kubevela
/
kubevela.github.io
mirror of https://github.com/kubevela/kubevela.github.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add docs for top 50 famous cloud resources for AWS (#501) 

* Add docs for top 50 famous cloud resources for AWS

Generated docs for https://github.com/oam-dev/catalog/pull/244

Signed-off-by: Zheng Xi Zhou <zzxwill@gmail.com>
This commit is contained in:
Zheng Xi Zhou 2022-02-10 15:28:22 +08:00 committed by GitHub
parent 4731b88980
commit 96935246d8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
259 changed files with 11509 additions and 417 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
docs/end-user/components/cloud-services/cloud-resources-list.md Normal file
View File

@ -0,0 +1,93 @@
---
title: Supported Cloud Resource list
---
| Orchestration Type | Cloud Provider | Cloud Resource | Description |
|--------------------|----------------|---------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Terraform | Alibaba Cloud | [ack](./terraform/alibaba-ack.md) | Terraform configuration for Alibaba Cloud ACK cluster |
| | | [amqp](./terraform/alibaba-amqp.md) | Terraform configuration for Alibaba Cloud AMQP(RabbitMQ) |
| | | [ask](./terraform/alibaba-ask.md) | Terraform configuration for Alibaba Cloud Serverless Kubernetes (ASK) |
| | | [eip](./terraform/alibaba-eip.md) | Terraform configuration for Alibaba Cloud Elastic IP |
| | | [mongodb](./terraform/alibaba-mongodb.md) | Alibaba Cloud MongoDB |
| | | [mse](./terraform/alibaba-mse.md) | Terraform configuration for Alibaba Cloud MSE |
| | | [oss](./terraform/alibaba-oss.md) | Terraform configuration for Alibaba Cloud OSS |
| | | [rds](./terraform/alibaba-rds.md) | Terraform configuration for Alibaba Cloud RDS |
| | | [redis](./terraform/alibaba-redis.md) | Terraform configuration for Alibaba Cloud Redis |
| | | [rocketmq](./terraform/alibaba-rocketmq.md) | Terraform configuration for Alibaba Cloud RocketMQ |
| | | [sls project](./terraform/alibaba-sls-project.md) | Terraform configuration for Alibaba Cloud SLS Project |
| | | [sls store](./terraform/alibaba-sls-store.md) | Terraform configuration for Alibaba Cloud SLS Store |
| | | [vpc](./terraform/alibaba-vpc.md) | Terraform configuration for Alibaba Cloud VPC |
| | | [vswitch](./terraform/alibaba-vswitch.md) | Terraform configuration for Alibaba Cloud VSwitch |
| | AWS | [acm](./terraform/aws-acm.md) | Terraform module which creates and validates ACM certificate |
| | | [alb](./terraform/aws-alb.md) | Terraform module to create an AWS Application/Network Load Balancer (ALB/NLB) and associated resources |
| | | [autoscaling](./terraform/aws-autoscaling.md) | Terraform module which creates Auto Scaling resources on AWS |
| | | [bridgecrew read only](./terraform/aws-bridgecrew-read-only.md) | Bridgecrew READ ONLY integration module |
| | | [cloudfront s3 cdn](./terraform/aws-cloudfront-s3-cdn.md) | Terraform module to easily provision CloudFront CDN backed by an S3 origin |
| | | [cloudfront](./terraform/aws-cloudfront.md) | Terraform module which creates CloudFront resources on AWS |
| | | [cloudwatch cis alarms](./terraform/aws-cloudwatch-cis-alarms.md) | Terraform module which creates Cloudwatch resources on AWS |
| | | [cloudwatch log group](./terraform/aws-cloudwatch-log-group.md) | Terraform module which creates Cloudwatch resources on AWS |
| | | [cloudwatch log metric filter](./terraform/aws-cloudwatch-log-metric-filter.md) | Terraform module which creates Cloudwatch resources on AWS |
| | | [cloudwatch metric alarm](./terraform/aws-cloudwatch-metric-alarm.md) | Terraform module which creates Cloudwatch resources on AWS |
| | | [cloudwatch metric alarms](./terraform/aws-cloudwatch-metric-alarms.md) | Terraform module which creates Cloudwatch resources on AWS |
| | | [config](./terraform/aws-config.md) | This module configures AWS Config, a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. |
| | | [dynamodb table](./terraform/aws-dynamodb-table.md) | Terraform module which creates DynamoDB table on AWS |
| | | [ec2 instance](./terraform/aws-ec2-instance.md) | Terraform module which creates EC2 instance(s) on AWS |
| | | [ecs container definition](./terraform/aws-ecs-container-definition.md) | Terraform module to generate well-formed JSON documents (container definitions) that are passed to the aws_ecs_task_definition Terraform resource |
| | | [ecs](./terraform/aws-ecs.md) | Terraform module which creates AWS ECS resources |
| | | [eks cluster autoscaler](./terraform/aws-eks-cluster-autoscaler.md) | AWS Eks-Cluster-Autoscaler |
| | | [eks external dns](./terraform/aws-eks-external-dns.md) | AWS Eks-External-Dns |
| | | [eks kube state metrics](./terraform/aws-eks-kube-state-metrics.md) | AWS Eks-Kube-State-Metrics |
| | | [eks node problem detector](./terraform/aws-eks-node-problem-detector.md) | A terraform module to deploy a node problem detector on Amazon EKS cluster |
| | | [eks](./terraform/aws-eks.md) | Terraform module to create an Elastic Kubernetes (EKS) cluster and associated worker instances on AWS |
| | | [elasticache redis](./terraform/aws-elasticache-redis.md) | Terraform module to provision an ElastiCache Redis Cluster |
| | | [elb](./terraform/aws-elb.md) | Terraform module which creates ELB resources on AWS |
| | | [guardduty](./terraform/aws-guardduty.md) | Terraform module to provision AWS Guard Duty |
| | | [iam account](./terraform/aws-iam-account.md) | Terraform module which creates IAM resources on AWS |
| | | [iam assumable role with oidc](./terraform/aws-iam-assumable-role-with-oidc.md) | Terraform module which creates IAM resources on AWS |
| | | [iam assumable role with saml](./terraform/aws-iam-assumable-role-with-saml.md) | Terraform module which creates IAM resources on AWS |
| | | [iam assumable role](./terraform/aws-iam-assumable-role.md) | Terraform module which creates IAM resources on AWS |
| | | [iam assumable roles with saml](./terraform/aws-iam-assumable-roles-with-saml.md) | Terraform module which creates IAM resources on AWS |
| | | [iam assumable roles](./terraform/aws-iam-assumable-roles.md) | Terraform module which creates IAM resources on AWS |
| | | [iam eks role](./terraform/aws-iam-eks-role.md) | Terraform module which creates IAM resources on AWS |
| | | [iam group with assumable roles policy](./terraform/aws-iam-group-with-assumable-roles-policy.md) | Terraform module which creates IAM resources on AWS |
| | | [iam group with policies](./terraform/aws-iam-group-with-policies.md) | Terraform module which creates IAM resources on AWS |
| | | [iam nofile](./terraform/aws-iam-nofile.md) | Terraform module Terraform module for creating AWS IAM Roles with heredocs |
| | | [iam policy document aggregator](./terraform/aws-iam-policy-document-aggregator.md) | Terraform module to aggregate multiple IAM policy documents into single policy document. |
| | | [iam policy](./terraform/aws-iam-policy.md) | Terraform module which creates IAM resources on AWS |
| | | [iam read only policy](./terraform/aws-iam-read-only-policy.md) | Terraform module which creates IAM resources on AWS |
| | | [iam role](./terraform/aws-iam-role.md) | A Terraform module that creates IAM role with provided JSON IAM polices documents. |
| | | [iam s3 user](./terraform/aws-iam-s3-user.md) | Terraform module to provision a basic IAM user with permissions to access S3 resources, e.g. to give the user read/write/delete access to the objects in an S3 bucket |
| | | [iam system user](./terraform/aws-iam-system-user.md) | Terraform Module to Provision a Basic IAM System User Suitable for CI/CD Systems (E.g. TravisCI, CircleCI) |
| | | [iam user](./terraform/aws-iam-user.md) | Terraform module which creates IAM resources on AWS |
| | | [key pair](./terraform/aws-key-pair.md) | Terraform module which creates EC2 key pair on AWS |
| | | [kms key](./terraform/aws-kms-key.md) | Terraform module to provision a KMS key with alias |
| | | [lambda do it all](./terraform/aws-lambda-do-it-all.md) | Terraform module to provision a lambda with full permissions |
| | | [lambda with inline code](./terraform/aws-lambda-with-inline-code.md) | Terraform module creating a Lambda function with inline code |
| | | [lambda](./terraform/aws-lambda.md) | Terraform module, which takes care of a lot of AWS Lambda/serverless tasks (build dependencies, packages, updates, deployments) in countless combinations |
| | | [notify slack](./terraform/aws-notify-slack.md) | Terraform module which creates SNS topic and Lambda function which sends notifications to Slack |
| | | [rds aurora](./terraform/aws-rds-aurora.md) | Terraform module which creates RDS Aurora resources on AWS |
| | | [rds](./terraform/aws-rds.md) | AWS RDS |
| | | [route53 alias](./terraform/aws-route53-alias.md) | Terraform Module to Define Vanity Host/Domain (e.g. ) as an ALIAS record |
| | | [route53 cluster hostname](./terraform/aws-route53-cluster-hostname.md) | Terraform module to define a consistent AWS Route53 hostname |
| | | [route53 delegation sets](./terraform/aws-route53-delegation-sets.md) | Terraform module which creates Route53 resources on AWS |
| | | [route53 records](./terraform/aws-route53-records.md) | Terraform module which creates Route53 resources on AWS |
| | | [route53 zones](./terraform/aws-route53-zones.md) | Terraform module which creates Route53 resources on AWS |
| | | [s3 log storage](./terraform/aws-s3-log-storage.md) | This module creates an S3 bucket suitable for receiving logs from other AWS services such as S3, CloudFront, and CloudTrail |
| | | [s3](./terraform/aws-s3.md) | Terraform configuration for AWS S3 |
| | | [secretsmanager for rollbar access tokens](./terraform/aws-secretsmanager-for-rollbar-access-tokens.md) | Terraform module creating a SecretsManager for Rollbar project access tokens |
| | | [security group](./terraform/aws-security-group.md) | Terraform module which creates EC2-VPC security groups on AWS |
| | | [security hub](./terraform/aws-security-hub.md) | Terraform module to provision AWS Security Hub |
| | | [sns topic](./terraform/aws-sns-topic.md) | Terraform Module to Provide an Amazon Simple Notification Service (SNS) |
| | | [sqs](./terraform/aws-sqs.md) | Terraform module which creates SQS resources on AWS |
| | | [ssm parameter store](./terraform/aws-ssm-parameter-store.md) | Terraform module to populate AWS Systems Manager (SSM) Parameter Store with values from Terraform. Works great with Chamber. |
| | | [subnet](./terraform/aws-subnet.md) | AWS Subnet |
| | | [utils](./terraform/aws-utils.md) | Utility functions for use with Terraform in the AWS environment |
| | | [vpc](./terraform/aws-vpc.md) | AWS VPC |
| | Azure | [database mariadb](./terraform/azure-database-mariadb.md) | Terraform configuration for Azure Database Mariadb |
| | | [resource group](./terraform/azure-resource-group.md) | Azure Resource Group |
| | | [storage account](./terraform/azure-storage-account.md) | Terraform configuration for Azure Blob Storage Account |
| | | [subnet](./terraform/azure-subnet.md) | Azure Subnet |
| | | [virtual network](./terraform/azure-virtual-network.md) | Azure Virtual Network |
| | Tencent Cloud | [subnet](./terraform/tencent-subnet.md) | Tencent Cloud Subnet |
| | | [vpc](./terraform/tencent-vpc.md) | Terraform configuration for Tencent Cloud VPC |

32
docs/end-user/components/cloud-services/provision-and-consume-cloud-services.md
View File

@ -15,39 +15,9 @@ This tutorial will talk about how to provision and consume Cloud Resources by Te
> ⚠️ This section requires your platform engineers have already enabled [cloud resources addon](../../../reference/addons/terraform).
## Supported Cloud Resource list
| Orchestration Type | Cloud Provider | Cloud Resource | Description |
|--------------------|----------------|------------------------------------------------------|-----------------------------------------------------------------------|
| Terraform | Alibaba Cloud | [ACK](./terraform/alibaba-ack) | Terraform configuration for Alibaba Cloud ACK cluster |
| | | [ASK](./terraform/alibaba-amqp) | Terraform configuration for Alibaba Cloud AMQP (RabbitMQ) |
| | | [ASK](./terraform/alibaba-ask) | Terraform configuration for Alibaba Cloud Serverless Kubernetes (ASK) |
| | | [EIP](./terraform/alibaba-eip) | Terraform configuration for Alibaba Cloud EIP |
| | | [MSE](./terraform/alibaba-mse) | Terraform configuration for Alibaba Cloud MSE |
| | | [OSS](./terraform/alibaba-oss) | Terraform configuration for Alibaba Cloud OSS |
| | | [RDS](./terraform/alibaba-rds) | Terraform configuration for Alibaba Cloud RDS |
| | | [Redis](./terraform/alibaba-redis) | Terraform configuration for Alibaba Cloud Redis |
| | | [RocketMQ](./terraform/alibaba-rocketmq) | Terraform configuration for Alibaba Cloud RocketMQ |
| | | [SLS Project](./terraform/alibaba-sls-project) | Terraform configuration for Alibaba Cloud SLS Project |
| | | [SLS Store](./terraform/alibaba-sls-store) | Terraform configuration for Alibaba Cloud SLS Store |
| | | [VPC](./terraform/alibaba-vpc) | Terraform configuration for Alibaba Cloud VPC |
| | | [VSwitch](./terraform/alibaba-vswitch) | Terraform configuration for Alibaba Cloud VSwitch |
| | AWS | [S3](./terraform/aws-s3) | Terraform configuration for AWS S3 bucket |
| | | [S3](./terraform/aws-rds) | Terraform configuration for AWS RDS |
| | | [S3](./terraform/aws-security-group) | Terraform configuration for AWS Security Group |
| | | [S3](./terraform/aws-subnet) | Terraform configuration for AWS S3 Subnet |
| | | [S3](./terraform/aws-vpc) | Terraform configuration for AWS S3 VPC |
| | Azure | [Mariadb](./terraform/azure-database-mariadb) | Terraform configuration for Azure Database Mariadb |
| | | [Storage Account](./terraform/azure-storage-account) | Terraform configuration for Azure Storage Account |
| | | [Storage Account](./terraform/azure-resource-group) | Terraform configuration for Azure Resource group |
| | | [Storage Account](./terraform/azure-subnet) | Terraform configuration for Azure Subnet |
| | | [Storage Account](./terraform/azure-virtual-network) | Terraform configuration for Azure Virtual network |
| | Tencent Cloud | [Mariadb](./terraform/tencent-vpc) | Terraform configuration for Tencent Cloud VPC |
| | | [Mariadb](./terraform/tencent-subnet) | Terraform configuration for Tencent Cloud Subnet |
## Terraform
All supported Terraform cloud resources can be seen in the list above. You can also filter them by command by `vela components --label type=terraform`.
All supported Terraform cloud resources can be seen in the [list](./cloud-resources-list). You can also filter them by command by `vela components --label type=terraform`.
### Provision cloud resources

37
docs/end-user/components/cloud-services/terraform/aws-acm.md Normal file
View File

@ -0,0 +1,37 @@
---
title: AWS ACM
---
## Description
Terraform module which creates and validates ACM certificate
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
create_route53_records | When validation is set to DNS, define whether to create the DNS records internally via Route53 or externally using any DNS provider | bool | false |
validation_record_fqdns | When validation is set to DNS and the DNS validation records are set externally, provide the fqdns for the validation | list(string) | false |
validate_certificate | Whether to validate certificate by creating Route53 record | bool | false |
validation_allow_overwrite_records | Whether to allow overwrite of Route53 records | bool | false |
wait_for_validation | Whether to wait for the validation to complete | bool | false |
certificate_transparency_logging_preference | Specifies whether certificate details should be added to a certificate transparency log | bool | false |
subject_alternative_names | A list of domains that should be SANs in the issued certificate | list(string) | false |
dns_ttl | The TTL of DNS recursive resolvers to cache information about this record. | number | false |
create_certificate | Whether to create ACM certificate | bool | false |
domain_name | A domain name for which the certificate should be issued | string | false |
validation_method | Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into Terraform. | string | false |
zone_id | The ID of the hosted zone to contain this record. Required when validating via Route53 | string | false |
tags | A mapping of tags to assign to the resource | map(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

59
docs/end-user/components/cloud-services/terraform/aws-alb.md Normal file
View File

@ -0,0 +1,59 @@
---
title: AWS ALB
---
## Description
Terraform module to create an AWS Application/Network Load Balancer (ALB/NLB) and associated resources
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
enable_http2 | Indicates whether HTTP/2 is enabled in application load balancers. | bool | false |
http_tcp_listener_rules | A list of maps describing the Listener Rules for this ALB. Required key/values: actions, conditions. Optional key/values: priority, http_tcp_listener_index (default to http_tcp_listeners[count.index]) | any | false |
load_balancer_delete_timeout | Timeout value when deleting the ALB. | string | false |
target_group_tags | A map of tags to add to all target groups | map(string) | false |
extra_ssl_certs | A list of maps describing any extra SSL certificates to apply to the HTTPS listeners. Required key/values: certificate_arn, https_listener_index (the index of the listener within https_listeners which the cert applies toward). | list(map(string)) | false |
http_tcp_listeners | A list of maps describing the HTTP listeners or TCP ports for this ALB. Required key/values: port, protocol. Optional key/values: target_group_index (defaults to http_tcp_listeners[count.index]) | any | false |
ip_address_type | The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 and dualstack. | string | false |
name_prefix | The resource name prefix and Name tag of the load balancer. Cannot be longer than 6 characters | string | false |
https_listeners_tags | A map of tags to add to all https listeners | map(string) | false |
https_listener_rules | A list of maps describing the Listener Rules for this ALB. Required key/values: actions, conditions. Optional key/values: priority, https_listener_index (default to https_listeners[count.index]) | any | false |
listener_ssl_policy_default | The security policy if using HTTPS externally on the load balancer. [See](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html). | string | false |
load_balancer_create_timeout | Timeout value when creating the ALB. | string | false |
load_balancer_type | The type of load balancer to create. Possible values are application or network. | string | false |
enable_cross_zone_load_balancing | Indicates whether cross zone load balancing should be enabled in application load balancers. | bool | false |
lb_tags | A map of tags to add to load balancer | map(string) | false |
desync_mitigation_mode | Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. | string | false |
security_groups | The security groups to attach to the load balancer. e.g. ["sg-edcd9784","sg-edcd9785"] | list(string) | false |
enable_waf_fail_open | Indicates whether to route requests to targets if lb fails to forward the request to AWS WAF | bool | false |
tags | A map of tags to add to all resources | map(string) | false |
http_tcp_listener_rules_tags | A map of tags to add to all http listener rules | map(string) | false |
vpc_id | VPC id where the load balancer and other resources will be deployed. | string | false |
enable_deletion_protection | If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. Defaults to false. | bool | false |
internal | Boolean determining if the load balancer is internal or externally facing. | bool | false |
name | The resource name and Name tag of the load balancer. | string | false |
subnets | A list of subnets to associate with the load balancer. e.g. ['subnet-1a2b3c4d','subnet-1a2b3c4e','subnet-1a2b3c4f'] | list(string) | false |
https_listener_rules_tags | A map of tags to add to all https listener rules | map(string) | false |
http_tcp_listeners_tags | A map of tags to add to all http listeners | map(string) | false |
drop_invalid_header_fields | Indicates whether invalid header fields are dropped in application load balancers. Defaults to false. | bool | false |
idle_timeout | The time in seconds that the connection is allowed to be idle. | number | false |
load_balancer_update_timeout | Timeout value when updating the ALB. | string | false |
access_logs | Map containing access logging configuration for load balancer. | map(string) | false |
create_lb | Controls if the Load Balancer should be created | bool | false |
https_listeners | A list of maps describing the HTTPS listeners for this ALB. Required key/values: port, certificate_arn. Optional key/values: ssl_policy (defaults to ELBSecurityPolicy-2016-08), target_group_index (defaults to https_listeners[count.index]) | any | false |
subnet_mapping | A list of subnet mapping blocks describing subnets to attach to network load balancer | list(map(string)) | false |
target_groups | A list of maps containing key/value pairs that define the target groups to be created. Order of these maps is important and the index of these are to be referenced in listener definitions. Required key/values: name, backend_protocol, backend_port | any | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

112
docs/end-user/components/cloud-services/terraform/aws-autoscaling.md Normal file
View File

@ -0,0 +1,112 @@
---
title: AWS AUTOSCALING
---
## Description
Terraform module which creates Auto Scaling resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
min_elb_capacity | Setting this causes Terraform to wait for this number of instances to show up healthy in the ELB only on creation. Updates will not wait on ELB instance number changes | number | false |
user_data | (LC) The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument nor when using Launch Templates; see `user_data_base64` instead | string | false |
launch_template | Name of an existing launch template to be used (created outside of this module) | string | false |
protect_from_scale_in | Allows setting instance protection. The autoscaling group will not select instances with this setting for termination during scale in events. | bool | false |
block_device_mappings | (LT) Specify volumes to attach to the instance besides the volumes specified by the AMI | list(any) | false |
create_scaling_policy | Determines whether to create target scaling policy schedule or not | bool | false |
use_name_prefix | Determines whether to use `name` as is or create a unique name beginning with the `name` as the prefix | bool | false |
wait_for_elb_capacity | Setting this will cause Terraform to wait for exactly this number of healthy instances in all attached load balancers on both create and update operations. Takes precedence over `min_elb_capacity` behavior. | number | false |
placement_group | The name of the placement group into which you'll launch your instances, if any | string | false |
termination_policies | A list of policies to decide how the instances in the Auto Scaling Group should be terminated. The allowed values are `OldestInstance`, `NewestInstance`, `OldestLaunchConfiguration`, `ClosestToNextInstanceHour`, `OldestLaunchTemplate`, `AllocationStrategy`, `Default` | list(string) | false |
key_name | The key name that should be used for the instance | string | false |
security_groups | A list of security group IDs to associate | list(string) | false |
instance_initiated_shutdown_behavior | (LT) Shutdown behavior for the instance. Can be `stop` or `terminate`. (Default: `stop`) | string | false |
availability_zone | A list of one or more availability zones for the group. Used for EC2-Classic and default subnets when not specified with `vpc_zone_identifier` argument. Conflicts with `vpc_zone_identifier` | list(string) | false |
default_cooldown | The amount of time, in seconds, after a scaling activity completes before another scaling activity can start | number | false |
load_balancers | A list of elastic load balancer names to add to the autoscaling group names. Only valid for classic load balancers. For ALBs, use `target_group_arns` instead | list(string) | false |
tags | A list of tag blocks. Each element should have keys named key, value, and propagate_at_launch | list(map(string)) | false |
propagate_name | Determines whether to propagate the `var.instance_name`/`var.name` tag to launch instances | bool | false |
placement | (LT) The placement of the instance | map(string) | false |
license_specifications | (LT) A list of license specifications to associate with | map(string) | false |
tags_as_map | A map of tags and values in the same format as other resources accept. This will be converted into the non-standard format that the aws_autoscaling_group requires. | map(string) | false |
iam_instance_profile_name | The name attribute of the IAM instance profile to associate with launched instances | string | false |
enable_monitoring | Enables/disables detailed monitoring | bool | false |
create_lc | Determines whether to create launch configuration or not | bool | false |
create_lt | Determines whether to create launch template or not | bool | false |
lt_use_name_prefix | Determines whether to use `lt_name` as is or create a unique name beginning with the `lt_name` as the prefix | bool | false |
elastic_inference_accelerator | (LT) Configuration block containing an Elastic Inference Accelerator to attach to the instance | map(string) | false |
capacity_rebalance | Indicates whether capacity rebalance is enabled | bool | false |
initial_lifecycle_hooks | One or more Lifecycle Hooks to attach to the Auto Scaling Group before instances are launched. The syntax is exactly the same as the separate `aws_autoscaling_lifecycle_hook` resource, without the `autoscaling_group_name` attribute. Please note that this will only work when creating a new Auto Scaling Group. For all other use-cases, please use `aws_autoscaling_lifecycle_hook` resource | list(map(string)) | false |
instance_refresh | If this block is configured, start an Instance Refresh when this Auto Scaling Group is updated | any | false |
ebs_optimized | If true, the launched EC2 instance will be EBS-optimized | bool | false |
lc_name | Name of launch configuration to be created | string | false |
wait_for_capacity_timeout | A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. (See also Waiting for Capacity below.) Setting this to '0' causes Terraform to skip all Capacity Waiting behavior. | string | false |
suspended_processes | A list of processes to suspend for the Auto Scaling Group. The allowed values are `Launch`, `Terminate`, `HealthCheck`, `ReplaceUnhealthy`, `AZRebalance`, `AlarmNotification`, `ScheduledActions`, `AddToLoadBalancer`. Note that if you suspend either the `Launch` or `Terminate` process types, it can prevent your Auto Scaling Group from functioning properly | list(string) | false |
associate_public_ip_address | (LC) Associate a public ip address with an instance in a VPC | bool | false |
description | (LT) Description of the launch template | string | false |
disable_api_termination | (LT) If true, enables EC2 instance termination protection | bool | false |
lt_version | Launch template version. Can be version number, `$Latest`, or `$Default` | string | false |
min_size | The minimum size of the autoscaling group | number | false |
desired_capacity | The number of Amazon EC2 instances that should be running in the autoscaling group | number | false |
max_instance_lifetime | The maximum amount of time, in seconds, that an instance can be in service, values must be either equal to 0 or between 86400 and 31536000 seconds | number | false |
lc_use_name_prefix | Determines whether to use `lc_name` as is or create a unique name beginning with the `lc_name` as the prefix | bool | false |
network_interfaces | (LT) Customize network interfaces to be attached at instance boot time | list(any) | false |
create_schedule | Determines whether to create autoscaling group schedule or not | bool | false |
schedules | Map of autoscaling group schedule to create | map(any) | false |
create_asg | Determines whether to create autoscaling group or not | bool | false |
launch_configuration | Name of an existing launch configuration to be used (created outside of this module) | string | false |
target_group_arns | A set of `aws_alb_target_group` ARNs, for use with Application or Network Load Balancing | list(string) | false |
ebs_block_device | (LC) Additional EBS block devices to attach to the instance | list(map(string)) | false |
kernel_id | (LT) The kernel ID | string | false |
iam_instance_profile_arn | (LT) The IAM Instance Profile ARN to launch the instance with | string | false |
instance_market_options | (LT) The market (purchasing) option for the instance | any | false |
instance_name | Name that is propogated to launched EC2 instances via a tag - if not provided, defaults to `var.name` | string | false |
health_check_grace_period | Time (in seconds) after instance comes into service before checking health | number | false |
force_delete | Allows deleting the Auto Scaling Group without waiting for all instances in the pool to terminate. You can force an Auto Scaling Group to delete even if it's in the process of scaling a resource. Normally, Terraform drains all the instances before deleting the group. This bypasses that behavior and potentially leaves resources dangling | bool | false |
root_block_device | (LC) Customize details about the root block device of the instance | list(map(string)) | false |
default_version | (LT) Default Version of the launch template | string | false |
name | Name used across the resources created | string | true |
update_default_version | (LT) Whether to update Default Version each update. Conflicts with `default_version` | string | false |
delete_timeout | Delete timeout to wait for destroying autoscaling group | string | false |
instance_type | The type of the instance to launch | string | false |
lt_name | Name of launch template to be created | string | false |
max_size | The maximum size of the autoscaling group | number | false |
metrics_granularity | The granularity to associate with the metrics to collect. The only valid value is `1Minute` | string | false |
use_lt | Determines whether to use a launch template in the autoscaling group or not | bool | false |
capacity_reservation_specification | (LT) Targeting for EC2 capacity reservations | any | false |
cpu_options | (LT) The CPU options for the instance | map(string) | false |
credit_specification | (LT) Customize the credit specification of the instance | map(string) | false |
vpc_zone_identifier | A list of subnet IDs to launch resources in. Subnets automatically determine which availability zones the group will reside. Conflicts with `availability_zones` | list(string) | false |
warm_pool | If this block is configured, add a Warm Pool to the specified Auto Scaling group | any | false |
metadata_options | Customize the metadata options for the instance | map(string) | false |
placement_tenancy | (LC) The tenancy of the instance. Valid values are `default` or `dedicated` | string | false |
ephemeral_block_device | (LC) Customize Ephemeral (also known as 'Instance Store') volumes on the instance | list(map(string)) | false |
elastic_gpu_specifications | (LT) The elastic GPU to attach to the instance | map(string) | false |
hibernation_options | (LT) The hibernation options for the instance | map(string) | false |
scaling_policies | Map of target scaling policy schedule to create | any | false |
spot_price | (LC) The maximum price to use for reserving spot instances (defaults to on-demand price) | string | false |
tag_specifications | (LT) The tags to apply to the resources during launch | list(any) | false |
health_check_type | `EC2` or `ELB`. Controls how health checking is done | string | false |
enabled_metrics | A list of metrics to collect. The allowed values are `GroupDesiredCapacity`, `GroupInServiceCapacity`, `GroupPendingCapacity`, `GroupMinSize`, `GroupMaxSize`, `GroupInServiceInstances`, `GroupPendingInstances`, `GroupStandbyInstances`, `GroupStandbyCapacity`, `GroupTerminatingCapacity`, `GroupTerminatingInstances`, `GroupTotalCapacity`, `GroupTotalInstances` | list(string) | false |
service_linked_role_arn | The ARN of the service-linked role that the ASG will use to call other AWS services | string | false |
use_mixed_instances_policy | Determines whether to use a mixed instances policy in the autoscaling group or not | bool | false |
image_id | The AMI from which to launch the instance | string | false |
mixed_instances_policy | Configuration block containing settings to define launch targets for Auto Scaling groups | any | false |
user_data_base64 | The Base64-encoded user data to provide when launching the instance. You should use this for Launch Templates instead user_data | string | false |
use_lc | Determines whether to use a launch configuration in the autoscaling group or not | bool | false |
ram_disk_id | (LT) The ID of the ram disk | string | false |
enclave_options | (LT) Enable Nitro Enclaves on launched instances | map(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

32
docs/end-user/components/cloud-services/terraform/aws-bridgecrew-read-only.md Normal file
View File

@ -0,0 +1,32 @@
---
title: AWS BRIDGECREW-READ-ONLY
---
## Description
Bridgecrew READ ONLY integration module
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
api_token | This is your Bridgecrew platform Api token Set as and Environment variable TF_VAR_api_token | string | true |
common_tags | Implements the common tags scheme | map(any) | false |
topic_name | The name of the SNS topic for Bridgecrew to receive notifications. This value should not typically be modified, but is provided here to support testing and troubleshooting, if needed. | string | false |
bridgecrew_account_id | The Bridgecrew AWS account ID from which scans will originate. This value should not typically be modified, but is provided here to support testing and troubleshooting, if needed. | string | false |
role_name | The name for the Bridgecrew read-only IAM role. | string | false |
org_name | The name of the company the integration is for. Must be alphanumeric. | string | true |
account_alias | The alias of the account the CF is deployed in. This will be prepended to all the resources in the stack. Default is {org_name}-bc | string | false |
aws_profile | The profile that was used to deploy this module. If the default profile / default credentials are used, seet this value to null. | string | true |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

109
docs/end-user/components/cloud-services/terraform/aws-cloudfront-s3-cdn.md Normal file
View File

@ -0,0 +1,109 @@
---
title: AWS CLOUDFRONT-S3-CDN
---
## Description
Terraform module to easily provision CloudFront CDN backed by an S3 origin
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
log_standard_transition_days | Number of days after object creation to move Cloudfront Access Log objects to the infrequent access tier.\nOnly effective if `cloudfront_access_log_create_bucket` is `true`.\n | number | false |
cache_policy_id | The unique identifier of the existing cache policy to attach to the default cache behavior.\nIf not provided, this module will add a default cache policy using other provided inputs.\n | string | false |
parent_zone_id | ID of the hosted zone to contain this record (or specify `parent_zone_name`). Requires `dns_alias_enabled` set to true | string | false |
error_document | An absolute path to the document to return in case of a 4XX error | string | false |
realtime_log_config_arn | The ARN of the real-time log configuration that is attached to this cache behavior | string | false |
query_string_cache_keys | When `forward_query_string` is enabled, only the query string keys listed in this argument are cached (incompatible with `cache_policy_id`) | list(string) | false |
cors_allowed_methods | List of allowed methods (e.g. GET, PUT, POST, DELETE, HEAD) for S3 bucket | list(string) | false |
allowed_methods | List of allowed methods (e.g. GET, PUT, POST, DELETE, HEAD) for AWS CloudFront | list(string) | false |
cloudfront_origin_access_identity_iam_arn | Existing cloudfront origin access identity iam arn that is supplied in the s3 bucket policy | string | false |
cloudfront_access_logging_enabled | Set true to enable delivery of Cloudfront Access Logs to an S3 bucket | bool | false |
s3_website_password_enabled | If set to true, and `website_enabled` is also true, a password will be required in the `Referrer` field of the\nHTTP request in order to access the website, and Cloudfront will be configured to pass this password in its requests.\nThis will make it much harder for people to bypass Cloudfront and access the S3 website directly via its website endpoint.\n | bool | false |
override_origin_bucket_policy | When using an existing origin bucket (through var.origin_bucket), setting this to 'false' will make it so the existing bucket policy will not be overriden | bool | false |
viewer_protocol_policy | Limit the protocol users can use to access content. One of `allow-all`, `https-only`, or `redirect-to-https` | string | false |
trusted_signers | The AWS accounts, if any, that you want to allow to create signed URLs for private content. 'self' is acceptable. | list(string) | false |
custom_origins | A list of additional custom website [origins](https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#origin-arguments) for this distribution.\n | list(object({\n domain_name = string\n origin_id = string\n origin_path = string\n custom_headers = list(object({\n name = string\n value = string\n }))\n custom_origin_config = object({\n http_port = number\n https_port = number\n origin_protocol_policy = string\n origin_ssl_protocols = list(string)\n origin_keepalive_timeout = number\n origin_read_timeout = number\n })\n })) | false |
custom_origin_headers | A list of origin header parameters that will be sent to origin | list(object({ name = string, value = string })) | false |
minimum_protocol_version | Cloudfront TLS minimum protocol version.\nIf `var.acm_certificate_arn` is unset, only "TLSv1" can be specified. See: [AWS Cloudfront create-distribution documentation](https://docs.aws.amazon.com/cli/latest/reference/cloudfront/create-distribution.html)\nand [Supported protocols and ciphers between viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers) for more information.\nDefaults to "TLSv1.2_2019" unless `var.acm_certificate_arn` is unset, in which case it defaults to `TLSv1`\n | string | false |
log_glacier_transition_days | Number of days after object creation to move Cloudfront Access Log objects to the glacier tier.\nOnly effective if `cloudfront_access_log_create_bucket` is `true`.\n | number | false |
default_ttl | Default amount of time (in seconds) that an object is in a CloudFront cache | number | false |
trusted_key_groups | A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies. | list(string) | false |
deployment_actions | List of actions to permit `deployment_principal_arns` to perform on bucket and bucket prefixes (see `deployment_principal_arns`) | list(string) | false |
redirect_all_requests_to | A hostname to redirect all website requests for this distribution to. If this is set, it overrides other website settings | string | false |
block_origin_public_access_enabled | When set to 'true' the s3 origin bucket will have public access block enabled | bool | false |
s3_access_log_bucket_name | Name of the existing S3 bucket where S3 Access Logs will be delivered. Default is not to enable S3 Access Logging. | string | false |
external_aliases | List of FQDN's - Used to set the Alternate Domain Names (CNAMEs) setting on Cloudfront. No new route53 records will be created for these | list(string) | false |
additional_bucket_policy | Additional policies for the bucket. If included in the policies, the variables `${bucket_name}`, `${origin_path}` and `${cloudfront_origin_access_identity_iam_arn}` will be substituted.\nIt is also possible to override the default policy statements by providing statements with `S3GetObjectForCloudFront` and `S3ListBucketForCloudFront` sid.\n | string | false |
comment | Comment for the origin access identity | string | false |
cors_max_age_seconds | Time in seconds that browser can cache the response for S3 bucket | number | false |
function_association | A config block that triggers a CloudFront function with specific actions.\nSee the [aws_cloudfront_distribution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#function-association)\ndocumentation for more information.\n | list(object({\n event_type = string\n function_arn = string\n })) | false |
s3_access_logging_enabled | Set `true` to deliver S3 Access Logs to the `s3_access_log_bucket_name` bucket.\nDefaults to `false` if `s3_access_log_bucket_name` is empty (the default), `true` otherwise.\nMust be set explicitly if the access log bucket is being created at the same time as this module is being invoked.\n | bool | false |
cors_allowed_origins | List of allowed origins (e.g. example.com, test.com) for S3 bucket | list(string) | false |
max_ttl | Maximum amount of time (in seconds) that an object is in a CloudFront cache | number | false |
geo_restriction_locations | List of country codes for which CloudFront either to distribute content (whitelist) or not distribute your content (blacklist) | list(string) | false |
ordered_cache | An ordered list of [cache behaviors](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#cache-behavior-arguments) resource for this distribution.\nList in order of precedence (first match wins). This is in addition to the default cache policy.\nSet `target_origin_id` to `""` to specify the S3 bucket origin created by this module.\n | list(object({\n target_origin_id = string\n path_pattern = string\n\n allowed_methods = list(string)\n cached_methods = list(string)\n compress = bool\n trusted_signers = list(string)\n trusted_key_groups = list(string)\n\n cache_policy_id = string\n origin_request_policy_id = string\n\n viewer_protocol_policy = string\n min_ttl = number\n default_ttl = number\n max_ttl = number\n response_headers_policy_id = string\n\n forward_query_string = bool\n forward_header_values = list(string)\n forward_cookies = string\n forward_cookies_whitelisted_names = list(string)\n\n lambda_function_association = list(object({\n event_type = string\n include_body = bool\n lambda_arn = string\n }))\n\n function_association = list(object({\n event_type = string\n function_arn = string\n }))\n })) | false |
cloudfront_origin_access_identity_path | Existing cloudfront origin access identity path used in the cloudfront distribution's s3_origin_config content | string | false |
cloudfront_access_log_include_cookies | Set true to include cookies in Cloudfront Access Logs | bool | false |
compress | Compress content for web requests that include Accept-Encoding: gzip in the request header | bool | false |
price_class | Price class for this distribution: `PriceClass_All`, `PriceClass_200`, `PriceClass_100` | string | false |
response_headers_policy_id | The identifier for a response headers policy | string | false |
website_enabled | Set to true to enable the created S3 bucket to serve as a website independently of Cloudfront,\nand to use that website as the origin. See the README for details and caveats. See also `s3_website_password_enabled`.\n | bool | false |
deployment_principal_arns | (Optional) Map of IAM Principal ARNs to lists of S3 path prefixes to grant `deployment_actions` permissions.\nResource list will include the bucket itself along with all the prefixes. Prefixes should not begin with '/'.\n | map(list(string)) | false |
custom_error_response | List of one or more custom error response element maps | list(object({\n error_caching_min_ttl = string\n error_code = string\n response_code = string\n response_page_path = string\n })) | false |
routing_rules | A json array containing routing rules describing redirect behavior and when redirects are applied | string | false |
ipv6_enabled | Set to true to enable an AAAA DNS record to be set as well as the A record | bool | false |
origin_force_destroy | Delete all objects from the bucket so that the bucket can be destroyed without error (e.g. `true` or `false`) | bool | false |
log_expiration_days | Number of days after object creation to expire Cloudfront Access Log objects.\nOnly effective if `cloudfront_access_log_create_bucket` is `true`.\n | number | false |
forward_header_values | A list of whitelisted header values to forward to the origin (incompatible with `cache_policy_id`) | list(string) | false |
origin_request_policy_id | The unique identifier of the origin request policy that is attached to the behavior.\nShould be used in conjunction with `cache_policy_id`.\n | string | false |
min_ttl | Minimum amount of time that you want objects to stay in CloudFront caches | number | false |
origin_ssl_protocols | The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. | list(string) | false |
s3_access_log_prefix | Prefix to use for S3 Access Log object keys. Defaults to `logs/${module.this.id}` | string | false |
origin_path | An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. It must begin with a /. Do not add a / at the end of the path. | string | false |
parent_zone_name | Name of the hosted zone to contain this record (or specify `parent_zone_id`). Requires `dns_alias_enabled` set to true | string | false |
versioning_enabled | When set to 'true' the s3 origin bucket will have versioning enabled | bool | false |
origin_groups | List of [Origin Groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#origin-group-arguments) to create in the distribution.\nThe values of `primary_origin_id` and `failover_origin_id` must correspond to origin IDs existing in `var.s3_origins` or `var.custom_origins`.\n\nIf `primary_origin_id` is set to `null` or `""`, then the origin id of the origin created by this module will be used in its place.\nThis is to allow for the use case of making the origin created by this module the primary origin in an origin group.\n | list(object({\n primary_origin_id = string\n failover_origin_id = string\n failover_criteria = list(string)\n })) | false |
logging_enabled | DEPRECATED. Use `cloudfront_access_logging_enabled` instead. | bool | false |
web_acl_id | ID of the AWS WAF web ACL that is associated with the distribution | string | false |
wait_for_deployment | When set to 'true' the resource will wait for the distribution status to change from InProgress to Deployed | bool | false |
extra_logs_attributes | Additional attributes to add to the end of the generated Cloudfront Access Log S3 Bucket name.\nOnly effective if `cloudfront_access_log_create_bucket` is `true`.\n | list(string) | false |
encryption_enabled | When set to 'true' the resource will have aes256 encryption enabled by default | bool | false |
extra_origin_attributes | Additional attributes to put onto the origin label | list(string) | false |
aliases | List of FQDN's - Used to set the Alternate Domain Names (CNAMEs) setting on Cloudfront | list(string) | false |
default_root_object | Object that CloudFront return when requests the root URL | string | false |
cached_methods | List of cached methods (e.g. GET, PUT, POST, DELETE, HEAD) | list(string) | false |
dns_alias_enabled | Create a DNS alias for the CDN. Requires `parent_zone_id` or `parent_zone_name` | bool | false |
origin_bucket | Name of an existing S3 bucket to use as the origin. If this is not provided, it will create a new s3 bucket using `var.name` and other context related inputs | string | false |
cloudfront_access_log_create_bucket | When `true` and `cloudfront_access_logging_enabled` is also true, this module will create a new,\nseparate S3 bucket to receive Cloudfront Access Logs.\n | bool | false |
allow_ssl_requests_only | Set to `true` to require requests to use Secure Socket Layer (HTTPS/SSL). This will explicitly deny access to HTTP requests | bool | false |
cors_allowed_headers | List of allowed headers for S3 bucket | list(string) | false |
geo_restriction_type | Method that use to restrict distribution of your content by country: `none`, `whitelist`, or `blacklist` | string | false |
s3_origins | A list of S3 [origins](https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#origin-arguments) (in addition to the one created by this module) for this distribution.\nS3 buckets configured as websites are `custom_origins`, not `s3_origins`.\nSpecifying `s3_origin_config.origin_access_identity` as `null` or `""` will have it translated to the `origin_access_identity` used by the origin created by the module.\n | list(object({\n domain_name = string\n origin_id = string\n origin_path = string\n s3_origin_config = object({\n origin_access_identity = string\n })\n })) | false |
cloudfront_access_log_bucket_name | When `cloudfront_access_log_create_bucket` is `false`, this is the name of the existing S3 Bucket where\nCloudfront Access Logs are to be delivered and is required. IGNORED when `cloudfront_access_log_create_bucket` is `true`.\n | string | false |
acm_certificate_arn | Existing ACM Certificate ARN | string | false |
lambda_function_association | A config block that triggers a lambda@edge function with specific actions | list(object({\n event_type = string\n include_body = bool\n lambda_arn = string\n })) | false |
index_document | Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders | string | false |
access_log_bucket_name | DEPRECATED. Use `s3_access_log_bucket_name` instead. | string | false |
cloudfront_access_log_prefix | Prefix to use for Cloudfront Access Log object keys. Defaults to no prefix. | string | false |
distribution_enabled | Set to `false` to create the distribution but still prevent CloudFront from serving requests. | bool | false |
log_include_cookies | DEPRECATED. Use `cloudfront_access_log_include_cookies` instead. | bool | false |
log_versioning_enabled | Set `true` to enable object versioning in the created Cloudfront Access Log S3 Bucket.\nOnly effective if `cloudfront_access_log_create_bucket` is `true`.\n | bool | false |
forward_query_string | Forward query strings to the origin that is associated with this cache behavior (incompatible with `cache_policy_id`) | bool | false |
cors_expose_headers | List of expose header in the response for S3 bucket | list(string) | false |
forward_cookies | Specifies whether you want CloudFront to forward all or no cookies to the origin. Can be 'all' or 'none' | string | false |
s3_object_ownership | Specifies the S3 object ownership control on the origin bucket. Valid values are `ObjectWriter`, `BucketOwnerPreferred`, and 'BucketOwnerEnforced'. | string | false |
log_prefix | DEPRECATED. Use `cloudfront_access_log_prefix` instead. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

48
docs/end-user/components/cloud-services/terraform/aws-cloudfront.md Normal file
View File

@ -0,0 +1,48 @@
---
title: AWS CLOUDFRONT
---
## Description
Terraform module which creates CloudFront resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
create_distribution | Controls if CloudFront distribution should be created | bool | false |
wait_for_deployment | If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. | bool | false |
web_acl_id | If you're using AWS WAF to filter CloudFront requests, the Id of the AWS WAF web ACL that is associated with the distribution. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned. If using WAFv2, provide the ARN of the web ACL. | string | false |
viewer_certificate | The SSL configuration for this distribution | any | false |
create_monitoring_subscription | If enabled, the resource for monitoring subscription will created. | bool | false |
default_root_object | The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. | string | false |
is_ipv6_enabled | Whether the IPv6 is enabled for the distribution. | bool | false |
retain_on_delete | Disables the distribution instead of deleting it when destroying the resource through Terraform. If this is set, the distribution needs to be deleted manually afterwards. | bool | false |
origin_group | One or more origin_group for this distribution (multiples allowed). | any | false |
geo_restriction | The restriction configuration for this distribution (geo_restrictions) | any | false |
ordered_cache_behavior | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0. | any | false |
realtime_metrics_subscription_status | A flag that indicates whether additional CloudWatch metrics are enabled for a given CloudFront distribution. Valid values are `Enabled` and `Disabled`. | string | false |
origin_access_identities | Map of CloudFront origin access identities (value as a comment) | map(string) | false |
aliases | Extra CNAMEs (alternate domain names), if any, for this distribution. | list(string) | false |
comment | Any comments you want to include about the distribution. | string | false |
enabled | Whether the distribution is enabled to accept end user requests for content. | bool | false |
price_class | The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100 | string | false |
tags | A map of tags to assign to the resource. | map(string) | false |
custom_error_response | One or more custom error response elements | any | false |
create_origin_access_identity | Controls if CloudFront origin access identity should be created | bool | false |
http_version | The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2. | string | false |
origin | One or more origins for this distribution (multiples allowed). | any | false |
logging_config | The logging configuration that controls how logs are written to your distribution (maximum one). | any | false |
default_cache_behavior | The default cache behavior for this distribution | any | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

33
docs/end-user/components/cloud-services/terraform/aws-cloudwatch-cis-alarms.md Normal file
View File

@ -0,0 +1,33 @@
---
title: AWS CLOUDWATCH-CIS-ALARMS
---
## Description
Terraform module which creates Cloudwatch resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
log_group_name | The name of the log group to associate the metric filter with | string | false |
actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. | bool | false |
tags | A mapping of tags to assign to all resources | map(string) | false |
use_random_name_prefix | Whether to prefix resource names with random prefix | bool | false |
name_prefix | A name prefix for the cloudwatch alarm (if use_random_name_prefix is true, this will be ignored) | string | false |
disabled_controls | List of IDs of disabled CIS controls | list(string) | false |
namespace | The namespace where metric filter and metric alarm should be cleated | string | false |
create | Whether to create the Cloudwatch log metric filter and metric alarms | bool | false |
alarm_actions | List of ARNs to put as Cloudwatch Alarms actions (eg, ARN of SNS topic) | list(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

30
docs/end-user/components/cloud-services/terraform/aws-cloudwatch-log-group.md Normal file
View File

@ -0,0 +1,30 @@
---
title: AWS CLOUDWATCH-LOG-GROUP
---
## Description
Terraform module which creates Cloudwatch resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
kms_key_id | The ARN of the KMS Key to use when encrypting logs | string | false |
tags | A map of tags to add to Cloudwatch log group | map(string) | false |
create | Whether to create the Cloudwatch log group | bool | false |
name | A name for the log group | string | false |
name_prefix | A name prefix for the log group | string | false |
retention_in_days | Specifies the number of days you want to retain log events in the specified log group | number | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

32
docs/end-user/components/cloud-services/terraform/aws-cloudwatch-log-metric-filter.md Normal file
View File

@ -0,0 +1,32 @@
---
title: AWS CLOUDWATCH-LOG-METRIC-FILTER
---
## Description
Terraform module which creates Cloudwatch resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
metric_transformation_value | What to publish to the metric. For example, if you're counting the occurrences of a particular term like 'Error', the value will be '1' for each occurrence. If you're counting the bytes transferred the published value will be the value in the log event. | string | false |
metric_transformation_default_value | The value to emit when a filter pattern does not match a log event. | string | false |
create_cloudwatch_log_metric_filter | Whether to create the Cloudwatch log metric filter | bool | false |
name | A name for the metric filter. | string | true |
pattern | A valid CloudWatch Logs filter pattern for extracting metric data out of ingested log events. | string | true |
log_group_name | The name of the log group to associate the metric filter with | string | true |
metric_transformation_name | The name of the CloudWatch metric to which the monitored log information should be published (e.g. ErrorCount) | string | true |
metric_transformation_namespace | The destination namespace of the CloudWatch metric. | string | true |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

46
docs/end-user/components/cloud-services/terraform/aws-cloudwatch-metric-alarm.md Normal file
View File

@ -0,0 +1,46 @@
---
title: AWS CLOUDWATCH-METRIC-ALARM
---
## Description
Terraform module which creates Cloudwatch resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
threshold | The value against which the specified statistic is compared. | number | true |
actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. Defaults to true. | bool | false |
tags | A mapping of tags to assign to all resources | map(string) | false |
create_metric_alarm | Whether to create the Cloudwatch metric alarm | bool | false |
alarm_description | The description for the alarm. | string | false |
period | The period in seconds over which the specified statistic is applied. | string | false |
statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |
treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |
evaluation_periods | The number of periods over which data is compared to the specified threshold. | number | true |
unit | The unit for the alarm's associated metric. | string | false |
datapoints_to_alarm | The number of datapoints that must be breaching to trigger the alarm. | number | false |
insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
extended_statistic | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | string | false |
evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |
metric_name | The name for the alarm's associated metric. See docs for supported metrics. | string | false |
namespace | The namespace for the alarm's associated metric. See docs for the list of namespaces. See docs for supported metrics. | string | false |
dimensions | The dimensions for the alarm's associated metric. | any | false |
alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |
alarm_name | The descriptive name for the alarm. This name must be unique within the user's AWS account. | string | true |
comparison_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. | string | true |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

46
docs/end-user/components/cloud-services/terraform/aws-cloudwatch-metric-alarms.md Normal file
View File

@ -0,0 +1,46 @@
---
title: AWS CLOUDWATCH-METRIC-ALARMS
---
## Description
Terraform module which creates Cloudwatch resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
metric_name | The name for the alarm's associated metric. See docs for supported metrics. | string | false |
statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |
metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |
tags | A mapping of tags to assign to all resources | map(string) | false |
alarm_name | The descriptive name for the alarm. This name must be unique within the user's AWS account. | string | true |
evaluation_periods | The number of periods over which data is compared to the specified threshold. | number | true |
unit | The unit for the alarm's associated metric. | string | false |
datapoints_to_alarm | The number of datapoints that must be breaching to trigger the alarm. | number | false |
dimensions | The dimensions for the alarm's associated metric. | any | false |
alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
alarm_description | The description for the alarm. | string | false |
comparison_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. | string | true |
threshold | The value against which the specified statistic is compared. | number | true |
insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |
evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |
actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. Defaults to true. | bool | false |
ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
extended_statistic | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | string | false |
create_metric_alarm | Whether to create the Cloudwatch metric alarm | bool | false |
namespace | The namespace for the alarm's associated metric. See docs for the list of namespaces. See docs for supported metrics. | string | false |
period | The period in seconds over which the specified statistic is applied. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

40
docs/end-user/components/cloud-services/terraform/aws-config.md Normal file
View File

@ -0,0 +1,40 @@
---
title: AWS CONFIG
---
## Description
This module configures AWS Config, a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
findings_notification_arn | The ARN for an SNS topic to send findings notifications to. This is only used if create_sns_topic is false.\nIf you want to send findings to an existing SNS topic, set the value of this to the ARN of the existing topic and set\ncreate_sns_topic to false.\n | string | false |
iam_role_arn | The ARN for an IAM Role AWS Config uses to make read or write requests to the delivery channel and to describe the\nAWS resources associated with the account. This is only used if create_iam_role is false.\n\nIf you want to use an existing IAM Role, set the value of this to the ARN of the existing topic and set\ncreate_iam_role to false.\n\nSee the AWS Docs for further information:\nhttp://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html\n | string | false |
global_resource_collector_region | The region that collects AWS Config data for global resources such as IAM | string | true |
central_resource_collector_account | The account ID of a central account that will aggregate AWS Config from other accounts | string | false |
sns_encryption_key_id | The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK. | string | false |
s3_bucket_arn | The ARN of the S3 bucket used to store the configuration history | string | true |
create_iam_role | Flag to indicate whether an IAM Role should be created to grant the proper permissions for AWS Config | bool | false |
s3_key_prefix | The prefix for AWS Config objects stored in the the S3 bucket. If this variable is set to null, the default, no\nprefix will be used.\n\nExamples:\n\nwith prefix: {S3_BUCKET NAME}:/{S3_KEY_PREFIX}/AWSLogs/{ACCOUNT_ID}/Config/*.\nwithout prefix: {S3_BUCKET NAME}:/AWSLogs/{ACCOUNT_ID}/Config/*.\n | string | false |
s3_bucket_id | The id (name) of the S3 bucket used to store the configuration history | string | true |
force_destroy | A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable | bool | false |
managed_rules | A list of AWS Managed Rules that should be enabled on the account.\n\nSee the following for a list of possible rules to enable:\nhttps://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html\n | map(object({\n description = string\n identifier = string\n input_parameters = any\n tags = map(string)\n enabled = bool\n })) | false |
subscribers | A map of subscription configurations for SNS topics\n\nFor more information, see:\nhttps://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription#argument-reference\n\nprotocol:\n The protocol to use. The possible values for this are: sqs, sms, lambda, application. (http or https are partially\n supported, see link) (email is an option but is unsupported in terraform, see link).\nendpoint:\n The endpoint to send data to, the contents will vary with the protocol. (see link for more information)\nendpoint_auto_confirms (Optional):\n Boolean indicating whether the end point is capable of auto confirming subscription e.g., PagerDuty. Default is\n false\nraw_message_delivery (Optional):\n Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property). Default is false.\n | map(any) | false |
sqs_queue_kms_master_key_id | The ID of an AWS-managed customer master key (CMK) for Amazon SQS Queue or a custom CMK | string | false |
child_resource_collector_accounts | The account IDs of other accounts that will send their AWS Configuration to this account | set(string) | false |
disabled_aggregation_regions | A list of regions where config aggregation is disabled | list(string) | false |
create_sns_topic | Flag to indicate whether an SNS topic should be created for notifications\nIf you want to send findings to a new SNS topic, set this to true and provide a valid configuration for subscribers\n | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

49
docs/end-user/components/cloud-services/terraform/aws-dynamodb-table.md Normal file
View File

@ -0,0 +1,49 @@
---
title: AWS DYNAMODB-TABLE
---
## Description
Terraform module which creates DynamoDB table on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
ttl_attribute_name | The name of the table attribute to store the TTL timestamp in | string | false |
local_secondary_indexes | Describe an LSI on the table; these can only be allocated at creation so you cannot change this definition after you have created the resource. | any | false |
stream_view_type | When an item in the table is modified, StreamViewType determines what information is written to the table's stream. Valid values are KEYS_ONLY, NEW_IMAGE, OLD_IMAGE, NEW_AND_OLD_IMAGES. | string | false |
server_side_encryption_enabled | Whether or not to enable encryption at rest using an AWS managed KMS customer master key (CMK) | bool | false |
autoscaling_enabled | Whether or not to enable autoscaling. See note in README about this setting | bool | false |
attributes | List of nested attribute definitions. Only required for hash_key and range_key attributes. Each attribute has two properties: name - (Required) The name of the attribute, type - (Required) Attribute type, which must be a scalar type: S, N, or B for (S)tring, (N)umber or (B)inary data | list(map(string)) | false |
hash_key | The attribute to use as the hash (partition) key. Must also be defined as an attribute | string | false |
point_in_time_recovery_enabled | Whether to enable point-in-time recovery | bool | false |
autoscaling_read | A map of read autoscaling settings. `max_capacity` is the only required key. See example in examples/autoscaling | map(string) | false |
replica_regions | Region names for creating replicas for a global DynamoDB table. | any | false |
autoscaling_write | A map of write autoscaling settings. `max_capacity` is the only required key. See example in examples/autoscaling | map(string) | false |
autoscaling_indexes | A map of index autoscaling configurations. See example in examples/autoscaling | map(map(string)) | false |
create_table | Controls if DynamoDB table and associated resources are created | bool | false |
write_capacity | The number of write units for this table. If the billing_mode is PROVISIONED, this field should be greater than 0 | number | false |
read_capacity | The number of read units for this table. If the billing_mode is PROVISIONED, this field should be greater than 0 | number | false |
server_side_encryption_kms_key_arn | The ARN of the CMK that should be used for the AWS KMS encryption. This attribute should only be specified if the key is different from the default DynamoDB CMK, alias/aws/dynamodb. | string | false |
tags | A map of tags to add to all resources | map(string) | false |
timeouts | Updated Terraform resource management timeouts | map(string) | false |
billing_mode | Controls how you are billed for read/write throughput and how you manage capacity. The valid values are PROVISIONED or PAY_PER_REQUEST | string | false |
ttl_enabled | Indicates whether ttl is enabled | bool | false |
stream_enabled | Indicates whether Streams are to be enabled (true) or disabled (false). | bool | false |
autoscaling_defaults | A map of default autoscaling settings | map(string) | false |
name | Name of the DynamoDB table | string | false |
range_key | The attribute to use as the range (sort) key. Must also be defined as an attribute | string | false |
global_secondary_indexes | Describe a GSI for the table; subject to the normal limits on the number of GSIs, projected attributes, etc. | any | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

74
docs/end-user/components/cloud-services/terraform/aws-ec2-instance.md Normal file
View File

@ -0,0 +1,74 @@
---
title: AWS EC2-INSTANCE
---
## Description
Terraform module which creates EC2 instance(s) on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
vpc_security_group_ids | A list of security group IDs to associate with | list(string) | false |
network_interface | Customize network interfaces to be attached at instance boot time | list(map(string)) | false |
placement_group | The Placement Group to start the instance in | string | false |
root_block_device | Customize details about the root block device of the instance. See Block Devices below for details | list(any) | false |
ebs_block_device | Additional EBS block devices to attach to the instance | list(map(string)) | false |
enclave_options_enabled | Whether Nitro Enclaves will be enabled on the instance. Defaults to `false` | bool | false |
get_password_data | If true, wait for password data to become available and retrieve it. | bool | false |
ipv6_address_count | A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet | number | false |
tenancy | The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host. | string | false |
enable_volume_tags | Whether to enable volume tags (if enabled it conflicts with root_block_device tags) | bool | false |
spot_price | The maximum price to request on the spot market. Defaults to on-demand price | string | false |
spot_launch_group | A launch group is a group of spot instances that launch together and terminate together. If left empty instances are launched and terminated individually | string | false |
availability_zone | AZ to start the instance in | string | false |
ephemeral_block_device | Customize Ephemeral (also known as Instance Store) volumes on the instance | list(map(string)) | false |
iam_instance_profile | IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile | string | false |
source_dest_check | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. | bool | false |
user_data | The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user_data_base64 instead. | string | false |
user_data_base64 | Can be used instead of user_data to pass base64-encoded binary data directly. Use this instead of user_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. | string | false |
cpu_threads_per_core | Sets the number of CPU threads per core for an instance (has no effect unless cpu_core_count is also set). | number | false |
spot_wait_for_fulfillment | If set, Terraform will wait for the Spot Request to be fulfilled, and will throw an error if the timeout of 10m is reached | bool | false |
disable_api_termination | If true, enables EC2 Instance Termination Protection | bool | false |
instance_type | The type of instance to start | string | false |
private_ip | Private IP address to associate with the instance in a VPC | string | false |
tags | A mapping of tags to assign to the resource | map(string) | false |
spot_type | If set to one-time, after the instance is terminated, the spot request will be closed. Default `persistent` | string | false |
spot_valid_until | The end date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ) | string | false |
subnet_id | The VPC Subnet ID to launch in | string | false |
timeouts | Define maximum timeout for creating, updating, and deleting EC2 instance resources | map(string) | false |
create | Whether to create an instance | bool | false |
ami | ID of AMI to use for the instance | string | false |
instance_initiated_shutdown_behavior | Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instance | string | false |
launch_template | Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template | map(string) | false |
create_spot_instance | Depicts if the instance is a spot instance | bool | false |
ebs_optimized | If true, the launched EC2 instance will be EBS-optimized | bool | false |
monitoring | If true, the launched EC2 instance will have detailed monitoring enabled | bool | false |
secondary_private_ips | A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a `network_interface block` | list(string) | false |
cpu_core_count | Sets the number of CPU cores for an instance. | number | false |
key_name | Key name of the Key Pair to use for the instance; which can be managed using the `aws_key_pair` resource | string | false |
metadata_options | Customize the metadata options of the instance | map(string) | false |
spot_valid_from | The start date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ) | string | false |
associate_public_ip_address | Whether to associate a public IP address with an instance in a VPC | bool | false |
capacity_reservation_specification | Describes an instance's Capacity Reservation targeting option | any | false |
hibernation | If true, the launched EC2 instance will support hibernation | bool | false |
host_id | ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host | string | false |
spot_block_duration_minutes | The required duration for the Spot instances, in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360) | number | false |
spot_instance_interruption_behavior | Indicates Spot instance behavior when it is interrupted. Valid values are `terminate`, `stop`, or `hibernate` | string | false |
name | Name to be used on EC2 instance created | string | false |
cpu_credits | The credit option for CPU usage (unlimited or standard) | string | false |
ipv6_addresses | Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface | list(string) | false |
volume_tags | A mapping of tags to assign to the devices created by the instance at launch time | map(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

66
docs/end-user/components/cloud-services/terraform/aws-ecs-container-definition.md Normal file
View File

@ -0,0 +1,66 @@
---
title: AWS ECS-CONTAINER-DEFINITION
---
## Description
Terraform module to generate well-formed JSON documents (container definitions) that are passed to the aws_ecs_task_definition Terraform resource
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
links | List of container names this container can communicate with without port mappings | list(string) | false |
docker_labels | The configuration options to send to the `docker_labels` | map(string) | false |
container_memory | The amount of memory (in MiB) to allow the container to use. This is a hard limit, if the container attempts to exceed the container_memory, the container is killed. This field is optional for Fargate launch type and the total amount of container_memory of all containers in a task will need to be lower than the task memory value | number | false |
secrets | The secrets to pass to the container. This is a list of maps | list(object({\n name = string\n valueFrom = string\n })) | false |
readonly_root_filesystem | Determines whether a container is given read-only access to its root filesystem. Due to how Terraform type casts booleans in json it is required to double quote this value | bool | false |
repository_credentials | Container repository credentials; required when using a private repo. This map currently supports a single key; "credentialsParameter", which should be the ARN of a Secrets Manager's secret holding the credentials | map(string) | false |
user | The user to run as inside the container. Can be any of these formats: user, user:group, uid, uid:gid, user:gid, uid:group. The default (null) will use the container's configured `USER` directive or root if not set. | string | false |
start_timeout | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | number | false |
privileged | When this variable is `true`, the container is given elevated privileges on the host container instance (similar to the root user). This parameter is not supported for Windows containers or tasks using the Fargate launch type. | bool | false |
working_directory | The working directory to run commands inside the container | string | false |
linux_parameters | Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more details, see https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LinuxParameters.html | object({\n capabilities = object({\n add = list(string)\n drop = list(string)\n })\n devices = list(object({\n containerPath = string\n hostPath = string\n permissions = list(string)\n }))\n initProcessEnabled = bool\n maxSwap = number\n sharedMemorySize = number\n swappiness = number\n tmpfs = list(object({\n containerPath = string\n mountOptions = list(string)\n size = number\n }))\n }) | false |
ulimits | Container ulimit settings. This is a list of maps, where each map should contain "name", "hardLimit" and "softLimit" | list(object({\n name = string\n hardLimit = number\n softLimit = number\n })) | false |
pseudo_terminal | When this parameter is true, a TTY is allocated. | bool | false |
resource_requirements | The type and amount of a resource to assign to a container. The only supported resource is a GPU. | list(object({\n type = string\n value = string\n })) | false |
port_mappings | The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort | list(object({\n containerPort = number\n hostPort = number\n protocol = string\n })) | false |
extra_hosts | A list of hostnames and IP address mappings to append to the /etc/hosts file on the container. This is a list of maps | list(object({\n ipAddress = string\n hostname = string\n })) | false |
map_secrets | The secrets variables to pass to the container. This is a map of string: {key: value}. map_secrets overrides secrets | map(string) | false |
firelens_configuration | The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more details, see https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_FirelensConfiguration.html | object({\n type = string\n options = map(string)\n }) | false |
dns_servers | Container DNS servers. This is a list of strings specifying the IP addresses of the DNS servers | list(string) | false |
volumes_from | A list of VolumesFrom maps which contain "sourceContainer" (name of the container that has the volumes to mount) and "readOnly" (whether the container can write to the volume) | list(object({\n sourceContainer = string\n readOnly = bool\n })) | false |
hostname | The hostname to use for your container. | string | false |
container_memory_reservation | The amount of memory (in MiB) to reserve for the container. If container needs to exceed this threshold, it can do so up to the set container_memory hard limit | number | false |
healthcheck | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | object({\n command = list(string)\n retries = number\n timeout = number\n interval = number\n startPeriod = number\n }) | false |
log_configuration | Log configuration options to send to a custom log driver for the container. For more details, see https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LogConfiguration.html | any | false |
container_name | The name of the container. Up to 255 characters ([a-z], [A-Z], [0-9], -, _ allowed) | string | true |
container_cpu | The number of cpu units to reserve for the container. This is optional for tasks using Fargate launch type and the total amount of container_cpu of all containers in a task will need to be lower than the task-level cpu value | number | false |
container_depends_on | The dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed. The condition can be one of START, COMPLETE, SUCCESS or HEALTHY | list(object({\n containerName = string\n condition = string\n })) | false |
system_controls | A list of namespaced kernel parameters to set in the container, mapping to the --sysctl option to docker run. This is a list of maps: { namespace = "", value = ""} | list(map(string)) | false |
disable_networking | When this parameter is true, networking is disabled within the container. | bool | false |
docker_security_options | A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. | list(string) | false |
container_definition | Container definition overrides which allows for extra keys or overriding existing keys. | map(any) | false |
environment | The environment variables to pass to the container. This is a list of maps. map_environment overrides environment | list(object({\n name = string\n value = string\n })) | false |
dns_search_domains | Container DNS search domains. A list of DNS search domains that are presented to the container | list(string) | false |
stop_timeout | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | number | false |
essential | Determines whether all other containers in a task are stopped, if this container fails or stops for any reason. Due to how Terraform type casts booleans in json it is required to double quote this value | bool | false |
command | The command that is passed to the container | list(string) | false |
environment_files | One or more files containing the environment variables to pass to the container. This maps to the --env-file option to docker run. The file must be hosted in Amazon S3. This option is only available to tasks using the EC2 launch type. This is a list of maps | list(object({\n value = string\n type = string\n })) | false |
mount_points | Container mount points. This is a list of maps, where each map should contain `containerPath`, `sourceVolume` and `readOnly` | list(object({\n containerPath = string\n sourceVolume = string\n readOnly = bool\n })) | false |
interactive | When this parameter is true, this allows you to deploy containerized applications that require stdin or a tty to be allocated. | bool | false |
container_image | The image used to start the container. Images in the Docker Hub registry available by default | string | true |
entrypoint | The entry point that is passed to the container | list(string) | false |
map_environment | The environment variables to pass to the container. This is a map of string: {key: value}. map_environment overrides environment | map(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

30
docs/end-user/components/cloud-services/terraform/aws-ecs.md Normal file
View File

@ -0,0 +1,30 @@
---
title: AWS ECS
---
## Description
Terraform module which creates AWS ECS resources
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
container_insights | Controls if ECS Cluster has container insights enabled | bool | false |
tags | A map of tags to add to ECS Cluster | map(string) | false |
create_ecs | Controls if ECS should be created | bool | false |
name | Name to be used on all the resources as identifier, also the name of the ECS cluster | string | false |
capacity_providers | List of short names of one or more capacity providers to associate with the cluster. Valid values also include FARGATE and FARGATE_SPOT. | list(string) | false |
default_capacity_provider_strategy | The capacity provider strategy to use by default for the cluster. Can be one or more. | list(map(any)) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

48
docs/end-user/components/cloud-services/terraform/aws-eks-cluster-autoscaler.md Normal file
View File

@ -0,0 +1,48 @@
---
title: AWS EKS-CLUSTER-AUTOSCALER
---
## Description
AWS Eks-Cluster-Autoscaler
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
helm_create_namespace | Create the namespace if it does not yet exist | bool | false |
k8s_rbac_create | Whether to create and use RBAC resources | bool | false |
cluster_name | The name of the cluster | string | true |
argo_application_enabled | If set to true, the module will be deployed as ArgoCD application, otherwise it will be deployed as a Helm release | bool | false |
helm_repo_url | Helm repository | string | false |
k8s_namespace | The K8s namespace in which the node-problem-detector service account has been created | string | false |
k8s_service_account_name | The k8s cluster-autoscaler service account name | | false |
settings | Additional settings which will be passed to the Helm chart values, see https://hub.helm.sh/charts/stable/cluster-autoscaler | map(any) | false |
values | Additional yaml encoded values which will be passed to the Helm chart, see https://hub.helm.sh/charts/stable/cluster-autoscaler | string | false |
enabled | Variable indicating whether deployment is enabled | bool | false |
helm_chart_name | Helm chart name to be installed | string | false |
helm_chart_version | Version of the Helm chart | string | false |
argo_namespace | Namespace to deploy ArgoCD application CRD to | string | false |
argo_application_values | Value overrides to use when deploying argo application object with helm | | false |
k8s_service_account_create | Whether to create Service Account | bool | false |
k8s_irsa_role_create | Whether to create IRSA role and annotate service account | bool | false |
argo_application_use_helm | If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See Readme for more info | bool | false |
argo_destionation_server | Destination server for ArgoCD Application | string | false |
argo_project | ArgoCD Application project | string | false |
cluster_identity_oidc_issuer | The OIDC Identity issuer for the cluster | string | true |
cluster_identity_oidc_issuer_arn | The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service account | string | true |
helm_release_name | Helm release name | string | false |
argo_info | ArgoCD info manifest parameter | | false |
argo_sync_policy | ArgoCD syncPolicy manifest parameter | | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

54
docs/end-user/components/cloud-services/terraform/aws-eks-external-dns.md Normal file
View File

@ -0,0 +1,54 @@
---
title: AWS EKS-EXTERNAL-DNS
---
## Description
AWS Eks-External-Dns
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
argo_application_values | Value overrides to use when deploying argo application object with helm | | false |
tags | AWS resources tags | map(string) | false |
k8s_irsa_additional_policies | Map of the additional policies to be attached to default role. Where key is arbiraty id and value is policy arn. | map(string) | false |
argo_namespace | Namespace to deploy ArgoCD application CRD to | string | false |
helm_repo_url | Helm repository | string | false |
k8s_assume_role_enabled | Whether IRSA is allowed to assume role defined by k8s_assume_role_arn. Useful for hosted zones in another AWS account. | bool | false |
policy_allowed_zone_ids | List of the Route53 zone ids for service account IAM role access | list(string) | false |
cluster_identity_oidc_issuer_arn | The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service account | string | true |
helm_chart_name | Helm chart name to be installed | string | false |
k8s_irsa_role_create | Whether to create IRSA role and annotate service account | bool | false |
k8s_irsa_policy_enabled | Whether to create opinionated policy to allow operations on specified zones in `policy_allowed_zone_ids`. | bool | false |
argo_info | ArgoCD info manifest parameter | | false |
enabled | Variable indicating whether deployment is enabled | bool | false |
helm_release_name | Helm release name | string | false |
k8s_irsa_role_name_prefix | The IRSA role name prefix for prometheus | string | false |
k8s_namespace | The K8s namespace in which the external-dns will be installed | string | false |
k8s_service_account_create | Whether to create Service Account | bool | false |
argo_application_enabled | If set to true, the module will be deployed as ArgoCD application, otherwise it will be deployed as a Helm release | bool | false |
argo_application_use_helm | If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See Readme for more info | bool | false |
argo_project | ArgoCD Application project | string | false |
cluster_identity_oidc_issuer | The OIDC Identity issuer for the cluster | string | true |
values | Additional yaml encoded values which will be passed to the Helm chart, see https://hub.helm.sh/charts/bitnami/external-dns | string | false |
argo_sync_policy | ArgoCD syncPolicy manifest parameter | | false |
k8s_rbac_create | Whether to create and use RBAC resources | bool | false |
k8s_service_account_name | The k8s external-dns service account name | | false |
settings | Additional settings which will be passed to the Helm chart values, see https://hub.helm.sh/charts/bitnami/external-dns | map(any) | false |
argo_destionation_server | Destination server for ArgoCD Application | string | false |
helm_chart_version | Version of the Helm chart | string | false |
helm_create_namespace | Whether to create k8s namespace with name defined by `k8s_namespace` | bool | false |
k8s_assume_role_arn | Assume role arn. Assume role must be enabled. | | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

33
docs/end-user/components/cloud-services/terraform/aws-eks-kube-state-metrics.md Normal file
View File

@ -0,0 +1,33 @@
---
title: AWS EKS-KUBE-STATE-METRICS
---
## Description
AWS Eks-Kube-State-Metrics
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
settings | Additional settings which will be passed to the Helm chart values, see https://hub.helm.sh/charts/stable/kube-state-metrics | map(any) | false |
values | Additional yaml encoded values which will be passed to the Helm chart. | string | false |
helm_release_name | Helm release name | string | false |
helm_create_namespace | Create the namespace if it does not yet exist | bool | false |
helm_chart_name | Helm chart name to be installed | string | false |
helm_chart_version | Version of the Helm chart | string | false |
helm_repo_url | Helm repository | string | false |
k8s_namespace | The K8s namespace in which the kube-state-metrics service account has been created | string | false |
enabled | Variable indicating whether deployment is enabled | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

41
docs/end-user/components/cloud-services/terraform/aws-eks-node-problem-detector.md Normal file
View File

@ -0,0 +1,41 @@
---
title: AWS EKS-NODE-PROBLEM-DETECTOR
---
## Description
A terraform module to deploy a node problem detector on Amazon EKS cluster
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
helm_create_namespace | Create the namespace if it does not yet exist | bool | false |
helm_chart_name | Helm chart name to be installed | string | false |
k8s_namespace | The K8s namespace in which the node-problem-detector service account has been created | string | false |
argo_namespace | Namespace to deploy ArgoCD application CRD to | string | false |
argo_application_use_helm | If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See Readme for more info | bool | false |
argo_destionation_server | Destination server for ArgoCD Application | string | false |
helm_chart_version | Version of the Helm chart | string | false |
helm_release_name | Helm release name | string | false |
argo_project | ArgoCD Application project | string | false |
argo_sync_policy | ArgoCD syncPolicy manifest parameter | | false |
helm_repo_url | Helm repository | string | false |
argo_application_enabled | If set to true, the module will be deployed as ArgoCD application, otherwise it will be deployed as a Helm release | bool | false |
argo_application_values | Value overrides to use when deploying argo application object with helm | | false |
argo_info | ArgoCD info manifest parameter | | false |
enabled | Variable indicating whether deployment is enabled | bool | false |
settings | Additional settings which will be passed to the Helm chart values, see https://hub.helm.sh/charts/stable/node-problem-detector | map(any) | false |
values | Additional yaml encoded values which will be passed to the Helm chart | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

78
docs/end-user/components/cloud-services/terraform/aws-eks.md Normal file
View File

@ -0,0 +1,78 @@
---
title: AWS EKS
---
## Description
Terraform module to create an Elastic Kubernetes (EKS) cluster and associated worker instances on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
cluster_security_group_name | Name to use on cluster security group created | string | false |
cluster_name | Name of the EKS cluster | string | false |
cluster_service_ipv4_cidr | The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks | string | false |
iam_role_arn | Existing IAM role ARN for the cluster. Required if `create_iam_role` is set to `false` | string | false |
node_security_group_description | Description of the node security group created | string | false |
subnet_ids | A list of subnet IDs where the EKS cluster (ENIs) will be provisioned along with the nodes/node groups. Node groups can be deployed within a different set of subnet IDs from within the node group configuration | list(string) | false |
cloudwatch_log_group_kms_key_id | If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) | string | false |
node_security_group_use_name_prefix | Determines whether node security group name (`node_security_group_name`) is used as a prefix | string | false |
cluster_security_group_tags | A map of additional tags to add to the cluster security group created | map(string) | false |
cluster_ip_family | The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created | string | false |
cluster_security_group_description | Description of the cluster security group created | string | false |
cluster_identity_providers | Map of cluster identity provider configurations to enable for the cluster. Note - this is different/separate from IRSA | any | false |
fargate_profiles | Map of Fargate Profile definitions to create | any | false |
self_managed_node_groups | Map of self-managed node group definitions to create | any | false |
vpc_id | ID of the VPC where the cluster and its nodes will be provisioned | string | false |
node_security_group_name | Name to use on node security group created | string | false |
cluster_additional_security_group_ids | List of additional, externally created security group IDs to attach to the cluster control plane | list(string) | false |
cluster_tags | A map of additional tags to add to the cluster | map(string) | false |
iam_role_description | Description of the role | string | false |
iam_role_additional_policies | Additional policies to be added to the IAM role | list(string) | false |
iam_role_path | Cluster IAM role path | string | false |
cluster_encryption_config | Configuration block with encryption configuration for the cluster | list(object({\n provider_key_arn = string\n resources = list(string)\n })) | false |
cloudwatch_log_group_retention_in_days | Number of days to retain log events. Default retention - 90 days | number | false |
node_security_group_additional_rules | List of additional security group rules to add to the node security group created. Set `source_cluster_security_group = true` inside rules to set the `cluster_security_group` as source | any | false |
cluster_enabled_log_types | A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | list(string) | false |
cluster_endpoint_public_access | Indicates whether or not the Amazon EKS public API server endpoint is enabled | bool | false |
iam_role_permissions_boundary | ARN of the policy that is used to set the permissions boundary for the IAM role | string | false |
create_cluster_security_group | Determines if a security group is created for the cluster or use the existing `cluster_security_group_id` | bool | false |
tags | A map of tags to add to all resources | map(string) | false |
cluster_endpoint_public_access_cidrs | List of CIDR blocks which can access the Amazon EKS public API server endpoint | list(string) | false |
cluster_security_group_use_name_prefix | Determines whether cluster security group name (`cluster_security_group_name`) is used as a prefix | string | false |
iam_role_tags | A map of additional tags to add to the IAM role created | map(string) | false |
eks_managed_node_groups | Map of EKS managed node group definitions to create | any | false |
eks_managed_node_group_defaults | Map of EKS managed node group default configurations | any | false |
create_cni_ipv6_iam_policy | Determines whether to create an [`AmazonEKS_CNI_IPv6_Policy`](https://docs.aws.amazon.com/eks/latest/userguide/cni-iam-role.html#cni-iam-role-create-ipv6-policy) | bool | false |
create_node_security_group | Determines whether to create a security group for the node groups or use the existing `node_security_group_id` | bool | false |
openid_connect_audiences | List of OpenID Connect audience client IDs to add to the IRSA provider | list(string) | false |
create | Controls if EKS resources should be created (affects nearly all resources) | bool | false |
cluster_timeouts | Create, update, and delete timeout configurations for the cluster | map(string) | false |
prefix_separator | The separator to use between the prefix and the generated timestamp for resource names | string | false |
self_managed_node_group_defaults | Map of self-managed node group default configurations | any | false |
cluster_endpoint_private_access | Indicates whether or not the Amazon EKS private API server endpoint is enabled | bool | false |
create_iam_role | Determines whether a an IAM role is created or to use an existing IAM role | bool | false |
iam_role_use_name_prefix | Determines whether the IAM role name (`iam_role_name`) is used as a prefix | string | false |
fargate_profile_defaults | Map of Fargate Profile default configurations | any | false |
create_cloudwatch_log_group | Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled | bool | false |
cluster_security_group_id | Existing security group ID to be attached to the cluster. Required if `create_cluster_security_group` = `false` | string | false |
enable_irsa | Determines whether to create an OpenID Connect Provider for EKS to enable IRSA | bool | false |
cluster_addons | Map of cluster addon configurations to enable for the cluster. Addon name can be the map keys or set with `name` | any | false |
iam_role_name | Name to use on IAM role created | string | false |
cluster_version | Kubernetes `<major>.<minor>` version to use for the EKS cluster (i.e.: `1.21`) | string | false |
cluster_security_group_additional_rules | List of additional security group rules to add to the cluster security group created. Set `source_node_security_group = true` inside rules to set the `node_security_group` as source | any | false |
node_security_group_id | ID of an existing security group to attach to the node groups created | string | false |
node_security_group_tags | A map of additional tags to add to the node security group created | map(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

60
docs/end-user/components/cloud-services/terraform/aws-elasticache-redis.md Normal file
View File

@ -0,0 +1,60 @@
---
title: AWS ELASTICACHE-REDIS
---
## Description
Terraform module to provision an ElastiCache Redis Cluster
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
parameter | A list of Redis parameters to apply. Note that parameters may differ from one Redis family to another | list(object({\n name = string\n value = string\n })) | false |
automatic_failover_enabled | Automatic failover (Not available for T1/T2 instances) | bool | false |
availability_zones | Availability zone IDs | list(string) | false |
zone_id | Route53 DNS Zone ID as list of string (0 or 1 items). If empty, no custom DNS name will be published.\nIf the list contains a single Zone ID, a custom DNS name will be pulished in that zone.\nCan also be a plain string, but that use is DEPRECATED because of Terraform issues.\n | any | false |
subnets | Subnet IDs | list(string) | false |
maintenance_window | Maintenance window | string | false |
family | Redis family | string | false |
apply_immediately | Apply changes immediately | bool | false |
snapshot_arns | A single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. Example: arn:aws:s3:::my_bucket/snapshot1.rdb | list(string) | false |
alarm_cpu_threshold_percent | CPU threshold alarm level | number | false |
alarm_actions | Alarm action list | list(string) | false |
replication_group_id | Replication group ID with the following constraints: \nA name must contain from 1 to 20 alphanumeric characters or hyphens. \n The first character must be a letter. \n A name cannot end with a hyphen or contain two consecutive hyphens. | string | false |
cluster_mode_replicas_per_node_group | Number of replica nodes in each node group. Valid values are 0 to 5. Changing this number will force a new resource | number | false |
engine_version | Redis engine version | string | false |
at_rest_encryption_enabled | Enable encryption at rest | bool | false |
transit_encryption_enabled | Set `true` to enable encryption in transit. Forced `true` if `var.auth_token` is set.\nIf this is enabled, use the [following guide](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html#connect-tls) to access redis.\n | bool | false |
kms_key_id | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. `at_rest_encryption_enabled` must be set to `true` | string | false |
snapshot_retention_limit | The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. | number | false |
cloudwatch_metric_alarms_enabled | Boolean flag to enable/disable CloudWatch metrics alarms | bool | false |
cluster_mode_num_node_groups | Number of node groups (shards) for this Redis replication group. Changing this number will trigger an online resizing operation before other settings modifications | number | false |
vpc_id | VPC ID | string | true |
cluster_size | Number of nodes in cluster. *Ignored when `cluster_mode_enabled` == `true`* | number | false |
instance_type | Elastic cache instance type | string | false |
alarm_memory_threshold_bytes | Ram threshold alarm level | number | false |
auth_token | Auth token for password protecting redis, `transit_encryption_enabled` must be set to `true`. Password must be longer than 16 chars | string | false |
snapshot_name | The name of a snapshot from which to restore data into the new node group. Changing the snapshot_name forces a new resource. | string | false |
snapshot_window | The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. | string | false |
elasticache_subnet_group_name | Subnet group name for the ElastiCache instance | string | false |
port | Redis port | number | false |
ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Number (ARN) | list(string) | false |
notification_topic_arn | Notification topic arn | string | false |
multi_az_enabled | Multi AZ (Automatic Failover must also be enabled. If Cluster Mode is enabled, Multi AZ is on by default, and this setting is ignored) | bool | false |
dns_subdomain | The subdomain to use for the CNAME record. If not provided then the CNAME record will use var.name. | string | false |
final_snapshot_identifier | The name of your final node group (shard) snapshot. ElastiCache creates the snapshot from the primary node in the cluster. If omitted, no final snapshot will be made. | string | false |
cluster_mode_enabled | Flag to enable/disable creation of a native redis cluster. `automatic_failover_enabled` must be set to `true`. Only 1 `cluster_mode` block is allowed | bool | false |
parameter_group_description | Managed by Terraform | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

40
docs/end-user/components/cloud-services/terraform/aws-elb.md Normal file
View File

@ -0,0 +1,40 @@
---
title: AWS ELB
---
## Description
Terraform module which creates ELB resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
subnets | A list of subnet IDs to attach to the ELB | list(string) | true |
cross_zone_load_balancing | Enable cross-zone load balancing | bool | false |
health_check | A health check block | map(string) | true |
create_elb | Create the elb or not | bool | false |
security_groups | A list of security group IDs to assign to the ELB | list(string) | true |
number_of_instances | Number of instances to attach to ELB | number | false |
name_prefix | The prefix name of the ELB | string | false |
internal | If true, ELB will be an internal ELB | bool | false |
connection_draining | Boolean to enable connection draining | bool | false |
tags | A mapping of tags to assign to the resource | map(string) | false |
listener | A list of listener blocks | list(map(string)) | true |
name | The name of the ELB | string | false |
idle_timeout | The time in seconds that the connection is allowed to be idle | number | false |
connection_draining_timeout | The time in seconds to allow for connections to drain | number | false |
access_logs | An access logs block | map(string) | false |
instances | List of instances ID to place in the ELB pool | list(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

30
docs/end-user/components/cloud-services/terraform/aws-guardduty.md Normal file
View File

@ -0,0 +1,30 @@
---
title: AWS GUARDDUTY
---
## Description
Terraform module to provision AWS Guard Duty
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
subscribers | A map of subscription configurations for SNS topics\n\nFor more information, see:\nhttps://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription#argument-reference\n\nprotocol:\n The protocol to use. The possible values for this are: sqs, sms, lambda, application. (http or https are partially\n supported, see link) (email is an option but is unsupported in terraform, see link).\nendpoint:\n The endpoint to send data to, the contents will vary with the protocol. (see link for more information)\nendpoint_auto_confirms:\n Boolean indicating whether the end point is capable of auto confirming subscription e.g., PagerDuty. Default is\n false\nraw_message_delivery:\n Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property).\n Default is false\n | map(object({\n protocol = string\n endpoint = string\n endpoint_auto_confirms = bool\n raw_message_delivery = bool\n })) | false |
findings_notification_arn | The ARN for an SNS topic to send findings notifications to. This is only used if create_sns_topic is false.\nIf you want to send findings to an existing SNS topic, set the value of this to the ARN of the existing topic and set\ncreate_sns_topic to false.\n | string | false |
finding_publishing_frequency | The frequency of notifications sent for finding occurrences. If the detector is a GuardDuty member account, the value\nis determined by the GuardDuty master account and cannot be modified, otherwise it defaults to SIX_HOURS.\n\nFor standalone and GuardDuty master accounts, it must be configured in Terraform to enable drift detection.\nValid values for standalone and master accounts: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS."\n\nFor more information, see:\nhttps://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html#guardduty_findings_cloudwatch_notification_frequency\n | string | false |
enable_cloudwatch | Flag to indicate whether an CloudWatch logging should be enabled for GuardDuty\n | bool | false |
cloudwatch_event_rule_pattern_detail_type | The detail-type pattern used to match events that will be sent to SNS.\n\nFor more information, see:\nhttps://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEventsandEventPatterns.html\nhttps://docs.aws.amazon.com/eventbridge/latest/userguide/event-types.html\nhttps://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html\n | string | false |
create_sns_topic | Flag to indicate whether an SNS topic should be created for notifications.\nIf you want to send findings to a new SNS topic, set this to true and provide a valid configuration for subscribers.\n | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

36
docs/end-user/components/cloud-services/terraform/aws-iam-account.md Normal file
View File

@ -0,0 +1,36 @@
---
title: AWS IAM-ACCOUNT
---
## Description
Terraform module which creates IAM resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
create_account_password_policy | Whether to create AWS IAM account password policy | bool | false |
minimum_password_length | Minimum length to require for user passwords | number | false |
require_lowercase_characters | Whether to require lowercase characters for user passwords | bool | false |
require_uppercase_characters | Whether to require uppercase characters for user passwords | bool | false |
require_numbers | Whether to require numbers for user passwords | bool | false |
account_alias | AWS IAM account alias for this account | string | true |
max_password_age | The number of days that an user password is valid. | number | false |
allow_users_to_change_password | Whether to allow users to change their own password | bool | false |
hard_expiry | Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset) | bool | false |
password_reuse_prevention | The number of previous passwords that users are prevented from reusing | number | false |
require_symbols | Whether to require symbols for user passwords | bool | false |
get_caller_identity | Whether to get AWS account ID, User ID, and ARN in which Terraform is authorized | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

41
docs/end-user/components/cloud-services/terraform/aws-iam-assumable-role-with-oidc.md Normal file
View File

@ -0,0 +1,41 @@
---
title: AWS IAM-ASSUMABLE-ROLE-WITH-OIDC
---
## Description
Terraform module which creates IAM resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
role_description | IAM Role description | string | false |
aws_account_id | The AWS account ID where the OIDC provider lives, leave empty to use the account for the AWS provider | string | false |
tags | A map of tags to add to IAM role resources | map(string) | false |
oidc_fully_qualified_subjects | The fully qualified OIDC subjects to be added to the role policy | set(string) | false |
role_path | Path of IAM role | string | false |
role_permissions_boundary_arn | Permissions boundary ARN to use for IAM role | string | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
number_of_role_policy_arns | Number of IAM policies to attach to IAM role | number | false |
oidc_subjects_with_wildcards | The OIDC subject using wildcards to be added to the role policy | set(string) | false |
oidc_fully_qualified_audiences | The audience to be added to the role policy. Set to sts.amazonaws.com for cross-account assumable role. Leave empty otherwise. | set(string) | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
create_role | Whether to create a role | bool | false |
provider_url | URL of the OIDC Provider. Use provider_urls to specify several URLs. | string | false |
provider_urls | List of URLs of the OIDC Providers | list(string) | false |
role_name | IAM role name | string | false |
role_name_prefix | IAM role name prefix | string | false |
role_policy_arns | List of ARNs of IAM policies to attach to IAM role | list(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

38
docs/end-user/components/cloud-services/terraform/aws-iam-assumable-role-with-saml.md Normal file
View File

@ -0,0 +1,38 @@
---
title: AWS IAM-ASSUMABLE-ROLE-WITH-SAML
---
## Description
Terraform module which creates IAM resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
create_role | Whether to create a role | bool | false |
number_of_role_policy_arns | Number of IAM policies to attach to IAM role | number | false |
provider_id | ID of the SAML Provider. Use provider_ids to specify several IDs. | string | false |
aws_saml_endpoint | AWS SAML Endpoint | string | false |
tags | A map of tags to add to IAM role resources | map(string) | false |
role_description | IAM Role description | string | false |
role_name | IAM role name | string | false |
role_name_prefix | IAM role name prefix | string | false |
role_path | Path of IAM role | string | false |
role_permissions_boundary_arn | Permissions boundary ARN to use for IAM role | string | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
provider_ids | List of SAML Provider IDs | list(string) | false |
role_policy_arns | List of ARNs of IAM policies to attach to IAM role | list(string) | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

48
docs/end-user/components/cloud-services/terraform/aws-iam-assumable-role.md Normal file
View File

@ -0,0 +1,48 @@
---
title: AWS IAM-ASSUMABLE-ROLE
---
## Description
Terraform module which creates IAM resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
readonly_role_policy_arn | Policy ARN to use for readonly role | string | false |
mfa_age | Max age of valid MFA (in seconds) for roles which require MFA | number | false |
role_permissions_boundary_arn | Permissions boundary ARN to use for IAM role | string | false |
tags | A map of tags to add to IAM role resources | map(string) | false |
custom_role_trust_policy | A custorm role trust policy | string | false |
number_of_custom_role_policy_arns | Number of IAM policies to attach to IAM role | number | false |
attach_poweruser_policy | Whether to attach a poweruser policy to a role | bool | false |
create_role | Whether to create a role | bool | false |
trusted_role_arns | ARNs of AWS entities who can assume these roles | list(string) | false |
role_path | Path of IAM role | string | false |
custom_role_policy_arns | List of ARNs of IAM policies to attach to IAM role | list(string) | false |
attach_admin_policy | Whether to attach an admin policy to a role | bool | false |
attach_readonly_policy | Whether to attach a readonly policy to a role | bool | false |
role_description | IAM Role description | string | false |
role_sts_externalid | STS ExternalId condition values to use with a role (when MFA is not required) | any | false |
trusted_role_actions | Actions of STS | list(string) | false |
create_instance_profile | Whether to create an instance profile | bool | false |
role_name | IAM role name | string | false |
role_requires_mfa | Whether role requires MFA | bool | false |
admin_role_policy_arn | Policy ARN to use for admin role | string | false |
poweruser_role_policy_arn | Policy ARN to use for poweruser role | string | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
trusted_role_services | AWS Services that can assume these roles | list(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

47
docs/end-user/components/cloud-services/terraform/aws-iam-assumable-roles-with-saml.md Normal file
View File

@ -0,0 +1,47 @@
---
title: AWS IAM-ASSUMABLE-ROLES-WITH-SAML
---
## Description
Terraform module which creates IAM resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
poweruser_role_permissions_boundary_arn | Permissions boundary ARN to use for poweruser role | string | false |
poweruser_role_tags | A map of tags to add to poweruser role resource. | map(string) | false |
readonly_role_policy_arns | List of policy ARNs to use for readonly role | list(string) | false |
readonly_role_tags | A map of tags to add to readonly role resource. | map(string) | false |
aws_saml_endpoint | AWS SAML Endpoint | string | false |
admin_role_policy_arns | List of policy ARNs to use for admin role | list(string) | false |
admin_role_permissions_boundary_arn | Permissions boundary ARN to use for admin role | string | false |
poweruser_role_name | IAM role with poweruser access | string | false |
poweruser_role_path | Path of poweruser IAM role | string | false |
poweruser_role_policy_arns | List of policy ARNs to use for poweruser role | list(string) | false |
readonly_role_path | Path of readonly IAM role | string | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
provider_id | ID of the SAML Provider. Use provider_ids to specify several IDs. | string | false |
admin_role_path | Path of admin IAM role | string | false |
admin_role_name | IAM role with admin access | string | false |
admin_role_tags | A map of tags to add to admin role resource. | map(string) | false |
create_poweruser_role | Whether to create poweruser role | bool | false |
create_readonly_role | Whether to create readonly role | bool | false |
readonly_role_name | IAM role with readonly access | string | false |
readonly_role_permissions_boundary_arn | Permissions boundary ARN to use for readonly role | string | false |
provider_ids | List of SAML Provider IDs | list(string) | false |
create_admin_role | Whether to create admin role | bool | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

50
docs/end-user/components/cloud-services/terraform/aws-iam-assumable-roles.md Normal file
View File

@ -0,0 +1,50 @@
---
title: AWS IAM-ASSUMABLE-ROLES
---
## Description
Terraform module which creates IAM resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
admin_role_path | Path of admin IAM role | string | false |
poweruser_role_path | Path of poweruser IAM role | string | false |
readonly_role_permissions_boundary_arn | Permissions boundary ARN to use for readonly role | string | false |
trusted_role_arns | ARNs of AWS entities who can assume these roles | list(string) | false |
admin_role_permissions_boundary_arn | Permissions boundary ARN to use for admin role | string | false |
readonly_role_name | IAM role with readonly access | string | false |
readonly_role_policy_arns | List of policy ARNs to use for readonly role | list(string) | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
poweruser_role_tags | A map of tags to add to poweruser role resource. | map(string) | false |
readonly_role_path | Path of readonly IAM role | string | false |
admin_role_name | IAM role with admin access | string | false |
admin_role_policy_arns | List of policy ARNs to use for admin role | list(string) | false |
admin_role_tags | A map of tags to add to admin role resource. | map(string) | false |
create_poweruser_role | Whether to create poweruser role | bool | false |
poweruser_role_requires_mfa | Whether poweruser role requires MFA | bool | false |
poweruser_role_policy_arns | List of policy ARNs to use for poweruser role | list(string) | false |
create_readonly_role | Whether to create readonly role | bool | false |
readonly_role_requires_mfa | Whether readonly role requires MFA | bool | false |
trusted_role_services | AWS Services that can assume these roles | list(string) | false |
mfa_age | Max age of valid MFA (in seconds) for roles which require MFA | number | false |
create_admin_role | Whether to create admin role | bool | false |
admin_role_requires_mfa | Whether admin role requires MFA | bool | false |
poweruser_role_name | IAM role with poweruser access | string | false |
poweruser_role_permissions_boundary_arn | Permissions boundary ARN to use for poweruser role | string | false |
readonly_role_tags | A map of tags to add to readonly role resource. | map(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

36
docs/end-user/components/cloud-services/terraform/aws-iam-eks-role.md Normal file
View File

@ -0,0 +1,36 @@
---
title: AWS IAM-EKS-ROLE
---
## Description
Terraform module which creates IAM resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
tags | A map of tags to add the the IAM role | map(any) | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
role_path | Path of IAM role | string | false |
role_description | IAM Role description | string | false |
role_name_prefix | IAM role name prefix | string | false |
role_policy_arns | ARNs of any policies to attach to the IAM role | list(string) | false |
cluster_service_accounts | EKS cluster and k8s ServiceAccount pairs. Each EKS cluster can have multiple k8s ServiceAccount. See README for details | map(list(string)) | false |
provider_url_sa_pairs | OIDC provider URL and k8s ServiceAccount pairs. If the assume role policy requires a mix of EKS clusters and other OIDC providers then this can be used | map(list(string)) | false |
create_role | Whether to create a role | bool | false |
role_name | Name of IAM role | string | false |
role_permissions_boundary_arn | Permissions boundary ARN to use for IAM role | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

28
docs/end-user/components/cloud-services/terraform/aws-iam-group-with-assumable-roles-policy.md Normal file
View File

@ -0,0 +1,28 @@
---
title: AWS IAM-GROUP-WITH-ASSUMABLE-ROLES-POLICY
---
## Description
Terraform module which creates IAM resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | Name of IAM policy and IAM group | string | true |
assumable_roles | List of IAM roles ARNs which can be assumed by the group | list(string) | false |
group_users | List of IAM users to have in an IAM group which can assume the role | list(string) | false |
tags | A map of tags to add to all resources. | map(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

33
docs/end-user/components/cloud-services/terraform/aws-iam-group-with-policies.md Normal file
View File

@ -0,0 +1,33 @@
---
title: AWS IAM-GROUP-WITH-POLICIES
---
## Description
Terraform module which creates IAM resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
group_users | List of IAM users to have in an IAM group which can assume the role | list(string) | false |
custom_group_policy_arns | List of IAM policies ARNs to attach to IAM group | list(string) | false |
attach_iam_self_management_policy | Whether to attach IAM policy which allows IAM users to manage their credentials and MFA | bool | false |
aws_account_id | AWS account id to use inside IAM policies. If empty, current AWS account ID will be used. | string | false |
name | Name of IAM group | string | false |
custom_group_policies | List of maps of inline IAM policies to attach to IAM group. Should have `name` and `policy` keys in each element. | list(map(string)) | false |
iam_self_management_policy_name_prefix | Name prefix for IAM policy to create with IAM self-management permissions | string | false |
tags | A map of tags to add to all resources. | map(string) | false |
create_group | Whether to create IAM group | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

27
docs/end-user/components/cloud-services/terraform/aws-iam-nofile.md Normal file
View File

@ -0,0 +1,27 @@
---
title: AWS IAM-NOFILE
---
## Description
Terraform module Terraform module for creating AWS IAM Roles with heredocs
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
policy_json | IAM Role Policy Document (JSON) | string | true |
name | Resource name | string | true |
type | IAM Role type: ec2/lambda/etc. Used for assume_role_policy principal; service names that have *.amazonaws.com identifiers should work. | string | true |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

25
docs/end-user/components/cloud-services/terraform/aws-iam-policy-document-aggregator.md Normal file
View File

@ -0,0 +1,25 @@
---
title: AWS IAM-POLICY-DOCUMENT-AGGREGATOR
---
## Description
Terraform module to aggregate multiple IAM policy documents into single policy document.
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
source_documents | List of JSON IAM policy documents.<br/><br/><b>Limits:</b><br/>* List size max 10<br/> * Statement can be overriden by the statement with the same sid from the latest policy. | list(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

30
docs/end-user/components/cloud-services/terraform/aws-iam-policy.md Normal file
View File

@ -0,0 +1,30 @@
---
title: AWS IAM-POLICY
---
## Description
Terraform module which creates IAM resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
description | The description of the policy | string | false |
policy | The path of the policy in IAM (tpl file) | string | false |
tags | A map of tags to add to all resources. | map(string) | false |
create_policy | Whether to create the IAM policy | bool | false |
name | The name of the policy | string | false |
path | The path of the policy in IAM | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

35
docs/end-user/components/cloud-services/terraform/aws-iam-read-only-policy.md Normal file
View File

@ -0,0 +1,35 @@
---
title: AWS IAM-READ-ONLY-POLICY
---
## Description
Terraform module which creates IAM resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
create_policy | Whether to create the IAM policy | bool | false |
name | The name of the policy | string | false |
path | The path of the policy in IAM | string | false |
additional_policy_json | JSON policy document if you want to add custom actions | string | false |
allow_cloudwatch_logs_query | Allows StartQuery/StopQuery/FilterLogEvents CloudWatch actions | bool | false |
description | The description of the policy | string | false |
allowed_services | List of services to allow Get/List/Describe/View options. Service name should be the same as corresponding service IAM prefix. See what it is for each service here https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html | list(string) | true |
tags | A map of tags to add to all resources. | map(string) | false |
allow_predefined_sts_actions | Allows GetCallerIdentity/GetSessionToken/GetAccessKeyInfo sts actions | bool | false |
allow_web_console_services | Allows List/Get/Describe/View actions for services used when browsing AWS console (e.g. resource-groups, tag, health services) | bool | false |
web_console_services | List of web console services to allow | list(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

37
docs/end-user/components/cloud-services/terraform/aws-iam-role.md Normal file
View File

@ -0,0 +1,37 @@
---
title: AWS IAM-ROLE
---
## Description
A Terraform module that creates IAM role with provided JSON IAM polices documents.
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
policy_document_count | Number of policy documents (length of policy_documents list) | number | false |
managed_policy_arns | List of managed policies to attach to created role | set(string) | false |
permissions_boundary | ARN of the policy that is used to set the permissions boundary for the role | string | false |
policy_description | The description of the IAM policy that is visible in the IAM policy manager | string | false |
assume_role_actions | The IAM action to be granted by the AssumeRole policy | list(string) | false |
assume_role_conditions | List of conditions for the assume role policy | list(object({\n test = string\n variable = string\n values = list(string)\n })) | false |
use_fullname | If set to 'true' then the full ID for the IAM role name (e.g. `[var.namespace]-[var.environment]-[var.stage]`) will be used.\n\nOtherwise, `var.name` will be used for the IAM role name.\n | bool | false |
policy_documents | List of JSON IAM policy documents | list(string) | false |
path | Path to the role and policy. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) for more information. | string | false |
role_description | The description of the IAM role that is visible in the IAM role manager | string | true |
instance_profile_enabled | Create EC2 Instance Profile for the role | bool | false |
principals | Map of service name as key and a list of ARNs to allow assuming the role as value (e.g. map(`AWS`, list(`arn:aws:iam:::role/admin`))) | map(list(string)) | false |
max_session_duration | The maximum session duration (in seconds) for the role. Can have a value from 1 hour to 12 hours | number | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

28
docs/end-user/components/cloud-services/terraform/aws-iam-s3-user.md Normal file
View File

@ -0,0 +1,28 @@
---
title: AWS IAM-S3-USER
---
## Description
Terraform module to provision a basic IAM user with permissions to access S3 resources, e.g. to give the user read/write/delete access to the objects in an S3 bucket
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
force_destroy | Destroy even if it has non-Terraform-managed IAM access keys, login profiles or MFA devices | bool | false |
path | Path in which to create the user | string | false |
s3_actions | Actions to allow in the policy | list(string) | false |
s3_resources | S3 resources to apply the actions specified in the policy | list(string) | true |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

34
docs/end-user/components/cloud-services/terraform/aws-iam-system-user.md Normal file
View File

@ -0,0 +1,34 @@
---
title: AWS IAM-SYSTEM-USER
---
## Description
Terraform Module to Provision a Basic IAM System User Suitable for CI/CD Systems (E.g. TravisCI, CircleCI)
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
permissions_boundary | Permissions Boundary ARN to attach to our created user | string | false |
ssm_enabled | Whether or not to write the IAM access key and secret key to SSM Parameter Store | bool | false |
inline_policies_map | Inline policies to attach (descriptive key => policy) | map(string) | false |
policy_arns | Policy ARNs to attach to our created user | list(string) | false |
inline_policies | Inline policies to attach to our created user | list(string) | false |
policy_arns_map | Policy ARNs to attach (descriptive key => arn) | map(string) | false |
create_iam_access_key | Whether or not to create IAM access keys | bool | false |
iam_access_key_max_age | Maximum age of IAM access key (seconds). Defaults to 30 days. Set to 0 to disable expiration. | number | false |
force_destroy | Destroy the user even if it has non-Terraform-managed IAM access keys, login profile or MFA devices | bool | false |
path | Path in which to create the user | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

38
docs/end-user/components/cloud-services/terraform/aws-iam-user.md Normal file
View File

@ -0,0 +1,38 @@
---
title: AWS IAM-USER
---
## Description
Terraform module which creates IAM resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
ssh_public_key | The SSH public key. The public key must be encoded in ssh-rsa format or PEM format | string | false |
name | Desired name for the IAM user | string | true |
pgp_key | Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:username`. Used to encrypt password and access key. `pgp_key` is required when `create_iam_user_login_profile` is set to `true` | string | false |
password_reset_required | Whether the user should be forced to reset the generated password on first login. | bool | false |
upload_iam_user_ssh_key | Whether to upload a public ssh key to the IAM user | bool | false |
create_user | Whether to create the IAM user | bool | false |
create_iam_access_key | Whether to create IAM access key | bool | false |
force_destroy | When destroying this user, destroy even if it has non-Terraform-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-Terraform-managed access keys and login profile will fail to be destroyed. | bool | false |
password_length | The length of the generated password | number | false |
ssh_key_encoding | Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM | string | false |
permissions_boundary | The ARN of the policy that is used to set the permissions boundary for the user. | string | false |
tags | A map of tags to add to all resources. | map(string) | false |
create_iam_user_login_profile | Whether to create IAM user login profile | bool | false |
path | Desired path for the IAM user | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

29
docs/end-user/components/cloud-services/terraform/aws-key-pair.md Normal file
View File

@ -0,0 +1,29 @@
---
title: AWS KEY-PAIR
---
## Description
Terraform module which creates EC2 key pair on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
public_key | The public key material. | string | false |
tags | A map of tags to add to key pair resource. | map(string) | false |
create_key_pair | Controls if key pair should be created | bool | false |
key_name | The name for the key pair. | string | false |
key_name_prefix | Creates a unique name beginning with the specified prefix. Conflicts with key_name. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

32
docs/end-user/components/cloud-services/terraform/aws-kms-key.md Normal file
View File

@ -0,0 +1,32 @@
---
title: AWS KMS-KEY
---
## Description
Terraform module to provision a KMS key with alias
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
alias | The display name of the alias. The name must start with the word `alias` followed by a forward slash. If not specified, the alias name will be auto-generated. | string | false |
policy | A valid KMS policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. | string | false |
key_usage | Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT` or `SIGN_VERIFY`. | string | false |
customer_master_key_spec | Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. | string | false |
multi_region | Indicates whether the KMS key is a multi-Region (true) or regional (false) key. | bool | false |
deletion_window_in_days | Duration in days after which the key is deleted after destruction of the resource | number | false |
enable_key_rotation | Specifies whether key rotation is enabled | bool | false |
description | The description of the key as viewed in AWS console | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

52
docs/end-user/components/cloud-services/terraform/aws-lambda-do-it-all.md Normal file
View File

@ -0,0 +1,52 @@
---
title: AWS LAMBDA-DO-IT-ALL
---
## Description
Terraform module to provision a lambda with full permissions
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
aws_region | The region in which to deploy the lambda function | string | true |
aws_profile | The account profile to deploy the lamnda function within | string | true |
dead_letter_target | Target ARN for an SQS queue or SNS topic to notify on failed invocations | string | false |
environment_vars | | map(string) | false |
additional_assume_role_policies | List of objects defining additional non-Lambda IAM trust relationship statements | list(object({\n Action = list(string)\n Principal = object({\n Service = string\n })\n Effect = string\n })) | false |
publish | Should this be published as a version | bool | false |
log_retention | Time in days to retain logs for | number | false |
architecture | The CPU architecture to use | | false |
layers | List of lambda layer ARNs to attach | list(string) | false |
instant_alias_update | Whether to immediately point the alias at the latest version | bool | false |
name | The name to give to the lambda function | string | true |
lambda_runtime | Runtime to invoke the lambda with | string | true |
vpc_security_groups | VPC security groups to apply to the lambda | list(string) | false |
handler | Path to the lambda handler | string | true |
lambda_concurrency | Limit concurrent executions of the lambda fn | number | false |
tracing_config_mode | X Ray tracing mode to use | string | false |
dead_letter_target_type | The type of the dlq target, must be 'SNS' or 'SQS' | string | false |
description | Description of what the Lambda Function does | string | false |
custom_role_name | Override for the default lambda role name | string | false |
memory_size | Memory allocation for the lambda function | number | false |
timeout | Function timeout, execution gets cancelled after this many seconds | number | false |
vpc_subnets | VPC subnets to run the lambda in | list(string) | false |
policies | List of objects defining IAM policy statements | list(object({\n Action = list(string)\n Resource = list(string)\n Effect = string\n })) | false |
alias | Lambda alias name | string | false |
insights_enabled | Turn on Lambda insights for the Lambda (limited regions only) | bool | false |
tags | Tags to attach to all resources | map(string) | true |
s3_bucket | The S3 bucket your lambda artifact is stored in | string | true |
s3_key | The name of the lambda artifact in the bucket | string | true |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

38
docs/end-user/components/cloud-services/terraform/aws-lambda-with-inline-code.md Normal file
View File

@ -0,0 +1,38 @@
---
title: AWS LAMBDA-WITH-INLINE-CODE
---
## Description
Terraform module creating a Lambda function with inline code
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
runtime | The identifier of the Lambda function [runtime](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). | string | true |
secret_environment_variables | Map of environment variable names to ARNs of AWS Secret Manager secrets.\n\nEach ARN will be passed as environment variable to the lambda function with the key's name extended by suffix _SECRET_ARN. When initializing the Lambda run time environment, the Lambda function or a [wrapper script](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-modify.html#runtime-wrapper) can look up the secret value.\n\nPermission will be added allowing the Lambda function to read the secret values.\n | map(string) | false |
tags | Tags which will be assigned to all resources. | map(string) | false |
cloudwatch_log_group_retention_in_days | The number of days to retain the log of the Lambda function. | number | false |
function_name | Name of the Lambda function. | string | true |
memory_size | The amount of memory (in MB) available to the function at runtime. Increasing the Lambda function memory also increases its CPU allocation. | number | true |
reserved_concurrent_executions | The number of simultaneous executions to reserve for the Lambda function. | number | true |
source_dir | Path of the directory which shall be packed as code of the Lambda function. Conflicts with `archive_file`. | string | false |
archive_file | An instance of the `archive_file` data source containing the code of the Lambda function. Conflicts with `source_dir`. | object({\n output_path = string\n output_base64sha256 = string\n }) | false |
handler | The name of the method within your code that Lambda calls to execute your function. | string | true |
layers | List of up to five Lambda layer ARNs. | list(string) | false |
timeout | The amount of time (in seconds) per execution before stopping it. | number | true |
description | Description of the Lambda function. | string | true |
environment_variables | Environment variable key-value pairs. | map(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

123
docs/end-user/components/cloud-services/terraform/aws-lambda.md Normal file
View File

@ -0,0 +1,123 @@
---
title: AWS LAMBDA
---
## Description
Terraform module, which takes care of a lot of AWS Lambda/serverless tasks (build dependencies, packages, updates, deployments) in countless combinations
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
s3_bucket | S3 bucket to store artifacts | string | false |
source_path | The absolute path to a local file or directory containing your Lambda source code | any | false |
architectures | Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. | list(string) | false |
image_config_command | The CMD for the docker image | list(string) | false |
attach_policy | Controls whether policy should be added to IAM role for Lambda Function | bool | false |
s3_object_tags | A map of tags to assign to S3 bucket object. | map(string) | false |
s3_object_tags_only | Set to true to not merge tags with s3_object_tags. Useful to avoid breaching S3 Object 10 tag limit. | bool | false |
compatible_architectures | A list of Architectures Lambda layer is compatible with. Currently x86_64 and arm64 can be specified. | list(string) | false |
attach_policies | Controls whether list of policies should be added to IAM role for Lambda Function | bool | false |
number_of_policy_jsons | Number of policies JSON to attach to IAM role for Lambda Function | number | false |
lambda_role | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | string | false |
tracing_mode | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | string | false |
vpc_subnet_ids | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. | list(string) | false |
local_existing_package | The absolute path to an existing zip-file to use | string | false |
cloudwatch_logs_tags | A map of tags to assign to the resource. | map(string) | false |
kms_key_arn | The ARN of KMS key to use by your Lambda Function | string | false |
create_async_event_config | Controls whether async event configuration for Lambda Function/Alias should be created | bool | false |
allowed_triggers | Map of allowed triggers to create Lambda permissions | map(any) | false |
role_path | Path of IAM role to use for Lambda Function | string | false |
file_system_local_mount_path | The path where the function can access the file system, starting with /mnt/. | string | false |
s3_prefix | Directory name where artifacts should be stored in the S3 bucket. If unset, the path from `artifacts_dir` is used | string | false |
docker_pip_cache | Whether to mount a shared pip cache folder into docker environment or not | any | false |
lambda_at_edge | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | bool | false |
publish | Whether to publish creation/change as new Lambda Function Version. | bool | false |
image_uri | The ECR image URI containing the function's deployment package. | string | false |
role_permissions_boundary | The ARN of the policy that is used to set the permissions boundary for the IAM role used by Lambda Function | string | false |
attach_tracing_policy | Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function | bool | false |
policy_path | Path of policies to that should be added to IAM role for Lambda Function | string | false |
store_on_s3 | Whether to store produced artifacts on S3 or locally. | bool | false |
memory_size | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. | number | false |
create_current_version_async_event_config | Whether to allow async event configuration on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | bool | false |
role_description | Description of IAM role to use for Lambda Function | string | false |
build_in_docker | Whether to build dependencies in Docker | bool | false |
maximum_event_age_in_seconds | Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600. | number | false |
attach_cloudwatch_logs_policy | Controls whether CloudWatch Logs policy should be added to IAM role for Lambda Function | bool | false |
attach_policy_json | Controls whether policy_json should be added to IAM role for Lambda Function | bool | false |
create_role | Controls whether IAM role for Lambda Function should be created | bool | false |
layer_name | Name of Lambda Layer to create | string | false |
ignore_source_code_hash | Whether to ignore changes to the function's source code hash. Set to true if you manage infrastructure and code deployments separately. | bool | false |
create_unqualified_alias_async_event_config | Whether to allow async event configuration on unqualified alias pointing to $LATEST version | bool | false |
maximum_retry_attempts | Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2. | number | false |
event_source_mapping | Map of event source mapping | any | false |
attach_async_event_policy | Controls whether async event policy should be added to IAM role for Lambda Function | bool | false |
create_package | Controls whether Lambda package should be created | bool | false |
function_name | A unique name for your Lambda Function | string | false |
license_info | License info for your Lambda Layer. Eg, MIT or full url of a license. | string | false |
attach_dead_letter_policy | Controls whether SNS/SQS dead letter notification policy should be added to IAM role for Lambda Function | bool | false |
policies | List of policy statements ARN to attach to Lambda Function role | list(string) | false |
s3_acl | The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, and bucket-owner-full-control. Defaults to private. | string | false |
handler | Lambda Function entrypoint in your code | string | false |
layers | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | list(string) | false |
role_force_detach_policies | Specifies to force detaching any policies the IAM role has before destroying it. | bool | false |
artifacts_dir | Directory name where artifacts should be stored | string | false |
package_type | The Lambda deployment package type. Valid options: Zip or Image | string | false |
image_config_entry_point | The ENTRYPOINT for the docker image | list(string) | false |
cloudwatch_logs_kms_key_id | The ARN of the KMS Key to use when encrypting log data. | string | false |
number_of_policies | Number of policies to attach to IAM role for Lambda Function | number | false |
policy | An additional policy document ARN to attach to the Lambda Function role | string | false |
create_function | Controls whether Lambda Function resource should be created | bool | false |
image_config_working_directory | The working directory for the docker image | string | false |
provisioned_concurrent_executions | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | number | false |
create_current_version_allowed_triggers | Whether to allow triggers on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources) | bool | false |
create_unqualified_alias_allowed_triggers | Whether to allow triggers on unqualified alias pointing to $LATEST version | bool | false |
attach_policy_statements | Controls whether policy_statements should be added to IAM role for Lambda Function | bool | false |
s3_existing_package | The S3 bucket object with keys bucket, key, version pointing to an existing zip-file to use | map(string) | false |
hash_extra | The string to add into hashing function. Useful when building same source path for different functions. | string | false |
create_layer | Controls whether Lambda Layer resource should be created | bool | false |
dead_letter_target_arn | The ARN of an SNS topic or SQS queue to notify when an invocation fails. | string | false |
layer_skip_destroy | Whether to retain the old version of a previously deployed Lambda Layer. | bool | false |
docker_build_root | Root dir where to build in Docker | string | false |
recreate_missing_package | Whether to recreate missing Lambda package if it is missing locally or not | bool | false |
cloudwatch_logs_retention_in_days | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | number | false |
role_tags | A map of tags to assign to IAM role | map(string) | false |
policy_jsons | List of additional policy documents as JSON to attach to Lambda Function role | list(string) | false |
s3_server_side_encryption | Specifies server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms". | string | false |
docker_image | Docker image to use for the build | string | false |
timeout | The amount of time your Lambda Function has to run in seconds. | number | false |
environment_variables | A map that defines environment variables for the Lambda Function. | map(string) | false |
compatible_runtimes | A list of Runtimes this layer is compatible with. Up to 5 runtimes can be specified. | list(string) | false |
docker_file | Path to a Dockerfile when building in Docker | string | false |
create | Controls whether resources should be created | bool | false |
vpc_security_group_ids | List of security group ids when Lambda Function should run in the VPC. | list(string) | false |
attach_policy_jsons | Controls whether policy_jsons should be added to IAM role for Lambda Function | bool | false |
attach_network_policy | Controls whether VPC/network policy should be added to IAM role for Lambda Function | bool | false |
policy_statements | Map of dynamic policy statements to attach to Lambda Function role | any | false |
file_system_arn | The Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. | string | false |
description | Description of your Lambda Function (or Layer) | string | false |
destination_on_failure | Amazon Resource Name (ARN) of the destination resource for failed asynchronous invocations | string | false |
role_name | Name of IAM role to use for Lambda Function | string | false |
destination_on_success | Amazon Resource Name (ARN) of the destination resource for successful asynchronous invocations | string | false |
use_existing_cloudwatch_log_group | Whether to use an existing CloudWatch log group or create new | bool | false |
trusted_entities | List of additional trusted entities for assuming Lambda Function role (trust relationship) | any | false |
assume_role_policy_statements | Map of dynamic policy statements for assuming Lambda Function role (trust relationship) | any | false |
policy_json | An additional policy document as JSON to attach to the Lambda Function role | string | false |
runtime | Lambda Function runtime | string | false |
reserved_concurrent_executions | The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. | number | false |
tags | A map of tags to assign to resources. | map(string) | false |
s3_object_storage_class | Specifies the desired Storage Class for the artifact uploaded to S3. Can be either STANDARD, REDUCED_REDUNDANCY, ONEZONE_IA, INTELLIGENT_TIERING, or STANDARD_IA. | string | false |
docker_with_ssh_agent | Whether to pass SSH_AUTH_SOCK into docker environment or not | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

55
docs/end-user/components/cloud-services/terraform/aws-notify-slack.md Normal file
View File

@ -0,0 +1,55 @@
---
title: AWS NOTIFY-SLACK
---
## Description
Terraform module which creates SNS topic and Lambda function which sends notifications to Slack
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
lambda_function_s3_bucket | S3 bucket to store artifacts | string | false |
create_sns_topic | Whether to create new SNS topic | bool | false |
iam_role_path | Path of IAM role to use for Lambda Function | string | false |
lambda_function_vpc_security_group_ids | List of security group ids when Lambda Function should run in the VPC. | list(string) | false |
sns_topic_tags | Additional tags for the SNS topic | map(string) | false |
iam_role_tags | Additional tags for the IAM role | map(string) | false |
lambda_function_tags | Additional tags for the Lambda function | map(string) | false |
slack_emoji | A custom emoji that will appear on Slack messages | string | false |
kms_key_arn | ARN of the KMS key used for decrypting slack webhook url | string | false |
tags | A map of tags to add to all resources | map(string) | false |
lambda_function_vpc_subnet_ids | List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. | list(string) | false |
slack_channel | The name of the channel in Slack for notifications | string | true |
cloudwatch_log_group_kms_key_id | The ARN of the KMS Key to use when encrypting log data for Lambda | string | false |
iam_policy_path | Path of policies to that should be added to IAM role for Lambda Function | string | false |
cloudwatch_log_group_retention_in_days | Specifies the number of days you want to retain log events in log group for Lambda. | number | false |
subscription_filter_policy | (Optional) A valid filter policy that will be used in the subscription to filter messages seen by the target resource. | string | false |
lambda_function_name | The name of the Lambda function to create | string | false |
sns_topic_kms_key_id | ARN of the KMS key used for enabling SSE on the topic | string | false |
recreate_missing_package | Whether to recreate missing Lambda package if it is missing locally or not | bool | false |
reserved_concurrent_executions | The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations | number | false |
lambda_function_store_on_s3 | Whether to store produced artifacts on S3 or locally. | bool | false |
cloudwatch_log_group_tags | Additional tags for the Cloudwatch log group | map(string) | false |
sns_topic_name | The name of the SNS topic to create | string | true |
slack_username | The username that will appear on Slack messages | string | true |
log_events | Boolean flag to enabled/disable logging of incoming events | bool | false |
create | Whether to create all resources | bool | false |
lambda_description | The description of the Lambda function | string | false |
iam_role_name_prefix | A unique role name beginning with the specified prefix | string | false |
lambda_role | IAM role attached to the Lambda Function. If this is set then a role will not be created for you. | string | false |
slack_webhook_url | The URL of Slack webhook | string | true |
iam_role_boundary_policy_arn | The ARN of the policy that is used to set the permissions boundary for the role | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

107
docs/end-user/components/cloud-services/terraform/aws-rds-aurora.md Normal file
View File

@ -0,0 +1,107 @@
---
title: AWS RDS-AURORA
---
## Description
Terraform module which creates RDS Aurora resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
final_snapshot_identifier_prefix | The prefix name to use when creating a final snapshot on cluster destroy; a 8 random digits are appended to name to ensure it's unique | string | false |
iam_role_force_detach_policies | Whether to force detaching any policies the monitoring role has before destroying it | bool | false |
s3_import | Configuration map used to restore from a Percona Xtrabackup in S3 (only MySQL is supported) | map(string) | false |
auto_minor_version_upgrade | Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Default `true` | bool | false |
iam_role_use_name_prefix | Determines whether to use `iam_role_name` as is or create a unique name beginning with the `iam_role_name` as the prefix | bool | false |
predefined_metric_type | The metric type to scale on. Valid values are `RDSReaderAverageCPUUtilization` and `RDSReaderAverageDatabaseConnections` | string | false |
autoscaling_target_cpu | CPU threshold which will initiate autoscaling | number | false |
security_group_tags | Additional tags for the security group | map(string) | false |
engine | The name of the database engine to be used for this DB cluster. Defaults to `aurora`. Valid Values: `aurora`, `aurora-mysql`, `aurora-postgresql` | string | false |
kms_key_id | The ARN for the KMS encryption key. When specifying `kms_key_id`, `storage_encrypted` needs to be set to `true` | string | false |
iam_database_authentication_enabled | Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled | bool | false |
monitoring_role_arn | IAM role used by RDS to send enhanced monitoring metrics to CloudWatch | string | false |
vpc_id | ID of the VPC where to create security group | string | false |
create_db_subnet_group | Determines whether to create the databae subnet group or use existing | bool | false |
restore_to_point_in_time | Map of nested attributes for cloning Aurora cluster | map(string) | false |
engine_version | The database engine version. Updating this argument results in an outage | string | false |
deletion_protection | If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to `true`. The default is `false` | bool | false |
instances | Map of cluster instances and any specific/overriding attributes to be created | any | false |
performance_insights_enabled | Specifies whether Performance Insights is enabled or not | bool | false |
ca_cert_identifier | The identifier of the CA certificate for the DB instance | string | false |
endpoints | Map of additional cluster endpoints and their attributes to be created | any | false |
iam_roles | Map of IAM roles and supported feature names to associate with the cluster | map(map(string)) | false |
autoscaling_scale_out_cooldown | Cooldown in seconds before allowing further scaling operations after a scale out | number | false |
create_security_group | Determines whether to create security group for RDS cluster | bool | false |
security_group_egress_rules | A map of security group egress rule defintions to add to the security group created | map(any) | false |
global_cluster_identifier | The global cluster identifier specified on `aws_rds_global_cluster` | string | false |
db_cluster_parameter_group_name | A cluster parameter group to associate with the cluster | string | false |
scaling_configuration | Map of nested attributes with scaling properties. Only valid when `engine_mode` is set to `serverless` | map(string) | false |
is_primary_cluster | Determines whether cluster is primary cluster with writer instance (set to `false` for global cluster and replica clusters) | bool | false |
instance_class | Instance type to use at master instance. Note: if `autoscaling_enabled` is `true`, this will be the same instance class used on instances created by autoscaling | string | false |
name | Name used across resources created | string | false |
master_password | Password for the master DB user. Note - when specifying a value here, 'create_random_password' should be set to `false` | string | false |
replication_source_identifier | ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica | string | false |
master_username | Username for the master DB user | string | false |
backtrack_window | The target backtrack window, in seconds. Only available for `aurora` engine currently. To disable backtracking, set this value to 0. Must be between 0 and 259200 (72 hours) | number | false |
monitoring_interval | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for instances. Set to `0` to disble. Default is `0` | number | false |
performance_insights_retention_period | Amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years) | number | false |
iam_role_permissions_boundary | The ARN of the policy that is used to set the permissions boundary for the monitoring role | string | false |
autoscaling_enabled | Determines whether autoscaling of the cluster read replicas is enabled | bool | false |
autoscaling_scale_in_cooldown | Cooldown in seconds before allowing further scaling operations after a scale in | number | false |
autoscaling_target_connections | Average number of connections threshold which will initiate autoscaling. Default value is 70% of db.r4/r5/r6g.large's default max_connections | number | false |
random_password_length | Length of random password to create. Defaults to `10` | number | false |
db_parameter_group_name | The name of the DB parameter group to associate with instances | string | false |
autoscaling_max_capacity | Maximum number of read replicas permitted when autoscaling is enabled | number | false |
allowed_cidr_blocks | A list of CIDR blocks which are allowed to access the database | list(string) | false |
db_subnet_group_name | The name of the subnet group name (existing or created) | string | false |
enable_http_endpoint | Enable HTTP endpoint (data API). Only valid when engine_mode is set to `serverless` | bool | false |
backup_retention_period | The days to retain backups for. Default `7` | number | false |
apply_immediately | Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is `false` | bool | false |
instances_use_identifier_prefix | Determines whether cluster instance identifiers are used as prefixes | bool | false |
iam_role_name | Friendly name of the monitoring role | string | false |
iam_role_path | Path for the monitoring role | string | false |
enable_global_write_forwarding | Whether cluster should forward writes to an associated global cluster. Applied to secondary clusters to enable them to forward writes to an `aws_rds_global_cluster`'s primary cluster | bool | false |
preferred_backup_window | The daily time range during which automated backups are created if automated backups are enabled using the `backup_retention_period` parameter. Time in UTC | string | false |
create_monitoring_role | Determines whether to create the IAM role for RDS enhanced monitoring | bool | false |
security_group_description | The description of the security group. If value is set to empty string it will contain cluster name in the description | string | false |
allow_major_version_upgrade | Enable to allow major engine version upgrades when changing engine versions. Defaults to `false` | bool | false |
create_random_password | Determines whether to create random password for RDS primary cluster | bool | false |
skip_final_snapshot | Determines whether a final snapshot is created before the cluster is deleted. If true is specified, no snapshot is created | bool | false |
iam_role_managed_policy_arns | Set of exclusive IAM managed policy ARNs to attach to the monitoring role | list(string) | false |
allowed_security_groups | A list of Security Group ID's to allow access to | list(string) | false |
tags | A map of tags to add to all resources | map(string) | false |
create_cluster | Whether cluster should be created (affects nearly all resources) | bool | false |
engine_mode | The database engine mode. Valid values: `global`, `multimaster`, `parallelquery`, `provisioned`, `serverless`. Defaults to: `provisioned` | string | false |
database_name | Name for an automatically created database on cluster creation | string | false |
publicly_accessible | Determines whether instances are publicly accessible. Default false | bool | false |
instance_timeouts | Create, update, and delete timeout configurations for the cluster instance(s) | map(string) | false |
preferred_maintenance_window | The weekly time range during which system maintenance can occur, in (UTC) | string | false |
snapshot_identifier | Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot | string | false |
enabled_cloudwatch_logs_exports | Set of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: `audit`, `error`, `general`, `slowquery`, `postgresql` | list(string) | false |
cluster_timeouts | Create, update, and delete timeout configurations for the cluster | map(string) | false |
performance_insights_kms_key_id | The ARN for the KMS key to encrypt Performance Insights data | string | false |
iam_role_max_session_duration | Maximum session duration (in seconds) that you want to set for the monitoring role | number | false |
autoscaling_min_capacity | Minimum number of read replicas permitted when autoscaling is enabled | number | false |
subnets | List of subnet IDs used by database subnet group created | list(string) | false |
source_region | The source region for an encrypted replica DB cluster | string | false |
port | The port on which the DB accepts connections | string | false |
vpc_security_group_ids | List of VPC security groups to associate to the cluster in addition to the SG we create in this module | list(string) | false |
storage_encrypted | Specifies whether the DB cluster is encrypted. The default is `true` | bool | false |
db_cluster_db_instance_parameter_group_name | Instance parameter group to associate with all instances of the DB cluster. The `db_cluster_db_instance_parameter_group_name` is only valid in combination with `allow_major_version_upgrade` | string | false |
copy_tags_to_snapshot | Copy all Cluster `tags` to snapshots | bool | false |
cluster_tags | A map of tags to add to only the cluster. Used for AWS Instance Scheduler tagging | map(string) | false |
iam_role_description | Description of the monitoring role | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

33
docs/end-user/components/cloud-services/terraform/aws-route53-alias.md Normal file
View File

@ -0,0 +1,33 @@
---
title: AWS ROUTE53-ALIAS
---
## Description
Terraform Module to Define Vanity Host/Domain (e.g. ) as an ALIAS record
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
ipv6_enabled | Set to true to enable an AAAA DNS record to be set as well as the A record | bool | false |
allow_overwrite | Allow creation of this record in Terraform to overwrite an existing record, if any. This does not affect the ability to update the record in Terraform and does not prevent other resources within Terraform or manual Route 53 changes outside Terraform from overwriting this record. false by default. This configuration is not recommended for most environments | bool | false |
aliases | List of aliases | list(string) | true |
private_zone | Is this a private hosted zone? | bool | false |
target_zone_id | ID of target resource (e.g. ALB, ELB) | string | true |
evaluate_target_health | Set to true if you want Route 53 to determine whether to respond to DNS queries | bool | false |
parent_zone_id | ID of the hosted zone to contain this record (or specify `parent_zone_name`) | string | false |
parent_zone_name | Name of the hosted zone to contain this record (or specify `parent_zone_id`) | string | false |
target_dns_name | DNS name of target resource (e.g. ALB, ELB) | string | true |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

29
docs/end-user/components/cloud-services/terraform/aws-route53-cluster-hostname.md Normal file
View File

@ -0,0 +1,29 @@
---
title: AWS ROUTE53-CLUSTER-HOSTNAME
---
## Description
Terraform module to define a consistent AWS Route53 hostname
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
zone_id | Route53 DNS Zone ID | string | true |
records | DNS records to create | list(string) | true |
type | Type of DNS records to create | string | false |
ttl | The TTL of the record to add to the DNS zone to complete certificate validation | number | false |
dns_name | The name of the DNS record | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

26
docs/end-user/components/cloud-services/terraform/aws-route53-delegation-sets.md Normal file
View File

@ -0,0 +1,26 @@
---
title: AWS ROUTE53-DELEGATION-SETS
---
## Description
Terraform module which creates Route53 resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
delegation_sets | Map of Route53 delegation set parameters | any | false |
create | Whether to create Route53 delegation sets | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

29
docs/end-user/components/cloud-services/terraform/aws-route53-records.md Normal file
View File

@ -0,0 +1,29 @@
---
title: AWS ROUTE53-RECORDS
---
## Description
Terraform module which creates Route53 resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
create | Whether to create DNS records | bool | false |
zone_id | ID of DNS zone | string | false |
zone_name | Name of DNS zone | string | false |
private_zone | Whether Route53 zone is private or public | bool | false |
records | List of maps of DNS records | any | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

27
docs/end-user/components/cloud-services/terraform/aws-route53-zones.md Normal file
View File

@ -0,0 +1,27 @@
---
title: AWS ROUTE53-ZONES
---
## Description
Terraform module which creates Route53 resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
zones | Map of Route53 zone parameters | any | false |
tags | Tags added to all zones. Will take precedence over tags from the 'zones' variable | map(any) | false |
create | Whether to create Route53 zone | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

52
docs/end-user/components/cloud-services/terraform/aws-s3-log-storage.md Normal file
View File

@ -0,0 +1,52 @@
---
title: AWS S3-LOG-STORAGE
---
## Description
This module creates an S3 bucket suitable for receiving logs from other AWS services such as S3, CloudFront, and CloudTrail
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
policy | A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy | string | false |
abort_incomplete_multipart_upload_days | Maximum time (in days) that you want to allow multipart uploads to remain in progress | number | false |
bucket_notifications_type | Type of the notification configuration. Only SQS is supported. | string | false |
bucket_notifications_prefix | Prefix filter. Used to manage object notifications | string | false |
lifecycle_prefix | Prefix filter. Used to manage object lifecycle events | string | false |
block_public_policy | Set to `false` to disable the blocking of new public policies on the bucket | bool | false |
allow_encrypted_uploads_only | Set to `true` to prevent uploads of unencrypted objects to S3 bucket | bool | false |
access_log_bucket_name | Name of the S3 bucket where S3 access logs will be sent to | string | false |
versioning_mfa_delete_enabled | Enable MFA delete for the bucket | string | false |
enable_glacier_transition | Enables the transition to AWS Glacier which can cause unnecessary costs for huge amount of small files | bool | false |
kms_master_key_arn | The AWS KMS master key ARN used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms | string | false |
noncurrent_version_expiration_days | Specifies when noncurrent object versions expire | number | false |
block_public_acls | Set to `false` to disable the blocking of new public access lists on the bucket | bool | false |
restrict_public_buckets | Set to `false` to disable the restricting of making the bucket public | bool | false |
force_destroy | (Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable | bool | false |
lifecycle_rule_enabled | Enable lifecycle events on this bucket | bool | false |
access_log_bucket_prefix | Prefix to prepend to the current S3 bucket name, where S3 access logs will be sent to | string | false |
bucket_notifications_enabled | Send notifications for the object created events. Used for 3rd-party log collection from a bucket | bool | false |
lifecycle_tags | Tags filter. Used to manage object lifecycle events | map(string) | false |
acl | The canned ACL to apply. We recommend log-delivery-write for compatibility with AWS services | string | false |
versioning_enabled | A state of versioning. Versioning is a means of keeping multiple variants of an object in the same bucket | bool | false |
expiration_days | Number of days after which to expunge the objects | number | false |
sse_algorithm | The server-side encryption algorithm to use. Valid values are AES256 and aws:kms | string | false |
noncurrent_version_transition_days | Specifies when noncurrent object versions transitions | number | false |
standard_transition_days | Number of days to persist in the standard storage tier before moving to the infrequent access tier | number | false |
glacier_transition_days | Number of days after which to move the data to the glacier storage tier | number | false |
ignore_public_acls | Set to `false` to disable the ignoring of public access lists on the bucket | bool | false |
allow_ssl_requests_only | Set to `true` to require requests to use Secure Socket Layer (HTTPS/SSL). This will explicitly deny access to HTTP requests | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

28
docs/end-user/components/cloud-services/terraform/aws-secretsmanager-for-rollbar-access-tokens.md Normal file
View File

@ -0,0 +1,28 @@
---
title: AWS SECRETSMANAGER-FOR-ROLLBAR-ACCESS-TOKENS
---
## Description
Terraform module creating a SecretsManager for Rollbar project access tokens
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
tags | Tags which will be assigned to all resources. | map(string) | false |
name_prefix | Name prefix for the SecretsManager. The full name will be ${var.name_prefix}.rollbar_access_tokens. | string | true |
rollbar_project_name | Name of the Rollbar project to load the project access tokens from. | string | true |
rollbar_access_token_names | List of name of Rollbar access tokens which shall be loaded into the SecretsManager. | list(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

82
docs/end-user/components/cloud-services/terraform/aws-security-group.md
View File

@ -4,7 +4,7 @@ title: AWS SECURITY-GROUP
## Description
AWS Security Group
Terraform module which creates EC2-VPC security groups on AWS
## Specification
@ -13,53 +13,53 @@ AWS Security Group
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
egress_with_self | List of egress rules to create where 'self' is defined | list(map(string)) | false |
egress_with_ipv6_cidr_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list(map(string)) | false |
number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | number | false |
create | Whether to create security group and all rules | bool | false |
ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list(string) | false |
delete_timeout | Time to wait for a security group to be deleted | string | false |
ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list(string) | false |
computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list(map(string)) | false |
number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | number | false |
egress_rules | List of egress rules to create by name | list(string) | false |
egress_with_source_security_group_id | List of egress rules to create where 'source_security_group_id' is used | list(map(string)) | false |
revoke_rules_on_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | bool | false |
tags | A mapping of tags to assign to security group | map(string) | false |
egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all egress rules | list(string) | false |
number_of_computed_egress_rules | Number of computed egress rules to create by name | number | false |
computed_ingress_rules | List of computed ingress rules to create by name | list(string) | false |
number_of_computed_ingress_rules | Number of computed ingress rules to create by name | number | false |
number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | number | false |
computed_egress_rules | List of computed egress rules to create by name | list(string) | false |
ingress_with_self | List of ingress rules to create where 'self' is defined | list(map(string)) | false |
ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | list(map(string)) | false |
egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | list(string) | false |
number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | number | false |
number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | number | false |
create_sg | Whether to create security group | bool | false |
description | Description of security group | string | false |
computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list(map(string)) | false |
computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | list(map(string)) | false |
number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | number | false |
computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | list(map(string)) | false |
ingress_rules | List of ingress rules to create by name | list(string) | false |
ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list(string) | false |
egress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all egress rules | list(string) | false |
name | Name of security group - not required if create_sg is false | string | false |
ingress_with_ipv6_cidr_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list(map(string)) | false |
computed_egress_with_self | List of computed egress rules to create where 'self' is defined | list(map(string)) | false |
computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list(map(string)) | false |
ingress_with_cidr_blocks | List of ingress rules to create where 'cidr_blocks' is used | list(map(string)) | false |
egress_with_cidr_blocks | List of egress rules to create where 'cidr_blocks' is used | list(map(string)) | false |
use_name_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | bool | false |
number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | number | false |
description | Description of security group | string | false |
computed_ingress_with_source_security_group_id | List of computed ingress rules to create where 'source_security_group_id' is used | list(map(string)) | false |
egress_with_self | List of egress rules to create where 'self' is defined | list(map(string)) | false |
computed_ingress_with_ipv6_cidr_blocks | List of computed ingress rules to create where 'ipv6_cidr_blocks' is used | list(map(string)) | false |
egress_with_source_security_group_id | List of egress rules to create where 'source_security_group_id' is used | list(map(string)) | false |
create | Whether to create security group and all rules | bool | false |
create_timeout | Time to wait for a security group to be created | string | false |
ingress_with_cidr_blocks | List of ingress rules to create where 'cidr_blocks' is used | list(map(string)) | false |
egress_rules | List of egress rules to create by name | list(string) | false |
egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all egress rules | list(string) | false |
computed_egress_rules | List of computed egress rules to create by name | list(string) | false |
computed_egress_with_ipv6_cidr_blocks | List of computed egress rules to create where 'ipv6_cidr_blocks' is used | list(map(string)) | false |
delete_timeout | Time to wait for a security group to be deleted | string | false |
computed_ingress_with_self | List of computed ingress rules to create where 'self' is defined | list(map(string)) | false |
number_of_computed_ingress_with_self | Number of computed ingress rules to create where 'self' is defined | number | false |
number_of_computed_egress_with_ipv6_cidr_blocks | Number of computed egress rules to create where 'ipv6_cidr_blocks' is used | number | false |
revoke_rules_on_delete | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. Enable for EMR. | bool | false |
computed_ingress_rules | List of computed ingress rules to create by name | list(string) | false |
number_of_computed_egress_with_self | Number of computed egress rules to create where 'self' is defined | number | false |
ingress_with_source_security_group_id | List of ingress rules to create where 'source_security_group_id' is used | list(map(string)) | false |
ingress_cidr_blocks | List of IPv4 CIDR ranges to use on all ingress rules | list(string) | false |
number_of_computed_ingress_with_cidr_blocks | Number of computed ingress rules to create where 'cidr_blocks' is used | number | false |
egress_with_cidr_blocks | List of egress rules to create where 'cidr_blocks' is used | list(map(string)) | false |
create_sg | Whether to create security group | bool | false |
use_name_prefix | Whether to use name_prefix or fixed name. Should be true to able to update security group name after initial creation | bool | false |
ingress_with_self | List of ingress rules to create where 'self' is defined | list(map(string)) | false |
computed_egress_with_cidr_blocks | List of computed egress rules to create where 'cidr_blocks' is used | list(map(string)) | false |
number_of_computed_egress_with_cidr_blocks | Number of computed egress rules to create where 'cidr_blocks' is used | number | false |
number_of_computed_egress_with_source_security_group_id | Number of computed egress rules to create where 'source_security_group_id' is used | number | false |
tags | A mapping of tags to assign to security group | map(string) | false |
ingress_rules | List of ingress rules to create by name | list(string) | false |
number_of_computed_ingress_with_ipv6_cidr_blocks | Number of computed ingress rules to create where 'ipv6_cidr_blocks' is used | number | false |
ingress_prefix_list_ids | List of prefix list IDs (for allowing access to VPC endpoints) to use on all ingress rules | list(string) | false |
number_of_computed_ingress_rules | Number of computed ingress rules to create by name | number | false |
egress_with_ipv6_cidr_blocks | List of egress rules to create where 'ipv6_cidr_blocks' is used | list(map(string)) | false |
egress_cidr_blocks | List of IPv4 CIDR ranges to use on all egress rules | list(string) | false |
computed_egress_with_self | List of computed egress rules to create where 'self' is defined | list(map(string)) | false |
name | Name of security group - not required if create_sg is false | string | false |
ingress_with_ipv6_cidr_blocks | List of ingress rules to create where 'ipv6_cidr_blocks' is used | list(map(string)) | false |
ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to use on all ingress rules | list(string) | false |
number_of_computed_egress_rules | Number of computed egress rules to create by name | number | false |
number_of_computed_ingress_with_source_security_group_id | Number of computed ingress rules to create where 'source_security_group_id' is used | number | false |
computed_egress_with_source_security_group_id | List of computed egress rules to create where 'source_security_group_id' is used | list(map(string)) | false |
security_group_id | ID of existing security group whose rules we will manage | string | false |
vpc_id | ID of the VPC where to create security group | string | false |
computed_ingress_with_cidr_blocks | List of computed ingress rules to create where 'cidr_blocks' is used | list(map(string)) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |

29
docs/end-user/components/cloud-services/terraform/aws-security-hub.md Normal file
View File

@ -0,0 +1,29 @@
---
title: AWS SECURITY-HUB
---
## Description
Terraform module to provision AWS Security Hub
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
imported_findings_notification_arn | The ARN for an SNS topic to send findings notifications to. This is only used if create_sns_topic is false.\n\nIf you want to send findings to an existing SNS topic, set the value of this to the ARN of the existing topic and set \ncreate_sns_topic to false.\n | string | false |
cloudwatch_event_rule_pattern_detail_type | The detail-type pattern used to match events that will be sent to SNS. \n\nFor more information, see:\nhttps://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEventsandEventPatterns.html\n | string | false |
enabled_standards | A list of standards/rulesets to enable\n\nSee https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_standards_subscription#argument-reference\n\nThe possible values are:\n\n - standards/aws-foundational-security-best-practices/v/1.0.0\n - ruleset/cis-aws-foundations-benchmark/v/1.2.0\n - standards/pci-dss/v/3.2.1\n | list(any) | false |
create_sns_topic | Flag to indicate whether an SNS topic should be created for notifications\n\nIf you want to send findings to a new SNS topic, set this to true and provide a valid configuration for subscribers\n | bool | false |
subscribers | Required configuration for subscibres to SNS topic. | map(object({\n protocol = string\n # The protocol to use. The possible values for this are: sqs, sms, lambda, application. (http or https are partially supported, see below) (email is an option but is unsupported, see below).\n endpoint = string\n # The endpoint to send data to, the contents will vary with the protocol. (see below for more information)\n endpoint_auto_confirms = bool\n # Boolean indicating whether the end point is capable of auto confirming subscription e.g., PagerDuty (default is false)\n raw_message_delivery = bool\n # Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property) (default is false)\n })) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

41
docs/end-user/components/cloud-services/terraform/aws-sns-topic.md Normal file
View File

@ -0,0 +1,41 @@
---
title: AWS SNS-TOPIC
---
## Description
Terraform Module to Provide an Amazon Simple Notification Service (SNS)
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
allowed_iam_arns_for_sns_publish | IAM role/user ARNs that will have permission to publish to SNS topic. Used when no external json policy is used. | list(string) | false |
redrive_policy_max_receiver_count | The number of times a message is delivered to the source queue before being moved to the dead-letter queue. When the ReceiveCount for a message exceeds the maxReceiveCount for a queue, Amazon SQS moves the message to the dead-letter-queue. | number | false |
subscribers | Required configuration for subscibres to SNS topic. | map(object({\n protocol = string\n # The protocol to use. The possible values for this are: sqs, sms, lambda, application. (http or https are partially supported, see below) (email is an option but is unsupported, see below).\n endpoint = string\n # The endpoint to send data to, the contents will vary with the protocol. (see below for more information)\n endpoint_auto_confirms = bool\n # Boolean indicating whether the end point is capable of auto confirming subscription e.g., PagerDuty (default is false)\n raw_message_delivery = bool\n # Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property) (default is false)\n })) | false |
encryption_enabled | Whether or not to use encryption for SNS Topic. If set to `true` and no custom value for KMS key (kms_master_key_id) is provided, it uses the default `alias/aws/sns` KMS key. | bool | false |
sqs_dlq_message_retention_seconds | The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days). | number | false |
fifo_queue_enabled | Whether or not to create a FIFO (first-in-first-out) queue | bool | false |
content_based_deduplication | Enable content-based deduplication for FIFO topics | bool | false |
sqs_queue_kms_data_key_reuse_period_seconds | The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again | number | false |
sqs_dlq_enabled | Enable delivery of failed notifications to SQS and monitor messages in queue. | bool | false |
redrive_policy | The SNS redrive policy as JSON. This overrides `var.redrive_policy_max_receiver_count` and the `deadLetterTargetArn` (supplied by `var.fifo_queue = true`) passed in by the module. | string | false |
sns_topic_policy_json | The fully-formed AWS policy as JSON | string | false |
sqs_dlq_max_message_size | The limit of how many bytes a message can contain before Amazon SQS rejects it. An integer from 1024 bytes (1 KiB) up to 262144 bytes (256 KiB). The default for this attribute is 262144 (256 KiB). | number | false |
sqs_queue_kms_master_key_id | The ID of an AWS-managed customer master key (CMK) for Amazon SQS Queue or a custom CMK | string | false |
delivery_policy | The SNS delivery policy as JSON. | string | false |
fifo_topic | Whether or not to create a FIFO (first-in-first-out) topic | bool | false |
allowed_aws_services_for_sns_published | AWS services that will have permission to publish to SNS topic. Used when no external JSON policy is used | list(string) | false |
kms_master_key_id | The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

42
docs/end-user/components/cloud-services/terraform/aws-sqs.md Normal file
View File

@ -0,0 +1,42 @@
---
title: AWS SQS
---
## Description
Terraform module which creates SQS resources on AWS
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
delay_seconds | The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes) | number | false |
receive_wait_time_seconds | The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds) | number | false |
tags | A mapping of tags to assign to all resources | map(string) | false |
content_based_deduplication | Enables content-based deduplication for FIFO queues | bool | false |
kms_master_key_id | The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK | string | false |
kms_data_key_reuse_period_seconds | The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours) | number | false |
create | Whether to create SQS queue | bool | false |
name | This is the human-readable name of the queue. If omitted, Terraform will assign a random name. | string | false |
name_prefix | A unique name beginning with the specified prefix. | string | false |
max_message_size | The limit of how many bytes a message can contain before Amazon SQS rejects it. An integer from 1024 bytes (1 KiB) up to 262144 bytes (256 KiB) | number | false |
redrive_allow_policy | The JSON policy to set up the Dead Letter Queue redrive permission, see AWS docs. | string | false |
fifo_throughput_limit | Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group | string | false |
policy | The JSON policy for the SQS queue | string | false |
fifo_queue | Boolean designating a FIFO queue | bool | false |
deduplication_scope | Specifies whether message deduplication occurs at the message group or queue level | string | false |
visibility_timeout_seconds | The visibility timeout for the queue. An integer from 0 to 43200 (12 hours) | number | false |
message_retention_seconds | The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days) | number | false |
redrive_policy | The JSON policy to set up the Dead Letter Queue, see AWS docs. Note: when specifying maxReceiveCount, you must specify it as an integer (5), and not a string ("5") | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

29
docs/end-user/components/cloud-services/terraform/aws-ssm-parameter-store.md Normal file
View File

@ -0,0 +1,29 @@
---
title: AWS SSM-PARAMETER-STORE
---
## Description
Terraform module to populate AWS Systems Manager (SSM) Parameter Store with values from Terraform. Works great with Chamber.
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
kms_arn | The ARN of a KMS key used to encrypt and decrypt SecretString values | string | false |
parameter_write_defaults | Parameter write default settings | map(any) | false |
ignore_value_changes | Whether to ignore future external changes in paramater values | bool | false |
parameter_read | List of parameters to read from SSM. These must already exist otherwise an error is returned. Can be used with `parameter_write` as long as the parameters are different. | list(string) | false |
parameter_write | List of maps with the parameter values to write to SSM Parameter Store | list(map(string)) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

25
docs/end-user/components/cloud-services/terraform/aws-utils.md Normal file
View File

@ -0,0 +1,25 @@
---
title: AWS UTILS
---
## Description
Utility functions for use with Terraform in the AWS environment
## Specification
### Properties
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
example | Example variable | | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
Name | Description | Type | Required | Default
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

30
docs/tutorials/consume-cloud-services.md
View File

@ -43,35 +43,7 @@ The creating process of cloud services pulls configuration from GitHub. If your
cluster that runs KubeVela is very hard to connect to GitHub, please open up the `GithubBlocked` option in `terraform`
addon.
KubeVela supports the following types of resources and more later on:
| Orchestration Type | Cloud Provider | Cloud Resource | Description |
|--------------------|----------------|------------------------------------------------------------------------------------------|-----------------------------------------------------------------------|
| Terraform | Alibaba Cloud | [ACK](../end-user/components/cloud-services/terraform/alibaba-ack) | Terraform configuration for Alibaba Cloud ACK cluster |
| | | [AMQP](../end-user/components/cloud-services/terraform/alibaba-amqp) | Terraform configuration for Alibaba Cloud AMQP (RabbitMQ) |
| | | [ASK](../end-user/components/cloud-services/terraform/alibaba-ask) | Terraform configuration for Alibaba Cloud Serverless Kubernetes (ASK) |
| | | [EIP](../end-user/components/cloud-services/terraform/alibaba-eip) | Terraform configuration for Alibaba Cloud EIP |
| | | [MSE](../end-user/components/cloud-services/terraform/alibaba-mse) | Terraform configuration for Alibaba Cloud MSE |
| | | [OSS](../end-user/components/cloud-services/terraform/alibaba-oss) | Terraform configuration for Alibaba Cloud OSS |
| | | [RDS](../end-user/components/cloud-services/terraform/alibaba-rds) | Terraform configuration for Alibaba Cloud RDS |
| | | [Redis](../end-user/components/cloud-services/terraform/alibaba-redis) | Terraform configuration for Alibaba Cloud Redis |
| | | [RocketMQ](../end-user/components/cloud-services/terraform/alibaba-rocketmq) | Terraform configuration for Alibaba Cloud RocketMQ |
| | | [SLS Project](../end-user/components/cloud-services/terraform/alibaba-sls-project) | Terraform configuration for Alibaba Cloud SLS Project |
| | | [SLS Store](../end-user/components/cloud-services/terraform/alibaba-sls-store) | Terraform configuration for Alibaba Cloud SLS Store |
| | | [VPC](../end-user/components/cloud-services/terraform/alibaba-vpc) | Terraform configuration for Alibaba Cloud VPC |
| | | [VSwitch](../end-user/components/cloud-services/terraform/alibaba-vswitch) | Terraform configuration for Alibaba Cloud VSwitch |
| | AWS | [S3](../end-user/components/cloud-services/terraform/aws-s3) | Terraform configuration for AWS S3 bucket |
| | | [S3](../end-user/components/cloud-services/terraform/aws-rds) | Terraform configuration for AWS RDS |
| | | [S3](../end-user/components/cloud-services/terraform/aws-security-group) | Terraform configuration for AWS Security Group |
| | | [S3](../end-user/components/cloud-services/terraform/aws-subnet) | Terraform configuration for AWS S3 Subnet |
| | | [S3](../end-user/components/cloud-services/terraform/aws-vpc) | Terraform configuration for AWS S3 VPC |
| | Azure | [Mariadb](../end-user/components/cloud-services/terraform/azure-database-mariadb) | Terraform configuration for Azure Database Mariadb |
| | | [Storage Account](../end-user/components/cloud-services/terraform/azure-storage-account) | Terraform configuration for Azure Storage Account |
| | | [Storage Account](../end-user/components/cloud-services/terraform/azure-resource-group) | Terraform configuration for Azure Resource group |
| | | [Storage Account](../end-user/components/cloud-services/terraform/azure-subnet) | Terraform configuration for Azure Subnet |
| | | [Storage Account](../end-user/components/cloud-services/terraform/azure-virtual-network) | Terraform configuration for Azure Virtual network |
| | Tencent Cloud | [Mariadb](../end-user/components/cloud-services/terraform/tencent-vpc) | Terraform configuration for Tencent Cloud VPC |
| | | [Mariadb](../end-user/components/cloud-services/terraform/tencent-subnet) | Terraform configuration for Tencent Cloud Subnet |
All supported Terraform cloud resources can be seen in the [list](../end-user/components/cloud-services/cloud-resources-list).
## Creating your cloud service

1
docusaurus.config.js
View File

@ -151,7 +151,6 @@ module.exports = {
showLastUpdateAuthor: true,
showLastUpdateTime: true,
includeCurrentVersion: true,
lastVersion: "v1.2",
},
blog: {
showReadingTime: true,

92
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/cloud-resources-list.md Normal file
View File

@ -0,0 +1,92 @@
---
title: 云资源列表
---
| 编排类型 | 云服务商 | 云资源 | 描述 |
|-----------|-------|---------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Terraform | 阿里云 | [ack](./terraform/alibaba-ack.md) | Terraform configuration for Alibaba Cloud ACK cluster |
| | | [amqp](./terraform/alibaba-amqp.md) | Terraform configuration for Alibaba Cloud AMQP(RabbitMQ) |
| | | [ask](./terraform/alibaba-ask.md) | Terraform configuration for Alibaba Cloud Serverless Kubernetes (ASK) |
| | | [eip](./terraform/alibaba-eip.md) | Terraform configuration for Alibaba Cloud Elastic IP |
| | | [mongodb](./terraform/alibaba-mongodb.md) | Alibaba Cloud MongoDB |
| | | [mse](./terraform/alibaba-mse.md) | Terraform configuration for Alibaba Cloud MSE |
| | | [oss](./terraform/alibaba-oss.md) | Terraform configuration for Alibaba Cloud OSS |
| | | [rds](./terraform/alibaba-rds.md) | Terraform configuration for Alibaba Cloud RDS |
| | | [redis](./terraform/alibaba-redis.md) | Terraform configuration for Alibaba Cloud Redis |
| | | [rocketmq](./terraform/alibaba-rocketmq.md) | Terraform configuration for Alibaba Cloud RocketMQ |
| | | [sls project](./terraform/alibaba-sls-project.md) | Terraform configuration for Alibaba Cloud SLS Project |
| | | [sls store](./terraform/alibaba-sls-store.md) | Terraform configuration for Alibaba Cloud SLS Store |
| | | [vpc](./terraform/alibaba-vpc.md) | Terraform configuration for Alibaba Cloud VPC |
| | | [vswitch](./terraform/alibaba-vswitch.md) | Terraform configuration for Alibaba Cloud VSwitch |
| | AWS | [acm](./terraform/aws-acm.md) | Terraform module which creates and validates ACM certificate |
| | | [alb](./terraform/aws-alb.md) | Terraform module to create an AWS Application/Network Load Balancer (ALB/NLB) and associated resources |
| | | [autoscaling](./terraform/aws-autoscaling.md) | Terraform module which creates Auto Scaling resources on AWS |
| | | [bridgecrew read only](./terraform/aws-bridgecrew-read-only.md) | Bridgecrew READ ONLY integration module |
| | | [cloudfront s3 cdn](./terraform/aws-cloudfront-s3-cdn.md) | Terraform module to easily provision CloudFront CDN backed by an S3 origin |
| | | [cloudfront](./terraform/aws-cloudfront.md) | Terraform module which creates CloudFront resources on AWS |
| | | [cloudwatch cis alarms](./terraform/aws-cloudwatch-cis-alarms.md) | Terraform module which creates Cloudwatch resources on AWS |
| | | [cloudwatch log group](./terraform/aws-cloudwatch-log-group.md) | Terraform module which creates Cloudwatch resources on AWS |
| | | [cloudwatch log metric filter](./terraform/aws-cloudwatch-log-metric-filter.md) | Terraform module which creates Cloudwatch resources on AWS |
| | | [cloudwatch metric alarm](./terraform/aws-cloudwatch-metric-alarm.md) | Terraform module which creates Cloudwatch resources on AWS |
| | | [cloudwatch metric alarms](./terraform/aws-cloudwatch-metric-alarms.md) | Terraform module which creates Cloudwatch resources on AWS |
| | | [config](./terraform/aws-config.md) | This module configures AWS Config, a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. |
| | | [dynamodb table](./terraform/aws-dynamodb-table.md) | Terraform module which creates DynamoDB table on AWS |
| | | [ec2 instance](./terraform/aws-ec2-instance.md) | Terraform module which creates EC2 instance(s) on AWS |
| | | [ecs container definition](./terraform/aws-ecs-container-definition.md) | Terraform module to generate well-formed JSON documents (container definitions) that are passed to the aws_ecs_task_definition Terraform resource |
| | | [ecs](./terraform/aws-ecs.md) | Terraform module which creates AWS ECS resources |
| | | [eks cluster autoscaler](./terraform/aws-eks-cluster-autoscaler.md) | AWS Eks-Cluster-Autoscaler |
| | | [eks external dns](./terraform/aws-eks-external-dns.md) | AWS Eks-External-Dns |
| | | [eks kube state metrics](./terraform/aws-eks-kube-state-metrics.md) | AWS Eks-Kube-State-Metrics |
| | | [eks node problem detector](./terraform/aws-eks-node-problem-detector.md) | A terraform module to deploy a node problem detector on Amazon EKS cluster |
| | | [eks](./terraform/aws-eks.md) | Terraform module to create an Elastic Kubernetes (EKS) cluster and associated worker instances on AWS |
| | | [elasticache redis](./terraform/aws-elasticache-redis.md) | Terraform module to provision an ElastiCache Redis Cluster |
| | | [elb](./terraform/aws-elb.md) | Terraform module which creates ELB resources on AWS |
| | | [guardduty](./terraform/aws-guardduty.md) | Terraform module to provision AWS Guard Duty |
| | | [iam account](./terraform/aws-iam-account.md) | Terraform module which creates IAM resources on AWS |
| | | [iam assumable role with oidc](./terraform/aws-iam-assumable-role-with-oidc.md) | Terraform module which creates IAM resources on AWS |
| | | [iam assumable role with saml](./terraform/aws-iam-assumable-role-with-saml.md) | Terraform module which creates IAM resources on AWS |
| | | [iam assumable role](./terraform/aws-iam-assumable-role.md) | Terraform module which creates IAM resources on AWS |
| | | [iam assumable roles with saml](./terraform/aws-iam-assumable-roles-with-saml.md) | Terraform module which creates IAM resources on AWS |
| | | [iam assumable roles](./terraform/aws-iam-assumable-roles.md) | Terraform module which creates IAM resources on AWS |
| | | [iam eks role](./terraform/aws-iam-eks-role.md) | Terraform module which creates IAM resources on AWS |
| | | [iam group with assumable roles policy](./terraform/aws-iam-group-with-assumable-roles-policy.md) | Terraform module which creates IAM resources on AWS |
| | | [iam group with policies](./terraform/aws-iam-group-with-policies.md) | Terraform module which creates IAM resources on AWS |
| | | [iam nofile](./terraform/aws-iam-nofile.md) | Terraform module Terraform module for creating AWS IAM Roles with heredocs |
| | | [iam policy document aggregator](./terraform/aws-iam-policy-document-aggregator.md) | Terraform module to aggregate multiple IAM policy documents into single policy document. |
| | | [iam policy](./terraform/aws-iam-policy.md) | Terraform module which creates IAM resources on AWS |
| | | [iam read only policy](./terraform/aws-iam-read-only-policy.md) | Terraform module which creates IAM resources on AWS |
| | | [iam role](./terraform/aws-iam-role.md) | A Terraform module that creates IAM role with provided JSON IAM polices documents. |
| | | [iam s3 user](./terraform/aws-iam-s3-user.md) | Terraform module to provision a basic IAM user with permissions to access S3 resources, e.g. to give the user read/write/delete access to the objects in an S3 bucket |
| | | [iam system user](./terraform/aws-iam-system-user.md) | Terraform Module to Provision a Basic IAM System User Suitable for CI/CD Systems (E.g. TravisCI, CircleCI) |
| | | [iam user](./terraform/aws-iam-user.md) | Terraform module which creates IAM resources on AWS |
| | | [key pair](./terraform/aws-key-pair.md) | Terraform module which creates EC2 key pair on AWS |
| | | [kms key](./terraform/aws-kms-key.md) | Terraform module to provision a KMS key with alias |
| | | [lambda do it all](./terraform/aws-lambda-do-it-all.md) | Terraform module to provision a lambda with full permissions |
| | | [lambda with inline code](./terraform/aws-lambda-with-inline-code.md) | Terraform module creating a Lambda function with inline code |
| | | [lambda](./terraform/aws-lambda.md) | Terraform module, which takes care of a lot of AWS Lambda/serverless tasks (build dependencies, packages, updates, deployments) in countless combinations |
| | | [notify slack](./terraform/aws-notify-slack.md) | Terraform module which creates SNS topic and Lambda function which sends notifications to Slack |
| | | [rds aurora](./terraform/aws-rds-aurora.md) | Terraform module which creates RDS Aurora resources on AWS |
| | | [rds](./terraform/aws-rds.md) | AWS RDS |
| | | [route53 alias](./terraform/aws-route53-alias.md) | Terraform Module to Define Vanity Host/Domain (e.g. ) as an ALIAS record |
| | | [route53 cluster hostname](./terraform/aws-route53-cluster-hostname.md) | Terraform module to define a consistent AWS Route53 hostname |
| | | [route53 delegation sets](./terraform/aws-route53-delegation-sets.md) | Terraform module which creates Route53 resources on AWS |
| | | [route53 records](./terraform/aws-route53-records.md) | TTerraform module which creates Route53 resources on AWS erraform module which creates Route53 resources on AWS |
| | | [route53 zones](./terraform/aws-route53-zones.md) | |
| | | [s3 log storage](./terraform/aws-s3-log-storage.md) | This module creates an S3 bucket suitable for receiving logs from other AWS services such as S3, CloudFront, and CloudTrail |
| | | [s3](./terraform/aws-s3.md) | Terraform configuration for AWS S3 |
| | | [secretsmanager for rollbar access tokens](./terraform/aws-secretsmanager-for-rollbar-access-tokens.md) | Terraform module creating a SecretsManager for Rollbar project access tokens |
| | | [security group](./terraform/aws-security-group.md) | Terraform module which creates EC2-VPC security groups on AWS |
| | | [security hub](./terraform/aws-security-hub.md) | Terraform module to provision AWS Security Hub |
| | | [sns topic](./terraform/aws-sns-topic.md) | Terraform Module to Provide an Amazon Simple Notification Service (SNS) |
| | | [sqs](./terraform/aws-sqs.md) | Terraform module which creates SQS resources on AWS |
| | | [ssm parameter store](./terraform/aws-ssm-parameter-store.md) | Terraform module to populate AWS Systems Manager (SSM) Parameter Store with values from Terraform. Works great with Chamber. |
| | | [subnet](./terraform/aws-subnet.md) | AWS Subnet |
| | | [utils](./terraform/aws-utils.md) | Utility functions for use with Terraform in the AWS environment |
| | | [vpc](./terraform/aws-vpc.md) | AWS VPC |
| | Azure | [database mariadb](./terraform/azure-database-mariadb.md) | Terraform configuration for Azure Database Mariadb |
| | | [resource group](./terraform/azure-resource-group.md) | Azure Resource Group |
| | | [storage account](./terraform/azure-storage-account.md) | Terraform configuration for Azure Blob Storage Account |
| | | [subnet](./terraform/azure-subnet.md) | Azure Subnet |
| | | [virtual network](./terraform/azure-virtual-network.md) | Azure Virtual Network |
| | 腾讯云 | [subnet](./terraform/tencent-subnet.md) | Tencent Cloud Subnet |
| | | [vpc](./terraform/tencent-vpc.md) | Terraform configuration for Tencent Cloud VPC |

33
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/provision-and-consume-cloud-services.md
View File

@ -10,40 +10,9 @@ KubeVela 通过云资源组件Component和运维特征Trait里的资
> ⚠️ 请确认管理员已经安装了 [云资源插件](../../../reference/addons/terraform)。
## 支持的云资源列表
| 编排类型 | 云服务商 | 云资源 | 描述 |
|-----------|-------|------------------------------------------------------|-----------------------------------------------------------------------|
| Terraform | 阿里云 | [ACK](./terraform/alibaba-ack) | Terraform configuration for Alibaba Cloud ACK cluster |
| | | [ASK](./terraform/alibaba-amqp) | Terraform configuration for Alibaba Cloud AMQP (RabbitMQ) |
| | | [ASK](./terraform/alibaba-ask) | Terraform configuration for Alibaba Cloud Serverless Kubernetes (ASK) |
| | | [EIP](./terraform/alibaba-eip) | Terraform configuration for Alibaba Cloud EIP |
| | | [MSE](./terraform/alibaba-mse) | Terraform configuration for Alibaba Cloud MSE |
| | | [OSS](./terraform/alibaba-oss) | Terraform configuration for Alibaba Cloud OSS |
| | | [RDS](./terraform/alibaba-rds) | Terraform configuration for Alibaba Cloud RDS |
| | | [Redis](./terraform/alibaba-redis) | Terraform configuration for Alibaba Cloud Redis |
| | | [RocketMQ](./terraform/alibaba-rocketmq) | Terraform configuration for Alibaba Cloud RocketMQ |
| | | [SLS Project](./terraform/alibaba-sls-project) | Terraform configuration for Alibaba Cloud SLS Project |
| | | [SLS Store](./terraform/alibaba-sls-store) | Terraform configuration for Alibaba Cloud SLS Store |
| | | [VPC](./terraform/alibaba-vpc) | Terraform configuration for Alibaba Cloud VPC |
| | | [VSwitch](./terraform/alibaba-vswitch) | Terraform configuration for Alibaba Cloud VSwitch |
| | AWS | [S3](./terraform/aws-s3) | Terraform configuration for AWS S3 bucket |
| | | [S3](./terraform/aws-rds) | Terraform configuration for AWS RDS |
| | | [S3](./terraform/aws-security-group) | Terraform configuration for AWS Security Group |
| | | [S3](./terraform/aws-subnet) | Terraform configuration for AWS S3 Subnet |
| | | [S3](./terraform/aws-vpc) | Terraform configuration for AWS S3 VPC |
| | Azure | [Mariadb](./terraform/azure-database-mariadb) | Terraform configuration for Azure Database Mariadb |
| | | [Storage Account](./terraform/azure-storage-account) | Terraform configuration for Azure Storage Account |
| | | [Storage Account](./terraform/azure-resource-group) | Terraform configuration for Azure Resource group |
| | | [Storage Account](./terraform/azure-subnet) | Terraform configuration for Azure Subnet |
| | | [Storage Account](./terraform/azure-virtual-network) | Terraform configuration for Azure Virtual network |
| | | [Storage Account](./terraform/azure-storage-account) | Terraform configuration for Azure Storage Account |
| | 腾讯云 | [Mariadb](./terraform/tencent-vpc) | Terraform configuration for Tencent Cloud VPC |
| | | [Mariadb](./terraform/tencent-subnet) | Terraform configuration for Tencent Cloud Subnet |
## Terraform
KubeVela 支持的所有由 Terraform 编排的云资源如上所示,你也可以通过命令 `vela components --label type=terraform` 查看。
KubeVela 支持的所有由 Terraform 编排的云资源请见[列表](./cloud-resources-list),你也可以通过命令 `vela components --label type=terraform` 查看。
### 部署云资源

37
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-acm.md Normal file
View File

@ -0,0 +1,37 @@
---
title: AWS ACM
---
## 描述
Terraform module which creates and validates ACM certificate
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
validate_certificate | Whether to validate certificate by creating Route53 record | bool | false |
certificate_transparency_logging_preference | Specifies whether certificate details should be added to a certificate transparency log | bool | false |
validation_method | Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into Terraform. | string | false |
zone_id | The ID of the hosted zone to contain this record. Required when validating via Route53 | string | false |
create_certificate | Whether to create ACM certificate | bool | false |
validation_allow_overwrite_records | Whether to allow overwrite of Route53 records | bool | false |
wait_for_validation | Whether to wait for the validation to complete | bool | false |
domain_name | A domain name for which the certificate should be issued | string | false |
subject_alternative_names | A list of domains that should be SANs in the issued certificate | list(string) | false |
create_route53_records | When validation is set to DNS, define whether to create the DNS records internally via Route53 or externally using any DNS provider | bool | false |
validation_record_fqdns | When validation is set to DNS and the DNS validation records are set externally, provide the fqdns for the validation | list(string) | false |
tags | A mapping of tags to assign to the resource | map(string) | false |
dns_ttl | The TTL of DNS recursive resolvers to cache information about this record. | number | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

59
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-alb.md Normal file
View File

@ -0,0 +1,59 @@
---
title: AWS ALB
---
## 描述
Terraform module to create an AWS Application/Network Load Balancer (ALB/NLB) and associated resources
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
subnet_mapping | A list of subnet mapping blocks describing subnets to attach to network load balancer | list(map(string)) | false |
target_group_tags | A map of tags to add to all target groups | map(string) | false |
vpc_id | VPC id where the load balancer and other resources will be deployed. | string | false |
create_lb | Controls if the Load Balancer should be created | bool | false |
enable_http2 | Indicates whether HTTP/2 is enabled in application load balancers. | bool | false |
https_listener_rules | A list of maps describing the Listener Rules for this ALB. Required key/values: actions, conditions. Optional key/values: priority, https_listener_index (default to https_listeners[count.index]) | any | false |
ip_address_type | The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 and dualstack. | string | false |
access_logs | Map containing access logging configuration for load balancer. | map(string) | false |
lb_tags | A map of tags to add to load balancer | map(string) | false |
target_groups | A list of maps containing key/value pairs that define the target groups to be created. Order of these maps is important and the index of these are to be referenced in listener definitions. Required key/values: name, backend_protocol, backend_port | any | false |
enable_deletion_protection | If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. Defaults to false. | bool | false |
https_listeners | A list of maps describing the HTTPS listeners for this ALB. Required key/values: port, certificate_arn. Optional key/values: ssl_policy (defaults to ELBSecurityPolicy-2016-08), target_group_index (defaults to https_listeners[count.index]) | any | false |
load_balancer_update_timeout | Timeout value when updating the ALB. | string | false |
http_tcp_listener_rules_tags | A map of tags to add to all http listener rules | map(string) | false |
enable_waf_fail_open | Indicates whether to route requests to targets if lb fails to forward the request to AWS WAF | bool | false |
desync_mitigation_mode | Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. | string | false |
enable_cross_zone_load_balancing | Indicates whether cross zone load balancing should be enabled in application load balancers. | bool | false |
http_tcp_listener_rules | A list of maps describing the Listener Rules for this ALB. Required key/values: actions, conditions. Optional key/values: priority, http_tcp_listener_index (default to http_tcp_listeners[count.index]) | any | false |
load_balancer_create_timeout | Timeout value when creating the ALB. | string | false |
subnets | A list of subnets to associate with the load balancer. e.g. ['subnet-1a2b3c4d','subnet-1a2b3c4e','subnet-1a2b3c4f'] | list(string) | false |
https_listener_rules_tags | A map of tags to add to all https listener rules | map(string) | false |
https_listeners_tags | A map of tags to add to all https listeners | map(string) | false |
http_tcp_listeners_tags | A map of tags to add to all http listeners | map(string) | false |
extra_ssl_certs | A list of maps describing any extra SSL certificates to apply to the HTTPS listeners. Required key/values: certificate_arn, https_listener_index (the index of the listener within https_listeners which the cert applies toward). | list(map(string)) | false |
load_balancer_delete_timeout | Timeout value when deleting the ALB. | string | false |
load_balancer_type | The type of load balancer to create. Possible values are application or network. | string | false |
security_groups | The security groups to attach to the load balancer. e.g. ["sg-edcd9784","sg-edcd9785"] | list(string) | false |
drop_invalid_header_fields | Indicates whether invalid header fields are dropped in application load balancers. Defaults to false. | bool | false |
idle_timeout | The time in seconds that the connection is allowed to be idle. | number | false |
listener_ssl_policy_default | The security policy if using HTTPS externally on the load balancer. [See](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html). | string | false |
internal | Boolean determining if the load balancer is internal or externally facing. | bool | false |
name_prefix | The resource name prefix and Name tag of the load balancer. Cannot be longer than 6 characters | string | false |
http_tcp_listeners | A list of maps describing the HTTP listeners or TCP ports for this ALB. Required key/values: port, protocol. Optional key/values: target_group_index (defaults to http_tcp_listeners[count.index]) | any | false |
name | The resource name and Name tag of the load balancer. | string | false |
tags | A map of tags to add to all resources | map(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

112
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-autoscaling.md Normal file
View File

@ -0,0 +1,112 @@
---
title: AWS AUTOSCALING
---
## 描述
Terraform module which creates Auto Scaling resources on AWS
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
load_balancers | A list of elastic load balancer names to add to the autoscaling group names. Only valid for classic load balancers. For ALBs, use `target_group_arns` instead | list(string) | false |
create_lt | Determines whether to create launch template or not | bool | false |
license_specifications | (LT) A list of license specifications to associate with | map(string) | false |
use_name_prefix | Determines whether to use `name` as is or create a unique name beginning with the `name` as the prefix | bool | false |
desired_capacity | The number of Amazon EC2 instances that should be running in the autoscaling group | number | false |
default_cooldown | The amount of time, in seconds, after a scaling activity completes before another scaling activity can start | number | false |
force_delete | Allows deleting the Auto Scaling Group without waiting for all instances in the pool to terminate. You can force an Auto Scaling Group to delete even if it's in the process of scaling a resource. Normally, Terraform drains all the instances before deleting the group. This bypasses that behavior and potentially leaves resources dangling | bool | false |
enabled_metrics | A list of metrics to collect. The allowed values are `GroupDesiredCapacity`, `GroupInServiceCapacity`, `GroupPendingCapacity`, `GroupMinSize`, `GroupMaxSize`, `GroupInServiceInstances`, `GroupPendingInstances`, `GroupStandbyInstances`, `GroupStandbyCapacity`, `GroupTerminatingCapacity`, `GroupTerminatingInstances`, `GroupTotalCapacity`, `GroupTotalInstances` | list(string) | false |
use_mixed_instances_policy | Determines whether to use a mixed instances policy in the autoscaling group or not | bool | false |
termination_policies | A list of policies to decide how the instances in the Auto Scaling Group should be terminated. The allowed values are `OldestInstance`, `NewestInstance`, `OldestLaunchConfiguration`, `ClosestToNextInstanceHour`, `OldestLaunchTemplate`, `AllocationStrategy`, `Default` | list(string) | false |
instance_refresh | If this block is configured, start an Instance Refresh when this Auto Scaling Group is updated | any | false |
enable_monitoring | Enables/disables detailed monitoring | bool | false |
metadata_options | Customize the metadata options for the instance | map(string) | false |
use_lc | Determines whether to use a launch configuration in the autoscaling group or not | bool | false |
create_asg | Determines whether to create autoscaling group or not | bool | false |
launch_template | Name of an existing launch template to be used (created outside of this module) | string | false |
health_check_grace_period | Time (in seconds) after instance comes into service before checking health | number | false |
capacity_reservation_specification | (LT) Targeting for EC2 capacity reservations | any | false |
enclave_options | (LT) Enable Nitro Enclaves on launched instances | map(string) | false |
iam_instance_profile_arn | (LT) The IAM Instance Profile ARN to launch the instance with | string | false |
associate_public_ip_address | (LC) Associate a public ip address with an instance in a VPC | bool | false |
availability_zone | A list of one or more availability zones for the group. Used for EC2-Classic and default subnets when not specified with `vpc_zone_identifier` argument. Conflicts with `vpc_zone_identifier` | list(string) | false |
tags | A list of tag blocks. Each element should have keys named key, value, and propagate_at_launch | list(map(string)) | false |
create_lc | Determines whether to create launch configuration or not | bool | false |
placement_group | The name of the placement group into which you'll launch your instances, if any | string | false |
description | (LT) Description of the launch template | string | false |
placement | (LT) The placement of the instance | map(string) | false |
metrics_granularity | The granularity to associate with the metrics to collect. The only valid value is `1Minute` | string | false |
user_data_base64 | The Base64-encoded user data to provide when launching the instance. You should use this for Launch Templates instead user_data | string | false |
security_groups | A list of security group IDs to associate | list(string) | false |
lc_name | Name of launch configuration to be created | string | false |
ephemeral_block_device | (LC) Customize Ephemeral (also known as 'Instance Store') volumes on the instance | list(map(string)) | false |
name | Name used across the resources created | string | true |
wait_for_elb_capacity | Setting this will cause Terraform to wait for exactly this number of healthy instances in all attached load balancers on both create and update operations. Takes precedence over `min_elb_capacity` behavior. | number | false |
wait_for_capacity_timeout | A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. (See also Waiting for Capacity below.) Setting this to '0' causes Terraform to skip all Capacity Waiting behavior. | string | false |
schedules | Map of autoscaling group schedule to create | map(any) | false |
lt_use_name_prefix | Determines whether to use `lt_name` as is or create a unique name beginning with the `lt_name` as the prefix | bool | false |
instance_market_options | (LT) The market (purchasing) option for the instance | any | false |
create_schedule | Determines whether to create autoscaling group schedule or not | bool | false |
tags_as_map | A map of tags and values in the same format as other resources accept. This will be converted into the non-standard format that the aws_autoscaling_group requires. | map(string) | false |
user_data | (LC) The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument nor when using Launch Templates; see `user_data_base64` instead | string | false |
lt_name | Name of launch template to be created | string | false |
network_interfaces | (LT) Customize network interfaces to be attached at instance boot time | list(any) | false |
tag_specifications | (LT) The tags to apply to the resources during launch | list(any) | false |
protect_from_scale_in | Allows setting instance protection. The autoscaling group will not select instances with this setting for termination during scale in events. | bool | false |
ebs_optimized | If true, the launched EC2 instance will be EBS-optimized | bool | false |
key_name | The key name that should be used for the instance | string | false |
image_id | The AMI from which to launch the instance | string | false |
update_default_version | (LT) Whether to update Default Version each update. Conflicts with `default_version` | string | false |
kernel_id | (LT) The kernel ID | string | false |
create_scaling_policy | Determines whether to create target scaling policy schedule or not | bool | false |
lt_version | Launch template version. Can be version number, `$Latest`, or `$Default` | string | false |
target_group_arns | A set of `aws_alb_target_group` ARNs, for use with Application or Network Load Balancing | list(string) | false |
suspended_processes | A list of processes to suspend for the Auto Scaling Group. The allowed values are `Launch`, `Terminate`, `HealthCheck`, `ReplaceUnhealthy`, `AZRebalance`, `AlarmNotification`, `ScheduledActions`, `AddToLoadBalancer`. Note that if you suspend either the `Launch` or `Terminate` process types, it can prevent your Auto Scaling Group from functioning properly | list(string) | false |
instance_type | The type of the instance to launch | string | false |
placement_tenancy | (LC) The tenancy of the instance. Valid values are `default` or `dedicated` | string | false |
disable_api_termination | (LT) If true, enables EC2 instance termination protection | bool | false |
cpu_options | (LT) The CPU options for the instance | map(string) | false |
launch_configuration | Name of an existing launch configuration to be used (created outside of this module) | string | false |
min_size | The minimum size of the autoscaling group | number | false |
mixed_instances_policy | Configuration block containing settings to define launch targets for Auto Scaling groups | any | false |
propagate_name | Determines whether to propagate the `var.instance_name`/`var.name` tag to launch instances | bool | false |
warm_pool | If this block is configured, add a Warm Pool to the specified Auto Scaling group | any | false |
scaling_policies | Map of target scaling policy schedule to create | any | false |
elastic_gpu_specifications | (LT) The elastic GPU to attach to the instance | map(string) | false |
elastic_inference_accelerator | (LT) Configuration block containing an Elastic Inference Accelerator to attach to the instance | map(string) | false |
instance_name | Name that is propogated to launched EC2 instances via a tag - if not provided, defaults to `var.name` | string | false |
capacity_rebalance | Indicates whether capacity rebalance is enabled | bool | false |
initial_lifecycle_hooks | One or more Lifecycle Hooks to attach to the Auto Scaling Group before instances are launched. The syntax is exactly the same as the separate `aws_autoscaling_lifecycle_hook` resource, without the `autoscaling_group_name` attribute. Please note that this will only work when creating a new Auto Scaling Group. For all other use-cases, please use `aws_autoscaling_lifecycle_hook` resource | list(map(string)) | false |
iam_instance_profile_name | The name attribute of the IAM instance profile to associate with launched instances | string | false |
root_block_device | (LC) Customize details about the root block device of the instance | list(map(string)) | false |
max_instance_lifetime | The maximum amount of time, in seconds, that an instance can be in service, values must be either equal to 0 or between 86400 and 31536000 seconds | number | false |
lc_use_name_prefix | Determines whether to use `lc_name` as is or create a unique name beginning with the `lc_name` as the prefix | bool | false |
default_version | (LT) Default Version of the launch template | string | false |
block_device_mappings | (LT) Specify volumes to attach to the instance besides the volumes specified by the AMI | list(any) | false |
vpc_zone_identifier | A list of subnet IDs to launch resources in. Subnets automatically determine which availability zones the group will reside. Conflicts with `availability_zones` | list(string) | false |
max_size | The maximum size of the autoscaling group | number | false |
min_elb_capacity | Setting this causes Terraform to wait for this number of instances to show up healthy in the ELB only on creation. Updates will not wait on ELB instance number changes | number | false |
instance_initiated_shutdown_behavior | (LT) Shutdown behavior for the instance. Can be `stop` or `terminate`. (Default: `stop`) | string | false |
credit_specification | (LT) Customize the credit specification of the instance | map(string) | false |
health_check_type | `EC2` or `ELB`. Controls how health checking is done | string | false |
delete_timeout | Delete timeout to wait for destroying autoscaling group | string | false |
use_lt | Determines whether to use a launch template in the autoscaling group or not | bool | false |
ram_disk_id | (LT) The ID of the ram disk | string | false |
hibernation_options | (LT) The hibernation options for the instance | map(string) | false |
service_linked_role_arn | The ARN of the service-linked role that the ASG will use to call other AWS services | string | false |
spot_price | (LC) The maximum price to use for reserving spot instances (defaults to on-demand price) | string | false |
ebs_block_device | (LC) Additional EBS block devices to attach to the instance | list(map(string)) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

32
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-bridgecrew-read-only.md Normal file
View File

@ -0,0 +1,32 @@
---
title: AWS BRIDGECREW-READ-ONLY
---
## 描述
Bridgecrew READ ONLY integration module
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
role_name | The name for the Bridgecrew read-only IAM role. | string | false |
org_name | The name of the company the integration is for. Must be alphanumeric. | string | true |
account_alias | The alias of the account the CF is deployed in. This will be prepended to all the resources in the stack. Default is {org_name}-bc | string | false |
aws_profile | The profile that was used to deploy this module. If the default profile / default credentials are used, seet this value to null. | string | true |
api_token | This is your Bridgecrew platform Api token Set as and Environment variable TF_VAR_api_token | string | true |
common_tags | Implements the common tags scheme | map(any) | false |
topic_name | The name of the SNS topic for Bridgecrew to receive notifications. This value should not typically be modified, but is provided here to support testing and troubleshooting, if needed. | string | false |
bridgecrew_account_id | The Bridgecrew AWS account ID from which scans will originate. This value should not typically be modified, but is provided here to support testing and troubleshooting, if needed. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

109
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-cloudfront-s3-cdn.md Normal file
View File

@ -0,0 +1,109 @@
---
title: AWS CLOUDFRONT-S3-CDN
---
## 描述
Terraform module to easily provision CloudFront CDN backed by an S3 origin
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
origin_path | An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. It must begin with a /. Do not add a / at the end of the path. | string | false |
geo_restriction_locations | List of country codes for which CloudFront either to distribute content (whitelist) or not distribute your content (blacklist) | list(string) | false |
dns_alias_enabled | Create a DNS alias for the CDN. Requires `parent_zone_id` or `parent_zone_name` | bool | false |
lambda_function_association | A config block that triggers a lambda@edge function with specific actions | list(object({\n event_type = string\n include_body = bool\n lambda_arn = string\n })) | false |
encryption_enabled | When set to 'true' the resource will have aes256 encryption enabled by default | bool | false |
log_glacier_transition_days | Number of days after object creation to move Cloudfront Access Log objects to the glacier tier.\nOnly effective if `cloudfront_access_log_create_bucket` is `true`.\n | number | false |
trusted_key_groups | A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies. | list(string) | false |
cors_allowed_methods | List of allowed methods (e.g. GET, PUT, POST, DELETE, HEAD) for S3 bucket | list(string) | false |
origin_request_policy_id | The unique identifier of the origin request policy that is attached to the behavior.\nShould be used in conjunction with `cache_policy_id`.\n | string | false |
default_ttl | Default amount of time (in seconds) that an object is in a CloudFront cache | number | false |
website_enabled | Set to true to enable the created S3 bucket to serve as a website independently of Cloudfront,\nand to use that website as the origin. See the README for details and caveats. See also `s3_website_password_enabled`.\n | bool | false |
custom_origin_headers | A list of origin header parameters that will be sent to origin | list(object({ name = string, value = string })) | false |
realtime_log_config_arn | The ARN of the real-time log configuration that is attached to this cache behavior | string | false |
external_aliases | List of FQDN's - Used to set the Alternate Domain Names (CNAMEs) setting on Cloudfront. No new route53 records will be created for these | list(string) | false |
compress | Compress content for web requests that include Accept-Encoding: gzip in the request header | bool | false |
s3_origins | A list of S3 [origins](https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#origin-arguments) (in addition to the one created by this module) for this distribution.\nS3 buckets configured as websites are `custom_origins`, not `s3_origins`.\nSpecifying `s3_origin_config.origin_access_identity` as `null` or `""` will have it translated to the `origin_access_identity` used by the origin created by the module.\n | list(object({\n domain_name = string\n origin_id = string\n origin_path = string\n s3_origin_config = object({\n origin_access_identity = string\n })\n })) | false |
extra_origin_attributes | Additional attributes to put onto the origin label | list(string) | false |
min_ttl | Minimum amount of time that you want objects to stay in CloudFront caches | number | false |
custom_error_response | List of one or more custom error response element maps | list(object({\n error_caching_min_ttl = string\n error_code = string\n response_code = string\n response_page_path = string\n })) | false |
cloudfront_origin_access_identity_path | Existing cloudfront origin access identity path used in the cloudfront distribution's s3_origin_config content | string | false |
distribution_enabled | Set to `false` to create the distribution but still prevent CloudFront from serving requests. | bool | false |
origin_groups | List of [Origin Groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#origin-group-arguments) to create in the distribution.\nThe values of `primary_origin_id` and `failover_origin_id` must correspond to origin IDs existing in `var.s3_origins` or `var.custom_origins`.\n\nIf `primary_origin_id` is set to `null` or `""`, then the origin id of the origin created by this module will be used in its place.\nThis is to allow for the use case of making the origin created by this module the primary origin in an origin group.\n | list(object({\n primary_origin_id = string\n failover_origin_id = string\n failover_criteria = list(string)\n })) | false |
aliases | List of FQDN's - Used to set the Alternate Domain Names (CNAMEs) setting on Cloudfront | list(string) | false |
log_standard_transition_days | Number of days after object creation to move Cloudfront Access Log objects to the infrequent access tier.\nOnly effective if `cloudfront_access_log_create_bucket` is `true`.\n | number | false |
log_expiration_days | Number of days after object creation to expire Cloudfront Access Log objects.\nOnly effective if `cloudfront_access_log_create_bucket` is `true`.\n | number | false |
cors_max_age_seconds | Time in seconds that browser can cache the response for S3 bucket | number | false |
deployment_principal_arns | (Optional) Map of IAM Principal ARNs to lists of S3 path prefixes to grant `deployment_actions` permissions.\nResource list will include the bucket itself along with all the prefixes. Prefixes should not begin with '/'.\n | map(list(string)) | false |
cloudfront_access_log_bucket_name | When `cloudfront_access_log_create_bucket` is `false`, this is the name of the existing S3 Bucket where\nCloudfront Access Logs are to be delivered and is required. IGNORED when `cloudfront_access_log_create_bucket` is `true`.\n | string | false |
cloudfront_access_log_include_cookies | Set true to include cookies in Cloudfront Access Logs | bool | false |
log_prefix | DEPRECATED. Use `cloudfront_access_log_prefix` instead. | string | false |
extra_logs_attributes | Additional attributes to add to the end of the generated Cloudfront Access Log S3 Bucket name.\nOnly effective if `cloudfront_access_log_create_bucket` is `true`.\n | list(string) | false |
override_origin_bucket_policy | When using an existing origin bucket (through var.origin_bucket), setting this to 'false' will make it so the existing bucket policy will not be overriden | bool | false |
forward_query_string | Forward query strings to the origin that is associated with this cache behavior (incompatible with `cache_policy_id`) | bool | false |
viewer_protocol_policy | Limit the protocol users can use to access content. One of `allow-all`, `https-only`, or `redirect-to-https` | string | false |
parent_zone_id | ID of the hosted zone to contain this record (or specify `parent_zone_name`). Requires `dns_alias_enabled` set to true | string | false |
index_document | Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders | string | false |
versioning_enabled | When set to 'true' the s3 origin bucket will have versioning enabled | bool | false |
s3_access_logging_enabled | Set `true` to deliver S3 Access Logs to the `s3_access_log_bucket_name` bucket.\nDefaults to `false` if `s3_access_log_bucket_name` is empty (the default), `true` otherwise.\nMust be set explicitly if the access log bucket is being created at the same time as this module is being invoked.\n | bool | false |
access_log_bucket_name | DEPRECATED. Use `s3_access_log_bucket_name` instead. | string | false |
log_include_cookies | DEPRECATED. Use `cloudfront_access_log_include_cookies` instead. | bool | false |
s3_access_log_bucket_name | Name of the existing S3 bucket where S3 Access Logs will be delivered. Default is not to enable S3 Access Logging. | string | false |
query_string_cache_keys | When `forward_query_string` is enabled, only the query string keys listed in this argument are cached (incompatible with `cache_policy_id`) | list(string) | false |
web_acl_id | ID of the AWS WAF web ACL that is associated with the distribution | string | false |
wait_for_deployment | When set to 'true' the resource will wait for the distribution status to change from InProgress to Deployed | bool | false |
redirect_all_requests_to | A hostname to redirect all website requests for this distribution to. If this is set, it overrides other website settings | string | false |
error_document | An absolute path to the document to return in case of a 4XX error | string | false |
deployment_actions | List of actions to permit `deployment_principal_arns` to perform on bucket and bucket prefixes (see `deployment_principal_arns`) | list(string) | false |
cloudfront_origin_access_identity_iam_arn | Existing cloudfront origin access identity iam arn that is supplied in the s3 bucket policy | string | false |
s3_website_password_enabled | If set to true, and `website_enabled` is also true, a password will be required in the `Referrer` field of the\nHTTP request in order to access the website, and Cloudfront will be configured to pass this password in its requests.\nThis will make it much harder for people to bypass Cloudfront and access the S3 website directly via its website endpoint.\n | bool | false |
allow_ssl_requests_only | Set to `true` to require requests to use Secure Socket Layer (HTTPS/SSL). This will explicitly deny access to HTTP requests | bool | false |
log_versioning_enabled | Set `true` to enable object versioning in the created Cloudfront Access Log S3 Bucket.\nOnly effective if `cloudfront_access_log_create_bucket` is `true`.\n | bool | false |
origin_bucket | Name of an existing S3 bucket to use as the origin. If this is not provided, it will create a new s3 bucket using `var.name` and other context related inputs | string | false |
ordered_cache | An ordered list of [cache behaviors](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#cache-behavior-arguments) resource for this distribution.\nList in order of precedence (first match wins). This is in addition to the default cache policy.\nSet `target_origin_id` to `""` to specify the S3 bucket origin created by this module.\n | list(object({\n target_origin_id = string\n path_pattern = string\n\n allowed_methods = list(string)\n cached_methods = list(string)\n compress = bool\n trusted_signers = list(string)\n trusted_key_groups = list(string)\n\n cache_policy_id = string\n origin_request_policy_id = string\n\n viewer_protocol_policy = string\n min_ttl = number\n default_ttl = number\n max_ttl = number\n response_headers_policy_id = string\n\n forward_query_string = bool\n forward_header_values = list(string)\n forward_cookies = string\n forward_cookies_whitelisted_names = list(string)\n\n lambda_function_association = list(object({\n event_type = string\n include_body = bool\n lambda_arn = string\n }))\n\n function_association = list(object({\n event_type = string\n function_arn = string\n }))\n })) | false |
origin_ssl_protocols | The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. | list(string) | false |
cloudfront_access_logging_enabled | Set true to enable delivery of Cloudfront Access Logs to an S3 bucket | bool | false |
cloudfront_access_log_create_bucket | When `true` and `cloudfront_access_logging_enabled` is also true, this module will create a new,\nseparate S3 bucket to receive Cloudfront Access Logs.\n | bool | false |
cors_allowed_origins | List of allowed origins (e.g. example.com, test.com) for S3 bucket | list(string) | false |
cached_methods | List of cached methods (e.g. GET, PUT, POST, DELETE, HEAD) | list(string) | false |
cloudfront_access_log_prefix | Prefix to use for Cloudfront Access Log object keys. Defaults to no prefix. | string | false |
logging_enabled | DEPRECATED. Use `cloudfront_access_logging_enabled` instead. | bool | false |
minimum_protocol_version | Cloudfront TLS minimum protocol version.\nIf `var.acm_certificate_arn` is unset, only "TLSv1" can be specified. See: [AWS Cloudfront create-distribution documentation](https://docs.aws.amazon.com/cli/latest/reference/cloudfront/create-distribution.html)\nand [Supported protocols and ciphers between viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers) for more information.\nDefaults to "TLSv1.2_2019" unless `var.acm_certificate_arn` is unset, in which case it defaults to `TLSv1`\n | string | false |
cors_allowed_headers | List of allowed headers for S3 bucket | list(string) | false |
forward_header_values | A list of whitelisted header values to forward to the origin (incompatible with `cache_policy_id`) | list(string) | false |
response_headers_policy_id | The identifier for a response headers policy | string | false |
cache_policy_id | The unique identifier of the existing cache policy to attach to the default cache behavior.\nIf not provided, this module will add a default cache policy using other provided inputs.\n | string | false |
custom_origins | A list of additional custom website [origins](https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#origin-arguments) for this distribution.\n | list(object({\n domain_name = string\n origin_id = string\n origin_path = string\n custom_headers = list(object({\n name = string\n value = string\n }))\n custom_origin_config = object({\n http_port = number\n https_port = number\n origin_protocol_policy = string\n origin_ssl_protocols = list(string)\n origin_keepalive_timeout = number\n origin_read_timeout = number\n })\n })) | false |
acm_certificate_arn | Existing ACM Certificate ARN | string | false |
additional_bucket_policy | Additional policies for the bucket. If included in the policies, the variables `${bucket_name}`, `${origin_path}` and `${cloudfront_origin_access_identity_iam_arn}` will be substituted.\nIt is also possible to override the default policy statements by providing statements with `S3GetObjectForCloudFront` and `S3ListBucketForCloudFront` sid.\n | string | false |
cors_expose_headers | List of expose header in the response for S3 bucket | list(string) | false |
max_ttl | Maximum amount of time (in seconds) that an object is in a CloudFront cache | number | false |
block_origin_public_access_enabled | When set to 'true' the s3 origin bucket will have public access block enabled | bool | false |
s3_access_log_prefix | Prefix to use for S3 Access Log object keys. Defaults to `logs/${module.this.id}` | string | false |
comment | Comment for the origin access identity | string | false |
forward_cookies | Specifies whether you want CloudFront to forward all or no cookies to the origin. Can be 'all' or 'none' | string | false |
trusted_signers | The AWS accounts, if any, that you want to allow to create signed URLs for private content. 'self' is acceptable. | list(string) | false |
parent_zone_name | Name of the hosted zone to contain this record (or specify `parent_zone_id`). Requires `dns_alias_enabled` set to true | string | false |
s3_object_ownership | Specifies the S3 object ownership control on the origin bucket. Valid values are `ObjectWriter`, `BucketOwnerPreferred`, and 'BucketOwnerEnforced'. | string | false |
origin_force_destroy | Delete all objects from the bucket so that the bucket can be destroyed without error (e.g. `true` or `false`) | bool | false |
default_root_object | Object that CloudFront return when requests the root URL | string | false |
price_class | Price class for this distribution: `PriceClass_All`, `PriceClass_200`, `PriceClass_100` | string | false |
allowed_methods | List of allowed methods (e.g. GET, PUT, POST, DELETE, HEAD) for AWS CloudFront | list(string) | false |
geo_restriction_type | Method that use to restrict distribution of your content by country: `none`, `whitelist`, or `blacklist` | string | false |
routing_rules | A json array containing routing rules describing redirect behavior and when redirects are applied | string | false |
ipv6_enabled | Set to true to enable an AAAA DNS record to be set as well as the A record | bool | false |
function_association | A config block that triggers a CloudFront function with specific actions.\nSee the [aws_cloudfront_distribution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#function-association)\ndocumentation for more information.\n | list(object({\n event_type = string\n function_arn = string\n })) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

48
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-cloudfront.md Normal file
View File

@ -0,0 +1,48 @@
---
title: AWS CLOUDFRONT
---
## 描述
Terraform module which creates CloudFront resources on AWS
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
default_cache_behavior | The default cache behavior for this distribution | any | false |
ordered_cache_behavior | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0. | any | false |
realtime_metrics_subscription_status | A flag that indicates whether additional CloudWatch metrics are enabled for a given CloudFront distribution. Valid values are `Enabled` and `Disabled`. | string | false |
aliases | Extra CNAMEs (alternate domain names), if any, for this distribution. | list(string) | false |
geo_restriction | The restriction configuration for this distribution (geo_restrictions) | any | false |
custom_error_response | One or more custom error response elements | any | false |
tags | A map of tags to assign to the resource. | map(string) | false |
origin | One or more origins for this distribution (multiples allowed). | any | false |
viewer_certificate | The SSL configuration for this distribution | any | false |
http_version | The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2. | string | false |
is_ipv6_enabled | Whether the IPv6 is enabled for the distribution. | bool | false |
price_class | The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100 | string | false |
wait_for_deployment | If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. | bool | false |
web_acl_id | If you're using AWS WAF to filter CloudFront requests, the Id of the AWS WAF web ACL that is associated with the distribution. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned. If using WAFv2, provide the ARN of the web ACL. | string | false |
origin_group | One or more origin_group for this distribution (multiples allowed). | any | false |
create_origin_access_identity | Controls if CloudFront origin access identity should be created | bool | false |
comment | Any comments you want to include about the distribution. | string | false |
default_root_object | The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. | string | false |
retain_on_delete | Disables the distribution instead of deleting it when destroying the resource through Terraform. If this is set, the distribution needs to be deleted manually afterwards. | bool | false |
logging_config | The logging configuration that controls how logs are written to your distribution (maximum one). | any | false |
create_monitoring_subscription | If enabled, the resource for monitoring subscription will created. | bool | false |
create_distribution | Controls if CloudFront distribution should be created | bool | false |
origin_access_identities | Map of CloudFront origin access identities (value as a comment) | map(string) | false |
enabled | Whether the distribution is enabled to accept end user requests for content. | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

33
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-cloudwatch-cis-alarms.md Normal file
View File

@ -0,0 +1,33 @@
---
title: AWS CLOUDWATCH-CIS-ALARMS
---
## 描述
Terraform module which creates Cloudwatch resources on AWS
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
use_random_name_prefix | Whether to prefix resource names with random prefix | bool | false |
namespace | The namespace where metric filter and metric alarm should be cleated | string | false |
log_group_name | The name of the log group to associate the metric filter with | string | false |
alarm_actions | List of ARNs to put as Cloudwatch Alarms actions (eg, ARN of SNS topic) | list(string) | false |
actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. | bool | false |
create | Whether to create the Cloudwatch log metric filter and metric alarms | bool | false |
name_prefix | A name prefix for the cloudwatch alarm (if use_random_name_prefix is true, this will be ignored) | string | false |
disabled_controls | List of IDs of disabled CIS controls | list(string) | false |
tags | A mapping of tags to assign to all resources | map(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

30
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-cloudwatch-log-group.md Normal file
View File

@ -0,0 +1,30 @@
---
title: AWS CLOUDWATCH-LOG-GROUP
---
## 描述
Terraform module which creates Cloudwatch resources on AWS
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
create | Whether to create the Cloudwatch log group | bool | false |
name | A name for the log group | string | false |
name_prefix | A name prefix for the log group | string | false |
retention_in_days | Specifies the number of days you want to retain log events in the specified log group | number | false |
kms_key_id | The ARN of the KMS Key to use when encrypting logs | string | false |
tags | A map of tags to add to Cloudwatch log group | map(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

32
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-cloudwatch-log-metric-filter.md Normal file
View File

@ -0,0 +1,32 @@
---
title: AWS CLOUDWATCH-LOG-METRIC-FILTER
---
## 描述
Terraform module which creates Cloudwatch resources on AWS
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
log_group_name | The name of the log group to associate the metric filter with | string | true |
metric_transformation_name | The name of the CloudWatch metric to which the monitored log information should be published (e.g. ErrorCount) | string | true |
metric_transformation_namespace | The destination namespace of the CloudWatch metric. | string | true |
metric_transformation_value | What to publish to the metric. For example, if you're counting the occurrences of a particular term like 'Error', the value will be '1' for each occurrence. If you're counting the bytes transferred the published value will be the value in the log event. | string | false |
metric_transformation_default_value | The value to emit when a filter pattern does not match a log event. | string | false |
create_cloudwatch_log_metric_filter | Whether to create the Cloudwatch log metric filter | bool | false |
name | A name for the metric filter. | string | true |
pattern | A valid CloudWatch Logs filter pattern for extracting metric data out of ingested log events. | string | true |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

46
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-cloudwatch-metric-alarm.md Normal file
View File

@ -0,0 +1,46 @@
---
title: AWS CLOUDWATCH-METRIC-ALARM
---
## 描述
Terraform module which creates Cloudwatch resources on AWS
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
unit | The unit for the alarm's associated metric. | string | false |
statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |
dimensions | The dimensions for the alarm's associated metric. | any | false |
treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |
tags | A mapping of tags to assign to all resources | map(string) | false |
create_metric_alarm | Whether to create the Cloudwatch metric alarm | bool | false |
threshold | The value against which the specified statistic is compared. | number | true |
namespace | The namespace for the alarm's associated metric. See docs for the list of namespaces. See docs for supported metrics. | string | false |
period | The period in seconds over which the specified statistic is applied. | string | false |
actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. Defaults to true. | bool | false |
datapoints_to_alarm | The number of datapoints that must be breaching to trigger the alarm. | number | false |
alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |
comparison_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. | string | true |
metric_name | The name for the alarm's associated metric. See docs for supported metrics. | string | false |
insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |
alarm_name | The descriptive name for the alarm. This name must be unique within the user's AWS account. | string | true |
alarm_description | The description for the alarm. | string | false |
evaluation_periods | The number of periods over which data is compared to the specified threshold. | number | true |
extended_statistic | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

46
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-cloudwatch-metric-alarms.md Normal file
View File

@ -0,0 +1,46 @@
---
title: AWS CLOUDWATCH-METRIC-ALARMS
---
## 描述
Terraform module which creates Cloudwatch resources on AWS
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |
comparison_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. | string | true |
period | The period in seconds over which the specified statistic is applied. | string | false |
actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. Defaults to true. | bool | false |
datapoints_to_alarm | The number of datapoints that must be breaching to trigger the alarm. | number | false |
insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
extended_statistic | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | string | false |
evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |
create_metric_alarm | Whether to create the Cloudwatch metric alarm | bool | false |
unit | The unit for the alarm's associated metric. | string | false |
statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |
ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |
tags | A mapping of tags to assign to all resources | map(string) | false |
alarm_name | The descriptive name for the alarm. This name must be unique within the user's AWS account. | string | true |
alarm_description | The description for the alarm. | string | false |
dimensions | The dimensions for the alarm's associated metric. | any | false |
alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |
evaluation_periods | The number of periods over which data is compared to the specified threshold. | number | true |
threshold | The value against which the specified statistic is compared. | number | true |
metric_name | The name for the alarm's associated metric. See docs for supported metrics. | string | false |
namespace | The namespace for the alarm's associated metric. See docs for the list of namespaces. See docs for supported metrics. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

40
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-config.md Normal file
View File

@ -0,0 +1,40 @@
---
title: AWS CONFIG
---
## 描述
This module configures AWS Config, a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
sns_encryption_key_id | The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK. | string | false |
sqs_queue_kms_master_key_id | The ID of an AWS-managed customer master key (CMK) for Amazon SQS Queue or a custom CMK | string | false |
child_resource_collector_accounts | The account IDs of other accounts that will send their AWS Configuration to this account | set(string) | false |
force_destroy | A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable | bool | false |
create_iam_role | Flag to indicate whether an IAM Role should be created to grant the proper permissions for AWS Config | bool | false |
global_resource_collector_region | The region that collects AWS Config data for global resources such as IAM | string | true |
central_resource_collector_account | The account ID of a central account that will aggregate AWS Config from other accounts | string | false |
disabled_aggregation_regions | A list of regions where config aggregation is disabled | list(string) | false |
s3_bucket_id | The id (name) of the S3 bucket used to store the configuration history | string | true |
iam_role_arn | The ARN for an IAM Role AWS Config uses to make read or write requests to the delivery channel and to describe the\nAWS resources associated with the account. This is only used if create_iam_role is false.\n\nIf you want to use an existing IAM Role, set the value of this to the ARN of the existing topic and set\ncreate_iam_role to false.\n\nSee the AWS Docs for further information:\nhttp://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html\n | string | false |
s3_key_prefix | The prefix for AWS Config objects stored in the the S3 bucket. If this variable is set to null, the default, no\nprefix will be used.\n\nExamples:\n\nwith prefix: {S3_BUCKET NAME}:/{S3_KEY_PREFIX}/AWSLogs/{ACCOUNT_ID}/Config/*.\nwithout prefix: {S3_BUCKET NAME}:/AWSLogs/{ACCOUNT_ID}/Config/*.\n | string | false |
s3_bucket_arn | The ARN of the S3 bucket used to store the configuration history | string | true |
create_sns_topic | Flag to indicate whether an SNS topic should be created for notifications\nIf you want to send findings to a new SNS topic, set this to true and provide a valid configuration for subscribers\n | bool | false |
subscribers | A map of subscription configurations for SNS topics\n\nFor more information, see:\nhttps://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription#argument-reference\n\nprotocol:\n The protocol to use. The possible values for this are: sqs, sms, lambda, application. (http or https are partially\n supported, see link) (email is an option but is unsupported in terraform, see link).\nendpoint:\n The endpoint to send data to, the contents will vary with the protocol. (see link for more information)\nendpoint_auto_confirms (Optional):\n Boolean indicating whether the end point is capable of auto confirming subscription e.g., PagerDuty. Default is\n false\nraw_message_delivery (Optional):\n Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property). Default is false.\n | map(any) | false |
findings_notification_arn | The ARN for an SNS topic to send findings notifications to. This is only used if create_sns_topic is false.\nIf you want to send findings to an existing SNS topic, set the value of this to the ARN of the existing topic and set\ncreate_sns_topic to false.\n | string | false |
managed_rules | A list of AWS Managed Rules that should be enabled on the account.\n\nSee the following for a list of possible rules to enable:\nhttps://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html\n | map(object({\n description = string\n identifier = string\n input_parameters = any\n tags = map(string)\n enabled = bool\n })) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

49
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-dynamodb-table.md Normal file
View File

@ -0,0 +1,49 @@
---
title: AWS DYNAMODB-TABLE
---
## 描述
Terraform module which creates DynamoDB table on AWS
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
hash_key | The attribute to use as the hash (partition) key. Must also be defined as an attribute | string | false |
point_in_time_recovery_enabled | Whether to enable point-in-time recovery | bool | false |
ttl_attribute_name | The name of the table attribute to store the TTL timestamp in | string | false |
local_secondary_indexes | Describe an LSI on the table; these can only be allocated at creation so you cannot change this definition after you have created the resource. | any | false |
autoscaling_defaults | A map of default autoscaling settings | map(string) | false |
timeouts | Updated Terraform resource management timeouts | map(string) | false |
range_key | The attribute to use as the range (sort) key. Must also be defined as an attribute | string | false |
global_secondary_indexes | Describe a GSI for the table; subject to the normal limits on the number of GSIs, projected attributes, etc. | any | false |
stream_view_type | When an item in the table is modified, StreamViewType determines what information is written to the table's stream. Valid values are KEYS_ONLY, NEW_IMAGE, OLD_IMAGE, NEW_AND_OLD_IMAGES. | string | false |
server_side_encryption_kms_key_arn | The ARN of the CMK that should be used for the AWS KMS encryption. This attribute should only be specified if the key is different from the default DynamoDB CMK, alias/aws/dynamodb. | string | false |
tags | A map of tags to add to all resources | map(string) | false |
autoscaling_write | A map of write autoscaling settings. `max_capacity` is the only required key. See example in examples/autoscaling | map(string) | false |
create_table | Controls if DynamoDB table and associated resources are created | bool | false |
billing_mode | Controls how you are billed for read/write throughput and how you manage capacity. The valid values are PROVISIONED or PAY_PER_REQUEST | string | false |
read_capacity | The number of read units for this table. If the billing_mode is PROVISIONED, this field should be greater than 0 | number | false |
stream_enabled | Indicates whether Streams are to be enabled (true) or disabled (false). | bool | false |
autoscaling_read | A map of read autoscaling settings. `max_capacity` is the only required key. See example in examples/autoscaling | map(string) | false |
server_side_encryption_enabled | Whether or not to enable encryption at rest using an AWS managed KMS customer master key (CMK) | bool | false |
autoscaling_enabled | Whether or not to enable autoscaling. See note in README about this setting | bool | false |
autoscaling_indexes | A map of index autoscaling configurations. See example in examples/autoscaling | map(map(string)) | false |
name | Name of the DynamoDB table | string | false |
attributes | List of nested attribute definitions. Only required for hash_key and range_key attributes. Each attribute has two properties: name - (Required) The name of the attribute, type - (Required) Attribute type, which must be a scalar type: S, N, or B for (S)tring, (N)umber or (B)inary data | list(map(string)) | false |
write_capacity | The number of write units for this table. If the billing_mode is PROVISIONED, this field should be greater than 0 | number | false |
ttl_enabled | Indicates whether ttl is enabled | bool | false |
replica_regions | Region names for creating replicas for a global DynamoDB table. | any | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

74
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-ec2-instance.md Normal file
View File

@ -0,0 +1,74 @@
---
title: AWS EC2-INSTANCE
---
## 描述
Terraform module which creates EC2 instance(s) on AWS
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
ami | ID of AMI to use for the instance | string | false |
associate_public_ip_address | Whether to associate a public IP address with an instance in a VPC | bool | false |
cpu_credits | The credit option for CPU usage (unlimited or standard) | string | false |
spot_launch_group | A launch group is a group of spot instances that launch together and terminate together. If left empty instances are launched and terminated individually | string | false |
spot_valid_until | The end date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ) | string | false |
name | Name to be used on EC2 instance created | string | false |
ebs_optimized | If true, the launched EC2 instance will be EBS-optimized | bool | false |
ephemeral_block_device | Customize Ephemeral (also known as Instance Store) volumes on the instance | list(map(string)) | false |
hibernation | If true, the launched EC2 instance will support hibernation | bool | false |
instance_type | The type of instance to start | string | false |
metadata_options | Customize the metadata options of the instance | map(string) | false |
subnet_id | The VPC Subnet ID to launch in | string | false |
spot_wait_for_fulfillment | If set, Terraform will wait for the Spot Request to be fulfilled, and will throw an error if the timeout of 10m is reached | bool | false |
disable_api_termination | If true, enables EC2 Instance Termination Protection | bool | false |
iam_instance_profile | IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile | string | false |
placement_group | The Placement Group to start the instance in | string | false |
user_data_base64 | Can be used instead of user_data to pass base64-encoded binary data directly. Use this instead of user_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. | string | false |
cpu_threads_per_core | Sets the number of CPU threads per core for an instance (has no effect unless cpu_core_count is also set). | number | false |
get_password_data | If true, wait for password data to become available and retrieve it. | bool | false |
instance_initiated_shutdown_behavior | Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instance | string | false |
key_name | Key name of the Key Pair to use for the instance; which can be managed using the `aws_key_pair` resource | string | false |
network_interface | Customize network interfaces to be attached at instance boot time | list(map(string)) | false |
source_dest_check | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. | bool | false |
tags | A mapping of tags to assign to the resource | map(string) | false |
create_spot_instance | Depicts if the instance is a spot instance | bool | false |
spot_valid_from | The start date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ) | string | false |
ebs_block_device | Additional EBS block devices to attach to the instance | list(map(string)) | false |
launch_template | Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template | map(string) | false |
private_ip | Private IP address to associate with the instance in a VPC | string | false |
tenancy | The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host. | string | false |
availability_zone | AZ to start the instance in | string | false |
monitoring | If true, the launched EC2 instance will have detailed monitoring enabled | bool | false |
enable_volume_tags | Whether to enable volume tags (if enabled it conflicts with root_block_device tags) | bool | false |
vpc_security_group_ids | A list of security group IDs to associate with | list(string) | false |
timeouts | Define maximum timeout for creating, updating, and deleting EC2 instance resources | map(string) | false |
capacity_reservation_specification | Describes an instance's Capacity Reservation targeting option | any | false |
ipv6_address_count | A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet | number | false |
root_block_device | Customize details about the root block device of the instance. See Block Devices below for details | list(any) | false |
user_data | The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user_data_base64 instead. | string | false |
volume_tags | A mapping of tags to assign to the devices created by the instance at launch time | map(string) | false |
cpu_core_count | Sets the number of CPU cores for an instance. | number | false |
spot_type | If set to one-time, after the instance is terminated, the spot request will be closed. Default `persistent` | string | false |
create | Whether to create an instance | bool | false |
host_id | ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host | string | false |
ipv6_addresses | Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface | list(string) | false |
secondary_private_ips | A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a `network_interface block` | list(string) | false |
spot_price | The maximum price to request on the spot market. Defaults to on-demand price | string | false |
spot_block_duration_minutes | The required duration for the Spot instances, in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360) | number | false |
spot_instance_interruption_behavior | Indicates Spot instance behavior when it is interrupted. Valid values are `terminate`, `stop`, or `hibernate` | string | false |
enclave_options_enabled | Whether Nitro Enclaves will be enabled on the instance. Defaults to `false` | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

66
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-ecs-container-definition.md Normal file
View File

@ -0,0 +1,66 @@
---
title: AWS ECS-CONTAINER-DEFINITION
---
## 描述
Terraform module to generate well-formed JSON documents (container definitions) that are passed to the aws_ecs_task_definition Terraform resource
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
disable_networking | When this parameter is true, networking is disabled within the container. | bool | false |
resource_requirements | The type and amount of a resource to assign to a container. The only supported resource is a GPU. | list(object({\n type = string\n value = string\n })) | false |
container_memory | The amount of memory (in MiB) to allow the container to use. This is a hard limit, if the container attempts to exceed the container_memory, the container is killed. This field is optional for Fargate launch type and the total amount of container_memory of all containers in a task will need to be lower than the task memory value | number | false |
healthcheck | A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries) | object({\n command = list(string)\n retries = number\n timeout = number\n interval = number\n startPeriod = number\n }) | false |
start_timeout | Time duration (in seconds) to wait before giving up on resolving dependencies for a container | number | false |
map_environment | The environment variables to pass to the container. This is a map of string: {key: value}. map_environment overrides environment | map(string) | false |
readonly_root_filesystem | Determines whether a container is given read-only access to its root filesystem. Due to how Terraform type casts booleans in json it is required to double quote this value | bool | false |
dns_servers | Container DNS servers. This is a list of strings specifying the IP addresses of the DNS servers | list(string) | false |
volumes_from | A list of VolumesFrom maps which contain "sourceContainer" (name of the container that has the volumes to mount) and "readOnly" (whether the container can write to the volume) | list(object({\n sourceContainer = string\n readOnly = bool\n })) | false |
container_image | The image used to start the container. Images in the Docker Hub registry available by default | string | true |
container_cpu | The number of cpu units to reserve for the container. This is optional for tasks using Fargate launch type and the total amount of container_cpu of all containers in a task will need to be lower than the task-level cpu value | number | false |
essential | Determines whether all other containers in a task are stopped, if this container fails or stops for any reason. Due to how Terraform type casts booleans in json it is required to double quote this value | bool | false |
repository_credentials | Container repository credentials; required when using a private repo. This map currently supports a single key; "credentialsParameter", which should be the ARN of a Secrets Manager's secret holding the credentials | map(string) | false |
system_controls | A list of namespaced kernel parameters to set in the container, mapping to the --sysctl option to docker run. This is a list of maps: { namespace = "", value = ""} | list(map(string)) | false |
hostname | The hostname to use for your container. | string | false |
linux_parameters | Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. For more details, see https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LinuxParameters.html | object({\n capabilities = object({\n add = list(string)\n drop = list(string)\n })\n devices = list(object({\n containerPath = string\n hostPath = string\n permissions = list(string)\n }))\n initProcessEnabled = bool\n maxSwap = number\n sharedMemorySize = number\n swappiness = number\n tmpfs = list(object({\n containerPath = string\n mountOptions = list(string)\n size = number\n }))\n }) | false |
ulimits | Container ulimit settings. This is a list of maps, where each map should contain "name", "hardLimit" and "softLimit" | list(object({\n name = string\n hardLimit = number\n softLimit = number\n })) | false |
docker_security_options | A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. | list(string) | false |
entrypoint | The entry point that is passed to the container | list(string) | false |
command | The command that is passed to the container | list(string) | false |
secrets | The secrets to pass to the container. This is a list of maps | list(object({\n name = string\n valueFrom = string\n })) | false |
firelens_configuration | The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more details, see https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_FirelensConfiguration.html | object({\n type = string\n options = map(string)\n }) | false |
mount_points | Container mount points. This is a list of maps, where each map should contain `containerPath`, `sourceVolume` and `readOnly` | list(object({\n containerPath = string\n sourceVolume = string\n readOnly = bool\n })) | false |
dns_search_domains | Container DNS search domains. A list of DNS search domains that are presented to the container | list(string) | false |
stop_timeout | Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own | number | false |
container_name | The name of the container. Up to 255 characters ([a-z], [A-Z], [0-9], -, _ allowed) | string | true |
container_definition | Container definition overrides which allows for extra keys or overriding existing keys. | map(any) | false |
map_secrets | The secrets variables to pass to the container. This is a map of string: {key: value}. map_secrets overrides secrets | map(string) | false |
docker_labels | The configuration options to send to the `docker_labels` | map(string) | false |
container_memory_reservation | The amount of memory (in MiB) to reserve for the container. If container needs to exceed this threshold, it can do so up to the set container_memory hard limit | number | false |
environment_files | One or more files containing the environment variables to pass to the container. This maps to the --env-file option to docker run. The file must be hosted in Amazon S3. This option is only available to tasks using the EC2 launch type. This is a list of maps | list(object({\n value = string\n type = string\n })) | false |
log_configuration | Log configuration options to send to a custom log driver for the container. For more details, see https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LogConfiguration.html | any | false |
pseudo_terminal | When this parameter is true, a TTY is allocated. | bool | false |
port_mappings | The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort | list(object({\n containerPort = number\n hostPort = number\n protocol = string\n })) | false |
environment | The environment variables to pass to the container. This is a list of maps. map_environment overrides environment | list(object({\n name = string\n value = string\n })) | false |
interactive | When this parameter is true, this allows you to deploy containerized applications that require stdin or a tty to be allocated. | bool | false |
user | The user to run as inside the container. Can be any of these formats: user, user:group, uid, uid:gid, user:gid, uid:group. The default (null) will use the container's configured `USER` directive or root if not set. | string | false |
container_depends_on | The dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed. The condition can be one of START, COMPLETE, SUCCESS or HEALTHY | list(object({\n containerName = string\n condition = string\n })) | false |
privileged | When this variable is `true`, the container is given elevated privileges on the host container instance (similar to the root user). This parameter is not supported for Windows containers or tasks using the Fargate launch type. | bool | false |
working_directory | The working directory to run commands inside the container | string | false |
extra_hosts | A list of hostnames and IP address mappings to append to the /etc/hosts file on the container. This is a list of maps | list(object({\n ipAddress = string\n hostname = string\n })) | false |
links | List of container names this container can communicate with without port mappings | list(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

30
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-ecs.md Normal file
View File

@ -0,0 +1,30 @@
---
title: AWS ECS
---
## 描述
Terraform module which creates AWS ECS resources
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
create_ecs | Controls if ECS should be created | bool | false |
name | Name to be used on all the resources as identifier, also the name of the ECS cluster | string | false |
capacity_providers | List of short names of one or more capacity providers to associate with the cluster. Valid values also include FARGATE and FARGATE_SPOT. | list(string) | false |
default_capacity_provider_strategy | The capacity provider strategy to use by default for the cluster. Can be one or more. | list(map(any)) | false |
container_insights | Controls if ECS Cluster has container insights enabled | bool | false |
tags | A map of tags to add to ECS Cluster | map(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

48
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-eks-cluster-autoscaler.md Normal file
View File

@ -0,0 +1,48 @@
---
title: AWS EKS-CLUSTER-AUTOSCALER
---
## 描述
AWS Eks-Cluster-Autoscaler
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
k8s_namespace | The K8s namespace in which the node-problem-detector service account has been created | string | false |
k8s_irsa_role_create | Whether to create IRSA role and annotate service account | bool | false |
values | Additional yaml encoded values which will be passed to the Helm chart, see https://hub.helm.sh/charts/stable/cluster-autoscaler | string | false |
argo_application_values | Value overrides to use when deploying argo application object with helm | | false |
argo_project | ArgoCD Application project | string | false |
cluster_identity_oidc_issuer | The OIDC Identity issuer for the cluster | string | true |
cluster_identity_oidc_issuer_arn | The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service account | string | true |
helm_repo_url | Helm repository | string | false |
argo_sync_policy | ArgoCD syncPolicy manifest parameter | | false |
helm_chart_name | Helm chart name to be installed | string | false |
helm_chart_version | Version of the Helm chart | string | false |
k8s_rbac_create | Whether to create and use RBAC resources | bool | false |
k8s_service_account_name | The k8s cluster-autoscaler service account name | | false |
argo_application_use_helm | If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See Readme for more info | bool | false |
argo_destionation_server | Destination server for ArgoCD Application | string | false |
cluster_name | The name of the cluster | string | true |
helm_release_name | Helm release name | string | false |
k8s_service_account_create | Whether to create Service Account | bool | false |
argo_namespace | Namespace to deploy ArgoCD application CRD to | string | false |
argo_application_enabled | If set to true, the module will be deployed as ArgoCD application, otherwise it will be deployed as a Helm release | bool | false |
argo_info | ArgoCD info manifest parameter | | false |
enabled | Variable indicating whether deployment is enabled | bool | false |
helm_create_namespace | Create the namespace if it does not yet exist | bool | false |
settings | Additional settings which will be passed to the Helm chart values, see https://hub.helm.sh/charts/stable/cluster-autoscaler | map(any) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

54
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-eks-external-dns.md Normal file
View File

@ -0,0 +1,54 @@
---
title: AWS EKS-EXTERNAL-DNS
---
## 描述
AWS Eks-External-Dns
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
helm_release_name | Helm release name | string | false |
helm_repo_url | Helm repository | string | false |
enabled | Variable indicating whether deployment is enabled | bool | false |
k8s_service_account_create | Whether to create Service Account | bool | false |
k8s_service_account_name | The k8s external-dns service account name | | false |
argo_destionation_server | Destination server for ArgoCD Application | string | false |
helm_chart_version | Version of the Helm chart | string | false |
k8s_irsa_role_name_prefix | The IRSA role name prefix for prometheus | string | false |
k8s_assume_role_arn | Assume role arn. Assume role must be enabled. | | false |
argo_application_enabled | If set to true, the module will be deployed as ArgoCD application, otherwise it will be deployed as a Helm release | bool | false |
argo_application_values | Value overrides to use when deploying argo application object with helm | | false |
argo_sync_policy | ArgoCD syncPolicy manifest parameter | | false |
helm_chart_name | Helm chart name to be installed | string | false |
policy_allowed_zone_ids | List of the Route53 zone ids for service account IAM role access | list(string) | false |
settings | Additional settings which will be passed to the Helm chart values, see https://hub.helm.sh/charts/bitnami/external-dns | map(any) | false |
k8s_irsa_role_create | Whether to create IRSA role and annotate service account | bool | false |
k8s_irsa_policy_enabled | Whether to create opinionated policy to allow operations on specified zones in `policy_allowed_zone_ids`. | bool | false |
argo_project | ArgoCD Application project | string | false |
tags | AWS resources tags | map(string) | false |
k8s_irsa_additional_policies | Map of the additional policies to be attached to default role. Where key is arbiraty id and value is policy arn. | map(string) | false |
argo_namespace | Namespace to deploy ArgoCD application CRD to | string | false |
cluster_identity_oidc_issuer | The OIDC Identity issuer for the cluster | string | true |
cluster_identity_oidc_issuer_arn | The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service account | string | true |
helm_create_namespace | Whether to create k8s namespace with name defined by `k8s_namespace` | bool | false |
k8s_namespace | The K8s namespace in which the external-dns will be installed | string | false |
k8s_rbac_create | Whether to create and use RBAC resources | bool | false |
k8s_assume_role_enabled | Whether IRSA is allowed to assume role defined by k8s_assume_role_arn. Useful for hosted zones in another AWS account. | bool | false |
argo_application_use_helm | If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See Readme for more info | bool | false |
values | Additional yaml encoded values which will be passed to the Helm chart, see https://hub.helm.sh/charts/bitnami/external-dns | string | false |
argo_info | ArgoCD info manifest parameter | | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

33
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-eks-kube-state-metrics.md Normal file
View File

@ -0,0 +1,33 @@
---
title: AWS EKS-KUBE-STATE-METRICS
---
## 描述
AWS Eks-Kube-State-Metrics
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
helm_chart_name | Helm chart name to be installed | string | false |
helm_release_name | Helm release name | string | false |
helm_repo_url | Helm repository | string | false |
k8s_namespace | The K8s namespace in which the kube-state-metrics service account has been created | string | false |
settings | Additional settings which will be passed to the Helm chart values, see https://hub.helm.sh/charts/stable/kube-state-metrics | map(any) | false |
enabled | Variable indicating whether deployment is enabled | bool | false |
helm_create_namespace | Create the namespace if it does not yet exist | bool | false |
helm_chart_version | Version of the Helm chart | string | false |
values | Additional yaml encoded values which will be passed to the Helm chart. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

41
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-eks-node-problem-detector.md Normal file
View File

@ -0,0 +1,41 @@
---
title: AWS EKS-NODE-PROBLEM-DETECTOR
---
## 描述
A terraform module to deploy a node problem detector on Amazon EKS cluster
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
argo_application_enabled | If set to true, the module will be deployed as ArgoCD application, otherwise it will be deployed as a Helm release | bool | false |
argo_info | ArgoCD info manifest parameter | | false |
argo_destionation_server | Destination server for ArgoCD Application | string | false |
argo_project | ArgoCD Application project | string | false |
argo_sync_policy | ArgoCD syncPolicy manifest parameter | | false |
helm_chart_version | Version of the Helm chart | string | false |
helm_repo_url | Helm repository | string | false |
values | Additional yaml encoded values which will be passed to the Helm chart | string | false |
argo_namespace | Namespace to deploy ArgoCD application CRD to | string | false |
argo_application_use_helm | If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See Readme for more info | bool | false |
helm_create_namespace | Create the namespace if it does not yet exist | bool | false |
settings | Additional settings which will be passed to the Helm chart values, see https://hub.helm.sh/charts/stable/node-problem-detector | map(any) | false |
helm_release_name | Helm release name | string | false |
k8s_namespace | The K8s namespace in which the node-problem-detector service account has been created | string | false |
argo_application_values | Value overrides to use when deploying argo application object with helm | | false |
enabled | Variable indicating whether deployment is enabled | bool | false |
helm_chart_name | Helm chart name to be installed | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

78
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-eks.md Normal file
View File

@ -0,0 +1,78 @@
---
title: AWS EKS
---
## 描述
Terraform module to create an Elastic Kubernetes (EKS) cluster and associated worker instances on AWS
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
cluster_additional_security_group_ids | List of additional, externally created security group IDs to attach to the cluster control plane | list(string) | false |
openid_connect_audiences | List of OpenID Connect audience client IDs to add to the IRSA provider | list(string) | false |
iam_role_path | Cluster IAM role path | string | false |
cluster_name | Name of the EKS cluster | string | false |
cloudwatch_log_group_kms_key_id | If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) | string | false |
cluster_security_group_id | Existing security group ID to be attached to the cluster. Required if `create_cluster_security_group` = `false` | string | false |
cluster_security_group_additional_rules | List of additional security group rules to add to the cluster security group created. Set `source_node_security_group = true` inside rules to set the `node_security_group` as source | any | false |
cluster_security_group_tags | A map of additional tags to add to the cluster security group created | map(string) | false |
node_security_group_id | ID of an existing security group to attach to the node groups created | string | false |
node_security_group_additional_rules | List of additional security group rules to add to the node security group created. Set `source_cluster_security_group = true` inside rules to set the `cluster_security_group` as source | any | false |
enable_irsa | Determines whether to create an OpenID Connect Provider for EKS to enable IRSA | bool | false |
iam_role_use_name_prefix | Determines whether the IAM role name (`iam_role_name`) is used as a prefix | string | false |
self_managed_node_groups | Map of self-managed node group definitions to create | any | false |
cluster_service_ipv4_cidr | The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks | string | false |
eks_managed_node_groups | Map of EKS managed node group definitions to create | any | false |
cluster_endpoint_public_access_cidrs | List of CIDR blocks which can access the Amazon EKS public API server endpoint | list(string) | false |
cluster_timeouts | Create, update, and delete timeout configurations for the cluster | map(string) | false |
cluster_security_group_description | Description of the cluster security group created | string | false |
iam_role_additional_policies | Additional policies to be added to the IAM role | list(string) | false |
subnet_ids | A list of subnet IDs where the EKS cluster (ENIs) will be provisioned along with the nodes/node groups. Node groups can be deployed within a different set of subnet IDs from within the node group configuration | list(string) | false |
cluster_encryption_config | Configuration block with encryption configuration for the cluster | list(object({\n provider_key_arn = string\n resources = list(string)\n })) | false |
cluster_security_group_name | Name to use on cluster security group created | string | false |
create_node_security_group | Determines whether to create a security group for the node groups or use the existing `node_security_group_id` | bool | false |
iam_role_arn | Existing IAM role ARN for the cluster. Required if `create_iam_role` is set to `false` | string | false |
iam_role_tags | A map of additional tags to add to the IAM role created | map(string) | false |
cluster_endpoint_public_access | Indicates whether or not the Amazon EKS public API server endpoint is enabled | bool | false |
cluster_tags | A map of additional tags to add to the cluster | map(string) | false |
create_cloudwatch_log_group | Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled | bool | false |
create_cluster_security_group | Determines if a security group is created for the cluster or use the existing `cluster_security_group_id` | bool | false |
tags | A map of tags to add to all resources | map(string) | false |
node_security_group_use_name_prefix | Determines whether node security group name (`node_security_group_name`) is used as a prefix | string | false |
create_iam_role | Determines whether a an IAM role is created or to use an existing IAM role | bool | false |
create | Controls if EKS resources should be created (affects nearly all resources) | bool | false |
cloudwatch_log_group_retention_in_days | Number of days to retain log events. Default retention - 90 days | number | false |
create_cni_ipv6_iam_policy | Determines whether to create an [`AmazonEKS_CNI_IPv6_Policy`](https://docs.aws.amazon.com/eks/latest/userguide/cni-iam-role.html#cni-iam-role-create-ipv6-policy) | bool | false |
node_security_group_tags | A map of additional tags to add to the node security group created | map(string) | false |
iam_role_description | Description of the role | string | false |
iam_role_name | Name to use on IAM role created | string | false |
prefix_separator | The separator to use between the prefix and the generated timestamp for resource names | string | false |
cluster_ip_family | The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created | string | false |
vpc_id | ID of the VPC where the cluster and its nodes will be provisioned | string | false |
cluster_security_group_use_name_prefix | Determines whether cluster security group name (`cluster_security_group_name`) is used as a prefix | string | false |
node_security_group_name | Name to use on node security group created | string | false |
cluster_identity_providers | Map of cluster identity provider configurations to enable for the cluster. Note - this is different/separate from IRSA | any | false |
self_managed_node_group_defaults | Map of self-managed node group default configurations | any | false |
eks_managed_node_group_defaults | Map of EKS managed node group default configurations | any | false |
cluster_enabled_log_types | A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | list(string) | false |
cluster_endpoint_private_access | Indicates whether or not the Amazon EKS private API server endpoint is enabled | bool | false |
fargate_profiles | Map of Fargate Profile definitions to create | any | false |
cluster_version | Kubernetes `<major>.<minor>` version to use for the EKS cluster (i.e.: `1.21`) | string | false |
iam_role_permissions_boundary | ARN of the policy that is used to set the permissions boundary for the IAM role | string | false |
fargate_profile_defaults | Map of Fargate Profile default configurations | any | false |
node_security_group_description | Description of the node security group created | string | false |
cluster_addons | Map of cluster addon configurations to enable for the cluster. Addon name can be the map keys or set with `name` | any | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

60
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-elasticache-redis.md Normal file
View File

@ -0,0 +1,60 @@
---
title: AWS ELASTICACHE-REDIS
---
## 描述
Terraform module to provision an ElastiCache Redis Cluster
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
maintenance_window | Maintenance window | string | false |
elasticache_subnet_group_name | Subnet group name for the ElastiCache instance | string | false |
alarm_actions | Alarm action list | list(string) | false |
vpc_id | VPC ID | string | true |
alarm_memory_threshold_bytes | Ram threshold alarm level | number | false |
availability_zones | Availability zone IDs | list(string) | false |
cloudwatch_metric_alarms_enabled | Boolean flag to enable/disable CloudWatch metrics alarms | bool | false |
parameter_group_description | Managed by Terraform | string | false |
cluster_size | Number of nodes in cluster. *Ignored when `cluster_mode_enabled` == `true`* | number | false |
instance_type | Elastic cache instance type | string | false |
transit_encryption_enabled | Set `true` to enable encryption in transit. Forced `true` if `var.auth_token` is set.\nIf this is enabled, use the [following guide](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html#connect-tls) to access redis.\n | bool | false |
notification_topic_arn | Notification topic arn | string | false |
dns_subdomain | The subdomain to use for the CNAME record. If not provided then the CNAME record will use var.name. | string | false |
auth_token | Auth token for password protecting redis, `transit_encryption_enabled` must be set to `true`. Password must be longer than 16 chars | string | false |
snapshot_arns | A single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. Example: arn:aws:s3:::my_bucket/snapshot1.rdb | list(string) | false |
subnets | Subnet IDs | list(string) | false |
apply_immediately | Apply changes immediately | bool | false |
snapshot_window | The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. | string | false |
cluster_mode_enabled | Flag to enable/disable creation of a native redis cluster. `automatic_failover_enabled` must be set to `true`. Only 1 `cluster_mode` block is allowed | bool | false |
ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Number (ARN) | list(string) | false |
automatic_failover_enabled | Automatic failover (Not available for T1/T2 instances) | bool | false |
multi_az_enabled | Multi AZ (Automatic Failover must also be enabled. If Cluster Mode is enabled, Multi AZ is on by default, and this setting is ignored) | bool | false |
replication_group_id | Replication group ID with the following constraints: \nA name must contain from 1 to 20 alphanumeric characters or hyphens. \n The first character must be a letter. \n A name cannot end with a hyphen or contain two consecutive hyphens. | string | false |
cluster_mode_replicas_per_node_group | Number of replica nodes in each node group. Valid values are 0 to 5. Changing this number will force a new resource | number | false |
family | Redis family | string | false |
zone_id | Route53 DNS Zone ID as list of string (0 or 1 items). If empty, no custom DNS name will be published.\nIf the list contains a single Zone ID, a custom DNS name will be pulished in that zone.\nCan also be a plain string, but that use is DEPRECATED because of Terraform issues.\n | any | false |
kms_key_id | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. `at_rest_encryption_enabled` must be set to `true` | string | false |
final_snapshot_identifier | The name of your final node group (shard) snapshot. ElastiCache creates the snapshot from the primary node in the cluster. If omitted, no final snapshot will be made. | string | false |
cluster_mode_num_node_groups | Number of node groups (shards) for this Redis replication group. Changing this number will trigger an online resizing operation before other settings modifications | number | false |
parameter | A list of Redis parameters to apply. Note that parameters may differ from one Redis family to another | list(object({\n name = string\n value = string\n })) | false |
engine_version | Redis engine version | string | false |
at_rest_encryption_enabled | Enable encryption at rest | bool | false |
alarm_cpu_threshold_percent | CPU threshold alarm level | number | false |
snapshot_name | The name of a snapshot from which to restore data into the new node group. Changing the snapshot_name forces a new resource. | string | false |
snapshot_retention_limit | The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. | number | false |
port | Redis port | number | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

40
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-elb.md Normal file
View File

@ -0,0 +1,40 @@
---
title: AWS ELB
---
## 描述
Terraform module which creates ELB resources on AWS
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
internal | If true, ELB will be an internal ELB | bool | false |
idle_timeout | The time in seconds that the connection is allowed to be idle | number | false |
connection_draining_timeout | The time in seconds to allow for connections to drain | number | false |
create_elb | Create the elb or not | bool | false |
subnets | A list of subnet IDs to attach to the ELB | list(string) | true |
access_logs | An access logs block | map(string) | false |
number_of_instances | Number of instances to attach to ELB | number | false |
tags | A mapping of tags to assign to the resource | map(string) | false |
name | The name of the ELB | string | false |
security_groups | A list of security group IDs to assign to the ELB | list(string) | true |
connection_draining | Boolean to enable connection draining | bool | false |
health_check | A health check block | map(string) | true |
instances | List of instances ID to place in the ELB pool | list(string) | false |
name_prefix | The prefix name of the ELB | string | false |
cross_zone_load_balancing | Enable cross-zone load balancing | bool | false |
listener | A list of listener blocks | list(map(string)) | true |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

30
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-guardduty.md Normal file
View File

@ -0,0 +1,30 @@
---
title: AWS GUARDDUTY
---
## 描述
Terraform module to provision AWS Guard Duty
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
enable_cloudwatch | Flag to indicate whether an CloudWatch logging should be enabled for GuardDuty\n | bool | false |
cloudwatch_event_rule_pattern_detail_type | The detail-type pattern used to match events that will be sent to SNS.\n\nFor more information, see:\nhttps://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatchEventsandEventPatterns.html\nhttps://docs.aws.amazon.com/eventbridge/latest/userguide/event-types.html\nhttps://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html\n | string | false |
create_sns_topic | Flag to indicate whether an SNS topic should be created for notifications.\nIf you want to send findings to a new SNS topic, set this to true and provide a valid configuration for subscribers.\n | bool | false |
subscribers | A map of subscription configurations for SNS topics\n\nFor more information, see:\nhttps://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription#argument-reference\n\nprotocol:\n The protocol to use. The possible values for this are: sqs, sms, lambda, application. (http or https are partially\n supported, see link) (email is an option but is unsupported in terraform, see link).\nendpoint:\n The endpoint to send data to, the contents will vary with the protocol. (see link for more information)\nendpoint_auto_confirms:\n Boolean indicating whether the end point is capable of auto confirming subscription e.g., PagerDuty. Default is\n false\nraw_message_delivery:\n Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property).\n Default is false\n | map(object({\n protocol = string\n endpoint = string\n endpoint_auto_confirms = bool\n raw_message_delivery = bool\n })) | false |
findings_notification_arn | The ARN for an SNS topic to send findings notifications to. This is only used if create_sns_topic is false.\nIf you want to send findings to an existing SNS topic, set the value of this to the ARN of the existing topic and set\ncreate_sns_topic to false.\n | string | false |
finding_publishing_frequency | The frequency of notifications sent for finding occurrences. If the detector is a GuardDuty member account, the value\nis determined by the GuardDuty master account and cannot be modified, otherwise it defaults to SIX_HOURS.\n\nFor standalone and GuardDuty master accounts, it must be configured in Terraform to enable drift detection.\nValid values for standalone and master accounts: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS."\n\nFor more information, see:\nhttps://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html#guardduty_findings_cloudwatch_notification_frequency\n | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

36
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-iam-account.md Normal file
View File

@ -0,0 +1,36 @@
---
title: AWS IAM-ACCOUNT
---
## 描述
Terraform module which creates IAM resources on AWS
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
minimum_password_length | Minimum length to require for user passwords | number | false |
allow_users_to_change_password | Whether to allow users to change their own password | bool | false |
require_lowercase_characters | Whether to require lowercase characters for user passwords | bool | false |
require_numbers | Whether to require numbers for user passwords | bool | false |
get_caller_identity | Whether to get AWS account ID, User ID, and ARN in which Terraform is authorized | bool | false |
account_alias | AWS IAM account alias for this account | string | true |
create_account_password_policy | Whether to create AWS IAM account password policy | bool | false |
max_password_age | The number of days that an user password is valid. | number | false |
require_symbols | Whether to require symbols for user passwords | bool | false |
hard_expiry | Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset) | bool | false |
password_reuse_prevention | The number of previous passwords that users are prevented from reusing | number | false |
require_uppercase_characters | Whether to require uppercase characters for user passwords | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

41
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-iam-assumable-role-with-oidc.md Normal file
View File

@ -0,0 +1,41 @@
---
title: AWS IAM-ASSUMABLE-ROLE-WITH-OIDC
---
## 描述
Terraform module which creates IAM resources on AWS
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
aws_account_id | The AWS account ID where the OIDC provider lives, leave empty to use the account for the AWS provider | string | false |
role_path | Path of IAM role | string | false |
oidc_subjects_with_wildcards | The OIDC subject using wildcards to be added to the role policy | set(string) | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
tags | A map of tags to add to IAM role resources | map(string) | false |
role_name | IAM role name | string | false |
role_name_prefix | IAM role name prefix | string | false |
role_description | IAM Role description | string | false |
role_permissions_boundary_arn | Permissions boundary ARN to use for IAM role | string | false |
role_policy_arns | List of ARNs of IAM policies to attach to IAM role | list(string) | false |
number_of_role_policy_arns | Number of IAM policies to attach to IAM role | number | false |
create_role | Whether to create a role | bool | false |
provider_url | URL of the OIDC Provider. Use provider_urls to specify several URLs. | string | false |
oidc_fully_qualified_subjects | The fully qualified OIDC subjects to be added to the role policy | set(string) | false |
oidc_fully_qualified_audiences | The audience to be added to the role policy. Set to sts.amazonaws.com for cross-account assumable role. Leave empty otherwise. | set(string) | false |
provider_urls | List of URLs of the OIDC Providers | list(string) | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

38
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-iam-assumable-role-with-saml.md Normal file
View File

@ -0,0 +1,38 @@
---
title: AWS IAM-ASSUMABLE-ROLE-WITH-SAML
---
## 描述
Terraform module which creates IAM resources on AWS
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
tags | A map of tags to add to IAM role resources | map(string) | false |
role_name_prefix | IAM role name prefix | string | false |
number_of_role_policy_arns | Number of IAM policies to attach to IAM role | number | false |
provider_id | ID of the SAML Provider. Use provider_ids to specify several IDs. | string | false |
aws_saml_endpoint | AWS SAML Endpoint | string | false |
role_path | Path of IAM role | string | false |
role_policy_arns | List of ARNs of IAM policies to attach to IAM role | list(string) | false |
create_role | Whether to create a role | bool | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
provider_ids | List of SAML Provider IDs | list(string) | false |
role_name | IAM role name | string | false |
role_description | IAM Role description | string | false |
role_permissions_boundary_arn | Permissions boundary ARN to use for IAM role | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

48
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-iam-assumable-role.md Normal file
View File

@ -0,0 +1,48 @@
---
title: AWS IAM-ASSUMABLE-ROLE
---
## 描述
Terraform module which creates IAM resources on AWS
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
trusted_role_actions | Actions of STS | list(string) | false |
trusted_role_services | AWS Services that can assume these roles | list(string) | false |
role_name | IAM role name | string | false |
role_path | Path of IAM role | string | false |
role_permissions_boundary_arn | Permissions boundary ARN to use for IAM role | string | false |
custom_role_trust_policy | A custorm role trust policy | string | false |
create_instance_profile | Whether to create an instance profile | bool | false |
custom_role_policy_arns | List of ARNs of IAM policies to attach to IAM role | list(string) | false |
admin_role_policy_arn | Policy ARN to use for admin role | string | false |
attach_admin_policy | Whether to attach an admin policy to a role | bool | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
trusted_role_arns | ARNs of AWS entities who can assume these roles | list(string) | false |
mfa_age | Max age of valid MFA (in seconds) for roles which require MFA | number | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
role_requires_mfa | Whether role requires MFA | bool | false |
tags | A map of tags to add to IAM role resources | map(string) | false |
poweruser_role_policy_arn | Policy ARN to use for poweruser role | string | false |
readonly_role_policy_arn | Policy ARN to use for readonly role | string | false |
attach_poweruser_policy | Whether to attach a poweruser policy to a role | bool | false |
role_description | IAM Role description | string | false |
role_sts_externalid | STS ExternalId condition values to use with a role (when MFA is not required) | any | false |
create_role | Whether to create a role | bool | false |
number_of_custom_role_policy_arns | Number of IAM policies to attach to IAM role | number | false |
attach_readonly_policy | Whether to attach a readonly policy to a role | bool | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

47
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-iam-assumable-roles-with-saml.md Normal file
View File

@ -0,0 +1,47 @@
---
title: AWS IAM-ASSUMABLE-ROLES-WITH-SAML
---
## 描述
Terraform module which creates IAM resources on AWS
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
aws_saml_endpoint | AWS SAML Endpoint | string | false |
admin_role_path | Path of admin IAM role | string | false |
admin_role_permissions_boundary_arn | Permissions boundary ARN to use for admin role | string | false |
admin_role_tags | A map of tags to add to admin role resource. | map(string) | false |
readonly_role_permissions_boundary_arn | Permissions boundary ARN to use for readonly role | string | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
provider_ids | List of SAML Provider IDs | list(string) | false |
create_readonly_role | Whether to create readonly role | bool | false |
readonly_role_name | IAM role with readonly access | string | false |
admin_role_policy_arns | List of policy ARNs to use for admin role | list(string) | false |
poweruser_role_path | Path of poweruser IAM role | string | false |
poweruser_role_policy_arns | List of policy ARNs to use for poweruser role | list(string) | false |
readonly_role_path | Path of readonly IAM role | string | false |
create_admin_role | Whether to create admin role | bool | false |
admin_role_name | IAM role with admin access | string | false |
create_poweruser_role | Whether to create poweruser role | bool | false |
poweruser_role_name | IAM role with poweruser access | string | false |
poweruser_role_permissions_boundary_arn | Permissions boundary ARN to use for poweruser role | string | false |
poweruser_role_tags | A map of tags to add to poweruser role resource. | map(string) | false |
readonly_role_policy_arns | List of policy ARNs to use for readonly role | list(string) | false |
readonly_role_tags | A map of tags to add to readonly role resource. | map(string) | false |
provider_id | ID of the SAML Provider. Use provider_ids to specify several IDs. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

50
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-iam-assumable-roles.md Normal file
View File

@ -0,0 +1,50 @@
---
title: AWS IAM-ASSUMABLE-ROLES
---
## 描述
Terraform module which creates IAM resources on AWS
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
poweruser_role_permissions_boundary_arn | Permissions boundary ARN to use for poweruser role | string | false |
readonly_role_policy_arns | List of policy ARNs to use for readonly role | list(string) | false |
readonly_role_permissions_boundary_arn | Permissions boundary ARN to use for readonly role | string | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
admin_role_name | IAM role with admin access | string | false |
admin_role_policy_arns | List of policy ARNs to use for admin role | list(string) | false |
create_poweruser_role | Whether to create poweruser role | bool | false |
poweruser_role_name | IAM role with poweruser access | string | false |
poweruser_role_path | Path of poweruser IAM role | string | false |
poweruser_role_policy_arns | List of policy ARNs to use for poweruser role | list(string) | false |
readonly_role_path | Path of readonly IAM role | string | false |
readonly_role_requires_mfa | Whether readonly role requires MFA | bool | false |
trusted_role_arns | ARNs of AWS entities who can assume these roles | list(string) | false |
trusted_role_services | AWS Services that can assume these roles | list(string) | false |
mfa_age | Max age of valid MFA (in seconds) for roles which require MFA | number | false |
poweruser_role_tags | A map of tags to add to poweruser role resource. | map(string) | false |
create_readonly_role | Whether to create readonly role | bool | false |
readonly_role_name | IAM role with readonly access | string | false |
admin_role_path | Path of admin IAM role | string | false |
admin_role_tags | A map of tags to add to admin role resource. | map(string) | false |
poweruser_role_requires_mfa | Whether poweruser role requires MFA | bool | false |
readonly_role_tags | A map of tags to add to readonly role resource. | map(string) | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
create_admin_role | Whether to create admin role | bool | false |
admin_role_requires_mfa | Whether admin role requires MFA | bool | false |
admin_role_permissions_boundary_arn | Permissions boundary ARN to use for admin role | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

36
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-iam-eks-role.md Normal file
View File

@ -0,0 +1,36 @@
---
title: AWS IAM-EKS-ROLE
---
## 描述
Terraform module which creates IAM resources on AWS
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
role_description | IAM Role description | string | false |
cluster_service_accounts | EKS cluster and k8s ServiceAccount pairs. Each EKS cluster can have multiple k8s ServiceAccount. See README for details | map(list(string)) | false |
provider_url_sa_pairs | OIDC provider URL and k8s ServiceAccount pairs. If the assume role policy requires a mix of EKS clusters and other OIDC providers then this can be used | map(list(string)) | false |
tags | A map of tags to add the the IAM role | map(any) | false |
force_detach_policies | Whether policies should be detached from this role when destroying | bool | false |
role_path | Path of IAM role | string | false |
role_permissions_boundary_arn | Permissions boundary ARN to use for IAM role | string | false |
role_name_prefix | IAM role name prefix | string | false |
role_policy_arns | ARNs of any policies to attach to the IAM role | list(string) | false |
max_session_duration | Maximum CLI/API session duration in seconds between 3600 and 43200 | number | false |
create_role | Whether to create a role | bool | false |
role_name | Name of IAM role | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

28
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-iam-group-with-assumable-roles-policy.md Normal file
View File

@ -0,0 +1,28 @@
---
title: AWS IAM-GROUP-WITH-ASSUMABLE-ROLES-POLICY
---
## 描述
Terraform module which creates IAM resources on AWS
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | Name of IAM policy and IAM group | string | true |
assumable_roles | List of IAM roles ARNs which can be assumed by the group | list(string) | false |
group_users | List of IAM users to have in an IAM group which can assume the role | list(string) | false |
tags | A map of tags to add to all resources. | map(string) | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

33
i18n/zh/docusaurus-plugin-content-docs/current/end-user/components/cloud-services/terraform/aws-iam-group-with-policies.md Normal file
View File

@ -0,0 +1,33 @@
---
title: AWS IAM-GROUP-WITH-POLICIES
---
## 描述
Terraform module which creates IAM resources on AWS
## 参数说明
### 属性
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
group_users | List of IAM users to have in an IAM group which can assume the role | list(string) | false |
custom_group_policy_arns | List of IAM policies ARNs to attach to IAM group | list(string) | false |
attach_iam_self_management_policy | Whether to attach IAM policy which allows IAM users to manage their credentials and MFA | bool | false |
tags | A map of tags to add to all resources. | map(string) | false |
create_group | Whether to create IAM group | bool | false |
name | Name of IAM group | string | false |
custom_group_policies | List of maps of inline IAM policies to attach to IAM group. Should have `name` and `policy` keys in each element. | list(map(string)) | false |
iam_self_management_policy_name_prefix | Name prefix for IAM policy to create with IAM self-management permissions | string | false |
aws_account_id | AWS account id to use inside IAM policies. If empty, current AWS account ID will be used. | string | false |
writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |
#### writeConnectionSecretToRef
名称 | 描述 | 类型 | 是否必须 | 默认值
------------ | ------------- | ------------- | ------------- | -------------
name | The secret name which the cloud resource connection will be written to | string | true |
namespace | The secret namespace which the cloud resource connection will be written to | string | false |

Some files were not shown because too many files have changed in this diff Show More