From 17628d0dc4dce4fa70113a6e815bb312f0beb3eb Mon Sep 17 00:00:00 2001 From: Edgar Costa Date: Mon, 12 Aug 2024 16:41:37 -0300 Subject: [PATCH] feat: Add Keyspaces, CloudWatch, MQ, Organizations, Route 53, Route 53 Resolver and Secrets Manager Controllers (#72) --- README.md | 28 ++ examples/complete/README.md | 96 ++--- examples/complete/main.tf | 7 + main.tf | 687 ++++++++++++++++++++++++++++++++++++ outputs.tf | 42 +++ variables.tf | 113 ++++++ 6 files changed, 932 insertions(+), 41 deletions(-) diff --git a/README.md b/README.md index 55791fe..983e597 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,13 @@ module "eks_ack_addons" { ecrpublic_token = "" # Controllers to enable + enable_secretsmanager = true + enable_route53resolver = true + enable_route53 = true + enable_organizations = true + enable_mq = true + enable_cloudwatch = true + enable_keyspaces = true enable_kafka = true enable_efs = true enable_ecs = true @@ -83,6 +90,7 @@ Examples codified under the [`examples`](https://github.com/aws-ia/terraform-aws | [applicationautoscaling](#module\_applicationautoscaling) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | | [cloudfront](#module\_cloudfront) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | | [cloudtrail](#module\_cloudtrail) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | +| [cloudwatch](#module\_cloudwatch) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | | [dynamodb](#module\_dynamodb) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | | [ec2](#module\_ec2) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | | [ecr](#module\_ecr) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | @@ -94,14 +102,20 @@ Examples codified under the [`examples`](https://github.com/aws-ia/terraform-aws | [eventbridge](#module\_eventbridge) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | | [iam](#module\_iam) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | | [kafka](#module\_kafka) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | +| [keyspaces](#module\_keyspaces) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | | [kms](#module\_kms) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | | [lambda](#module\_lambda) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | | [memorydb](#module\_memorydb) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | +| [mq](#module\_mq) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | | [opensearchservice](#module\_opensearchservice) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | +| [organizations](#module\_organizations) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | | [prometheusservice](#module\_prometheusservice) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | | [rds](#module\_rds) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | +| [route53](#module\_route53) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | +| [route53resolver](#module\_route53resolver) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | | [s3](#module\_s3) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | | [sagemaker](#module\_sagemaker) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | +| [secretsmanager](#module\_secretsmanager) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | | [sfn](#module\_sfn) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | | [sns](#module\_sns) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | | [sqs](#module\_sqs) | aws-ia/eks-blueprints-addon/aws | 1.1.1 | @@ -140,6 +154,7 @@ Examples codified under the [`examples`](https://github.com/aws-ia/terraform-aws | [applicationautoscaling](#input\_applicationautoscaling) | ACK Application Autoscaling Helm Chart config | `any` | `{}` | no | | [cloudfront](#input\_cloudfront) | ACK cloudfront Helm Chart config | `any` | `{}` | no | | [cloudtrail](#input\_cloudtrail) | ACK Cloudtrail Helm Chart config | `any` | `{}` | no | +| [cloudwatch](#input\_cloudwatch) | ACK CloudWatch Helm Chart config | `any` | `{}` | no | | [cluster\_endpoint](#input\_cluster\_endpoint) | Endpoint for your Kubernetes API server | `string` | n/a | yes | | [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | n/a | yes | | [create\_delay\_dependencies](#input\_create\_delay\_dependencies) | Dependency attribute which must be resolved before starting the `create_delay_duration` | `list(string)` | `[]` | no | @@ -160,6 +175,7 @@ Examples codified under the [`examples`](https://github.com/aws-ia/terraform-aws | [enable\_applicationautoscaling](#input\_enable\_applicationautoscaling) | Enable ACK Application Autoscaling add-on | `bool` | `false` | no | | [enable\_cloudfront](#input\_enable\_cloudfront) | Enable ACK Cloudfront add-on | `bool` | `false` | no | | [enable\_cloudtrail](#input\_enable\_cloudtrail) | Enable ACK Cloudtrail add-on | `bool` | `false` | no | +| [enable\_cloudwatch](#input\_enable\_cloudwatch) | Enable ACK CloudWatch add-on | `bool` | `false` | no | | [enable\_dynamodb](#input\_enable\_dynamodb) | Enable ACK dynamodb add-on | `bool` | `false` | no | | [enable\_ec2](#input\_enable\_ec2) | Enable ACK ec2 add-on | `bool` | `false` | no | | [enable\_ecr](#input\_enable\_ecr) | Enable ACK ECR add-on | `bool` | `false` | no | @@ -171,29 +187,41 @@ Examples codified under the [`examples`](https://github.com/aws-ia/terraform-aws | [enable\_eventbridge](#input\_enable\_eventbridge) | Enable ACK EventBridge add-on | `bool` | `false` | no | | [enable\_iam](#input\_enable\_iam) | Enable ACK iam add-on | `bool` | `false` | no | | [enable\_kafka](#input\_enable\_kafka) | Enable ACK Kafka add-on | `bool` | `false` | no | +| [enable\_keyspaces](#input\_enable\_keyspaces) | Enable ACK Keyspaces add-on | `bool` | `false` | no | | [enable\_kms](#input\_enable\_kms) | Enable ACK kms add-on | `bool` | `false` | no | | [enable\_lambda](#input\_enable\_lambda) | Enable ACK Lambda add-on | `bool` | `false` | no | | [enable\_memorydb](#input\_enable\_memorydb) | Enable ACK MemoryDB add-on | `bool` | `false` | no | +| [enable\_mq](#input\_enable\_mq) | Enable ACK MQ add-on | `bool` | `false` | no | | [enable\_opensearchservice](#input\_enable\_opensearchservice) | Enable ACK Opensearch Service add-on | `bool` | `false` | no | +| [enable\_organizations](#input\_enable\_organizations) | Enable ACK Organizations add-on | `bool` | `false` | no | | [enable\_prometheusservice](#input\_enable\_prometheusservice) | Enable ACK prometheusservice add-on | `bool` | `false` | no | | [enable\_rds](#input\_enable\_rds) | Enable ACK rds add-on | `bool` | `false` | no | +| [enable\_route53](#input\_enable\_route53) | Enable ACK Route 53 add-on | `bool` | `false` | no | +| [enable\_route53resolver](#input\_enable\_route53resolver) | Enable ACK Route 53 Resolver add-on | `bool` | `false` | no | | [enable\_s3](#input\_enable\_s3) | Enable ACK s3 add-on | `bool` | `false` | no | | [enable\_sagemaker](#input\_enable\_sagemaker) | Enable ACK Sagemaker add-on | `bool` | `false` | no | +| [enable\_secretsmanager](#input\_enable\_secretsmanager) | Enable ACK Secrets Manager add-on | `bool` | `false` | no | | [enable\_sfn](#input\_enable\_sfn) | Enable ACK step functions add-on | `bool` | `false` | no | | [enable\_sns](#input\_enable\_sns) | Enable ACK SNS add-on | `bool` | `false` | no | | [enable\_sqs](#input\_enable\_sqs) | Enable ACK SQS add-on | `bool` | `false` | no | | [eventbridge](#input\_eventbridge) | ACK EventBridge Helm Chart config | `any` | `{}` | no | | [iam](#input\_iam) | ACK iam Helm Chart config | `any` | `{}` | no | | [kafka](#input\_kafka) | ACK Kafka Helm Chart config | `any` | `{}` | no | +| [keyspaces](#input\_keyspaces) | ACK Keyspaces Helm Chart config | `any` | `{}` | no | | [kms](#input\_kms) | ACK kms Helm Chart config | `any` | `{}` | no | | [lambda](#input\_lambda) | ACK Lambda Helm Chart config | `any` | `{}` | no | | [memorydb](#input\_memorydb) | ACK MemoryDB Helm Chart config | `any` | `{}` | no | +| [mq](#input\_mq) | ACK MQ Helm Chart config | `any` | `{}` | no | | [oidc\_provider\_arn](#input\_oidc\_provider\_arn) | The ARN of the cluster OIDC Provider | `string` | n/a | yes | | [opensearchservice](#input\_opensearchservice) | ACK Opensearch Service Helm Chart config | `any` | `{}` | no | +| [organizations](#input\_organizations) | ACK Organizations Helm Chart config | `any` | `{}` | no | | [prometheusservice](#input\_prometheusservice) | ACK prometheusservice Helm Chart config | `any` | `{}` | no | | [rds](#input\_rds) | ACK rds Helm Chart config | `any` | `{}` | no | +| [route53](#input\_route53) | ACK Route 53 Helm Chart config | `any` | `{}` | no | +| [route53resolver](#input\_route53resolver) | ACK Route 53 Resolver Helm Chart config | `any` | `{}` | no | | [s3](#input\_s3) | ACK s3 Helm Chart config | `any` | `{}` | no | | [sagemaker](#input\_sagemaker) | ACK Sagemaker Helm Chart config | `any` | `{}` | no | +| [secretsmanager](#input\_secretsmanager) | ACK Secrets Manager Helm Chart config | `any` | `{}` | no | | [sfn](#input\_sfn) | ACK step functions Helm Chart config | `any` | `{}` | no | | [sns](#input\_sns) | ACK SNS Helm Chart config | `any` | `{}` | no | | [sqs](#input\_sqs) | ACK SQS Helm Chart config | `any` | `{}` | no | diff --git a/examples/complete/README.md b/examples/complete/README.md index d402eba..2f50064 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -1,6 +1,13 @@ # Complete Example Configuration in this directory creates an AWS EKS cluster with the following ACK addons: +- AWS Secrets Manager +- Amazon Route53Resolver +- Amazon Route 53 +- Amazon Organizations +- Amazon MQ +- Amazon CloudWatch +- Amazon Keyspaces - Amazon Kafka - Amazon EFS - Amazon ECS @@ -68,47 +75,54 @@ aws eks --region update-kubeconfig --name kubectl get pods -A NAMESPACE NAME READY STATUS RESTARTS AGE -ack-system ack-acm-5697f4c5b4-bpkrg 1/1 Running 0 10m -ack-system ack-apigatewayv2-76d6bbd788-82m2h 1/1 Running 0 9m37s -ack-system ack-applicationautoscaling-5fd6c8bf8f-kl4gt 1/1 Running 0 8m58s -ack-system ack-cloudfront-544f4887c4-dr6ds 1/1 Running 0 8m12s -ack-system ack-cloudtrail-5dc78b7576-hnk4d 1/1 Running 0 10m -ack-system ack-dynamodb-7f4b47488d-tftpf 1/1 Running 0 8m37s -ack-system ack-ec2-5fbf6f55d9-smb4k 1/1 Running 0 9m37s -ack-system ack-ecr-5b4699f87b-j6kxq 1/1 Running 0 9m7s -ack-system ack-ecs-74d8d67695-dbpth 1/1 Running 0 10m -ack-system ack-efs-7b9f965b96-rpwts 1/1 Running 0 9m54s -ack-system ack-eks-54945d94d4-6stzs 1/1 Running 0 8m34s -ack-system ack-elasticache-5758ff66bd-dwfkh 1/1 Running 0 10m -ack-system ack-emrcontainers-74c5d7b8c-bljlk 1/1 Running 0 10m -ack-system ack-eventbridge-b76bd85b8-rxgsf 1/1 Running 0 9m46s -ack-system ack-iam-89dd5d6b5-2hzch 1/1 Running 0 8m24s -ack-system ack-kafka-7bd95bd59-pz258 1/1 Running 0 9m40s -ack-system ack-kms-58b89848db-p4w6c 1/1 Running 0 8m21s -ack-system ack-lambda-65bd7fbc8d-529d7 1/1 Running 0 10m -ack-system ack-memorydb-76c988f6dd-phbsc 1/1 Running 0 8m7s -ack-system ack-opensearchservice-7fd9d8c866-fg6h6 1/1 Running 0 8m33s -ack-system ack-prometheusservice-6d657cd878-kcdsh 1/1 Running 0 9m58s -ack-system ack-rds-7df84bf989-87j4s 1/1 Running 0 9m31s -ack-system ack-s3-6ffc4698c6-kg8vw 1/1 Running 0 8m28s -ack-system ack-sagemaker-74f65d4cb9-dzxng 1/1 Running 0 8m24s -ack-system ack-sfn-6b875794cb-k7dnb 1/1 Running 0 10m -ack-system ack-sns-5c75794dbc-6n42j 1/1 Running 0 10m -ack-system ack-sqs-55dfc46cd6-n6qb8 1/1 Running 0 10m -kube-system aws-load-balancer-controller-84b5bf9c5f-k88tj 1/1 Running 0 10m -kube-system aws-load-balancer-controller-84b5bf9c5f-xqczl 1/1 Running 0 10m -kube-system aws-node-6kswr 2/2 Running 0 8m22s -kube-system aws-node-8fkb7 2/2 Running 0 8m26s -kube-system aws-node-c482x 2/2 Running 0 8m18s -kube-system coredns-787cb67946-lsxph 1/1 Running 0 14m -kube-system coredns-787cb67946-zbq6s 1/1 Running 0 14m -kube-system eks-pod-identity-agent-6b2bc 1/1 Running 0 8m39s -kube-system eks-pod-identity-agent-b8gh8 1/1 Running 0 8m39s -kube-system eks-pod-identity-agent-cq5kr 1/1 Running 0 8m39s -kube-system kube-proxy-6jn9z 1/1 Running 0 10m -kube-system kube-proxy-6mfvr 1/1 Running 0 10m -kube-system kube-proxy-k4c6w 1/1 Running 0 10m -kube-system metrics-server-7577444cf8-f4vgk 1/1 Running 0 11m +ack-system ack-acm-5697f4c5b4-z48sv 1/1 Running 0 30m +ack-system ack-apigatewayv2-76d6bbd788-pxlv9 1/1 Running 0 27m +ack-system ack-applicationautoscaling-5fd6c8bf8f-tjhhq 1/1 Running 0 28m +ack-system ack-cloudfront-544f4887c4-cn48r 1/1 Running 0 27m +ack-system ack-cloudtrail-5dc78b7576-jpjd6 1/1 Running 0 26m +ack-system ack-cloudwatch-5b844f47db-cl6ht 1/1 Running 0 28m +ack-system ack-dynamodb-7f4b47488d-kf7gd 1/1 Running 0 30m +ack-system ack-ec2-5fbf6f55d9-qrpj6 1/1 Running 0 29m +ack-system ack-ecr-5b4699f87b-27k4t 1/1 Running 0 27m +ack-system ack-ecs-74d8d67695-tw9fp 1/1 Running 0 28m +ack-system ack-efs-7b9f965b96-htcxj 1/1 Running 0 28m +ack-system ack-eks-54945d94d4-pn25c 1/1 Running 0 30m +ack-system ack-elasticache-5758ff66bd-69w79 1/1 Running 0 29m +ack-system ack-emrcontainers-74c5d7b8c-4rpkf 1/1 Running 0 29m +ack-system ack-eventbridge-b76bd85b8-cl75j 1/1 Running 0 30m +ack-system ack-iam-89dd5d6b5-4vb82 1/1 Running 0 28m +ack-system ack-kafka-7bd95bd59-25kkb 1/1 Running 0 28m +ack-system ack-keyspaces-6cc9bbc575-klxtw 1/1 Running 0 26m +ack-system ack-kms-58b89848db-wh6wq 1/1 Running 0 27m +ack-system ack-lambda-65bd7fbc8d-8qllw 1/1 Running 0 27m +ack-system ack-memorydb-76c988f6dd-dm22w 1/1 Running 0 29m +ack-system ack-mq-85b69db6c-hdwqg 1/1 Running 0 26m +ack-system ack-opensearchservice-7fd9d8c866-5l6wh 1/1 Running 0 29m +ack-system ack-organizations-784c69d659-xcm29 1/1 Running 0 27m +ack-system ack-prometheusservice-6d657cd878-q492w 1/1 Running 0 30m +ack-system ack-rds-7df84bf989-jmpzh 1/1 Running 0 26m +ack-system ack-route53-5d45dcbf66-lchwf 1/1 Running 0 27m +ack-system ack-route53resolver-696cf68868-znnsv 1/1 Running 0 26m +ack-system ack-s3-6ffc4698c6-5sfwg 1/1 Running 0 30m +ack-system ack-sagemaker-74f65d4cb9-tqcnm 1/1 Running 0 27m +ack-system ack-secretsmanager-7974695c58-8p29t 1/1 Running 0 30m +ack-system ack-sfn-6b875794cb-fnrz4 1/1 Running 0 26m +ack-system ack-sns-5c75794dbc-5vs5r 1/1 Running 0 27m +ack-system ack-sqs-55dfc46cd6-tgc68 1/1 Running 0 26m +kube-system aws-load-balancer-controller-84b5bf9c5f-wmj6s 1/1 Running 0 28m +kube-system aws-load-balancer-controller-84b5bf9c5f-xz5bd 1/1 Running 0 28m +kube-system aws-node-48drm 2/2 Running 0 26m +kube-system aws-node-7jmr4 2/2 Running 0 26m +kube-system aws-node-dc8tz 2/2 Running 0 26m +kube-system coredns-787cb67946-69dqt 1/1 Running 0 33m +kube-system coredns-787cb67946-nblvh 1/1 Running 0 33m +kube-system eks-pod-identity-agent-5vflt 1/1 Running 0 27m +kube-system eks-pod-identity-agent-ltjcq 1/1 Running 0 27m +kube-system eks-pod-identity-agent-rb8jn 1/1 Running 0 27m +kube-system kube-proxy-mz99j 1/1 Running 0 30m +kube-system kube-proxy-prj6l 1/1 Running 0 30m +kube-system kube-proxy-rsfsz 1/1 Running 0 30m +kube-system metrics-server-7577444cf8-vj4lt 1/1 Running 0 31m ``` ## Sample Application Deployment diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 27b136c..4c9a82d 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -131,6 +131,13 @@ module "eks_ack_addons" { ecrpublic_token = data.aws_ecrpublic_authorization_token.token.password # Controllers to enable + enable_secretsmanager = true + enable_route53resolver = true + enable_route53 = true + enable_organizations = true + enable_mq = true + enable_cloudwatch = true + enable_keyspaces = true enable_kafka = true enable_efs = true enable_ecs = true diff --git a/main.tf b/main.tf index 3cb3ded..935ccd9 100644 --- a/main.tf +++ b/main.tf @@ -33,6 +33,693 @@ locals { repository_password = var.create_kubernetes_resources ? var.ecrpublic_token : "" } +################################################################################ +# Secrets Manager +################################################################################ + +locals { + secretsmanager_name = "ack-secretsmanager" +} + +module "secretsmanager" { + source = "aws-ia/eks-blueprints-addon/aws" + version = "1.1.1" + + create = var.enable_secretsmanager + + # Disable helm release + create_release = var.create_kubernetes_resources + + # public.ecr.aws/aws-controllers-k8s/secretsmanager-chart:0.0.9 + name = try(var.secretsmanager.name, local.secretsmanager_name) + description = try(var.secretsmanager.description, "Helm Chart for Secrets Manager controller for ACK") + namespace = try(var.secretsmanager.namespace, "ack-system") + create_namespace = try(var.secretsmanager.create_namespace, true) + chart = "secretsmanager-chart" + chart_version = try(var.secretsmanager.chart_version, "0.0.9") + repository = try(var.secretsmanager.repository, "oci://public.ecr.aws/aws-controllers-k8s") + values = try(var.secretsmanager.values, []) + + timeout = try(var.secretsmanager.timeout, null) + repository_key_file = try(var.secretsmanager.repository_key_file, null) + repository_cert_file = try(var.secretsmanager.repository_cert_file, null) + repository_ca_file = try(var.secretsmanager.repository_ca_file, null) + repository_username = try(var.secretsmanager.repository_username, local.repository_username) + repository_password = try(var.secretsmanager.repository_password, local.repository_password) + devel = try(var.secretsmanager.devel, null) + verify = try(var.secretsmanager.verify, null) + keyring = try(var.secretsmanager.keyring, null) + disable_webhooks = try(var.secretsmanager.disable_webhooks, null) + reuse_values = try(var.secretsmanager.reuse_values, null) + reset_values = try(var.secretsmanager.reset_values, null) + force_update = try(var.secretsmanager.force_update, null) + recreate_pods = try(var.secretsmanager.recreate_pods, null) + cleanup_on_fail = try(var.secretsmanager.cleanup_on_fail, null) + max_history = try(var.secretsmanager.max_history, null) + atomic = try(var.secretsmanager.atomic, null) + skip_crds = try(var.secretsmanager.skip_crds, null) + render_subchart_notes = try(var.secretsmanager.render_subchart_notes, null) + disable_openapi_validation = try(var.secretsmanager.disable_openapi_validation, null) + wait = try(var.secretsmanager.wait, false) + wait_for_jobs = try(var.secretsmanager.wait_for_jobs, null) + dependency_update = try(var.secretsmanager.dependency_update, null) + replace = try(var.secretsmanager.replace, null) + lint = try(var.secretsmanager.lint, null) + + postrender = try(var.secretsmanager.postrender, []) + + set = concat([ + { + # shortens pod name from `ack-secretsmanager-secretsmanager-chart-xxxxxxxxxxxxx` to `ack-secretsmanager-xxxxxxxxxxxxx` + name = "nameOverride" + value = "ack-secretsmanager" + }, + { + name = "aws.region" + value = local.region + }, + { + name = "serviceAccount.name" + value = local.secretsmanager_name + }], + try(var.secretsmanager.set, []) + ) + set_sensitive = try(var.secretsmanager.set_sensitive, []) + + # IAM role for service account (IRSA) + set_irsa_names = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"] + create_role = try(var.secretsmanager.create_role, true) + role_name = try(var.secretsmanager.role_name, "ack-secretsmanager") + role_name_use_prefix = try(var.secretsmanager.role_name_use_prefix, true) + role_path = try(var.secretsmanager.role_path, "/") + role_permissions_boundary_arn = lookup(var.secretsmanager, "role_permissions_boundary_arn", null) + role_description = try(var.secretsmanager.role_description, "IRSA for Secrets Manager controller for ACK") + role_policies = lookup(var.secretsmanager, "role_policies", { + SecretsManagerReadWrite = "${local.iam_role_policy_prefix}/SecretsManagerReadWrite" + }) + + create_policy = try(var.secretsmanager.create_policy, false) + + oidc_providers = { + this = { + provider_arn = local.oidc_provider_arn + # namespace is inherited from chart + service_account = local.secretsmanager_name + } + } + + tags = var.tags +} + +################################################################################ +# Route 53 Resolver +################################################################################ + +locals { + route53resolver_name = "ack-route53resolver" +} + +module "route53resolver" { + source = "aws-ia/eks-blueprints-addon/aws" + version = "1.1.1" + + create = var.enable_route53resolver + + # Disable helm release + create_release = var.create_kubernetes_resources + + # public.ecr.aws/aws-controllers-k8s/route53resolver-chart:0.0.9 + name = try(var.route53resolver.name, local.route53resolver_name) + description = try(var.route53resolver.description, "Helm Chart for Route53Resolver controller for ACK") + namespace = try(var.route53resolver.namespace, "ack-system") + create_namespace = try(var.route53resolver.create_namespace, true) + chart = "route53resolver-chart" + chart_version = try(var.route53resolver.chart_version, "0.0.9") + repository = try(var.route53resolver.repository, "oci://public.ecr.aws/aws-controllers-k8s") + values = try(var.route53resolver.values, []) + + timeout = try(var.route53resolver.timeout, null) + repository_key_file = try(var.route53resolver.repository_key_file, null) + repository_cert_file = try(var.route53resolver.repository_cert_file, null) + repository_ca_file = try(var.route53resolver.repository_ca_file, null) + repository_username = try(var.route53resolver.repository_username, local.repository_username) + repository_password = try(var.route53resolver.repository_password, local.repository_password) + devel = try(var.route53resolver.devel, null) + verify = try(var.route53resolver.verify, null) + keyring = try(var.route53resolver.keyring, null) + disable_webhooks = try(var.route53resolver.disable_webhooks, null) + reuse_values = try(var.route53resolver.reuse_values, null) + reset_values = try(var.route53resolver.reset_values, null) + force_update = try(var.route53resolver.force_update, null) + recreate_pods = try(var.route53resolver.recreate_pods, null) + cleanup_on_fail = try(var.route53resolver.cleanup_on_fail, null) + max_history = try(var.route53resolver.max_history, null) + atomic = try(var.route53resolver.atomic, null) + skip_crds = try(var.route53resolver.skip_crds, null) + render_subchart_notes = try(var.route53resolver.render_subchart_notes, null) + disable_openapi_validation = try(var.route53resolver.disable_openapi_validation, null) + wait = try(var.route53resolver.wait, false) + wait_for_jobs = try(var.route53resolver.wait_for_jobs, null) + dependency_update = try(var.route53resolver.dependency_update, null) + replace = try(var.route53resolver.replace, null) + lint = try(var.route53resolver.lint, null) + + postrender = try(var.route53resolver.postrender, []) + + set = concat([ + { + # shortens pod name from `ack-route53resolver-route53resolver-chart-xxxxxxxxxxxxx` to `ack-route53resolver-xxxxxxxxxxxxx` + name = "nameOverride" + value = "ack-route53resolver" + }, + { + name = "aws.region" + value = local.region + }, + { + name = "serviceAccount.name" + value = local.route53resolver_name + }], + try(var.route53resolver.set, []) + ) + set_sensitive = try(var.route53resolver.set_sensitive, []) + + # IAM role for service account (IRSA) + set_irsa_names = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"] + create_role = try(var.route53resolver.create_role, true) + role_name = try(var.route53resolver.role_name, "ack-route53resolver") + role_name_use_prefix = try(var.route53resolver.role_name_use_prefix, true) + role_path = try(var.route53resolver.role_path, "/") + role_permissions_boundary_arn = lookup(var.route53resolver, "role_permissions_boundary_arn", null) + role_description = try(var.route53resolver.role_description, "IRSA for Route53Resolver controller for ACK") + role_policies = lookup(var.route53resolver, "role_policies", { + AmazonRoute53ResolverFullAccess = "${local.iam_role_policy_prefix}/AmazonRoute53ResolverFullAccess" + }) + + create_policy = try(var.route53resolver.create_policy, false) + + oidc_providers = { + this = { + provider_arn = local.oidc_provider_arn + # namespace is inherited from chart + service_account = local.route53resolver_name + } + } + + tags = var.tags +} + +################################################################################ +# Route 53 +################################################################################ + +locals { + route53_name = "ack-route53" +} + +module "route53" { + source = "aws-ia/eks-blueprints-addon/aws" + version = "1.1.1" + + create = var.enable_route53 + + # Disable helm release + create_release = var.create_kubernetes_resources + + # public.ecr.aws/aws-controllers-k8s/route53-chart:0.0.16 + name = try(var.route53.name, local.route53_name) + description = try(var.route53.description, "Helm Chart for Route 53 controller for ACK") + namespace = try(var.route53.namespace, "ack-system") + create_namespace = try(var.route53.create_namespace, true) + chart = "route53-chart" + chart_version = try(var.route53.chart_version, "0.0.16") + repository = try(var.route53.repository, "oci://public.ecr.aws/aws-controllers-k8s") + values = try(var.route53.values, []) + + timeout = try(var.route53.timeout, null) + repository_key_file = try(var.route53.repository_key_file, null) + repository_cert_file = try(var.route53.repository_cert_file, null) + repository_ca_file = try(var.route53.repository_ca_file, null) + repository_username = try(var.route53.repository_username, local.repository_username) + repository_password = try(var.route53.repository_password, local.repository_password) + devel = try(var.route53.devel, null) + verify = try(var.route53.verify, null) + keyring = try(var.route53.keyring, null) + disable_webhooks = try(var.route53.disable_webhooks, null) + reuse_values = try(var.route53.reuse_values, null) + reset_values = try(var.route53.reset_values, null) + force_update = try(var.route53.force_update, null) + recreate_pods = try(var.route53.recreate_pods, null) + cleanup_on_fail = try(var.route53.cleanup_on_fail, null) + max_history = try(var.route53.max_history, null) + atomic = try(var.route53.atomic, null) + skip_crds = try(var.route53.skip_crds, null) + render_subchart_notes = try(var.route53.render_subchart_notes, null) + disable_openapi_validation = try(var.route53.disable_openapi_validation, null) + wait = try(var.route53.wait, false) + wait_for_jobs = try(var.route53.wait_for_jobs, null) + dependency_update = try(var.route53.dependency_update, null) + replace = try(var.route53.replace, null) + lint = try(var.route53.lint, null) + + postrender = try(var.route53.postrender, []) + + set = concat([ + { + # shortens pod name from `ack-route53-route53-chart-xxxxxxxxxxxxx` to `ack-route53-xxxxxxxxxxxxx` + name = "nameOverride" + value = "ack-route53" + }, + { + name = "aws.region" + value = local.region + }, + { + name = "serviceAccount.name" + value = local.route53_name + }], + try(var.route53.set, []) + ) + set_sensitive = try(var.route53.set_sensitive, []) + + # IAM role for service account (IRSA) + set_irsa_names = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"] + create_role = try(var.route53.create_role, true) + role_name = try(var.route53.role_name, "ack-route53") + role_name_use_prefix = try(var.route53.role_name_use_prefix, true) + role_path = try(var.route53.role_path, "/") + role_permissions_boundary_arn = lookup(var.route53, "role_permissions_boundary_arn", null) + role_description = try(var.route53.role_description, "IRSA for Route 53 controller for ACK") + role_policies = lookup(var.route53, "role_policies", { + AmazonRoute53FullAccess = "${local.iam_role_policy_prefix}/AmazonRoute53FullAccess" + }) + + create_policy = try(var.route53.create_policy, false) + + oidc_providers = { + this = { + provider_arn = local.oidc_provider_arn + # namespace is inherited from chart + service_account = local.route53_name + } + } + + tags = var.tags +} + +################################################################################ +# Organizations +################################################################################ + +locals { + organizations_name = "ack-organizations" +} + +module "organizations" { + source = "aws-ia/eks-blueprints-addon/aws" + version = "1.1.1" + + create = var.enable_organizations + + # Disable helm release + create_release = var.create_kubernetes_resources + + # public.ecr.aws/aws-controllers-k8s/organizations-chart:0.0.8 + name = try(var.organizations.name, local.organizations_name) + description = try(var.organizations.description, "Helm Chart for Organizations controller for ACK") + namespace = try(var.organizations.namespace, "ack-system") + create_namespace = try(var.organizations.create_namespace, true) + chart = "organizations-chart" + chart_version = try(var.organizations.chart_version, "0.0.8") + repository = try(var.organizations.repository, "oci://public.ecr.aws/aws-controllers-k8s") + values = try(var.organizations.values, []) + + timeout = try(var.organizations.timeout, null) + repository_key_file = try(var.organizations.repository_key_file, null) + repository_cert_file = try(var.organizations.repository_cert_file, null) + repository_ca_file = try(var.organizations.repository_ca_file, null) + repository_username = try(var.organizations.repository_username, local.repository_username) + repository_password = try(var.organizations.repository_password, local.repository_password) + devel = try(var.organizations.devel, null) + verify = try(var.organizations.verify, null) + keyring = try(var.organizations.keyring, null) + disable_webhooks = try(var.organizations.disable_webhooks, null) + reuse_values = try(var.organizations.reuse_values, null) + reset_values = try(var.organizations.reset_values, null) + force_update = try(var.organizations.force_update, null) + recreate_pods = try(var.organizations.recreate_pods, null) + cleanup_on_fail = try(var.organizations.cleanup_on_fail, null) + max_history = try(var.organizations.max_history, null) + atomic = try(var.organizations.atomic, null) + skip_crds = try(var.organizations.skip_crds, null) + render_subchart_notes = try(var.organizations.render_subchart_notes, null) + disable_openapi_validation = try(var.organizations.disable_openapi_validation, null) + wait = try(var.organizations.wait, false) + wait_for_jobs = try(var.organizations.wait_for_jobs, null) + dependency_update = try(var.organizations.dependency_update, null) + replace = try(var.organizations.replace, null) + lint = try(var.organizations.lint, null) + + postrender = try(var.organizations.postrender, []) + + set = concat([ + { + # shortens pod name from `ack-organizations-organizations-chart-xxxxxxxxxxxxx` to `ack-organizations-xxxxxxxxxxxxx` + name = "nameOverride" + value = "ack-organizations" + }, + { + name = "aws.region" + value = local.region + }, + { + name = "serviceAccount.name" + value = local.organizations_name + }], + try(var.organizations.set, []) + ) + set_sensitive = try(var.organizations.set_sensitive, []) + + # IAM role for service account (IRSA) + set_irsa_names = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"] + create_role = try(var.organizations.create_role, true) + role_name = try(var.organizations.role_name, "ack-organizations") + role_name_use_prefix = try(var.organizations.role_name_use_prefix, true) + role_path = try(var.organizations.role_path, "/") + role_permissions_boundary_arn = lookup(var.organizations, "role_permissions_boundary_arn", null) + role_description = try(var.organizations.role_description, "IRSA for Organizations controller for ACK") + role_policies = lookup(var.organizations, "role_policies", { + AWSOrganizationsFullAccess = "${local.iam_role_policy_prefix}/AWSOrganizationsFullAccess" + }) + + create_policy = try(var.organizations.create_policy, false) + + oidc_providers = { + this = { + provider_arn = local.oidc_provider_arn + # namespace is inherited from chart + service_account = local.organizations_name + } + } + + tags = var.tags +} + +################################################################################ +# MQ +################################################################################ + +locals { + mq_name = "ack-mq" +} + +module "mq" { + source = "aws-ia/eks-blueprints-addon/aws" + version = "1.1.1" + + create = var.enable_mq + + # Disable helm release + create_release = var.create_kubernetes_resources + + # public.ecr.aws/aws-controllers-k8s/mq-chart:0.0.35 + name = try(var.mq.name, local.mq_name) + description = try(var.mq.description, "Helm Chart for MQ controller for ACK") + namespace = try(var.mq.namespace, "ack-system") + create_namespace = try(var.mq.create_namespace, true) + chart = "mq-chart" + chart_version = try(var.mq.chart_version, "0.0.35") + repository = try(var.mq.repository, "oci://public.ecr.aws/aws-controllers-k8s") + values = try(var.mq.values, []) + + timeout = try(var.mq.timeout, null) + repository_key_file = try(var.mq.repository_key_file, null) + repository_cert_file = try(var.mq.repository_cert_file, null) + repository_ca_file = try(var.mq.repository_ca_file, null) + repository_username = try(var.mq.repository_username, local.repository_username) + repository_password = try(var.mq.repository_password, local.repository_password) + devel = try(var.mq.devel, null) + verify = try(var.mq.verify, null) + keyring = try(var.mq.keyring, null) + disable_webhooks = try(var.mq.disable_webhooks, null) + reuse_values = try(var.mq.reuse_values, null) + reset_values = try(var.mq.reset_values, null) + force_update = try(var.mq.force_update, null) + recreate_pods = try(var.mq.recreate_pods, null) + cleanup_on_fail = try(var.mq.cleanup_on_fail, null) + max_history = try(var.mq.max_history, null) + atomic = try(var.mq.atomic, null) + skip_crds = try(var.mq.skip_crds, null) + render_subchart_notes = try(var.mq.render_subchart_notes, null) + disable_openapi_validation = try(var.mq.disable_openapi_validation, null) + wait = try(var.mq.wait, false) + wait_for_jobs = try(var.mq.wait_for_jobs, null) + dependency_update = try(var.mq.dependency_update, null) + replace = try(var.mq.replace, null) + lint = try(var.mq.lint, null) + + postrender = try(var.mq.postrender, []) + + set = concat([ + { + # shortens pod name from `ack-mq-mq-chart-xxxxxxxxxxxxx` to `ack-mq-xxxxxxxxxxxxx` + name = "nameOverride" + value = "ack-mq" + }, + { + name = "aws.region" + value = local.region + }, + { + name = "serviceAccount.name" + value = local.mq_name + }], + try(var.mq.set, []) + ) + set_sensitive = try(var.mq.set_sensitive, []) + + # IAM role for service account (IRSA) + set_irsa_names = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"] + create_role = try(var.mq.create_role, true) + role_name = try(var.mq.role_name, "ack-mq") + role_name_use_prefix = try(var.mq.role_name_use_prefix, true) + role_path = try(var.mq.role_path, "/") + role_permissions_boundary_arn = lookup(var.mq, "role_permissions_boundary_arn", null) + role_description = try(var.mq.role_description, "IRSA for MQ controller for ACK") + role_policies = lookup(var.mq, "role_policies", { + AmazonMQFullAccess = "${local.iam_role_policy_prefix}/AmazonMQFullAccess" + }) + + create_policy = try(var.mq.create_policy, false) + + oidc_providers = { + this = { + provider_arn = local.oidc_provider_arn + # namespace is inherited from chart + service_account = local.mq_name + } + } + + tags = var.tags +} + +################################################################################ +# CloudWatch +################################################################################ + +locals { + cloudwatch_name = "ack-cloudwatch" +} + +module "cloudwatch" { + source = "aws-ia/eks-blueprints-addon/aws" + version = "1.1.1" + + create = var.enable_cloudwatch + + # Disable helm release + create_release = var.create_kubernetes_resources + + # public.ecr.aws/aws-controllers-k8s/cloudwatch-chart:0.0.10 + name = try(var.cloudwatch.name, local.cloudwatch_name) + description = try(var.cloudwatch.description, "Helm Chart for CloudWatch controller for ACK") + namespace = try(var.cloudwatch.namespace, "ack-system") + create_namespace = try(var.cloudwatch.create_namespace, true) + chart = "cloudwatch-chart" + chart_version = try(var.cloudwatch.chart_version, "0.0.10") + repository = try(var.cloudwatch.repository, "oci://public.ecr.aws/aws-controllers-k8s") + values = try(var.cloudwatch.values, []) + + timeout = try(var.cloudwatch.timeout, null) + repository_key_file = try(var.cloudwatch.repository_key_file, null) + repository_cert_file = try(var.cloudwatch.repository_cert_file, null) + repository_ca_file = try(var.cloudwatch.repository_ca_file, null) + repository_username = try(var.cloudwatch.repository_username, local.repository_username) + repository_password = try(var.cloudwatch.repository_password, local.repository_password) + devel = try(var.cloudwatch.devel, null) + verify = try(var.cloudwatch.verify, null) + keyring = try(var.cloudwatch.keyring, null) + disable_webhooks = try(var.cloudwatch.disable_webhooks, null) + reuse_values = try(var.cloudwatch.reuse_values, null) + reset_values = try(var.cloudwatch.reset_values, null) + force_update = try(var.cloudwatch.force_update, null) + recreate_pods = try(var.cloudwatch.recreate_pods, null) + cleanup_on_fail = try(var.cloudwatch.cleanup_on_fail, null) + max_history = try(var.cloudwatch.max_history, null) + atomic = try(var.cloudwatch.atomic, null) + skip_crds = try(var.cloudwatch.skip_crds, null) + render_subchart_notes = try(var.cloudwatch.render_subchart_notes, null) + disable_openapi_validation = try(var.cloudwatch.disable_openapi_validation, null) + wait = try(var.cloudwatch.wait, false) + wait_for_jobs = try(var.cloudwatch.wait_for_jobs, null) + dependency_update = try(var.cloudwatch.dependency_update, null) + replace = try(var.cloudwatch.replace, null) + lint = try(var.cloudwatch.lint, null) + + postrender = try(var.cloudwatch.postrender, []) + + set = concat([ + { + # shortens pod name from `ack-cloudwatch-cloudwatch-chart-xxxxxxxxxxxxx` to `ack-cloudwatch-xxxxxxxxxxxxx` + name = "nameOverride" + value = "ack-cloudwatch" + }, + { + name = "aws.region" + value = local.region + }, + { + name = "serviceAccount.name" + value = local.cloudwatch_name + }], + try(var.cloudwatch.set, []) + ) + set_sensitive = try(var.cloudwatch.set_sensitive, []) + + # IAM role for service account (IRSA) + set_irsa_names = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"] + create_role = try(var.cloudwatch.create_role, true) + role_name = try(var.cloudwatch.role_name, "ack-cloudwatch") + role_name_use_prefix = try(var.cloudwatch.role_name_use_prefix, true) + role_path = try(var.cloudwatch.role_path, "/") + role_permissions_boundary_arn = lookup(var.cloudwatch, "role_permissions_boundary_arn", null) + role_description = try(var.cloudwatch.role_description, "IRSA for CloudWatch controller for ACK") + role_policies = lookup(var.cloudwatch, "role_policies", { + CloudWatchFullAccessV2 = "${local.iam_role_policy_prefix}/CloudWatchFullAccessV2" + }) + + create_policy = try(var.cloudwatch.create_policy, false) + + oidc_providers = { + this = { + provider_arn = local.oidc_provider_arn + # namespace is inherited from chart + service_account = local.cloudwatch_name + } + } + + tags = var.tags +} + +################################################################################ +# Keyspaces +################################################################################ + +locals { + keyspaces_name = "ack-keyspaces" +} + +module "keyspaces" { + source = "aws-ia/eks-blueprints-addon/aws" + version = "1.1.1" + + create = var.enable_keyspaces + + # Disable helm release + create_release = var.create_kubernetes_resources + + # public.ecr.aws/aws-controllers-k8s/keyspaces-chart:0.0.15 + name = try(var.keyspaces.name, local.keyspaces_name) + description = try(var.keyspaces.description, "Helm Chart for Keyspaces controller for ACK") + namespace = try(var.keyspaces.namespace, "ack-system") + create_namespace = try(var.keyspaces.create_namespace, true) + chart = "keyspaces-chart" + chart_version = try(var.keyspaces.chart_version, "0.0.15") + repository = try(var.keyspaces.repository, "oci://public.ecr.aws/aws-controllers-k8s") + values = try(var.keyspaces.values, []) + + timeout = try(var.keyspaces.timeout, null) + repository_key_file = try(var.keyspaces.repository_key_file, null) + repository_cert_file = try(var.keyspaces.repository_cert_file, null) + repository_ca_file = try(var.keyspaces.repository_ca_file, null) + repository_username = try(var.keyspaces.repository_username, local.repository_username) + repository_password = try(var.keyspaces.repository_password, local.repository_password) + devel = try(var.keyspaces.devel, null) + verify = try(var.keyspaces.verify, null) + keyring = try(var.keyspaces.keyring, null) + disable_webhooks = try(var.keyspaces.disable_webhooks, null) + reuse_values = try(var.keyspaces.reuse_values, null) + reset_values = try(var.keyspaces.reset_values, null) + force_update = try(var.keyspaces.force_update, null) + recreate_pods = try(var.keyspaces.recreate_pods, null) + cleanup_on_fail = try(var.keyspaces.cleanup_on_fail, null) + max_history = try(var.keyspaces.max_history, null) + atomic = try(var.keyspaces.atomic, null) + skip_crds = try(var.keyspaces.skip_crds, null) + render_subchart_notes = try(var.keyspaces.render_subchart_notes, null) + disable_openapi_validation = try(var.keyspaces.disable_openapi_validation, null) + wait = try(var.keyspaces.wait, false) + wait_for_jobs = try(var.keyspaces.wait_for_jobs, null) + dependency_update = try(var.keyspaces.dependency_update, null) + replace = try(var.keyspaces.replace, null) + lint = try(var.keyspaces.lint, null) + + postrender = try(var.keyspaces.postrender, []) + + set = concat([ + { + # shortens pod name from `ack-keyspaces-keyspaces-chart-xxxxxxxxxxxxx` to `ack-keyspaces-xxxxxxxxxxxxx` + name = "nameOverride" + value = "ack-keyspaces" + }, + { + name = "aws.region" + value = local.region + }, + { + name = "serviceAccount.name" + value = local.keyspaces_name + }], + try(var.keyspaces.set, []) + ) + set_sensitive = try(var.keyspaces.set_sensitive, []) + + # IAM role for service account (IRSA) + set_irsa_names = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"] + create_role = try(var.keyspaces.create_role, true) + role_name = try(var.keyspaces.role_name, "ack-keyspaces") + role_name_use_prefix = try(var.keyspaces.role_name_use_prefix, true) + role_path = try(var.keyspaces.role_path, "/") + role_permissions_boundary_arn = lookup(var.keyspaces, "role_permissions_boundary_arn", null) + role_description = try(var.keyspaces.role_description, "IRSA for Keyspaces controller for ACK") + role_policies = lookup(var.keyspaces, "role_policies", { + AmazonKeyspacesFullAccess = "${local.iam_role_policy_prefix}/AmazonKeyspacesFullAccess" + }) + + create_policy = try(var.keyspaces.create_policy, false) + + oidc_providers = { + this = { + provider_arn = local.oidc_provider_arn + # namespace is inherited from chart + service_account = local.keyspaces_name + } + } + + tags = var.tags +} + + ################################################################################ # Kafka ################################################################################ diff --git a/outputs.tf b/outputs.tf index 51a047e..06da03a 100644 --- a/outputs.tf +++ b/outputs.tf @@ -11,6 +11,48 @@ added or an addon is updated, and new metadata for the Helm chart is needed. output "gitops_metadata" { description = "GitOps Bridge metadata" value = merge( + { for k, v in { + iam_role_arn = module.secretsmanager.iam_role_arn + namespace = try(var.secretsmanager.namespace, "ack-system") + service_account = local.secretsmanager_name + } : "ack_iam_${k}" => v if var.enable_secretsmanager + }, + { for k, v in { + iam_role_arn = module.route53resolver.iam_role_arn + namespace = try(var.route53resolver.namespace, "ack-system") + service_account = local.route53resolver_name + } : "ack_iam_${k}" => v if var.enable_route53resolver + }, + { for k, v in { + iam_role_arn = module.route53.iam_role_arn + namespace = try(var.route53.namespace, "ack-system") + service_account = local.route53_name + } : "ack_iam_${k}" => v if var.enable_route53 + }, + { for k, v in { + iam_role_arn = module.organizations.iam_role_arn + namespace = try(var.organizations.namespace, "ack-system") + service_account = local.organizations_name + } : "ack_iam_${k}" => v if var.enable_organizations + }, + { for k, v in { + iam_role_arn = module.mq.iam_role_arn + namespace = try(var.mq.namespace, "ack-system") + service_account = local.mq_name + } : "ack_iam_${k}" => v if var.enable_mq + }, + { for k, v in { + iam_role_arn = module.cloudwatch.iam_role_arn + namespace = try(var.cloudwatch.namespace, "ack-system") + service_account = local.cloudwatch_name + } : "ack_iam_${k}" => v if var.enable_cloudwatch + }, + { for k, v in { + iam_role_arn = module.keyspaces.iam_role_arn + namespace = try(var.keyspaces.namespace, "ack-system") + service_account = local.keyspaces_name + } : "ack_iam_${k}" => v if var.enable_keyspaces + }, { for k, v in { iam_role_arn = module.kafka.iam_role_arn namespace = try(var.kafka.namespace, "ack-system") diff --git a/variables.tf b/variables.tf index 5139040..724a124 100644 --- a/variables.tf +++ b/variables.tf @@ -43,6 +43,119 @@ variable "tags" { default = {} } +################################################################################ +# Secrets Manager +################################################################################ + +variable "enable_secretsmanager" { + description = "Enable ACK Secrets Manager add-on" + type = bool + default = false +} + +variable "secretsmanager" { + description = "ACK Secrets Manager Helm Chart config" + type = any + default = {} +} + +################################################################################ +# Route 53 Resolver +################################################################################ + +variable "enable_route53resolver" { + description = "Enable ACK Route 53 Resolver add-on" + type = bool + default = false +} + +variable "route53resolver" { + description = "ACK Route 53 Resolver Helm Chart config" + type = any + default = {} +} + +################################################################################ +# Route 53 +################################################################################ + +variable "enable_route53" { + description = "Enable ACK Route 53 add-on" + type = bool + default = false +} + +variable "route53" { + description = "ACK Route 53 Helm Chart config" + type = any + default = {} +} + +################################################################################ +# Organizations +################################################################################ + +variable "enable_organizations" { + description = "Enable ACK Organizations add-on" + type = bool + default = false +} + +variable "organizations" { + description = "ACK Organizations Helm Chart config" + type = any + default = {} +} + +################################################################################ +# MQ +################################################################################ + +variable "enable_mq" { + description = "Enable ACK MQ add-on" + type = bool + default = false +} + +variable "mq" { + description = "ACK MQ Helm Chart config" + type = any + default = {} +} + +################################################################################ +# CloudWatch +################################################################################ + +variable "enable_cloudwatch" { + description = "Enable ACK CloudWatch add-on" + type = bool + default = false +} + +variable "cloudwatch" { + description = "ACK CloudWatch Helm Chart config" + type = any + default = {} +} + +################################################################################ +# Keyspaces +################################################################################ + +variable "enable_keyspaces" { + description = "Enable ACK Keyspaces add-on" + type = bool + default = false +} + +variable "keyspaces" { + description = "ACK Keyspaces Helm Chart config" + type = any + default = {} +} + + ################################################################################ # Kafka ################################################################################