MaterializeInc · dehume · Dec 18, 2023 · Dec 18, 2023 · dehume · Dec 18, 2023
@@ -71,6 +71,19 @@ services:
       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-c2VjcmV0Cg==}
       POSTGRES_USER: ${POSTGRES_USER:-postgres}
       POSTGRES_HOST: ${POSTGRES_HOST:-postgres}
+
+  localstack:
+    container_name: localstack
+    image: localstack/localstack:1.4.0
+    ports:
+      - 4566:4566
+    environment:
+      HOSTNAME: localhost
+      SERVICES: iam
+      AWS_ACCESS_KEY_ID: test
+      AWS_SECRET_ACCESS_KEY: test
+    volumes:
+      - ./integration/localstack/local_stack.sh:/docker-entrypoint-initaws.d/create_localstack_infra.sh
 
   provider:
     build:

@@ -0,0 +1,122 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "materialize_connection_aws Resource - terraform-provider-materialize"
+subcategory: ""
+description: |-
+  An Amazon Web Services (AWS) connection provides Materialize with access to an Identity and Access Management (IAM) user or role in your AWS account.
+---
+
+# materialize_connection_aws (Resource)
+
+An Amazon Web Services (AWS) connection provides Materialize with access to an Identity and Access Management (IAM) user or role in your AWS account.
+
+## Example Usage
+
+```terraform
+# Create a AWS Connection
+resource "materialize_connection_aws" "example_connection" {
+  name              = "example_connection"
+  schema_name       = "public"
+  access_key_id     = "foo"
+  secret_access_key = "bar"
+}
+
+# CREATE CONNECTION example_connection TO AWS WITH (
+#     ACCESS_KEY_ID = 'foo',
+#     SECRET_ACCESS_KEY = 'bar'
+# );
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) The identifier for the connection.
+
+### Optional
+
+- `access_key_id` (Block List, Max: 1) The access key ID to connect with.. Can be supplied as either free text using `text` or reference to a secret object using `secret`. (see [below for nested schema](#nestedblock--access_key_id))
+- `assume_role_arn` (String) The Amazon Resource Name (ARN) of the IAM role to assume.
+- `assume_role_session_name` (String) The session name to use when assuming the role.
+- `comment` (String) **Private Preview** Comment on an object in the database.
+- `database_name` (String) The identifier for the connection database. Defaults to `MZ_DATABASE` environment variable if set or `materialize` if environment variable is not set.
+- `endpoint` (String) Override the default AWS endpoint URL.
+- `ownership_role` (String) The owernship role of the object.
+- `region` (String) The AWS region to connect to.
+- `schema_name` (String) The identifier for the connection schema. Defaults to `public`.
+- `secret_access_key` (Block List, Max: 1) The secret access key corresponding to the specified access key ID. (see [below for nested schema](#nestedblock--secret_access_key))
+- `session_token` (Block List, Max: 1) The session token corresponding to the specified access key ID.. Can be supplied as either free text using `text` or reference to a secret object using `secret`. (see [below for nested schema](#nestedblock--session_token))
+- `validate` (Boolean) **Private Preview** If the connection should wait for validation.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `qualified_sql_name` (String) The fully qualified name of the connection.
+
+<a id="nestedblock--access_key_id"></a>
+### Nested Schema for `access_key_id`
+
+Optional:
+
+- `secret` (Block List, Max: 1) The `access_key_id` secret value. Conflicts with `text` within this block. (see [below for nested schema](#nestedblock--access_key_id--secret))
+- `text` (String, Sensitive) The `access_key_id` text value. Conflicts with `secret` within this block
+
+<a id="nestedblock--access_key_id--secret"></a>
+### Nested Schema for `access_key_id.secret`
+
+Required:
+
+- `name` (String) The access_key_id name.
+
+Optional:
+
+- `database_name` (String) The access_key_id database name. Defaults to `MZ_DATABASE` environment variable if set or `materialize` if environment variable is not set.
+- `schema_name` (String) The access_key_id schema name. Defaults to `public`.
+
+
+
+<a id="nestedblock--secret_access_key"></a>
+### Nested Schema for `secret_access_key`
+
+Required:
+
+- `name` (String) The secret_access_key name.
+
+Optional:
+
+- `database_name` (String) The secret_access_key database name. Defaults to `MZ_DATABASE` environment variable if set or `materialize` if environment variable is not set.
+- `schema_name` (String) The secret_access_key schema name. Defaults to `public`.
+
+
+<a id="nestedblock--session_token"></a>
+### Nested Schema for `session_token`
+
+Optional:
+
+- `secret` (Block List, Max: 1) The `session_token` secret value. Conflicts with `text` within this block. (see [below for nested schema](#nestedblock--session_token--secret))
+- `text` (String, Sensitive) The `session_token` text value. Conflicts with `secret` within this block
+
+<a id="nestedblock--session_token--secret"></a>
+### Nested Schema for `session_token.secret`
+
+Required:
+
+- `name` (String) The session_token name.
+
+Optional:
+
+- `database_name` (String) The session_token database name. Defaults to `MZ_DATABASE` environment variable if set or `materialize` if environment variable is not set.
+- `schema_name` (String) The session_token schema name. Defaults to `public`.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+#Connections can be imported using the connection id:
+terraform import materialize_connection_aws.example <region>:<connection_id>
+
+# Connection id and information be found in the `mz_catalog.mz_connections` table
+# The region is the region where the database is located (e.g. aws/us-east-1)
+```
@@ -13,7 +13,7 @@ An AWS PrivateLink connection establishes a link to an AWS PrivateLink service.
 ## Example Usage
 
 ```terraform
-# # Create a AWS Private Connection
+# Create a AWS Private Connection
 # Note: you need the max_aws_privatelink_connections increased for this to work:
 # show max_aws_privatelink_connections;
 resource "materialize_connection_aws_privatelink" "example_privatelink_connection" {

@@ -0,0 +1,5 @@
+#Connections can be imported using the connection id:
+terraform import materialize_connection_aws.example <region>:<connection_id>
+
+# Connection id and information be found in the `mz_catalog.mz_connections` table
+# The region is the region where the database is located (e.g. aws/us-east-1)
@@ -0,0 +1,12 @@
+# Create a AWS Connection
+resource "materialize_connection_aws" "example_connection" {
+  name              = "example_connection"
+  schema_name       = "public"
+  access_key_id     = "foo"
+  secret_access_key = "bar"
+}
+
+# CREATE CONNECTION example_connection TO AWS WITH (
+#     ACCESS_KEY_ID = 'foo',
+#     SECRET_ACCESS_KEY = 'bar'
+# );
@@ -1,4 +1,4 @@
-# # Create a AWS Private Connection
+# Create a AWS Private Connection
 # Note: you need the max_aws_privatelink_connections increased for this to work:
 # show max_aws_privatelink_connections;
 resource "materialize_connection_aws_privatelink" "example_privatelink_connection" {

@@ -297,6 +297,20 @@ resource "materialize_connection_postgres" "postgres_ssl_connection" {
   validate = false
 }
 
+resource "materialize_connection_aws" "aws_conn" {
+  name     = "aws_conn"
+  endpoint = "http://localhost:4566"
+  access_key_id {
+    text = "test"
+  }
+  secret_access_key {
+    name          = materialize_secret.aws_password.name
+    database_name = materialize_secret.aws_password.database_name
+    schema_name   = materialize_secret.aws_password.schema_name
+  }
+  validate = false
+}
+
 resource "materialize_connection_grant" "connection_grant_usage" {
   role_name       = materialize_role.role_1.name
   privilege       = "USAGE"

@@ -0,0 +1,4 @@
+#/bin/bash
+set -x
+
+awslocal iam create-user --user-name terraform
@@ -18,6 +18,13 @@ resource "materialize_secret" "kafka_password" {
   value         = "c2VjcmV0Cg=="
 }
 
+resource "materialize_secret" "aws_password" {
+  name          = "aws_password"
+  schema_name   = materialize_schema.schema.name
+  database_name = materialize_database.database.name
+  value         = "test"
+}
+
 resource "materialize_secret_grant" "secret_grant_usage" {
   role_name     = materialize_role.role_1.name
   privilege     = "USAGE"