Skip to content

Commit

Permalink
OPS-6384 add module
Browse files Browse the repository at this point in the history
  • Loading branch information
ronny-panknin-flaconi committed Dec 9, 2024
1 parent ec63032 commit cd5425f
Show file tree
Hide file tree
Showing 10 changed files with 263 additions and 14 deletions.
72 changes: 58 additions & 14 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,14 +1,12 @@
# terraform-module-template
Template for Terraform modules

<!-- Uncomment and replace with your module name
[![lint](https://github.com/flaconi/<MODULENAME>/workflows/lint/badge.svg)](https://github.com/flaconi/<MODULENAME>/actions?query=workflow%3Alint)
[![test](https://github.com/flaconi/<MODULENAME>/workflows/test/badge.svg)](https://github.com/flaconi/<MODULENAME>/actions?query=workflow%3Atest)
[![Tag](https://img.shields.io/github/tag/flaconi/<MODULENAME>.svg)](https://github.com/flaconi/<MODULENAME>/releases)
-->
# terraform-aws-bedrock-model-invocation-logging

Terraform module for Amazon Bedrock Agent resources

[![lint](https://github.com/flaconi/terraform-aws-bedrock-model-invocation-logging/workflows/lint/badge.svg)](https://github.com/flaconi/terraform-aws-bedrock-model-invocation-logging/actions?query=workflow%3Alint)
[![test](https://github.com/flaconi/terraform-aws-bedrock-model-invocation-logging/workflows/test/badge.svg)](https://github.com/flaconi/terraform-aws-bedrock-model-invocation-logging/actions?query=workflow%3Atest)
[![Tag](https://img.shields.io/github/tag/flaconi/terraform-aws-bedrock-model-invocation-logging.svg)](https://github.com/flaconi/terraform-aws-bedrock-model-invocation-logging/releases)
[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://opensource.org/licenses/MIT)

For requirements regarding module structure: [style-guide-terraform.md](https://github.com/Flaconi/devops-docs/blob/master/doc/conventions/style-guide-terraform.md)

<!-- TFDOCS_HEADER_START -->

Expand All @@ -18,7 +16,9 @@ For requirements regarding module structure: [style-guide-terraform.md](https://
<!-- TFDOCS_PROVIDER_START -->
## Providers

No providers.
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |

<!-- TFDOCS_PROVIDER_END -->

Expand All @@ -34,23 +34,67 @@ No providers.
<!-- TFDOCS_INPUTS_START -->
## Required Inputs

No required inputs.
The following input variables are required:

### <a name="input_bucket"></a> [bucket](#input\_bucket)

Description: The name of the S3 bucket to be created.

Type: `string`

## Optional Inputs

No optional inputs.
The following input variables are optional (have default values):

### <a name="input_embedding_data_delivery_enabled"></a> [embedding\_data\_delivery\_enabled](#input\_embedding\_data\_delivery\_enabled)

Description: Indicates whether embedding data delivery is enabled.

Type: `bool`

Default: `false`

### <a name="input_image_data_delivery_enabled"></a> [image\_data\_delivery\_enabled](#input\_image\_data\_delivery\_enabled)

Description: Indicates whether image data delivery is enabled.

Type: `bool`

Default: `false`

### <a name="input_text_data_delivery_enabled"></a> [text\_data\_delivery\_enabled](#input\_text\_data\_delivery\_enabled)

Description: Indicates whether text data delivery is enabled.

Type: `bool`

Default: `false`

### <a name="input_key_prefix"></a> [key\_prefix](#input\_key\_prefix)

Description: The key prefix for logging configuration in S3.

Type: `string`

Default: `""`

<!-- TFDOCS_INPUTS_END -->

<!-- TFDOCS_OUTPUTS_START -->
## Outputs

No outputs.
| Name | Description |
|------|-------------|
| <a name="output_bucket_arn"></a> [bucket\_arn](#output\_bucket\_arn) | The ARN of the created S3 bucket. |
| <a name="output_bucket_name"></a> [bucket\_name](#output\_bucket\_name) | The name of the created S3 bucket. |
| <a name="output_bucket_policy_id"></a> [bucket\_policy\_id](#output\_bucket\_policy\_id) | The ID of the S3 bucket policy. |
| <a name="output_key_prefix"></a> [key\_prefix](#output\_key\_prefix) | The key prefix used for the Bedrock logging configuration. |
| <a name="output_logging_bucket_name"></a> [logging\_bucket\_name](#output\_logging\_bucket\_name) | The name of the S3 bucket used for Bedrock model invocation logging. |

<!-- TFDOCS_OUTPUTS_END -->

## License

**[MIT License](LICENSE)**

Copyright (c) 2023 **[Flaconi GmbH](https://github.com/flaconi)**
Copyright (c) 2024 **[Flaconi GmbH](https://github.com/flaconi)**
7 changes: 7 additions & 0 deletions data.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
data "aws_caller_identity" "this" {}

data "aws_region" "this" {}

data "aws_iam_session_context" "this" {
arn = data.aws_caller_identity.this.arn
}
41 changes: 41 additions & 0 deletions examples/simple/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
# Example

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.73 |

## Providers

No providers.

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_logging"></a> [logging](#module\_logging) | ../../ | n/a |

## Resources

No resources.

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_bucket"></a> [bucket](#input\_bucket) | The name of the S3 bucket to be created. | `string` | n/a | yes |
| <a name="input_embedding_data_delivery_enabled"></a> [embedding\_data\_delivery\_enabled](#input\_embedding\_data\_delivery\_enabled) | Indicates whether embedding data delivery is enabled. | `bool` | `false` | no |
| <a name="input_image_data_delivery_enabled"></a> [image\_data\_delivery\_enabled](#input\_image\_data\_delivery\_enabled) | Indicates whether image data delivery is enabled. | `bool` | `false` | no |
| <a name="input_text_data_delivery_enabled"></a> [text\_data\_delivery\_enabled](#input\_text\_data\_delivery\_enabled) | Indicates whether text data delivery is enabled. | `bool` | `false` | no |
| <a name="input_key_prefix"></a> [key\_prefix](#input\_key\_prefix) | The key prefix for logging configuration in S3. | `string` | `""` | no |

## Outputs

| Name | Description |
|------|-------------|
| <a name="output_resources"></a> [resources](#output\_resources) | Information about created resources |

<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
5 changes: 5 additions & 0 deletions examples/simple/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
module "logging" {
source = "../../"
bucket = "my-example-bucket"

}
4 changes: 4 additions & 0 deletions examples/simple/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
output "resources" {
description = "Information about created resources"
value = module.logging
}
28 changes: 28 additions & 0 deletions examples/simple/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
variable "bucket" {
description = "The name of the S3 bucket to be created."
type = string
}

variable "embedding_data_delivery_enabled" {
description = "Indicates whether embedding data delivery is enabled."
type = bool
default = false
}

variable "image_data_delivery_enabled" {
description = "Indicates whether image data delivery is enabled."
type = bool
default = false
}

variable "text_data_delivery_enabled" {
description = "Indicates whether text data delivery is enabled."
type = bool
default = false
}

variable "key_prefix" {
description = "The key prefix for logging configuration in S3."
type = string
default = ""
}
9 changes: 9 additions & 0 deletions examples/simple/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
terraform {
required_version = ">= 1.3"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.73"
}
}
}
53 changes: 53 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
resource "aws_s3_bucket" "this" {
bucket = var.bucket
force_destroy = true
tags = var.tags
}

resource "aws_s3_bucket_policy" "this" {
bucket = aws_s3_bucket.this.bucket

policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "bedrock.amazonaws.com"
},
"Action": [
"s3:*"
],
"Resource": [
"${aws_s3_bucket.this.arn}/*"
],
"Condition": {
"StringEquals": {
"aws:SourceAccount": "${data.aws_caller_identity.this.account_id}"
},
"ArnLike": {
"aws:SourceArn": "arn:aws:bedrock:${data.aws_region.this.name}:${data.aws_caller_identity.this.account_id}:*"
}
}
}
]
}
EOF
}

resource "aws_bedrock_model_invocation_logging_configuration" "this" {
depends_on = [
aws_s3_bucket_policy.this
]

logging_config {
embedding_data_delivery_enabled = var.embedding_data_delivery_enabled
image_data_delivery_enabled = var.image_data_delivery_enabled
text_data_delivery_enabled = var.text_data_delivery_enabled
s3_config {
bucket_name = aws_s3_bucket.this.id
key_prefix = var.key_prefix
}
}
}
24 changes: 24 additions & 0 deletions outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
output "bucket_name" {
description = "The name of the created S3 bucket."
value = aws_s3_bucket.this.bucket
}

output "bucket_arn" {
description = "The ARN of the created S3 bucket."
value = aws_s3_bucket.this.arn
}

output "bucket_policy_id" {
description = "The ID of the S3 bucket policy."
value = aws_s3_bucket_policy.this.id
}

output "logging_bucket_name" {
description = "The name of the S3 bucket used for Bedrock model invocation logging."
value = aws_s3_bucket.this.bucket
}

output "key_prefix" {
description = "The key prefix used for the Bedrock logging configuration."
value = var.key_prefix
}
34 changes: 34 additions & 0 deletions variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
variable "bucket" {
description = "The name of the S3 bucket to be created."
type = string
}

variable "embedding_data_delivery_enabled" {
description = "Indicates whether embedding data delivery is enabled."
type = bool
default = false
}

variable "image_data_delivery_enabled" {
description = "Indicates whether image data delivery is enabled."
type = bool
default = false
}

variable "text_data_delivery_enabled" {
description = "Indicates whether text data delivery is enabled."
type = bool
default = false
}

variable "key_prefix" {
description = "The key prefix for logging configuration in S3."
type = string
default = ""
}

variable "tags" {
description = "A map of tags to assign to the customization job and custom model."
type = map(string)
default = {}
}

0 comments on commit cd5425f

Please sign in to comment.