README.md

terraform-aws-truefoundry-platform-features

Truefoundry AWS platform features

Requirements

Name	Version
terraform	~> 1.4
aws	~> 5.57

Providers

Name	Version
aws	~> 5.57

Modules

Name	Source	Version
truefoundry_bucket	terraform-aws-modules/s3-bucket/aws	3.15.0

Resources

Name	Type
aws_iam_access_key.truefoundry_platform_user_keys	resource
aws_iam_policy.truefoundry_platform_feature_cluster_integration_policy	resource
aws_iam_policy.truefoundry_platform_feature_ecr_policy	resource
aws_iam_policy.truefoundry_platform_feature_parameter_store_policy	resource
aws_iam_policy.truefoundry_platform_feature_s3_policy	resource
aws_iam_policy.truefoundry_platform_feature_secrets_manager_policy	resource
aws_iam_role.truefoundry_platform_feature_iam_role	resource
aws_iam_role_policy_attachment.truefoundry_platform_cluster_integration_policy_attachment	resource
aws_iam_role_policy_attachment.truefoundry_platform_ecr_policy_attachment	resource
aws_iam_role_policy_attachment.truefoundry_platform_parameter_store_policy_attachment	resource
aws_iam_role_policy_attachment.truefoundry_platform_s3_policy_attachment	resource
aws_iam_role_policy_attachment.truefoundry_platform_secrets_manager_policy_attachment	resource
aws_iam_user.truefoundry_platform_user	resource
aws_iam_user_policy_attachment.truefoundry_platform_user_cluster_integration_policy_attachment	resource
aws_iam_user_policy_attachment.truefoundry_platform_user_ecr_policy_attachment	resource
aws_iam_user_policy_attachment.truefoundry_platform_user_parameter_store_policy_attachment	resource
aws_iam_user_policy_attachment.truefoundry_platform_user_s3_policy_attachment	resource
aws_iam_user_policy_attachment.truefoundry_platform_user_secrets_manager_policy_attachment	resource
aws_eks_cluster.cluster	data source
aws_iam_policy_document.truefoundry_platform_feature_cluster_integration_policy_document	data source
aws_iam_policy_document.truefoundry_platform_feature_ecr_policy_document	data source
aws_iam_policy_document.truefoundry_platform_feature_parameter_store_policy_document	data source
aws_iam_policy_document.truefoundry_platform_feature_s3_policy_document	data source
aws_iam_policy_document.truefoundry_platform_feature_secrets_manager_policy_document	data source

Inputs

Name	Description	Type	Default	Required
aws_account_id	AWS account id	string	n/a	yes
aws_region	AWS region	string	n/a	yes
blob_storage_cors_origins	List of CORS origins for Mlfoundry bucket	list(string)	[ "*" ]	no
blob_storage_enable_override	Enable overriding the name of s3 bucket. This will only be used if feature_blob_storage_enabled is enabled. You need to pass blob_storage_override_name to pass the bucket name	bool	false	no
blob_storage_encryption_algorithm	Algorithm used for encrypting the default bucket.	string	"AES256"	no
blob_storage_encryption_key_arn	ARN of the key used to encrypt the bucket. Only needed if you set aws:kms as encryption algorithm.	string	null	no
blob_storage_extra_tags	Extra tags for the s3 bucket	map(string)	{}	no
blob_storage_force_destroy	Force destroy for mlfoundry s3 bucket	bool	true	no
blob_storage_override_name	S3 bucket name. Only used if s3_enable_override is enabled	string	""	no
cluster_name	Name of the EKS cluster	string	n/a	yes
control_plane_roles	Control plane roles that can assume your platform role	list(string)	[ "arn:aws:iam::416964291864:role/tfy-ctl-euwe1-production-truefoundry-deps" ]	no
feature_blob_storage_enabled	Enable blob storage feature in the platform	bool	true	no
feature_cluster_integration_enabled	Enable cluster integration feature in the platform	bool	true	no
feature_docker_registry_enabled	Enable docker registry feature in the platform	bool	true	no
feature_parameter_store_enabled	Enable parameter store feature in the platform	bool	true	no
feature_secrets_manager_enabled	Enable secrets manager feature in the platform	bool	false	no
flyte_propeller_serviceaccount_name	Name for the Flyte Propeller service account	string	"flytepropeller"	no
flyte_propeller_serviceaccount_namespace	Namespace for the Flyte Propeller service account	string	"tfy-workflow-propeller"	no
oidc_provider_url	OIDC provider URL	string	""	no
platform_role_enable_override	Enable overriding the platform role name. You need to pass blob_storage_override_name to pass the bucket name	bool	false	no
platform_role_override_name	Platform IAM role name which will have access to S3 bucket, SSM and ECR	string	""	no
platform_user_enabled	Enable creation of a platform feature user	bool	false	no
platform_user_force_destroy	Enable force destroy of the user	bool	true	no
platform_user_name_override_enabled	Enable overriding the platform user name. You need to pass platform_user_override_name to pass the user name	bool	false	no
platform_user_override_name	Username to override the default platform feature user	string	""	no
tags	A map of tags to add to all resources	map(string)	{}	no

Outputs

Name	Description
blob_storage_uri	URI of the S3 bucket
platform_bucket_arn	ARN of the S3 bucket
platform_bucket_enabled	Flag to enable S3 bucket for the platform
platform_bucket_name	Name/ID of the S3 bucket
platform_cluster_integration_enabled	Flag to enable cluster integration for the platform
platform_ecr_enabled	Flag to enable ECR for the platform
platform_ecr_url	The ECR url to connect
platform_iam_role_arn	The platform IAM role arn
platform_iam_role_assume_role_arns	The role arns that can assume the platform IAM role
platform_iam_role_enabled	Flag to enable IAM role for the platform. If false, the user will be created.
platform_iam_role_policy_arns	The platform IAM role policy arns
platform_secrets_manager_enabled	Flag to enable Secrets Manager for the platform
platform_ssm_enabled	Flag to enable Parameter Store for the platform
platform_user_access_key	The user access key ID
platform_user_arn	The user IAM resource arn
platform_user_enabled	Flag to enable user for the platform. If false, the iam role will be created.
platform_user_secret_key	The user secret key