terraform-aws-truefoundry-platform-features

Truefoundry AWS platform features

Requirements

Name	Version
terraform	>= 1.4
aws	5.14.0

Providers

Name	Version
aws	5.14.0

Modules

Name	Source	Version
truefoundry_bucket	terraform-aws-modules/s3-bucket/aws	3.15.0

Resources

Name	Type
aws_iam_policy.truefoundry_platform_feature_cloud_integration_policy	resource
aws_iam_policy.truefoundry_platform_feature_user_ecr_policy	resource
aws_iam_policy.truefoundry_platform_feature_user_s3_policy	resource
aws_iam_policy.truefoundry_platform_feature_user_ssm_policy	resource
aws_iam_role.truefoundry_platform_feature_iam_role	resource
aws_iam_role_policy_attachment.truefoundry_platform_user_cloud_integration_policy_attachment	resource
aws_iam_role_policy_attachment.truefoundry_platform_user_ecr_policy_attachment	resource
aws_iam_role_policy_attachment.truefoundry_platform_user_s3_policy_attachment	resource
aws_iam_role_policy_attachment.truefoundry_platform_user_ssm_policy_attachment	resource
aws_iam_policy_document.truefoundry_platform_feature_cloud_integration_policy_document	data source
aws_iam_policy_document.truefoundry_platform_feature_user_ecr_policy_document	data source
aws_iam_policy_document.truefoundry_platform_feature_user_s3_policy_document	data source
aws_iam_policy_document.truefoundry_platform_feature_user_ssm_policy_document	data source

Inputs

Name	Description	Type	Default	Required
aws_account_id	AWS account id	string	n/a	yes
aws_region	AWS region	string	n/a	yes
blob_storage_cors_origins	List of CORS origins for Mlfoundry bucket	list(string)	[ "*" ]	no
blob_storage_enable_override	Enable overriding the name of s3 bucket. This will only be used if feature_blob_storage_enabled is enabled. You need to pass s3_override_name to pass the bucket name	bool	false	no
blob_storage_encryption_algorithm	Algorithm used for encrypting the default bucket.	string	"AES256"	no
blob_storage_encryption_key_arn	ARN of the key used to encrypt the bucket. Only needed if you set aws:kms as encryption algorithm.	string	null	no
blob_storage_force_destroy	Force destroy for mlfoundry s3 bucket	bool	true	no
blob_storage_override_name	S3 bucket name. Only used if s3_enable_override is enabled	string	""	no
cluster_name	Name of the EKS cluster	string	n/a	yes
control_plane_roles	Control plane roles that can assume your platform role	list(string)	[ "arn:aws:iam::416964291864:role/tfy-ctl-euwe1-production-truefoundry-deps" ]	no
feature_blob_storage_enabled	Enable blob storage feature in the platform	bool	true	no
feature_cloud_integration_enabled	Enable cloud integration feature in the platform	bool	true	no
feature_docker_registry_enabled	Enable docker registry feature in the platform	bool	true	no
feature_secrets_enabled	Enable secrets manager feature in the platform	bool	true	no
platform_feature_enabled	Enable platform features like docker registry, secrets manager and blob storage	bool	true	no
platform_role_enable_override	Enable overriding the platform role name. You need to pass s3_override_name to pass the bucket name	bool	false	no
platform_role_override_name	Platform IAM role name which will have access to S3 bucket, SSM and ECR	string	""	no
tags	A map of tags to add to all resources	map(string)	{}	no

Outputs

Name	Description
platform_iam_role_arn	The IAM role resource arn
platform_iam_role_assume_role_arns	The IAM role arns which has been assume by platform_iam_role
platform_iam_role_name	Then name of the IAM role
platform_iam_role_policy_arns	The list of ARNs of policies directly assigned to the IAM user
platform_user_bucket_arn	The bucket's arn
platform_user_bucket_name	The bucket's ID/name
platform_user_ecr_url	The ECR url to connect