replica_mode | Specifies whether the replica is in either mounted or open-read-only mode. This attribute is only supported by Oracle instances. Oracle replicas operate in open-read-only mode unless otherwise specified | string | false |
engine_version | The engine version to use | string | false |
skip_final_snapshot | Determines whether a final DB snapshot is created before the DB instance is deleted. If true is specified, no DBSnapshot is created. If false is specified, a DB snapshot is created before the DB instance is deleted | bool | false |
tags | A mapping of tags to assign to all resources | map(string) | false |
db_parameter_group_tags | Additional tags for the DB parameter group | map(string) | false |
max_allocated_storage | Specifies the value for Storage Autoscaling | number | false |
create_cloudwatch_log_group | Determines whether a CloudWatch log group is created for each `enabled_cloudwatch_logs_exports` | bool | false |
cloudwatch_log_group_kms_key_id | The ARN of the KMS Key to use when encrypting log data | string | false |
enabled_cloudwatch_logs_exports | List of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine): alert, audit, error, general, listener, slowquery, trace, postgresql (PostgreSQL), upgrade (PostgreSQL) | list(string) | false |
ca_cert_identifier | Specifies the identifier of the CA certificate for the DB instance | string | false |
final_snapshot_identifier_prefix | The name which is prefixed to the final snapshot on cluster destroy | string | false |
iops | The amount of provisioned IOPS. Setting this implies a storage_type of 'io1' | number | false |
publicly_accessible | Bool to control if instance is publicly accessible | bool | false |
monitoring_role_arn | The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. Must be specified if monitoring_interval is non-zero | string | false |
create_monitoring_role | Create IAM role with a defined name that permits RDS to send enhanced monitoring metrics to CloudWatch Logs | bool | false |
family | The family of the DB parameter group | string | false |
option_group_description | The description of the option group | string | false |
delete_automated_backups | Specifies whether to remove automated backups immediately after the DB instance is deleted | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

29
docs/end-user/components/cloud-services/terraform/aws-records.md Normal file
View File

@ -0,0 +1,29 @@
---
title: AWS RECORDS
---
## Description
Terraform module which creates Route53 resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
create | Whether to create DNS records | bool | false |
zone_id | ID of DNS zone | string | false |
zone_name | Name of DNS zone | string | false |
private_zone | Whether Route53 zone is private or public | bool | false |
records | List of maps of DNS records | any | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

4
docs/end-user/components/cloud-services/terraform/aws-route53-alias.md
View File

@ -17,11 +17,11 @@ Terraform Module to Define Vanity Host/Domain (e.g. ) as an ALIAS record
allow_overwrite | Allow creation of this record in Terraform to overwrite an existing record, if any. This does not affect the ability to update the record in Terraform and does not prevent other resources within Terraform or manual Route 53 changes outside Terraform from overwriting this record. false by default. This configuration is not recommended for most environments | bool | false |
aliases | List of aliases | list(string) | true |
private_zone | Is this a private hosted zone? | bool | false |
target_zone_id | ID of target resource (e.g. ALB, ELB) | string | true |
target_dns_name | DNS name of target resource (e.g. ALB, ELB) | string | true |
evaluate_target_health | Set to true if you want Route 53 to determine whether to respond to DNS queries | bool | false |
parent_zone_id | ID of the hosted zone to contain this record (or specify `parent_zone_name`) | string | false |
parent_zone_name | Name of the hosted zone to contain this record (or specify `parent_zone_id`) | string | false |
target_dns_name | DNS name of target resource (e.g. ALB, ELB) | string | true |
target_zone_id | ID of target resource (e.g. ALB, ELB) | string | true |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

2
docs/end-user/components/cloud-services/terraform/aws-route53-zones.md
View File

@ -13,9 +13,9 @@ Terraform module which creates Route53 resources on AWS
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
create | Whether to create Route53 zone | bool | false |
zones | Map of Route53 zone parameters | any | false |
tags | Tags added to all zones. Will take precedence over tags from the 'zones' variable | map(any) | false |
create | Whether to create Route53 zone | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

Some files were not shown because too many files have changed in this diff Show More