Skip to main content

150 docs tagged with "provider/aws"

Amazon Web Services provider.

View All Tags

account

This component is responsible for provisioning the full account hierarchy along with Organizational Units (OUs). It

account-map

This component is responsible for provisioning information only: it simply populates Terraform state with data (account

account-quotas

This component is responsible for requesting service quota increases. We recommend making requests here rather than in

account-settings

This component is responsible for provisioning account level settings: IAM password policy, AWS Account Alias, EBS

acm

This component is responsible for requesting an ACM certificate for a domain and adding a CNAME record to the DNS zone

admin-stack

This component is responsible for creating an administrative stack and its

alb

This component is responsible for provisioning a generic Application Load Balancer. It depends on the vpc and

alb-controller-ingress-class

This component deploys a Kubernetes IngressClass resource for the AWS Load Balancer Controller. This is not often

amplify

This component is responsible for provisioning AWS Amplify apps, backend environments, branches, domain associations,

api-gateway-account-settings

This component is responsible for setting the global, regional settings required to allow API Gateway to write to

api-key

This component is responsible for provisioning an API Key for an Amazon Managed Grafana workspace.

argocd

This component is responsible for provisioning Argo CD.

argocd-repo

This component is responsible for creating and managing an ArgoCD desired state repository.

athena

This component is responsible for provisioning an Amazon Athena workgroup, databases, and related resources.

aurora-mysql

This component is responsible for provisioning Aurora MySQL RDS clusters. It seeds relevant database information

aurora-mysql-resources

This component is responsible for provisioning Aurora MySQL resources: additional databases, users, permissions, grants,

aurora-postgres

This component is responsible for provisioning Aurora Postgres RDS clusters. It seeds relevant database information

aurora-postgres-resources

This component is responsible for provisioning Aurora Postgres resources: additional databases, users, permissions,

aws-backup

This component is responsible for provisioning an AWS Backup Plan. It creates a schedule for backing up given ARNs.

aws-config

This component is responsible for configuring AWS Config.

aws-inspector2

This component is responsible for configuring Inspector V2 within an AWS Organization.

aws-saml

This component is responsible for provisioning SAML metadata into AWS IAM as new SAML providers. Additionally, for an

aws-shield

This component is responsible for enabling AWS Shield Advanced Protection for the following resources:

aws-sso

This component is responsible for creating AWS SSO Permission Sets and creating AWS SSO Account Assignments, that

aws-ssosync

Deploys AWS ssosync to sync Google Groups with AWS SSO.

aws-team-roles

This component is responsible for provisioning user and system IAM roles outside the identity account. It sets them up

aws-teams

This component is responsible for provisioning all primary user and system roles into the centralized identity account.

bastion

This component is responsible for provisioning a generic Bastion host within an ASG with parameterized user_data and

cert-manager

This component creates a Helm release for cert-manager on a Kubernetes

cloudtrail

This component is responsible for provisioning cloudtrail auditing in an individual account. It's expected to be used

cloudtrail-bucket

This component is responsible for provisioning a bucket for storing cloudtrail logs for auditing purposes. It's expected

cloudwatch-logs

This component is responsible for creation of CloudWatch Log Streams and Log Groups.

cluster

This component is responsible for provisioning an end-to-end EKS Cluster, including managed node groups and Fargate

cognito

This component is responsible for provisioning and managing AWS Cognito resources.

config-bucket

This module creates an S3 bucket suitable for storing AWS Config data.

connection

This component provisions Glue connections.

crawler

This component provisions Glue crawlers.

dashboard

This component is responsible for provisioning a dashboard an Amazon Managed Grafana workspace.

datadog_keys

Useful submodule for other modules to quickly configure the datadog provider

datadog-agent

This component installs the datadog-agent for EKS clusters.

datadog-configuration

This component is responsible for provisioning SSM or ASM entries for Datadog API keys.

datadog-integration

This component is responsible for provisioning Datadog AWS integrations. It depends on the datadog-configuration

datadog-logs-archive

This component is responsible for provisioning Datadog Log Archives. It creates a single log archive pipeline for each

datadog-monitor

This component is responsible for provisioning Datadog monitors and assigning Datadog roles to the monitors.

dns-delegated

This component is responsible for provisioning a DNS zone which delegates nameservers to the DNS zone in the primary DNS

dns-primary

This component is responsible for provisioning the primary DNS zones into an AWS account. By convention, we typically

documentdb

This component is responsible for provisioning DocumentDB clusters.

dynamodb

This component is responsible for provisioning a DynamoDB table.

ec2-client-vpn

This component is responsible for provisioning VPN Client Endpoints.

ec2-instance

This component is responsible for provisioning a single EC2 instance.

ecr

This component is responsible for provisioning repositories, lifecycle rules, and permissions for streamlined ECR usage.

ecs

This component is responsible for provisioning an ECS Cluster and associated load balancer.

ecs-service

This component is responsible for creating an ECS service.

efs

This component is responsible for provisioning an EFS Network File System with KMS

elasticache-redis

This component is responsible for provisioning ElastiCache Redis clusters.

elasticsearch

This component is responsible for provisioning an Elasticsearch cluster with built-in integrations with Kibana and

endpoint

This component provisions DMS endpoints.

eventbridge

The eventbridge component is a Terraform module that defines a CloudWatch EventBridge rule. The rule is pointed at

external-dns

This component creates a Helm deployment for external-dns on a

external-secrets-operator

This component (ESO) is used to create an external SecretStore configured to synchronize secrets from AWS SSM

github-oidc-provider

This component is responsible for authorizing the GitHub OIDC provider as an Identity provider for an AWS account. It is

github-oidc-role

This component is responsible for creating IAM roles for GitHub Actions to assume.

github-runners

This component is responsible for provisioning EC2 instances for GitHub runners.

github-webhook

This component provisions a GitHub webhook for a single GitHub repository.

global-accelerator

This component is responsible for provisioning AWS Global Accelerator and its listeners.

guardduty

This component is responsible for configuring GuardDuty within an AWS Organization.

hub

This component is responsible for provisioning an AWS Transit Gateway hub

iam

This component provisions IAM roles required for DMS.

iam

This component provisions IAM roles for AWS Glue.

iam-role

This component is responsible for provisioning simple IAM roles. If a more complicated IAM role and policy are desired

idp-roles

This component installs the idp-roles for EKS clusters. These identity provider roles specify several pre-determined

ipam

This component is responsible for provisioning IPAM per region in a centralized account.

job

This component provisions Glue jobs.

karpenter

This component provisions Karpenter on an EKS cluster. It requires at least version 0.32.0 of

keda

This component is used to install the KEDA operator.

kinesis-stream

This component is responsible for provisioning an Amazon Kinesis data stream.

kms

This component is responsible for provisioning a KMS Key.

lakeformation

This component is responsible for provisioning Amazon Lake Formation resources.

lambda

This component is responsible for provisioning Lambda functions.

loki

Grafana Loki is a set of resources that can be combined into a fully featured logging stack. Unlike other logging

loki

This component is responsible for provisioning a Loki data source for an Amazon Managed Grafana workspace.

macie

This component is responsible for configuring Macie within an AWS Organization.

managed-prometheus

This component is responsible for provisioning an Amazon Managed Prometheus data source for an Amazon Managed Grafana

metrics-server

This component creates a Helm release for metrics-server is a

mq-broker

This component is responsible for provisioning an AmazonMQ broker and corresponding security group.

msk

This component is responsible for provisioning Amazon Managed Streaming clusters for

mwaa

This component provisions Amazon managed workflows for Apache Airflow.

network-firewall

This component is responsible for provisioning AWS Network Firewall resources,

opsgenie-team

This component is responsible for provisioning Opsgenie teams and related services, rules, schedules.

prometheus-scraper

This component provisions the an Amazon Managed collector or scraper to connect Amazon Managed Prometheus (AMP) with an

promtail

Promtail is an agent which ships the contents of local logs to a Loki instance.

rds

This component is responsible for provisioning an RDS instance. It seeds relevant database information (hostnames,

redis

This component installs redis for EKS clusters. This is a Self Hosted Redis Cluster installed on EKS.

redis-operator

This component installs redis-operator for EKS clusters. Redis Operator creates/configures/manages high availability

redshift

This component is responsible for provisioning a RedShift instance. It seeds relevant database information (hostnames,

registry

This component provisions Glue registries.

reloader

This component installs the Stakater Reloader for EKS clusters. reloader can

s3-bucket

This component is responsible for provisioning S3 buckets.

schema

This component provisions Glue schemas.

security-hub

This component is responsible for configuring Security Hub within an AWS Organization.

ses

This component is responsible for provisioning SES to act as an SMTP gateway. The credentials used for sending email can

sftp

This component is responsible for provisioning SFTP Endpoints.

snowflake-account

This component sets up the requirements for all other Snowflake components, including creating the Terraform service

snowflake-database

All data in Snowflake is stored in database tables, logically structured as collections of columns and rows. This

sns-topic

This component is responsible for provisioning an SNS topic.

spacelift

These components are responsible for setting up Spacelift and include three components: spacelift/admin-stack,

spaces

This component is responsible for creating and managing the spaces in the

spoke

This component is responsible for provisioning AWS Transit Gateway attachments

sqs-queue

This component is responsible for creating an SQS queue.

ssm-parameters

This component is responsible for provisioning Parameter Store resources against AWS SSM. It supports normal parameter

sso-saml-provider

This component reads sso credentials from SSM Parameter store and provides them as outputs

storage-class

This component is responsible for provisioning StorageClasses in an EKS cluster. See the list of guides and references

strongdm

This component provisions strongDM gateway, relay and roles

tfstate-backend

This component is responsible for provisioning an S3 Bucket and DynamoDB table that follow security best practices for

tgw

AWS Transit Gateway connects your Amazon Virtual Private Clouds (VPCs) and on-premises networks through a central hub.

trigger

This component provisions Glue triggers.

vpc

This component is responsible for provisioning a VPC and corresponding Subnets. Additionally, VPC Flow Logs can

vpc-flow-logs-bucket

This component is responsible for provisioning an encrypted S3 bucket which is configured to receive VPC Flow Logs.

vpc-peering

This component is responsible for creating a peering connection between two VPCs existing in different AWS accounts.

waf

This component is responsible for provisioning an AWS Web Application Firewall (WAF) with an associated managed rule

worker-pool

This component is responsible for provisioning Spacelift worker pools.

workflow

This component provisions Glue workflows.

workspace

This component is responsible for provisioning an Amazon Managed Grafana workspace.

workspace

This component is responsible for provisioning a workspace for Amazon Managed Service for Prometheus, also known as

zscaler

This component is responsible for provisioning ZScaler Private Access Connector instances on Amazon Linux 2 AMIs.