make version v1.3

Signed-off-by: FogDong <dongtianxin.tx@alibaba-inc.com>

i18n/zh/docusaurus-plugin-content-docs/version-v1.3/end-user/components/cloud-services/terraform/alibaba-deploy-website.md

@@ -8,14 +8,12 @@ Deploy a Static Website in object stroage, like S3 and OSS
 
 ## 参数说明
 
-
-### 属性
-
+### 属性  
  名称 | 描述 | 类型 | 是否必须 | 默认值 
- ------------ | ------------- | ------------- | ------------- | ------------- 
- static_web_url | The URL of the static website | string | false |  
+------------|------------|------------|------------|------------
  bucket | OSS bucket name | string | false |  
  endpoint | OSS bucket endpoint | string | true |  
+ static_web_url | The URL of the static website | string | false |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 
 

i18n/zh/docusaurus-plugin-content-docs/version-v1.3/end-user/components/cloud-services/terraform/alibaba-kms.md

@@ -8,11 +8,9 @@ Create KMS on AliCloud based on Terraform module
 
 ## 参数说明
 
-
-### 属性
-
+### 属性  
  名称 | 描述 | 类型 | 是否必须 | 默认值 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 
 

i18n/zh/docusaurus-plugin-content-docs/version-v1.3/end-user/components/cloud-services/terraform/aws-cis-alarms.md

@@ -8,20 +8,18 @@ Terraform module which creates Cloudwatch resources on AWS
 
 ## 参数说明
 
-
-### 属性
-
+### 属性  
  名称 | 描述 | 类型 | 是否必须 | 默认值 
- ------------ | ------------- | ------------- | ------------- | ------------- 
- create | Whether to create the Cloudwatch log metric filter and metric alarms | bool | false |  
- alarm_actions | List of ARNs to put as Cloudwatch Alarms actions (eg, ARN of SNS topic) | list(string) | false |  
+------------|------------|------------|------------|------------
  actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. | bool | false |  
- use_random_name_prefix | Whether to prefix resource names with random prefix | bool | false |  
- name_prefix | A name prefix for the cloudwatch alarm (if use_random_name_prefix is true, this will be ignored) | string | false |  
+ alarm_actions | List of ARNs to put as Cloudwatch Alarms actions (eg, ARN of SNS topic) | list(string) | false |  
+ create | Whether to create the Cloudwatch log metric filter and metric alarms | bool | false |  
  disabled_controls | List of IDs of disabled CIS controls | list(string) | false |  
- namespace | The namespace where metric filter and metric alarm should be cleated | string | false |  
  log_group_name | The name of the log group to associate the metric filter with | string | false |  
+ name_prefix | A name prefix for the cloudwatch alarm (if use_random_name_prefix is true, this will be ignored) | string | false |  
+ namespace | The namespace where metric filter and metric alarm should be cleated | string | false |  
  tags | A mapping of tags to assign to all resources | map(string) | false |  
+ use_random_name_prefix | Whether to prefix resource names with random prefix | bool | false |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 
 

i18n/zh/docusaurus-plugin-content-docs/version-v1.3/end-user/components/cloud-services/terraform/aws-cloudwatch-metric-alarms-by-multiple-dimensions.md

@@ -8,33 +8,31 @@ Terraform module which creates Cloudwatch resources on AWS
 
 ## 参数说明
 
-
-### 属性
-
+### 属性  
  名称 | 描述 | 类型 | 是否必须 | 默认值 
- ------------ | ------------- | ------------- | ------------- | ------------- 
- alarm_description | The description for the alarm. | string | false |  
- threshold | The value against which the specified statistic is compared. | number | true |  
- unit | The unit for the alarm's associated metric. | string | false |  
- dimensions | The dimensions for the alarm's associated metric. | any | false |  
- alarm_name | The descriptive name for the alarm. This name must be unique within the user's AWS account. | string | true |  
- evaluation_periods | The number of periods over which data is compared to the specified threshold. | number | true |  
+------------|------------|------------|------------|------------
  actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. Defaults to true. | bool | false |  
  alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
- insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
- evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |  
- create_metric_alarm | Whether to create the Cloudwatch metric alarm | bool | false |  
+ alarm_description | The description for the alarm. | string | false |  
+ alarm_name | The descriptive name for the alarm. This name must be unique within the user's AWS account. | string | true |  
  comparison_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. | string | true |  
- metric_name | The name for the alarm's associated metric. See docs for supported metrics. | string | false |  
- namespace | The namespace for the alarm's associated metric. See docs for the list of namespaces. See docs for supported metrics. | string | false |  
- statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |  
- ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
- treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |  
- tags | A mapping of tags to assign to all resources | map(string) | false |  
- period | The period in seconds over which the specified statistic is applied. | string | false |  
+ create_metric_alarm | Whether to create the Cloudwatch metric alarm | bool | false |  
  datapoints_to_alarm | The number of datapoints that must be breaching to trigger the alarm. | number | false |  
+ dimensions | The dimensions for the alarm's associated metric. | any | false |  
+ evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |  
+ evaluation_periods | The number of periods over which data is compared to the specified threshold. | number | true |  
  extended_statistic | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | string | false |  
+ insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
+ metric_name | The name for the alarm's associated metric. See docs for supported metrics. | string | false |  
  metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |  
+ namespace | The namespace for the alarm's associated metric. See docs for the list of namespaces. See docs for supported metrics. | string | false |  
+ ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
+ period | The period in seconds over which the specified statistic is applied. | string | false |  
+ statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |  
+ tags | A mapping of tags to assign to all resources | map(string) | false |  
+ threshold | The value against which the specified statistic is compared. | number | true |  
+ treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |  
+ unit | The unit for the alarm's associated metric. | string | false |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 
 

i18n/zh/docusaurus-plugin-content-docs/version-v1.3/end-user/components/cloud-services/terraform/aws-delegation-sets.md

@@ -8,11 +8,9 @@ Terraform module which creates Route53 resources on AWS
 
 ## 参数说明
 
-
-### 属性
-
+### 属性  
  名称 | 描述 | 类型 | 是否必须 | 默认值 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
  create | Whether to create Route53 delegation sets | bool | false |  
  delegation_sets | Map of Route53 delegation set parameters | any | false |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  

i18n/zh/docusaurus-plugin-content-docs/version-v1.3/end-user/components/cloud-services/terraform/aws-emr.md

@@ -8,90 +8,88 @@ Terraform module which creates EMR on AWS
 
 ## 参数说明
 
-
-### 属性
-
+### 属性  
  名称 | 描述 | 类型 | 是否必须 | 默认值 
- ------------ | ------------- | ------------- | ------------- | ------------- 
- use_existing_managed_master_security_group | If set to `true`, will use variable `managed_master_security_group` using an existing security group that was created outside of this module | bool | false |  
- use_existing_additional_slave_security_group | If set to `true`, will use variable `additional_slave_security_group` using an existing security group that was created outside of this module | bool | false |  
- master_allowed_security_groups | List of security groups to be allowed to connect to the master instances | list(string) | false |  
- slave_allowed_cidr_blocks | List of CIDR blocks to be allowed to access the slave instances | list(string) | false |  
- ec2_autoscaling_role_enabled | If set to `false`, will use `existing_ec2_autoscaling_role_arn` for an existing EC2 autoscaling IAM role that was created outside of this module | bool | false |  
- release_label | The release label for the Amazon EMR release. https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-release-5x.html | string | false |  
- master_instance_group_ebs_size | Master instances volume size, in gibibytes (GiB) | number | true |  
- kerberos_realm | The name of the Kerberos realm to which all nodes in a cluster belong. For example, EC2.INTERNAL | string | false |  
- ebs_root_volume_size | Size in GiB of the EBS root device volume of the Linux AMI that is used for each EC2 instance. Available in Amazon EMR version 4.x and later | number | false |  
- core_instance_group_ebs_type | Core instances volume type. Valid options are `gp2`, `io1`, `standard` and `st1` | string | false |  
+------------|------------|------------|------------|------------
+ additional_info | A JSON string for selecting additional features such as adding proxy information. Note: Currently there is no API to retrieve the value of this argument after EMR cluster creation from provider, therefore Terraform cannot detect drift from the actual EMR cluster if its value is changed outside Terraform | string | false |  
+ additional_master_security_group | The name of the existing additional security group that will be used for EMR master node. If empty, a new security group will be created | string | false |  
+ additional_slave_security_group | The name of the existing additional security group that will be used for EMR core & task nodes. If empty, a new security group will be created | string | false |  
+ applications | A list of applications for the cluster. Valid values are: Flink, Ganglia, Hadoop, HBase, HCatalog, Hive, Hue, JupyterHub, Livy, Mahout, MXNet, Oozie, Phoenix, Pig, Presto, Spark, Sqoop, TensorFlow, Tez, Zeppelin, and ZooKeeper (as of EMR 5.25.0). Case insensitive | list(string) | true |  
+ bootstrap_action | List of bootstrap actions that will be run before Hadoop is started on the cluster nodes | list(object({\n    path = string\n    name = string\n    args = list(string)\n  })) | false |  
+ configurations_json | A JSON string for supplying list of configurations for the EMR cluster. See https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-configure-apps.html for more details | string | false |  
+ core_instance_group_autoscaling_policy | String containing the EMR Auto Scaling Policy JSON for the Core instance group | string | false |  
+ core_instance_group_bid_price | Bid price for each EC2 instance in the Core instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances | string | false |  
  core_instance_group_ebs_iops | The number of I/O operations per second (IOPS) that the Core volume supports | number | false |  
- task_instance_group_bid_price | Bid price for each EC2 instance in the Task instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances | string | false |  
- kerberos_ad_domain_join_user | Required only when establishing a cross-realm trust with an Active Directory domain. A user with sufficient privileges to join resources to the domain. Terraform cannot perform drift detection of this configuration. | string | false |  
- use_existing_service_access_security_group | If set to `true`, will use variable `service_access_security_group` using an existing security group that was created outside of this module | bool | false |  
- slave_allowed_security_groups | List of security groups to be allowed to connect to the slave instances | list(string) | false |  
+ core_instance_group_ebs_size | Core instances volume size, in gibibytes (GiB) | number | true |  
+ core_instance_group_ebs_type | Core instances volume type. Valid options are `gp2`, `io1`, `standard` and `st1` | string | false |  
+ core_instance_group_ebs_volumes_per_instance | The number of EBS volumes with this configuration to attach to each EC2 instance in the Core instance group | number | false |  
+ core_instance_group_instance_count | Target number of instances for the Core instance group. Must be at least 1 | number | false |  
  core_instance_group_instance_type | EC2 instance type for all instances in the Core instance group | string | true |  
  create_task_instance_group | Whether to create an instance group for Task nodes. For more info: https://www.terraform.io/docs/providers/aws/r/emr_instance_group.html, https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-master-core-task-nodes.html | bool | false |  
- task_instance_group_ebs_optimized | Indicates whether an Amazon EBS volume in the Task instance group is EBS-optimized. Changing this forces a new resource to be created | bool | false |  
- task_instance_group_ebs_type | Task instances volume type. Valid options are `gp2`, `io1`, `standard` and `st1` | string | false |  
- task_instance_group_ebs_iops | The number of I/O operations per second (IOPS) that the Task volume supports | number | false |  
- emr_role_permissions_boundary | The Permissions Boundary ARN to apply to the EMR Role. | string | false |  
- subnet_id | VPC subnet ID where you want the job flow to launch. Cannot specify the `cc1.4xlarge` instance type for nodes of a job flow launched in a Amazon VPC | string | true |  
- kerberos_cross_realm_trust_principal_password | Required only when establishing a cross-realm trust with a KDC in a different realm. The cross-realm principal password, which must be identical across realms. Terraform cannot perform drift detection of this configuration. | string | false |  
- steps | List of steps to run when creating the cluster. | list(object({\n    name              = string\n    action_on_failure = string\n    hadoop_jar_step = object({\n      args       = list(string)\n      jar        = string\n      main_class = string\n      properties = map(string)\n    })\n  })) | false |  
- managed_slave_security_group | The name of the existing managed security group that will be used for EMR core & task nodes. If empty, a new security group will be created | string | false |  
- service_access_security_group | The name of the existing additional security group that will be used for EMR core & task nodes. If empty, a new security group will be created | string | false |  
- log_uri | The path to the Amazon S3 location where logs for this cluster are stored | string | false |  
- additional_info | A JSON string for selecting additional features such as adding proxy information. Note: Currently there is no API to retrieve the value of this argument after EMR cluster creation from provider, therefore Terraform cannot detect drift from the actual EMR cluster if its value is changed outside Terraform | string | false |  
- task_instance_group_ebs_size | Task instances volume size, in gibibytes (GiB) | number | false |  
- custom_ami_id | A custom Amazon Linux AMI for the cluster (instead of an EMR-owned AMI). Available in Amazon EMR version 5.7.0 and later | string | false |  
- core_instance_group_instance_count | Target number of instances for the Core instance group. Must be at least 1 | number | false |  
- kerberos_kdc_admin_password | The password used within the cluster for the kadmin service on the cluster-dedicated KDC, which maintains Kerberos principals, password policies, and keytabs for the cluster. Terraform cannot perform drift detection of this configuration. | string | false |  
- key_name | Amazon EC2 key pair that can be used to ssh to the master node as the user called `hadoop` | string | false |  
- master_instance_group_ebs_iops | The number of I/O operations per second (IOPS) that the Master volume supports | number | false |  
- scale_down_behavior | The way that individual Amazon EC2 instances terminate when an automatic scale-in activity occurs or an instance group is resized | string | false |  
- use_existing_managed_slave_security_group | If set to `true`, will use variable `managed_slave_security_group` using an existing security group that was created outside of this module | bool | false |  
- additional_slave_security_group | The name of the existing additional security group that will be used for EMR core & task nodes. If empty, a new security group will be created | string | false |  
- service_role_enabled | If set to `false`, will use `existing_service_role_arn` for an existing IAM role that was created outside of this module | bool | false |  
- core_instance_group_ebs_size | Core instances volume size, in gibibytes (GiB) | number | true |  
- master_instance_group_bid_price | Bid price for each EC2 instance in the Master instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances | string | false |  
- vpc_id | VPC ID to create the cluster in (e.g. `vpc-a22222ee`) | string | true |  
- master_dns_name | Name of the cluster CNAME record to create in the parent DNS zone specified by `zone_id`. If left empty, the name will be auto-asigned using the format `emr-master-var.name` | string | false |  
- existing_service_role_arn | ARN of an existing EMR service role to attach to the cluster | string | false |  
- region | AWS region | string | true |  
- master_instance_group_instance_count | Target number of instances for the Master instance group. Must be at least 1 | number | false |  
- task_instance_group_ebs_volumes_per_instance | The number of EBS volumes with this configuration to attach to each EC2 instance in the Task instance group | number | false |  
- zone_id | Route53 parent zone ID. If provided (not empty), the module will create sub-domain DNS records for the masters and slaves | string | false |  
- master_allowed_cidr_blocks | List of CIDR blocks to be allowed to access the master instances | list(string) | false |  
- existing_ec2_autoscaling_role_arn | ARN of an existing EC2 autoscaling role to attach to the cluster | string | false |  
- configurations_json | A JSON string for supplying list of configurations for the EMR cluster. See https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-configure-apps.html for more details | string | false |  
- task_instance_group_autoscaling_policy | String containing the EMR Auto Scaling Policy JSON for the Task instance group | string | false |  
- kerberos_ad_domain_join_password | The Active Directory password for ad_domain_join_user. Terraform cannot perform drift detection of this configuration. | string | false |  
- keep_job_flow_alive_when_no_steps | Switch on/off run cluster with no steps or when all steps are complete | bool | false |  
- bootstrap_action | List of bootstrap actions that will be run before Hadoop is started on the cluster nodes | list(object({\n    path = string\n    name = string\n    args = list(string)\n  })) | false |  
- step_concurrency_level | The number of steps that can be executed concurrently. You can specify a maximum of 256 steps. Only valid for EMR clusters with release_label 5.28.0 or greater. | number | false |  
- applications | A list of applications for the cluster. Valid values are: Flink, Ganglia, Hadoop, HBase, HCatalog, Hive, Hue, JupyterHub, Livy, Mahout, MXNet, Oozie, Phoenix, Pig, Presto, Spark, Sqoop, TensorFlow, Tez, Zeppelin, and ZooKeeper (as of EMR 5.25.0). Case insensitive | list(string) | true |  
- core_instance_group_bid_price | Bid price for each EC2 instance in the Core instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances | string | false |  
- additional_master_security_group | The name of the existing additional security group that will be used for EMR master node. If empty, a new security group will be created | string | false |  
- ec2_role_enabled | If set to `false`, will use `existing_ec2_instance_profile_arn` for an existing EC2 IAM role that was created outside of this module | bool | false |  
- route_table_id | Route table ID for the VPC S3 Endpoint when launching the EMR cluster in a private subnet. Required when `subnet_type` is `private` | string | false |  
- core_instance_group_autoscaling_policy | String containing the EMR Auto Scaling Policy JSON for the Core instance group | string | false |  
- security_configuration | The security configuration name to attach to the EMR cluster. Only valid for EMR clusters with `release_label` 4.8.0 or greater. See https://www.terraform.io/docs/providers/aws/r/emr_security_configuration.html for more info | string | false |  
- task_instance_group_instance_type | EC2 instance type for all instances in the Task instance group | string | false |  
- ec2_role_permissions_boundary | The Permissions Boundary ARN to apply to the EC2 Role. | string | false |  
- use_existing_additional_master_security_group | If set to `true`, will use variable `additional_master_security_group` using an existing security group that was created outside of this module | bool | false |  
- managed_master_security_group | The name of the existing managed security group that will be used for EMR master node. If empty, a new security group will be created | string | false |  
- master_instance_group_instance_type | EC2 instance type for all instances in the Master instance group | string | true |  
- master_instance_group_ebs_type | Master instances volume type. Valid options are `gp2`, `io1`, `standard` and `st1` | string | false |  
  create_vpc_endpoint_s3 | Set to false to prevent the module from creating VPC S3 Endpoint | bool | false |  
- termination_protection | Switch on/off termination protection (default is false, except when using multiple master nodes). Before attempting to destroy the resource when termination protection is enabled, this configuration must be applied with its value set to false | bool | false |  
- subnet_type | Type of VPC subnet ID where you want the job flow to launch. Supported values are `private` or `public` | string | false |  
- task_instance_group_instance_count | Target number of instances for the Task instance group. Must be at least 1 | number | false |  
+ custom_ami_id | A custom Amazon Linux AMI for the cluster (instead of an EMR-owned AMI). Available in Amazon EMR version 5.7.0 and later | string | false |  
+ ebs_root_volume_size | Size in GiB of the EBS root device volume of the Linux AMI that is used for each EC2 instance. Available in Amazon EMR version 4.x and later | number | false |  
+ ec2_autoscaling_role_enabled | If set to `false`, will use `existing_ec2_autoscaling_role_arn` for an existing EC2 autoscaling IAM role that was created outside of this module | bool | false |  
  ec2_autoscaling_role_permissions_boundary | The Permissions Boundary ARN to apply to the EC2 Autoscaling Role. | string | false |  
+ ec2_role_enabled | If set to `false`, will use `existing_ec2_instance_profile_arn` for an existing EC2 IAM role that was created outside of this module | bool | false |  
+ ec2_role_permissions_boundary | The Permissions Boundary ARN to apply to the EC2 Role. | string | false |  
+ emr_role_permissions_boundary | The Permissions Boundary ARN to apply to the EMR Role. | string | false |  
+ existing_ec2_autoscaling_role_arn | ARN of an existing EC2 autoscaling role to attach to the cluster | string | false |  
  existing_ec2_instance_profile_arn | ARN of an existing EC2 instance profile | string | false |  
- visible_to_all_users | Whether the job flow is visible to all IAM users of the AWS account associated with the job flow | bool | false |  
- core_instance_group_ebs_volumes_per_instance | The number of EBS volumes with this configuration to attach to each EC2 instance in the Core instance group | number | false |  
- master_instance_group_ebs_volumes_per_instance | The number of EBS volumes with this configuration to attach to each EC2 instance in the Master instance group | number | false |  
+ existing_service_role_arn | ARN of an existing EMR service role to attach to the cluster | string | false |  
+ keep_job_flow_alive_when_no_steps | Switch on/off run cluster with no steps or when all steps are complete | bool | false |  
+ kerberos_ad_domain_join_password | The Active Directory password for ad_domain_join_user. Terraform cannot perform drift detection of this configuration. | string | false |  
+ kerberos_ad_domain_join_user | Required only when establishing a cross-realm trust with an Active Directory domain. A user with sufficient privileges to join resources to the domain. Terraform cannot perform drift detection of this configuration. | string | false |  
+ kerberos_cross_realm_trust_principal_password | Required only when establishing a cross-realm trust with a KDC in a different realm. The cross-realm principal password, which must be identical across realms. Terraform cannot perform drift detection of this configuration. | string | false |  
  kerberos_enabled | Set to true if EMR cluster will use kerberos_attributes | bool | false |  
+ kerberos_kdc_admin_password | The password used within the cluster for the kadmin service on the cluster-dedicated KDC, which maintains Kerberos principals, password policies, and keytabs for the cluster. Terraform cannot perform drift detection of this configuration. | string | false |  
+ kerberos_realm | The name of the Kerberos realm to which all nodes in a cluster belong. For example, EC2.INTERNAL | string | false |  
+ key_name | Amazon EC2 key pair that can be used to ssh to the master node as the user called `hadoop` | string | false |  
+ log_uri | The path to the Amazon S3 location where logs for this cluster are stored | string | false |  
+ managed_master_security_group | The name of the existing managed security group that will be used for EMR master node. If empty, a new security group will be created | string | false |  
+ managed_slave_security_group | The name of the existing managed security group that will be used for EMR core & task nodes. If empty, a new security group will be created | string | false |  
+ master_allowed_cidr_blocks | List of CIDR blocks to be allowed to access the master instances | list(string) | false |  
+ master_allowed_security_groups | List of security groups to be allowed to connect to the master instances | list(string) | false |  
+ master_dns_name | Name of the cluster CNAME record to create in the parent DNS zone specified by `zone_id`. If left empty, the name will be auto-asigned using the format `emr-master-var.name` | string | false |  
+ master_instance_group_bid_price | Bid price for each EC2 instance in the Master instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances | string | false |  
+ master_instance_group_ebs_iops | The number of I/O operations per second (IOPS) that the Master volume supports | number | false |  
+ master_instance_group_ebs_size | Master instances volume size, in gibibytes (GiB) | number | true |  
+ master_instance_group_ebs_type | Master instances volume type. Valid options are `gp2`, `io1`, `standard` and `st1` | string | false |  
+ master_instance_group_ebs_volumes_per_instance | The number of EBS volumes with this configuration to attach to each EC2 instance in the Master instance group | number | false |  
+ master_instance_group_instance_count | Target number of instances for the Master instance group. Must be at least 1 | number | false |  
+ master_instance_group_instance_type | EC2 instance type for all instances in the Master instance group | string | true |  
+ region | AWS region | string | true |  
+ release_label | The release label for the Amazon EMR release. https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-release-5x.html | string | false |  
+ route_table_id | Route table ID for the VPC S3 Endpoint when launching the EMR cluster in a private subnet. Required when `subnet_type` is `private` | string | false |  
+ scale_down_behavior | The way that individual Amazon EC2 instances terminate when an automatic scale-in activity occurs or an instance group is resized | string | false |  
+ security_configuration | The security configuration name to attach to the EMR cluster. Only valid for EMR clusters with `release_label` 4.8.0 or greater. See https://www.terraform.io/docs/providers/aws/r/emr_security_configuration.html for more info | string | false |  
+ service_access_security_group | The name of the existing additional security group that will be used for EMR core & task nodes. If empty, a new security group will be created | string | false |  
+ service_role_enabled | If set to `false`, will use `existing_service_role_arn` for an existing IAM role that was created outside of this module | bool | false |  
+ slave_allowed_cidr_blocks | List of CIDR blocks to be allowed to access the slave instances | list(string) | false |  
+ slave_allowed_security_groups | List of security groups to be allowed to connect to the slave instances | list(string) | false |  
+ step_concurrency_level | The number of steps that can be executed concurrently. You can specify a maximum of 256 steps. Only valid for EMR clusters with release_label 5.28.0 or greater. | number | false |  
+ steps | List of steps to run when creating the cluster. | list(object({\n    name              = string\n    action_on_failure = string\n    hadoop_jar_step = object({\n      args       = list(string)\n      jar        = string\n      main_class = string\n      properties = map(string)\n    })\n  })) | false |  
+ subnet_id | VPC subnet ID where you want the job flow to launch. Cannot specify the `cc1.4xlarge` instance type for nodes of a job flow launched in a Amazon VPC | string | true |  
+ subnet_type | Type of VPC subnet ID where you want the job flow to launch. Supported values are `private` or `public` | string | false |  
+ task_instance_group_autoscaling_policy | String containing the EMR Auto Scaling Policy JSON for the Task instance group | string | false |  
+ task_instance_group_bid_price | Bid price for each EC2 instance in the Task instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances | string | false |  
+ task_instance_group_ebs_iops | The number of I/O operations per second (IOPS) that the Task volume supports | number | false |  
+ task_instance_group_ebs_optimized | Indicates whether an Amazon EBS volume in the Task instance group is EBS-optimized. Changing this forces a new resource to be created | bool | false |  
+ task_instance_group_ebs_size | Task instances volume size, in gibibytes (GiB) | number | false |  
+ task_instance_group_ebs_type | Task instances volume type. Valid options are `gp2`, `io1`, `standard` and `st1` | string | false |  
+ task_instance_group_ebs_volumes_per_instance | The number of EBS volumes with this configuration to attach to each EC2 instance in the Task instance group | number | false |  
+ task_instance_group_instance_count | Target number of instances for the Task instance group. Must be at least 1 | number | false |  
+ task_instance_group_instance_type | EC2 instance type for all instances in the Task instance group | string | false |  
+ termination_protection | Switch on/off termination protection (default is false, except when using multiple master nodes). Before attempting to destroy the resource when termination protection is enabled, this configuration must be applied with its value set to false | bool | false |  
+ use_existing_additional_master_security_group | If set to `true`, will use variable `additional_master_security_group` using an existing security group that was created outside of this module | bool | false |  
+ use_existing_additional_slave_security_group | If set to `true`, will use variable `additional_slave_security_group` using an existing security group that was created outside of this module | bool | false |  
+ use_existing_managed_master_security_group | If set to `true`, will use variable `managed_master_security_group` using an existing security group that was created outside of this module | bool | false |  
+ use_existing_managed_slave_security_group | If set to `true`, will use variable `managed_slave_security_group` using an existing security group that was created outside of this module | bool | false |  
+ use_existing_service_access_security_group | If set to `true`, will use variable `service_access_security_group` using an existing security group that was created outside of this module | bool | false |  
+ visible_to_all_users | Whether the job flow is visible to all IAM users of the AWS account associated with the job flow | bool | false |  
+ vpc_id | VPC ID to create the cluster in (e.g. `vpc-a22222ee`) | string | true |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
+ zone_id | Route53 parent zone ID. If provided (not empty), the module will create sub-domain DNS records for the masters and slaves | string | false |  
 
 
 #### writeConnectionSecretToRef

i18n/zh/docusaurus-plugin-content-docs/version-v1.3/end-user/components/cloud-services/terraform/aws-key-pair.md

@@ -8,11 +8,9 @@ Terraform module which creates EC2 key pair on AWS
 
 ## 参数说明
 
-
-### 属性
-
+### 属性  
  名称 | 描述 | 类型 | 是否必须 | 默认值 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
  create_key_pair | Controls if key pair should be created | bool | false |  
  key_name | The name for the key pair. | string | false |  
  key_name_prefix | Creates a unique name beginning with the specified prefix. Conflicts with key_name. | string | false |  

i18n/zh/docusaurus-plugin-content-docs/version-v1.3/end-user/components/cloud-services/terraform/aws-log-group.md

@@ -8,16 +8,14 @@ Terraform module which creates Cloudwatch resources on AWS
 
 ## 参数说明
 
-
-### 属性
-
+### 属性  
  名称 | 描述 | 类型 | 是否必须 | 默认值 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
  create | Whether to create the Cloudwatch log group | bool | false |  
+ kms_key_id | The ARN of the KMS Key to use when encrypting logs | string | false |  
  name | A name for the log group | string | false |  
  name_prefix | A name prefix for the log group | string | false |  
  retention_in_days | Specifies the number of days you want to retain log events in the specified log group | number | false |  
- kms_key_id | The ARN of the KMS Key to use when encrypting logs | string | false |  
  tags | A map of tags to add to Cloudwatch log group | map(string) | false |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 

i18n/zh/docusaurus-plugin-content-docs/version-v1.3/end-user/components/cloud-services/terraform/aws-log-metric-filter.md

@@ -8,19 +8,17 @@ Terraform module which creates Cloudwatch resources on AWS
 
 ## 参数说明
 
-
-### 属性
-
+### 属性  
  名称 | 描述 | 类型 | 是否必须 | 默认值 
- ------------ | ------------- | ------------- | ------------- | ------------- 
- metric_transformation_default_value | The value to emit when a filter pattern does not match a log event. | string | false |  
+------------|------------|------------|------------|------------
  create_cloudwatch_log_metric_filter | Whether to create the Cloudwatch log metric filter | bool | false |  
- name | A name for the metric filter. | string | true |  
- pattern | A valid CloudWatch Logs filter pattern for extracting metric data out of ingested log events. | string | true |  
  log_group_name | The name of the log group to associate the metric filter with | string | true |  
+ metric_transformation_default_value | The value to emit when a filter pattern does not match a log event. | string | false |  
  metric_transformation_name | The name of the CloudWatch metric to which the monitored log information should be published (e.g. ErrorCount) | string | true |  
  metric_transformation_namespace | The destination namespace of the CloudWatch metric. | string | true |  
  metric_transformation_value | What to publish to the metric. For example, if you're counting the occurrences of a particular term like 'Error', the value will be '1' for each occurrence. If you're counting the bytes transferred the published value will be the value in the log event. | string | false |  
+ name | A name for the metric filter. | string | true |  
+ pattern | A valid CloudWatch Logs filter pattern for extracting metric data out of ingested log events. | string | true |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 
 

i18n/zh/docusaurus-plugin-content-docs/version-v1.3/end-user/components/cloud-services/terraform/aws-metric-alarm.md

@@ -8,34 +8,32 @@ Terraform module which creates Cloudwatch resources on AWS
 
 ## 参数说明
 
-
-### 属性
-
+### 属性  
  名称 | 描述 | 类型 | 是否必须 | 默认值 
- ------------ | ------------- | ------------- | ------------- | ------------- 
- threshold | The value against which the specified statistic is compared. | number | false |  
- metric_name | The name for the alarm's associated metric. See docs for supported metrics. | string | false |  
+------------|------------|------------|------------|------------
+ actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. Defaults to true. | bool | false |  
  alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
  alarm_description | The description for the alarm. | string | false |  
- namespace | The namespace for the alarm's associated metric. See docs for the list of namespaces. See docs for supported metrics. | string | false |  
- period | The period in seconds over which the specified statistic is applied. | string | false |  
- datapoints_to_alarm | The number of datapoints that must be breaching to trigger the alarm. | number | false |  
- metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |  
- tags | A mapping of tags to assign to all resources | map(string) | false |  
- comparison_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. | string | true |  
- threshold_metric_id | If this is an alarm based on an anomaly detection model, make this value match the ID of the ANOMALY_DETECTION_BAND function. | string | false |  
- statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |  
- actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. Defaults to true. | bool | false |  
- extended_statistic | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | string | false |  
- treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |  
- ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
- evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |  
- create_metric_alarm | Whether to create the Cloudwatch metric alarm | bool | false |  
  alarm_name | The descriptive name for the alarm. This name must be unique within the user's AWS account. | string | true |  
- evaluation_periods | The number of periods over which data is compared to the specified threshold. | number | true |  
- unit | The unit for the alarm's associated metric. | string | false |  
+ comparison_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. | string | true |  
+ create_metric_alarm | Whether to create the Cloudwatch metric alarm | bool | false |  
+ datapoints_to_alarm | The number of datapoints that must be breaching to trigger the alarm. | number | false |  
  dimensions | The dimensions for the alarm's associated metric. | any | false |  
+ evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |  
+ evaluation_periods | The number of periods over which data is compared to the specified threshold. | number | true |  
+ extended_statistic | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | string | false |  
  insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
+ metric_name | The name for the alarm's associated metric. See docs for supported metrics. | string | false |  
+ metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |  
+ namespace | The namespace for the alarm's associated metric. See docs for the list of namespaces. See docs for supported metrics. | string | false |  
+ ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
+ period | The period in seconds over which the specified statistic is applied. | string | false |  
+ statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |  
+ tags | A mapping of tags to assign to all resources | map(string) | false |  
+ threshold | The value against which the specified statistic is compared. | number | false |  
+ threshold_metric_id | If this is an alarm based on an anomaly detection model, make this value match the ID of the ANOMALY_DETECTION_BAND function. | string | false |  
+ treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |  
+ unit | The unit for the alarm's associated metric. | string | false |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 
 

i18n/zh/docusaurus-plugin-content-docs/version-v1.3/end-user/components/cloud-services/terraform/aws-metric-alarms-by-multiple-dimensions.md

@@ -8,33 +8,31 @@ Terraform module which creates Cloudwatch resources on AWS
 
 ## 参数说明
 
-
-### 属性
-
+### 属性  
  名称 | 描述 | 类型 | 是否必须 | 默认值 
- ------------ | ------------- | ------------- | ------------- | ------------- 
- statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |  
+------------|------------|------------|------------|------------
  actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. Defaults to true. | bool | false |  
- dimensions | The dimensions for the alarm's associated metric. | any | false |  
- insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
- treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |  
- create_metric_alarm | Whether to create the Cloudwatch metric alarm | bool | false |  
- alarm_description | The description for the alarm. | string | false |  
- comparison_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. | string | true |  
- tags | A mapping of tags to assign to all resources | map(string) | false |  
- datapoints_to_alarm | The number of datapoints that must be breaching to trigger the alarm. | number | false |  
  alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
- ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
+ alarm_description | The description for the alarm. | string | false |  
  alarm_name | The descriptive name for the alarm. This name must be unique within the user's AWS account. | string | true |  
- threshold | The value against which the specified statistic is compared. | number | true |  
- period | The period in seconds over which the specified statistic is applied. | string | false |  
- unit | The unit for the alarm's associated metric. | string | false |  
+ comparison_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. | string | true |  
+ create_metric_alarm | Whether to create the Cloudwatch metric alarm | bool | false |  
+ datapoints_to_alarm | The number of datapoints that must be breaching to trigger the alarm. | number | false |  
+ dimensions | The dimensions for the alarm's associated metric. | any | false |  
  evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |  
- metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |  
- extended_statistic | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | string | false |  
  evaluation_periods | The number of periods over which data is compared to the specified threshold. | number | true |  
+ extended_statistic | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | string | false |  
+ insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
  metric_name | The name for the alarm's associated metric. See docs for supported metrics. | string | false |  
+ metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |  
  namespace | The namespace for the alarm's associated metric. See docs for the list of namespaces. See docs for supported metrics. | string | false |  
+ ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
+ period | The period in seconds over which the specified statistic is applied. | string | false |  
+ statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |  
+ tags | A mapping of tags to assign to all resources | map(string) | false |  
+ threshold | The value against which the specified statistic is compared. | number | true |  
+ treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |  
+ unit | The unit for the alarm's associated metric. | string | false |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 
 

i18n/zh/docusaurus-plugin-content-docs/version-v1.3/end-user/components/cloud-services/terraform/aws-records.md

@@ -8,17 +8,15 @@ Terraform module which creates Route53 resources on AWS
 
 ## 参数说明
 
-
-### 属性
-
+### 属性  
  名称 | 描述 | 类型 | 是否必须 | 默认值 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
+ create | Whether to create DNS records | bool | false |  
  private_zone | Whether Route53 zone is private or public | bool | false |  
  records | List of maps of DNS records | any | false |  
- create | Whether to create DNS records | bool | false |  
+ writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
  zone_id | ID of DNS zone | string | false |  
  zone_name | Name of DNS zone | string | false |  
- writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 
 
 #### writeConnectionSecretToRef

i18n/zh/docusaurus-plugin-content-docs/version-v1.3/end-user/components/cloud-services/terraform/aws-s3.md

@@ -27,11 +27,9 @@ spec:
 
 ## 参数说明
 
-
-### 属性
-
+### 属性  
  名称 | 描述 | 类型 | 是否必须 | 默认值 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
  acl | S3 bucket ACL | string | false |  
  bucket | S3 bucket name | string | true |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  

i18n/zh/docusaurus-plugin-content-docs/version-v1.3/end-user/components/cloud-services/terraform/aws-zones.md

@@ -8,15 +8,13 @@ Terraform module which creates Route53 resources on AWS
 
 ## 参数说明
 
-
-### 属性
-
+### 属性  
  名称 | 描述 | 类型 | 是否必须 | 默认值 
- ------------ | ------------- | ------------- | ------------- | ------------- 
- tags | Tags added to all zones. Will take precedence over tags from the 'zones' variable | map(any) | false |  
+------------|------------|------------|------------|------------
  create | Whether to create Route53 zone | bool | false |  
- zones | Map of Route53 zone parameters | any | false |  
+ tags | Tags added to all zones. Will take precedence over tags from the 'zones' variable | map(any) | false |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
+ zones | Map of Route53 zone parameters | any | false |  
 
 
 #### writeConnectionSecretToRef

i18n/zh/docusaurus-plugin-content-docs/version-v1.3/end-user/components/cloud-services/terraform/gcp-environment-setup.md

@@ -8,11 +8,9 @@ IAC for provisioning Infrastructure component like network, subnetworks, route
 
 ## 参数说明
 
-
-### 属性
-
+### 属性  
  名称 | 描述 | 类型 | 是否必须 | 默认值 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 
 

i18n/zh/docusaurus-plugin-content-docs/version-v1.3/end-user/components/cloud-services/terraform/gcp-network-peering.md

@@ -8,11 +8,9 @@ GCP Network-Peering
 
 ## 参数说明
 
-
-### 属性
-
+### 属性  
  名称 | 描述 | 类型 | 是否必须 | 默认值 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
  cluster_name | Name of the DC/OS cluster |  | true |  
  local_network_name | Local network name, used for naming the peering | string | true |  
  local_network_self_link | Local network self_link | string | true |  

i18n/zh/docusaurus-plugin-content-docs/version-v1.3/end-user/components/cloud-services/terraform/gcp-sfabric.md

@@ -8,11 +8,9 @@ Terraform module for launching a Service Fabric Dev Environment on GCP
 
 ## 参数说明
 
-
-### 属性
-
+### 属性  
  名称 | 描述 | 类型 | 是否必须 | 默认值 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
  region | The region to create the nat gateway instance in. |  | false |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 

i18n/zh/docusaurus-plugin-content-docs/version-v1.3/end-user/components/cloud-services/terraform/gcp-statebucket.md

@@ -8,11 +8,9 @@ Contains a module to create a statebucket for use with Terraform
 
 ## 参数说明
 
-
-### 属性
-
+### 属性  
  名称 | 描述 | 类型 | 是否必须 | 默认值 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
  common_tags | This is a map type for applying tags on resources | map(any) | true |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 

i18n/zh/docusaurus-plugin-content-docs/version-v1.3/end-user/components/cloud-services/terraform/gcp-vpc.md

@@ -8,11 +8,9 @@ Terraform module for creating VPCs on Google Cloud
 
 ## 参数说明
 
-
-### 属性
-
+### 属性  
  名称 | 描述 | 类型 | 是否必须 | 默认值 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
  auto_create_subnetworks | false = creates custom VPC, true = automatically creates subnets in each region |  | false |  
  name | VPC Name |  | true |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  

i18n/zh/docusaurus-plugin-content-docs/version-v1.3/how-to/dashboard/config/dex-connectors.md

@@ -0,0 +1,10 @@
+---
+title: Dex Connectors 配置
+description: 配置 Dex Connectors
+---
+
+在集成配置中的 Dex Connector 页面中，我们可以进行不同类型的 Dex Connectors 配置。
+
+![alt](../../../resources/dex-connectors.png)
+
+关于每种类型的 Dex Connector 参数，请查阅 [Dex 文档](https://dexidp.io/docs/connectors/)

i18n/zh/docusaurus-plugin-content-docs/version-v1.3/tutorials/sso.md

@@ -0,0 +1,55 @@
+---
+title:  使用单点登录
+---
+
+## 简介
+
+在 KubeVela 1.3 版本中，默认提供了两种方式：本地登录以及单点登录。
+
+本地登录使用本地数据库中存储的用户名密码进行登录，而单点登录集成了 [Dex](https://dexidp.io/)，可以通过配置 Dex 的 [OpenID Connect](https://dexidp.io/docs/openid-connect) 来实现多种不同方式的登录，如：GitHub、LDAP 等等。
+
+平台初始化后，默认使用本地登录。平台管理员可以通过平台配置页面，配置单点登录。在本教程中，我们将使用 GitHub Connector 来演示单点登录。
+
+## 开启 Dex 插件
+
+要想使用 Dex，首先需要在插件页面中开启 Dex 插件：
+
+![alt](../resources/dex-addon.png)
+
+开启完毕后，我们还需要更新一下 VelaUX 插件，打开其 Dex 选项。同样，我们在插件列表中找到 VelaUX，进行更新：
+
+![alt](../resources/upgrade-velaux.png)
+
+## 配置 Dex Connectors
+
+接着，我们需要配置 Dex Connectors。以 GitHub Connector 为例，如果你没有 GitHub Oauth App，需要首先在 GitHub 的 Developer settings 上创建一个 Oauth App，并且设置该 App 的 Authorization callback URL 为 `[Vela UX 地址]/dex/callback`。
+
+> 注意，由于涉及到第三方跳转，请确保你的 Vela UX 拥有公网地址。
+
+完成 Oauth App 的创建后，在 Vela UX 的集成配置页面中，进行 Dex Connector 的配置。我们选择类型为 `GitHub`，并且设置对应 Oauth App 的 Client ID 以及 Client Secret，注意，此处的 Redirect URI 必须与之前在创建 Oauth App 时配置的 `[Vela UX 地址]/dex/callback` 保持一致。
+
+![alt](../resources/intergration.png)
+
+> 关于更多类型的 Dex Connectors 配置，请查阅 [Dex Connectors 配置](../how-to/dashboard/config/dex-connectors)
+
+## 平台配置
+
+通过单点登录进来的用户，如果之前在本地数据库中存在与此邮箱相同的用户，将自动与之绑定，否则创建新用户。
+
+由于新登入的用户没有任何权限，因此，我们需要先为平台管理员设置一个邮箱地址。之后，再使用拥有相同邮箱地址的用户进行单点登录时，便能自动拥有平台管理员的权限。
+
+配置完用户邮箱后，我们可以在平台配置页面中，将登录方式修改为 SSO 登录。
+
+![alt](../resources/platform-setting.png)
+
+## 使用单点登录
+
+退出当前用户的登录，重新刷新页面，可以看到，我们已经进入了 Dex 的登录页面。
+
+![alt](../resources/dex-login.png)
+
+选择 GitHub 登录后，进行授权登录。
+
+![alt](../resources/dex-grant-access.png)
+
+至此，我们已经成功完成了使用 GitHub 的单点登录。此时，如果登录的用户邮箱与之前本地登录的用户邮箱能够相互关联，新登入的用户将继承之前用户的权限。

sidebars.js

@@ -90,6 +90,7 @@ module.exports = {
             "tutorials/jenkins",
             "tutorials/trigger",
             "tutorials/workflows",
+            "tutorials/sso"
             // "case-studies/jenkins-cicd",
             // "case-studies/canary-blue-green",
           ],
@@ -139,6 +140,9 @@ module.exports = {
             {
               "Manage target": ["how-to/dashboard/target/overview"],
             },
+            {
+              "Manage config": ["how-to/dashboard/config/dex-connectors"],
+            },
             // {
             //   "Manage cluster": [
             //     "how-to/dashboard/cluster/overview",

versioned_docs/version-v1.3/end-user/components/cloud-services/terraform/alibaba-deploy-website.md

@@ -8,14 +8,12 @@ Deploy a Static Website in object stroage, like S3 and OSS
 
 ## Specification
 
-
-### Properties
-
+### Properties  
  Name | Description | Type | Required | Default 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
+ bucket | OSS bucket name | string | false |  
  endpoint | OSS bucket endpoint | string | true |  
  static_web_url | The URL of the static website | string | false |  
- bucket | OSS bucket name | string | false |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 
 

versioned_docs/version-v1.3/end-user/components/cloud-services/terraform/alibaba-kms.md

@@ -8,11 +8,9 @@ Create KMS on AliCloud based on Terraform module
 
 ## Specification
 
-
-### Properties
-
+### Properties  
  Name | Description | Type | Required | Default 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 
 

versioned_docs/version-v1.3/end-user/components/cloud-services/terraform/aws-cis-alarms.md

@@ -8,20 +8,18 @@ Terraform module which creates Cloudwatch resources on AWS
 
 ## Specification
 
-
-### Properties
-
+### Properties  
  Name | Description | Type | Required | Default 
- ------------ | ------------- | ------------- | ------------- | ------------- 
- log_group_name | The name of the log group to associate the metric filter with | string | false |  
- alarm_actions | List of ARNs to put as Cloudwatch Alarms actions (eg, ARN of SNS topic) | list(string) | false |  
+------------|------------|------------|------------|------------
  actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. | bool | false |  
+ alarm_actions | List of ARNs to put as Cloudwatch Alarms actions (eg, ARN of SNS topic) | list(string) | false |  
+ create | Whether to create the Cloudwatch log metric filter and metric alarms | bool | false |  
+ disabled_controls | List of IDs of disabled CIS controls | list(string) | false |  
+ log_group_name | The name of the log group to associate the metric filter with | string | false |  
+ name_prefix | A name prefix for the cloudwatch alarm (if use_random_name_prefix is true, this will be ignored) | string | false |  
+ namespace | The namespace where metric filter and metric alarm should be cleated | string | false |  
  tags | A mapping of tags to assign to all resources | map(string) | false |  
  use_random_name_prefix | Whether to prefix resource names with random prefix | bool | false |  
- disabled_controls | List of IDs of disabled CIS controls | list(string) | false |  
- namespace | The namespace where metric filter and metric alarm should be cleated | string | false |  
- create | Whether to create the Cloudwatch log metric filter and metric alarms | bool | false |  
- name_prefix | A name prefix for the cloudwatch alarm (if use_random_name_prefix is true, this will be ignored) | string | false |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 
 

versioned_docs/version-v1.3/end-user/components/cloud-services/terraform/aws-cloudwatch-metric-alarms-by-multiple-dimensions.md

@@ -8,33 +8,31 @@ Terraform module which creates Cloudwatch resources on AWS
 
 ## Specification
 
-
-### Properties
-
+### Properties  
  Name | Description | Type | Required | Default 
- ------------ | ------------- | ------------- | ------------- | ------------- 
- alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
- ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
- treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |  
- tags | A mapping of tags to assign to all resources | map(string) | false |  
- evaluation_periods | The number of periods over which data is compared to the specified threshold. | number | true |  
- threshold | The value against which the specified statistic is compared. | number | true |  
- metric_name | The name for the alarm's associated metric. See docs for supported metrics. | string | false |  
- period | The period in seconds over which the specified statistic is applied. | string | false |  
+------------|------------|------------|------------|------------
  actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. Defaults to true. | bool | false |  
- dimensions | The dimensions for the alarm's associated metric. | any | false |  
- create_metric_alarm | Whether to create the Cloudwatch metric alarm | bool | false |  
+ alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
  alarm_description | The description for the alarm. | string | false |  
- comparison_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. | string | true |  
- metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |  
- datapoints_to_alarm | The number of datapoints that must be breaching to trigger the alarm. | number | false |  
- extended_statistic | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | string | false |  
- evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |  
- statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |  
- insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
  alarm_name | The descriptive name for the alarm. This name must be unique within the user's AWS account. | string | true |  
- unit | The unit for the alarm's associated metric. | string | false |  
+ comparison_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. | string | true |  
+ create_metric_alarm | Whether to create the Cloudwatch metric alarm | bool | false |  
+ datapoints_to_alarm | The number of datapoints that must be breaching to trigger the alarm. | number | false |  
+ dimensions | The dimensions for the alarm's associated metric. | any | false |  
+ evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |  
+ evaluation_periods | The number of periods over which data is compared to the specified threshold. | number | true |  
+ extended_statistic | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | string | false |  
+ insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
+ metric_name | The name for the alarm's associated metric. See docs for supported metrics. | string | false |  
+ metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |  
  namespace | The namespace for the alarm's associated metric. See docs for the list of namespaces. See docs for supported metrics. | string | false |  
+ ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
+ period | The period in seconds over which the specified statistic is applied. | string | false |  
+ statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |  
+ tags | A mapping of tags to assign to all resources | map(string) | false |  
+ threshold | The value against which the specified statistic is compared. | number | true |  
+ treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |  
+ unit | The unit for the alarm's associated metric. | string | false |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 
 

versioned_docs/version-v1.3/end-user/components/cloud-services/terraform/aws-delegation-sets.md

@@ -8,11 +8,9 @@ Terraform module which creates Route53 resources on AWS
 
 ## Specification
 
-
-### Properties
-
+### Properties  
  Name | Description | Type | Required | Default 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
  create | Whether to create Route53 delegation sets | bool | false |  
  delegation_sets | Map of Route53 delegation set parameters | any | false |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  

versioned_docs/version-v1.3/end-user/components/cloud-services/terraform/aws-emr.md

@@ -8,90 +8,88 @@ Terraform module which creates EMR on AWS
 
 ## Specification
 
-
-### Properties
-
+### Properties  
  Name | Description | Type | Required | Default 
- ------------ | ------------- | ------------- | ------------- | ------------- 
- keep_job_flow_alive_when_no_steps | Switch on/off run cluster with no steps or when all steps are complete | bool | false |  
- ec2_autoscaling_role_enabled | If set to `false`, will use `existing_ec2_autoscaling_role_arn` for an existing EC2 autoscaling IAM role that was created outside of this module | bool | false |  
- existing_ec2_instance_profile_arn | ARN of an existing EC2 instance profile | string | false |  
- core_instance_group_autoscaling_policy | String containing the EMR Auto Scaling Policy JSON for the Core instance group | string | false |  
- task_instance_group_autoscaling_policy | String containing the EMR Auto Scaling Policy JSON for the Task instance group | string | false |  
- master_allowed_security_groups | List of security groups to be allowed to connect to the master instances | list(string) | false |  
- custom_ami_id | A custom Amazon Linux AMI for the cluster (instead of an EMR-owned AMI). Available in Amazon EMR version 5.7.0 and later | string | false |  
- master_instance_group_instance_count | Target number of instances for the Master instance group. Must be at least 1 | number | false |  
- task_instance_group_bid_price | Bid price for each EC2 instance in the Task instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances | string | false |  
- kerberos_kdc_admin_password | The password used within the cluster for the kadmin service on the cluster-dedicated KDC, which maintains Kerberos principals, password policies, and keytabs for the cluster. Terraform cannot perform drift detection of this configuration. | string | false |  
- ec2_role_permissions_boundary | The Permissions Boundary ARN to apply to the EC2 Role. | string | false |  
- ec2_autoscaling_role_permissions_boundary | The Permissions Boundary ARN to apply to the EC2 Autoscaling Role. | string | false |  
- step_concurrency_level | The number of steps that can be executed concurrently. You can specify a maximum of 256 steps. Only valid for EMR clusters with release_label 5.28.0 or greater. | number | false |  
- use_existing_additional_slave_security_group | If set to `true`, will use variable `additional_slave_security_group` using an existing security group that was created outside of this module | bool | false |  
- slave_allowed_cidr_blocks | List of CIDR blocks to be allowed to access the slave instances | list(string) | false |  
- existing_ec2_autoscaling_role_arn | ARN of an existing EC2 autoscaling role to attach to the cluster | string | false |  
+------------|------------|------------|------------|------------
  additional_info | A JSON string for selecting additional features such as adding proxy information. Note: Currently there is no API to retrieve the value of this argument after EMR cluster creation from provider, therefore Terraform cannot detect drift from the actual EMR cluster if its value is changed outside Terraform | string | false |  
- create_task_instance_group | Whether to create an instance group for Task nodes. For more info: https://www.terraform.io/docs/providers/aws/r/emr_instance_group.html, https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-master-core-task-nodes.html | bool | false |  
- task_instance_group_instance_count | Target number of instances for the Task instance group. Must be at least 1 | number | false |  
- zone_id | Route53 parent zone ID. If provided (not empty), the module will create sub-domain DNS records for the masters and slaves | string | false |  
- service_role_enabled | If set to `false`, will use `existing_service_role_arn` for an existing IAM role that was created outside of this module | bool | false |  
+ additional_master_security_group | The name of the existing additional security group that will be used for EMR master node. If empty, a new security group will be created | string | false |  
+ additional_slave_security_group | The name of the existing additional security group that will be used for EMR core & task nodes. If empty, a new security group will be created | string | false |  
+ applications | A list of applications for the cluster. Valid values are: Flink, Ganglia, Hadoop, HBase, HCatalog, Hive, Hue, JupyterHub, Livy, Mahout, MXNet, Oozie, Phoenix, Pig, Presto, Spark, Sqoop, TensorFlow, Tez, Zeppelin, and ZooKeeper (as of EMR 5.25.0). Case insensitive | list(string) | true |  
+ bootstrap_action | List of bootstrap actions that will be run before Hadoop is started on the cluster nodes | list(object({\n    path = string\n    name = string\n    args = list(string)\n  })) | false |  
+ configurations_json | A JSON string for supplying list of configurations for the EMR cluster. See https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-configure-apps.html for more details | string | false |  
+ core_instance_group_autoscaling_policy | String containing the EMR Auto Scaling Policy JSON for the Core instance group | string | false |  
+ core_instance_group_bid_price | Bid price for each EC2 instance in the Core instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances | string | false |  
+ core_instance_group_ebs_iops | The number of I/O operations per second (IOPS) that the Core volume supports | number | false |  
  core_instance_group_ebs_size | Core instances volume size, in gibibytes (GiB) | number | true |  
  core_instance_group_ebs_type | Core instances volume type. Valid options are `gp2`, `io1`, `standard` and `st1` | string | false |  
- master_instance_group_ebs_size | Master instances volume size, in gibibytes (GiB) | number | true |  
- master_instance_group_ebs_volumes_per_instance | The number of EBS volumes with this configuration to attach to each EC2 instance in the Master instance group | number | false |  
- task_instance_group_ebs_iops | The number of I/O operations per second (IOPS) that the Task volume supports | number | false |  
- steps | List of steps to run when creating the cluster. | list(object({\n    name              = string\n    action_on_failure = string\n    hadoop_jar_step = object({\n      args       = list(string)\n      jar        = string\n      main_class = string\n      properties = map(string)\n    })\n  })) | false |  
- managed_master_security_group | The name of the existing managed security group that will be used for EMR master node. If empty, a new security group will be created | string | false |  
- subnet_id | VPC subnet ID where you want the job flow to launch. Cannot specify the `cc1.4xlarge` instance type for nodes of a job flow launched in a Amazon VPC | string | true |  
- task_instance_group_instance_type | EC2 instance type for all instances in the Task instance group | string | false |  
- use_existing_managed_slave_security_group | If set to `true`, will use variable `managed_slave_security_group` using an existing security group that was created outside of this module | bool | false |  
- task_instance_group_ebs_optimized | Indicates whether an Amazon EBS volume in the Task instance group is EBS-optimized. Changing this forces a new resource to be created | bool | false |  
- kerberos_realm | The name of the Kerberos realm to which all nodes in a cluster belong. For example, EC2.INTERNAL | string | false |  
- configurations_json | A JSON string for supplying list of configurations for the EMR cluster. See https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-configure-apps.html for more details | string | false |  
- master_allowed_cidr_blocks | List of CIDR blocks to be allowed to access the master instances | list(string) | false |  
- ec2_role_enabled | If set to `false`, will use `existing_ec2_instance_profile_arn` for an existing EC2 IAM role that was created outside of this module | bool | false |  
- master_instance_group_bid_price | Bid price for each EC2 instance in the Master instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances | string | false |  
- managed_slave_security_group | The name of the existing managed security group that will be used for EMR core & task nodes. If empty, a new security group will be created | string | false |  
- use_existing_service_access_security_group | If set to `true`, will use variable `service_access_security_group` using an existing security group that was created outside of this module | bool | false |  
- slave_allowed_security_groups | List of security groups to be allowed to connect to the slave instances | list(string) | false |  
- ebs_root_volume_size | Size in GiB of the EBS root device volume of the Linux AMI that is used for each EC2 instance. Available in Amazon EMR version 4.x and later | number | false |  
- applications | A list of applications for the cluster. Valid values are: Flink, Ganglia, Hadoop, HBase, HCatalog, Hive, Hue, JupyterHub, Livy, Mahout, MXNet, Oozie, Phoenix, Pig, Presto, Spark, Sqoop, TensorFlow, Tez, Zeppelin, and ZooKeeper (as of EMR 5.25.0). Case insensitive | list(string) | true |  
- kerberos_enabled | Set to true if EMR cluster will use kerberos_attributes | bool | false |  
- use_existing_additional_master_security_group | If set to `true`, will use variable `additional_master_security_group` using an existing security group that was created outside of this module | bool | false |  
- master_instance_group_ebs_type | Master instances volume type. Valid options are `gp2`, `io1`, `standard` and `st1` | string | false |  
- bootstrap_action | List of bootstrap actions that will be run before Hadoop is started on the cluster nodes | list(object({\n    path = string\n    name = string\n    args = list(string)\n  })) | false |  
- kerberos_ad_domain_join_user | Required only when establishing a cross-realm trust with an Active Directory domain. A user with sufficient privileges to join resources to the domain. Terraform cannot perform drift detection of this configuration. | string | false |  
- kerberos_cross_realm_trust_principal_password | Required only when establishing a cross-realm trust with a KDC in a different realm. The cross-realm principal password, which must be identical across realms. Terraform cannot perform drift detection of this configuration. | string | false |  
- region | AWS region | string | true |  
- route_table_id | Route table ID for the VPC S3 Endpoint when launching the EMR cluster in a private subnet. Required when `subnet_type` is `private` | string | false |  
- core_instance_group_ebs_iops | The number of I/O operations per second (IOPS) that the Core volume supports | number | false |  
- master_instance_group_instance_type | EC2 instance type for all instances in the Master instance group | string | true |  
- security_configuration | The security configuration name to attach to the EMR cluster. Only valid for EMR clusters with `release_label` 4.8.0 or greater. See https://www.terraform.io/docs/providers/aws/r/emr_security_configuration.html for more info | string | false |  
- task_instance_group_ebs_size | Task instances volume size, in gibibytes (GiB) | number | false |  
- task_instance_group_ebs_type | Task instances volume type. Valid options are `gp2`, `io1`, `standard` and `st1` | string | false |  
- emr_role_permissions_boundary | The Permissions Boundary ARN to apply to the EMR Role. | string | false |  
- additional_slave_security_group | The name of the existing additional security group that will be used for EMR core & task nodes. If empty, a new security group will be created | string | false |  
- visible_to_all_users | Whether the job flow is visible to all IAM users of the AWS account associated with the job flow | bool | false |  
- create_vpc_endpoint_s3 | Set to false to prevent the module from creating VPC S3 Endpoint | bool | false |  
+ core_instance_group_ebs_volumes_per_instance | The number of EBS volumes with this configuration to attach to each EC2 instance in the Core instance group | number | false |  
  core_instance_group_instance_count | Target number of instances for the Core instance group. Must be at least 1 | number | false |  
  core_instance_group_instance_type | EC2 instance type for all instances in the Core instance group | string | true |  
+ create_task_instance_group | Whether to create an instance group for Task nodes. For more info: https://www.terraform.io/docs/providers/aws/r/emr_instance_group.html, https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-master-core-task-nodes.html | bool | false |  
+ create_vpc_endpoint_s3 | Set to false to prevent the module from creating VPC S3 Endpoint | bool | false |  
+ custom_ami_id | A custom Amazon Linux AMI for the cluster (instead of an EMR-owned AMI). Available in Amazon EMR version 5.7.0 and later | string | false |  
+ ebs_root_volume_size | Size in GiB of the EBS root device volume of the Linux AMI that is used for each EC2 instance. Available in Amazon EMR version 4.x and later | number | false |  
+ ec2_autoscaling_role_enabled | If set to `false`, will use `existing_ec2_autoscaling_role_arn` for an existing EC2 autoscaling IAM role that was created outside of this module | bool | false |  
+ ec2_autoscaling_role_permissions_boundary | The Permissions Boundary ARN to apply to the EC2 Autoscaling Role. | string | false |  
+ ec2_role_enabled | If set to `false`, will use `existing_ec2_instance_profile_arn` for an existing EC2 IAM role that was created outside of this module | bool | false |  
+ ec2_role_permissions_boundary | The Permissions Boundary ARN to apply to the EC2 Role. | string | false |  
+ emr_role_permissions_boundary | The Permissions Boundary ARN to apply to the EMR Role. | string | false |  
+ existing_ec2_autoscaling_role_arn | ARN of an existing EC2 autoscaling role to attach to the cluster | string | false |  
+ existing_ec2_instance_profile_arn | ARN of an existing EC2 instance profile | string | false |  
  existing_service_role_arn | ARN of an existing EMR service role to attach to the cluster | string | false |  
- additional_master_security_group | The name of the existing additional security group that will be used for EMR master node. If empty, a new security group will be created | string | false |  
- subnet_type | Type of VPC subnet ID where you want the job flow to launch. Supported values are `private` or `public` | string | false |  
- use_existing_managed_master_security_group | If set to `true`, will use variable `managed_master_security_group` using an existing security group that was created outside of this module | bool | false |  
- vpc_id | VPC ID to create the cluster in (e.g. `vpc-a22222ee`) | string | true |  
- termination_protection | Switch on/off termination protection (default is false, except when using multiple master nodes). Before attempting to destroy the resource when termination protection is enabled, this configuration must be applied with its value set to false | bool | false |  
- release_label | The release label for the Amazon EMR release. https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-release-5x.html | string | false |  
+ keep_job_flow_alive_when_no_steps | Switch on/off run cluster with no steps or when all steps are complete | bool | false |  
+ kerberos_ad_domain_join_password | The Active Directory password for ad_domain_join_user. Terraform cannot perform drift detection of this configuration. | string | false |  
+ kerberos_ad_domain_join_user | Required only when establishing a cross-realm trust with an Active Directory domain. A user with sufficient privileges to join resources to the domain. Terraform cannot perform drift detection of this configuration. | string | false |  
+ kerberos_cross_realm_trust_principal_password | Required only when establishing a cross-realm trust with a KDC in a different realm. The cross-realm principal password, which must be identical across realms. Terraform cannot perform drift detection of this configuration. | string | false |  
+ kerberos_enabled | Set to true if EMR cluster will use kerberos_attributes | bool | false |  
+ kerberos_kdc_admin_password | The password used within the cluster for the kadmin service on the cluster-dedicated KDC, which maintains Kerberos principals, password policies, and keytabs for the cluster. Terraform cannot perform drift detection of this configuration. | string | false |  
+ kerberos_realm | The name of the Kerberos realm to which all nodes in a cluster belong. For example, EC2.INTERNAL | string | false |  
  key_name | Amazon EC2 key pair that can be used to ssh to the master node as the user called `hadoop` | string | false |  
  log_uri | The path to the Amazon S3 location where logs for this cluster are stored | string | false |  
- master_instance_group_ebs_iops | The number of I/O operations per second (IOPS) that the Master volume supports | number | false |  
- scale_down_behavior | The way that individual Amazon EC2 instances terminate when an automatic scale-in activity occurs or an instance group is resized | string | false |  
- service_access_security_group | The name of the existing additional security group that will be used for EMR core & task nodes. If empty, a new security group will be created | string | false |  
- kerberos_ad_domain_join_password | The Active Directory password for ad_domain_join_user. Terraform cannot perform drift detection of this configuration. | string | false |  
- core_instance_group_ebs_volumes_per_instance | The number of EBS volumes with this configuration to attach to each EC2 instance in the Core instance group | number | false |  
- core_instance_group_bid_price | Bid price for each EC2 instance in the Core instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances | string | false |  
- task_instance_group_ebs_volumes_per_instance | The number of EBS volumes with this configuration to attach to each EC2 instance in the Task instance group | number | false |  
+ managed_master_security_group | The name of the existing managed security group that will be used for EMR master node. If empty, a new security group will be created | string | false |  
+ managed_slave_security_group | The name of the existing managed security group that will be used for EMR core & task nodes. If empty, a new security group will be created | string | false |  
+ master_allowed_cidr_blocks | List of CIDR blocks to be allowed to access the master instances | list(string) | false |  
+ master_allowed_security_groups | List of security groups to be allowed to connect to the master instances | list(string) | false |  
  master_dns_name | Name of the cluster CNAME record to create in the parent DNS zone specified by `zone_id`. If left empty, the name will be auto-asigned using the format `emr-master-var.name` | string | false |  
+ master_instance_group_bid_price | Bid price for each EC2 instance in the Master instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances | string | false |  
+ master_instance_group_ebs_iops | The number of I/O operations per second (IOPS) that the Master volume supports | number | false |  
+ master_instance_group_ebs_size | Master instances volume size, in gibibytes (GiB) | number | true |  
+ master_instance_group_ebs_type | Master instances volume type. Valid options are `gp2`, `io1`, `standard` and `st1` | string | false |  
+ master_instance_group_ebs_volumes_per_instance | The number of EBS volumes with this configuration to attach to each EC2 instance in the Master instance group | number | false |  
+ master_instance_group_instance_count | Target number of instances for the Master instance group. Must be at least 1 | number | false |  
+ master_instance_group_instance_type | EC2 instance type for all instances in the Master instance group | string | true |  
+ region | AWS region | string | true |  
+ release_label | The release label for the Amazon EMR release. https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-release-5x.html | string | false |  
+ route_table_id | Route table ID for the VPC S3 Endpoint when launching the EMR cluster in a private subnet. Required when `subnet_type` is `private` | string | false |  
+ scale_down_behavior | The way that individual Amazon EC2 instances terminate when an automatic scale-in activity occurs or an instance group is resized | string | false |  
+ security_configuration | The security configuration name to attach to the EMR cluster. Only valid for EMR clusters with `release_label` 4.8.0 or greater. See https://www.terraform.io/docs/providers/aws/r/emr_security_configuration.html for more info | string | false |  
+ service_access_security_group | The name of the existing additional security group that will be used for EMR core & task nodes. If empty, a new security group will be created | string | false |  
+ service_role_enabled | If set to `false`, will use `existing_service_role_arn` for an existing IAM role that was created outside of this module | bool | false |  
+ slave_allowed_cidr_blocks | List of CIDR blocks to be allowed to access the slave instances | list(string) | false |  
+ slave_allowed_security_groups | List of security groups to be allowed to connect to the slave instances | list(string) | false |  
+ step_concurrency_level | The number of steps that can be executed concurrently. You can specify a maximum of 256 steps. Only valid for EMR clusters with release_label 5.28.0 or greater. | number | false |  
+ steps | List of steps to run when creating the cluster. | list(object({\n    name              = string\n    action_on_failure = string\n    hadoop_jar_step = object({\n      args       = list(string)\n      jar        = string\n      main_class = string\n      properties = map(string)\n    })\n  })) | false |  
+ subnet_id | VPC subnet ID where you want the job flow to launch. Cannot specify the `cc1.4xlarge` instance type for nodes of a job flow launched in a Amazon VPC | string | true |  
+ subnet_type | Type of VPC subnet ID where you want the job flow to launch. Supported values are `private` or `public` | string | false |  
+ task_instance_group_autoscaling_policy | String containing the EMR Auto Scaling Policy JSON for the Task instance group | string | false |  
+ task_instance_group_bid_price | Bid price for each EC2 instance in the Task instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances | string | false |  
+ task_instance_group_ebs_iops | The number of I/O operations per second (IOPS) that the Task volume supports | number | false |  
+ task_instance_group_ebs_optimized | Indicates whether an Amazon EBS volume in the Task instance group is EBS-optimized. Changing this forces a new resource to be created | bool | false |  
+ task_instance_group_ebs_size | Task instances volume size, in gibibytes (GiB) | number | false |  
+ task_instance_group_ebs_type | Task instances volume type. Valid options are `gp2`, `io1`, `standard` and `st1` | string | false |  
+ task_instance_group_ebs_volumes_per_instance | The number of EBS volumes with this configuration to attach to each EC2 instance in the Task instance group | number | false |  
+ task_instance_group_instance_count | Target number of instances for the Task instance group. Must be at least 1 | number | false |  
+ task_instance_group_instance_type | EC2 instance type for all instances in the Task instance group | string | false |  
+ termination_protection | Switch on/off termination protection (default is false, except when using multiple master nodes). Before attempting to destroy the resource when termination protection is enabled, this configuration must be applied with its value set to false | bool | false |  
+ use_existing_additional_master_security_group | If set to `true`, will use variable `additional_master_security_group` using an existing security group that was created outside of this module | bool | false |  
+ use_existing_additional_slave_security_group | If set to `true`, will use variable `additional_slave_security_group` using an existing security group that was created outside of this module | bool | false |  
+ use_existing_managed_master_security_group | If set to `true`, will use variable `managed_master_security_group` using an existing security group that was created outside of this module | bool | false |  
+ use_existing_managed_slave_security_group | If set to `true`, will use variable `managed_slave_security_group` using an existing security group that was created outside of this module | bool | false |  
+ use_existing_service_access_security_group | If set to `true`, will use variable `service_access_security_group` using an existing security group that was created outside of this module | bool | false |  
+ visible_to_all_users | Whether the job flow is visible to all IAM users of the AWS account associated with the job flow | bool | false |  
+ vpc_id | VPC ID to create the cluster in (e.g. `vpc-a22222ee`) | string | true |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
+ zone_id | Route53 parent zone ID. If provided (not empty), the module will create sub-domain DNS records for the masters and slaves | string | false |  
 
 
 #### writeConnectionSecretToRef

versioned_docs/version-v1.3/end-user/components/cloud-services/terraform/aws-key-pair.md

@@ -8,11 +8,9 @@ Terraform module which creates EC2 key pair on AWS
 
 ## Specification
 
-
-### Properties
-
+### Properties  
  Name | Description | Type | Required | Default 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
  create_key_pair | Controls if key pair should be created | bool | false |  
  key_name | The name for the key pair. | string | false |  
  key_name_prefix | Creates a unique name beginning with the specified prefix. Conflicts with key_name. | string | false |  

versioned_docs/version-v1.3/end-user/components/cloud-services/terraform/aws-log-group.md

@@ -8,17 +8,15 @@ Terraform module which creates Cloudwatch resources on AWS
 
 ## Specification
 
-
-### Properties
-
+### Properties  
  Name | Description | Type | Required | Default 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
+ create | Whether to create the Cloudwatch log group | bool | false |  
+ kms_key_id | The ARN of the KMS Key to use when encrypting logs | string | false |  
  name | A name for the log group | string | false |  
  name_prefix | A name prefix for the log group | string | false |  
  retention_in_days | Specifies the number of days you want to retain log events in the specified log group | number | false |  
- kms_key_id | The ARN of the KMS Key to use when encrypting logs | string | false |  
  tags | A map of tags to add to Cloudwatch log group | map(string) | false |  
- create | Whether to create the Cloudwatch log group | bool | false |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 
 

versioned_docs/version-v1.3/end-user/components/cloud-services/terraform/aws-log-metric-filter.md

@@ -8,19 +8,17 @@ Terraform module which creates Cloudwatch resources on AWS
 
 ## Specification
 
-
-### Properties
-
+### Properties  
  Name | Description | Type | Required | Default 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
+ create_cloudwatch_log_metric_filter | Whether to create the Cloudwatch log metric filter | bool | false |  
+ log_group_name | The name of the log group to associate the metric filter with | string | true |  
+ metric_transformation_default_value | The value to emit when a filter pattern does not match a log event. | string | false |  
+ metric_transformation_name | The name of the CloudWatch metric to which the monitored log information should be published (e.g. ErrorCount) | string | true |  
  metric_transformation_namespace | The destination namespace of the CloudWatch metric. | string | true |  
  metric_transformation_value | What to publish to the metric. For example, if you're counting the occurrences of a particular term like 'Error', the value will be '1' for each occurrence. If you're counting the bytes transferred the published value will be the value in the log event. | string | false |  
- metric_transformation_default_value | The value to emit when a filter pattern does not match a log event. | string | false |  
- create_cloudwatch_log_metric_filter | Whether to create the Cloudwatch log metric filter | bool | false |  
  name | A name for the metric filter. | string | true |  
  pattern | A valid CloudWatch Logs filter pattern for extracting metric data out of ingested log events. | string | true |  
- log_group_name | The name of the log group to associate the metric filter with | string | true |  
- metric_transformation_name | The name of the CloudWatch metric to which the monitored log information should be published (e.g. ErrorCount) | string | true |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 
 

versioned_docs/version-v1.3/end-user/components/cloud-services/terraform/aws-metric-alarm.md

@@ -8,34 +8,32 @@ Terraform module which creates Cloudwatch resources on AWS
 
 ## Specification
 
-
-### Properties
-
+### Properties  
  Name | Description | Type | Required | Default 
- ------------ | ------------- | ------------- | ------------- | ------------- 
- namespace | The namespace for the alarm's associated metric. See docs for the list of namespaces. See docs for supported metrics. | string | false |  
- period | The period in seconds over which the specified statistic is applied. | string | false |  
- statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |  
- ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
- evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |  
- alarm_description | The description for the alarm. | string | false |  
- unit | The unit for the alarm's associated metric. | string | false |  
- metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |  
- threshold_metric_id | If this is an alarm based on an anomaly detection model, make this value match the ID of the ANOMALY_DETECTION_BAND function. | string | false |  
- datapoints_to_alarm | The number of datapoints that must be breaching to trigger the alarm. | number | false |  
- evaluation_periods | The number of periods over which data is compared to the specified threshold. | number | true |  
- threshold | The value against which the specified statistic is compared. | number | false |  
+------------|------------|------------|------------|------------
  actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. Defaults to true. | bool | false |  
- dimensions | The dimensions for the alarm's associated metric. | any | false |  
  alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
- insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
+ alarm_description | The description for the alarm. | string | false |  
  alarm_name | The descriptive name for the alarm. This name must be unique within the user's AWS account. | string | true |  
  comparison_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. | string | true |  
- treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |  
- tags | A mapping of tags to assign to all resources | map(string) | false |  
- extended_statistic | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | string | false |  
  create_metric_alarm | Whether to create the Cloudwatch metric alarm | bool | false |  
+ datapoints_to_alarm | The number of datapoints that must be breaching to trigger the alarm. | number | false |  
+ dimensions | The dimensions for the alarm's associated metric. | any | false |  
+ evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |  
+ evaluation_periods | The number of periods over which data is compared to the specified threshold. | number | true |  
+ extended_statistic | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | string | false |  
+ insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
  metric_name | The name for the alarm's associated metric. See docs for supported metrics. | string | false |  
+ metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |  
+ namespace | The namespace for the alarm's associated metric. See docs for the list of namespaces. See docs for supported metrics. | string | false |  
+ ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
+ period | The period in seconds over which the specified statistic is applied. | string | false |  
+ statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |  
+ tags | A mapping of tags to assign to all resources | map(string) | false |  
+ threshold | The value against which the specified statistic is compared. | number | false |  
+ threshold_metric_id | If this is an alarm based on an anomaly detection model, make this value match the ID of the ANOMALY_DETECTION_BAND function. | string | false |  
+ treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |  
+ unit | The unit for the alarm's associated metric. | string | false |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 
 

versioned_docs/version-v1.3/end-user/components/cloud-services/terraform/aws-metric-alarms-by-multiple-dimensions.md

@@ -8,33 +8,31 @@ Terraform module which creates Cloudwatch resources on AWS
 
 ## Specification
 
-
-### Properties
-
+### Properties  
  Name | Description | Type | Required | Default 
- ------------ | ------------- | ------------- | ------------- | ------------- 
- namespace | The namespace for the alarm's associated metric. See docs for the list of namespaces. See docs for supported metrics. | string | false |  
- insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
- evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |  
- alarm_name | The descriptive name for the alarm. This name must be unique within the user's AWS account. | string | true |  
- alarm_description | The description for the alarm. | string | false |  
- threshold | The value against which the specified statistic is compared. | number | true |  
- unit | The unit for the alarm's associated metric. | string | false |  
+------------|------------|------------|------------|------------
  actions_enabled | Indicates whether or not actions should be executed during any changes to the alarm's state. Defaults to true. | bool | false |  
+ alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
+ alarm_description | The description for the alarm. | string | false |  
+ alarm_name | The descriptive name for the alarm. This name must be unique within the user's AWS account. | string | true |  
+ comparison_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. | string | true |  
+ create_metric_alarm | Whether to create the Cloudwatch metric alarm | bool | false |  
  datapoints_to_alarm | The number of datapoints that must be breaching to trigger the alarm. | number | false |  
  dimensions | The dimensions for the alarm's associated metric. | any | false |  
- create_metric_alarm | Whether to create the Cloudwatch metric alarm | bool | false |  
+ evaluate_low_sample_count_percentiles | Used only for alarms based on percentiles. If you specify ignore, the alarm state will not change during periods with too few data points to be statistically significant. If you specify evaluate or omit this parameter, the alarm will always be evaluated and possibly change state no matter how many data points are available. The following values are supported: ignore, and evaluate. | string | false |  
  evaluation_periods | The number of periods over which data is compared to the specified threshold. | number | true |  
- treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |  
- metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |  
- tags | A mapping of tags to assign to all resources | map(string) | false |  
- metric_name | The name for the alarm's associated metric. See docs for supported metrics. | string | false |  
- statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |  
- alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
- ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
  extended_statistic | The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. | string | false |  
- comparison_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. | string | true |  
+ insufficient_data_actions | The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
+ metric_name | The name for the alarm's associated metric. See docs for supported metrics. | string | false |  
+ metric_query | Enables you to create an alarm based on a metric math expression. You may specify at most 20. | any | false |  
+ namespace | The namespace for the alarm's associated metric. See docs for the list of namespaces. See docs for supported metrics. | string | false |  
+ ok_actions | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) | false |  
  period | The period in seconds over which the specified statistic is applied. | string | false |  
+ statistic | The statistic to apply to the alarm's associated metric. Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum | string | false |  
+ tags | A mapping of tags to assign to all resources | map(string) | false |  
+ threshold | The value against which the specified statistic is compared. | number | true |  
+ treat_missing_data | Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. | string | false |  
+ unit | The unit for the alarm's associated metric. | string | false |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 
 

versioned_docs/version-v1.3/end-user/components/cloud-services/terraform/aws-records.md

@@ -8,17 +8,15 @@ Terraform module which creates Route53 resources on AWS
 
 ## Specification
 
-
-### Properties
-
+### Properties  
  Name | Description | Type | Required | Default 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
  create | Whether to create DNS records | bool | false |  
- zone_id | ID of DNS zone | string | false |  
- zone_name | Name of DNS zone | string | false |  
  private_zone | Whether Route53 zone is private or public | bool | false |  
  records | List of maps of DNS records | any | false |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
+ zone_id | ID of DNS zone | string | false |  
+ zone_name | Name of DNS zone | string | false |  
 
 
 #### writeConnectionSecretToRef

versioned_docs/version-v1.3/end-user/components/cloud-services/terraform/aws-zones.md

@@ -8,15 +8,13 @@ Terraform module which creates Route53 resources on AWS
 
 ## Specification
 
-
-### Properties
-
+### Properties  
  Name | Description | Type | Required | Default 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
  create | Whether to create Route53 zone | bool | false |  
- zones | Map of Route53 zone parameters | any | false |  
  tags | Tags added to all zones. Will take precedence over tags from the 'zones' variable | map(any) | false |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
+ zones | Map of Route53 zone parameters | any | false |  
 
 
 #### writeConnectionSecretToRef

versioned_docs/version-v1.3/end-user/components/cloud-services/terraform/gcp-environment-setup.md

@@ -8,11 +8,9 @@ IAC for provisioning Infrastructure component like network, subnetworks, route
 
 ## Specification
 
-
-### Properties
-
+### Properties  
  Name | Description | Type | Required | Default 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 
 

versioned_docs/version-v1.3/end-user/components/cloud-services/terraform/gcp-network-peering.md

@@ -8,11 +8,9 @@ GCP Network-Peering
 
 ## Specification
 
-
-### Properties
-
+### Properties  
  Name | Description | Type | Required | Default 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
  cluster_name | Name of the DC/OS cluster |  | true |  
  local_network_name | Local network name, used for naming the peering | string | true |  
  local_network_self_link | Local network self_link | string | true |  

versioned_docs/version-v1.3/end-user/components/cloud-services/terraform/gcp-sfabric.md

@@ -8,11 +8,9 @@ Terraform module for launching a Service Fabric Dev Environment on GCP
 
 ## Specification
 
-
-### Properties
-
+### Properties  
  Name | Description | Type | Required | Default 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
  region | The region to create the nat gateway instance in. |  | false |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 

versioned_docs/version-v1.3/end-user/components/cloud-services/terraform/gcp-statebucket.md

@@ -8,11 +8,9 @@ Contains a module to create a statebucket for use with Terraform
 
 ## Specification
 
-
-### Properties
-
+### Properties  
  Name | Description | Type | Required | Default 
- ------------ | ------------- | ------------- | ------------- | ------------- 
+------------|------------|------------|------------|------------
  common_tags | This is a map type for applying tags on resources | map(any) | true |  
  writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | [writeConnectionSecretToRef](#writeConnectionSecretToRef) | false |  
 

versioned_docs/version-v1.3/how-to/dashboard/config/dex-connectors.md

@@ -0,0 +1,10 @@
+---
+title: Dex Connectors Configuration
+description: Configure Dex Connectors
+---
+
+In the Dex Connector page, we can configure different types of Dex Connectors.
+
+![alt](../../../resources/dex-connectors.png)
+
+For each type of Dex Connector parameter, please refer to the [Dex Documentation](https://dexidp.io/docs/connectors/)

versioned_docs/version-v1.3/tutorials/sso.md

@@ -0,0 +1,55 @@
+---
+title:  SSO Login
+---
+
+## Description
+
+In KubeVela V1.3, we provide two methods to login: local login and SSO.
+
+Local login uses the username and password stored in the local database to log in, and SSO integrates [Dex](https://dexidp.io/), which can be configured by configuring Dex's [OpenID Connect](https://dexidp.io/docs/openid-connect) to implement many different ways to log in, such as: GitHub, LDAP, etc.
+
+After the platform is initialized, local login is used by default. Platform administrators can configure SSO through the platform configuration page. In this tutorial, we'll use the GitHub Connector to show how to use SSO with KubeVela.
+
+## Enable Dex Addon
+
+You need to enable the Dex Addon in the Addon list first to use SSO:
+
+![alt](../resources/dex-addon.png)
+
+After enabling the Dex Addon, we also need to upgrade the VelaUX addon and open its Dex option:
+
+![alt](../resources/upgrade-velaux.png)
+
+## Configure Dex Connectors
+
+Next, we need to configure the Dex Connectors. Take GitHub Connector as an example, if you don't have a GitHub Oauth App, you need to create an Oauth App on GitHub's Developer settings first, and set the App's Authorization callback URL to `[Vela UX address]/dex/callback`.
+
+> Note that please make sure your Vela UX has a public IP address due to third-party redirection involved.
+
+After creating the Oauth App, configure the Dex Connector in the integration configuration page. We choose the type `GitHub`, and set the Client ID and Client Secret corresponding to the Oauth App. Note that the Redirect URI here must be the same as the `[Vela UX address]/dex/callback` previously configured when the Oauth App was created.
+
+![alt](../resources/intergration.png)
+
+> For more types of Dex Connectors, please refer to [Dex Connectors Configuration](../how-to/dashboard/config/dex-connectors).
+
+## Platform setting
+
+Users who login in through SSO will be automatically bound to the users who have the same email in the local database, otherwise a new user will be created.
+
+Since the newly logged in user does not have any permissions, we need to set an email address for the platform administrator first. After that, when you use a user with the same email address for SSO login, you can automatically have platform administrator privileges.
+
+After configuring the user email, we can change the login method to SSO login in the platform configuration page.
+
+![alt](../resources/platform-setting.png)
+
+## Use SSO Login
+
+Log out and refresh the page again, you can see that we have entered the Dex login page.
+
+![alt](../resources/dex-login.png)
+
+Then, select GitHub to login.
+
+![alt](../resources/dex-grant-access.png)
+
+So far, we have successfully completed SSO login with GitHub. At this point, if the email of the logged in user can be associated with the email of the previously logged in user, the newly logged in user will inherit the permissions of the previous user.

versioned_sidebars/version-v1.3-sidebars.json

@@ -207,6 +207,10 @@
             {
               "type": "doc",
               "id": "version-v1.3/tutorials/workflows"
+            },
+            {
+              "type": "doc",
+              "id": "version-v1.3/tutorials/sso"
             }
           ]
         },
@@ -320,6 +324,17 @@
                   "id": "version-v1.3/how-to/dashboard/target/overview"
                 }
               ]
+            },
+            {
+              "collapsed": true,
+              "type": "category",
+              "label": "Manage config",
+              "items": [
+                {
+                  "type": "doc",
+                  "id": "version-v1.3/how-to/dashboard/config/dex-connectors"
+                }
+              ]
             }
           ]
         }