Truefoundry AWS Control Plane Module
| Name | Version |
|---|---|
| terraform | ~> 1.4 |
| aws | ~> 5.57 |
| random | ~> 3.6 |
| Name | Version |
|---|---|
| aws | ~> 5.57 |
| random | ~> 3.6 |
| Name | Source | Version |
|---|---|---|
| truefoundry_bucket | terraform-aws-modules/s3-bucket/aws | 3.14.0 |
| truefoundry_oidc_iam | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | 5.39.1 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| aws_account_id | AWS Account ID | string |
n/a | yes |
| aws_region | EKS Cluster region | string |
n/a | yes |
| cluster_name | Cluster name | string |
n/a | yes |
| cluster_oidc_issuer_url | The oidc url of the eks cluster | string |
n/a | yes |
| iam_database_authentication_enabled | Enable IAM database authentication | bool |
false |
no |
| manage_master_user_password | Enable master user password management. If set to true master user management is done by RDS in secrets manager, if false a random password is generated | bool |
false |
no |
| manage_master_user_password_rotation | Enable master user password rotation | bool |
false |
no |
| master_user_password_rotate_immediately | Rotate master user password immediately | bool |
false |
no |
| master_user_password_rotation_automatically_after_days | Rotate master user password automatically after days | number |
90 |
no |
| master_user_password_rotation_duration | Master user password rotation duration | string |
"3h" |
no |
| mlfoundry_k8s_namespace | The k8s mlfoundry namespace | string |
"truefoundry" |
no |
| mlfoundry_k8s_service_account | The k8s mlfoundry service account name | string |
"mlfoundry-server" |
no |
| svcfoundry_k8s_namespace | The k8s svcfoundry namespace | string |
"truefoundry" |
no |
| svcfoundry_k8s_service_account | The k8s svcfoundry service account name | string |
"servicefoundry-server" |
no |
| tags | AWS Tags common to all the resources created | map(string) |
{} |
no |
| tfy_workflow_admin_k8s_namespace | The k8s tfy workflow admin namespace | string |
"truefoundry" |
no |
| tfy_workflow_admin_k8s_service_account | The k8s tfy workflow admin service account name | string |
"tfy-workflow-admin" |
no |
| truefoundry_artifact_buckets_will_read | A list of bucket IDs mlfoundry will need read access to, in order to show the stored artifacts. It accepts any valid IAM resource, including ARNs with wildcards, so you can do something like arn:aws:s3:::bucket-prefix-* | list(string) |
[] |
no |
| truefoundry_cloudwatch_log_exports | Set of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported | list(string) |
[ |
no |
| truefoundry_db_allocated_storage | Storage for RDS. Minimum storage allowed for gp3 volumes is 20GB | string |
"20" |
no |
| truefoundry_db_backup_retention_period | Backup retention period for RDS | number |
14 |
no |
| truefoundry_db_database_name | Name of the database in DB | string |
"ctl" |
no |
| truefoundry_db_deletion_protection | n/a | bool |
true |
no |
| truefoundry_db_enable_insights | Enable insights to truefoundry db | bool |
false |
no |
| truefoundry_db_enable_override | Enable override for truefoundry db name. You must pass truefoundry_db_override_name | bool |
false |
no |
| truefoundry_db_enabled | variable to enable/disable truefoundry db creation | bool |
true |
no |
| truefoundry_db_engine_version | Truefoundry DB Postgres version | string |
"13.14" |
no |
| truefoundry_db_ingress_cidr_blocks | CIDR blocks allowed to connect to the database | list(string) |
[] |
no |
| truefoundry_db_ingress_security_group | SG allowed to connect to the database | string |
n/a | yes |
| truefoundry_db_instance_class | Instance class for RDS | string |
"db.t3.medium" |
no |
| truefoundry_db_max_allocated_storage | Max allowed storage for RDS when autoscaling is enabled | string |
"30" |
no |
| truefoundry_db_multiple_az | Enable Multi-az (standby) instances for RDS instances | bool |
false |
no |
| truefoundry_db_override_name | Override name for truefoundry db.This is the name of the RDS resources in AWS . truefoundry_db_enable_override must be set true | string |
"" |
no |
| truefoundry_db_publicly_accessible | Make database publicly accessible. Subnets and SG must match | string |
false |
no |
| truefoundry_db_skip_final_snapshot | n/a | bool |
false |
no |
| truefoundry_db_storage_encrypted | n/a | bool |
true |
no |
| truefoundry_db_storage_iops | Provisioned IOPS for the db | number |
0 |
no |
| truefoundry_db_storage_type | Storage type for truefoundry db | string |
"gp3" |
no |
| truefoundry_db_subnet_ids | List of subnets where the RDS database will be deployed | list(string) |
n/a | yes |
| truefoundry_iam_role_enabled | variable to enable/disable truefoundry iam role creation | bool |
true |
no |
| truefoundry_k8s_namespace | Truefoundry k8s namespace | string |
"truefoundry" |
no |
| truefoundry_s3_cors_origins | List of CORS origins for Mlfoundry bucket | list(string) |
[ |
no |
| truefoundry_s3_enable_override | Enable override for s3 bucket name. You must pass truefoundry_s3_override_name | bool |
false |
no |
| truefoundry_s3_enabled | variable to enable/disable truefoundry s3 bucket creation | bool |
true |
no |
| truefoundry_s3_encryption_algorithm | Algorithm used for encrypting the default bucket. | string |
"AES256" |
no |
| truefoundry_s3_encryption_key_arn | ARN of the key used to encrypt the bucket. Only needed if you set aws:kms as encryption algorithm. | string |
null |
no |
| truefoundry_s3_force_destroy | Force destroy for mlfoundry s3 bucket | bool |
false |
no |
| truefoundry_s3_override_name | Override name for s3 bucket. truefoundry_s3_enable_override must be set true | string |
"" |
no |
| truefoundry_service_account | Truefoundry k8s service name | string |
"truefoundry" |
no |
| vpc_id | AWS VPC to deploy Truefoundry rds | string |
n/a | yes |
| Name | Description |
|---|---|
| truefoundry_bucket_id | n/a |
| truefoundry_db_address | n/a |
| truefoundry_db_database_name | n/a |
| truefoundry_db_endpoint | n/a |
| truefoundry_db_engine | n/a |
| truefoundry_db_id | n/a |
| truefoundry_db_password | n/a |
| truefoundry_db_port | n/a |
| truefoundry_db_username | n/a |
| truefoundry_iam_role_arn | n/a |