Skip to content

flux-iac/aws-primitive-modules

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
.github/workflows
.github/workflows
 
 
aws_acm_certificate
aws_acm_certificate
 
 
aws_acm_certificate_validation
aws_acm_certificate_validation
 
 
aws_acmpca_certificate
aws_acmpca_certificate
 
 
aws_acmpca_certificate_authority
aws_acmpca_certificate_authority
 
 
aws_acmpca_certificate_authority_certificate
aws_acmpca_certificate_authority_certificate
 
 
aws_acmpca_permission
aws_acmpca_permission
 
 
aws_acmpca_policy
aws_acmpca_policy
 
 
aws_ami
aws_ami
 
 
aws_ami_copy
aws_ami_copy
 
 
aws_ami_from_instance
aws_ami_from_instance
 
 
aws_ami_launch_permission
aws_ami_launch_permission
 
 
aws_app_cookie_stickiness_policy
aws_app_cookie_stickiness_policy
 
 
aws_appautoscaling_policy
aws_appautoscaling_policy
 
 
aws_appautoscaling_scheduled_action
aws_appautoscaling_scheduled_action
 
 
aws_appautoscaling_target
aws_appautoscaling_target
 
 
aws_appconfig_application
aws_appconfig_application
 
 
aws_appconfig_configuration_profile
aws_appconfig_configuration_profile
 
 
aws_appconfig_deployment
aws_appconfig_deployment
 
 
aws_appconfig_deployment_strategy
aws_appconfig_deployment_strategy
 
 
aws_appconfig_environment
aws_appconfig_environment
 
 
aws_appconfig_hosted_configuration_version
aws_appconfig_hosted_configuration_version
 
 
aws_appflow_connector_profile
aws_appflow_connector_profile
 
 
aws_appflow_flow
aws_appflow_flow
 
 
aws_appintegrations_event_integration
aws_appintegrations_event_integration
 
 
aws_applicationinsights_application
aws_applicationinsights_application
 
 
aws_appmesh_gateway_route
aws_appmesh_gateway_route
 
 
aws_appmesh_mesh
aws_appmesh_mesh
 
 
aws_appmesh_route
aws_appmesh_route
 
 
aws_appmesh_virtual_gateway
aws_appmesh_virtual_gateway
 
 
aws_appmesh_virtual_node
aws_appmesh_virtual_node
 
 
aws_appmesh_virtual_router
aws_appmesh_virtual_router
 
 
aws_appmesh_virtual_service
aws_appmesh_virtual_service
 
 
aws_apprunner_auto_scaling_configuration_version
aws_apprunner_auto_scaling_configuration_version
 
 
aws_apprunner_connection
aws_apprunner_connection
 
 
aws_apprunner_custom_domain_association
aws_apprunner_custom_domain_association
 
 
aws_apprunner_observability_configuration
aws_apprunner_observability_configuration
 
 
aws_apprunner_service
aws_apprunner_service
 
 
aws_apprunner_vpc_connector
aws_apprunner_vpc_connector
 
 
aws_apprunner_vpc_ingress_connection
aws_apprunner_vpc_ingress_connection
 
 
aws_appstream_directory_config
aws_appstream_directory_config
 
 
aws_appstream_fleet
aws_appstream_fleet
 
 
aws_appstream_fleet_stack_association
aws_appstream_fleet_stack_association
 
 
aws_appstream_image_builder
aws_appstream_image_builder
 
 
aws_appstream_stack
aws_appstream_stack
 
 
aws_appstream_user
aws_appstream_user
 
 
aws_appstream_user_stack_association
aws_appstream_user_stack_association
 
 
aws_appsync_api_cache
aws_appsync_api_cache
 
 
aws_appsync_api_key
aws_appsync_api_key
 
 
aws_appsync_datasource
aws_appsync_datasource
 
 
aws_appsync_domain_name
aws_appsync_domain_name
 
 
aws_appsync_domain_name_api_association
aws_appsync_domain_name_api_association
 
 
aws_appsync_function
aws_appsync_function
 
 
aws_appsync_graphql_api
aws_appsync_graphql_api
 
 
aws_appsync_resolver
aws_appsync_resolver
 
 
aws_docdb_cluster
aws_docdb_cluster
 
 
aws_docdb_cluster_instance
aws_docdb_cluster_instance
 
 
aws_docdb_cluster_parameter_group
aws_docdb_cluster_parameter_group
 
 
aws_docdb_cluster_snapshot
aws_docdb_cluster_snapshot
 
 
aws_docdb_event_subscription
aws_docdb_event_subscription
 
 
aws_docdb_global_cluster
aws_docdb_global_cluster
 
 
aws_docdb_subnet_group
aws_docdb_subnet_group
 
 
aws_dynamodb_contributor_insights
aws_dynamodb_contributor_insights
 
 
aws_dynamodb_global_table
aws_dynamodb_global_table
 
 
aws_dynamodb_kinesis_streaming_destination
aws_dynamodb_kinesis_streaming_destination
 
 
aws_dynamodb_table
aws_dynamodb_table
 
 
aws_dynamodb_table_item
aws_dynamodb_table_item
 
 
aws_dynamodb_table_replica
aws_dynamodb_table_replica
 
 
aws_dynamodb_tag
aws_dynamodb_tag
 
 
aws_ec2_availability_zone_group
aws_ec2_availability_zone_group
 
 
aws_ec2_capacity_reservation
aws_ec2_capacity_reservation
 
 
aws_ec2_carrier_gateway
aws_ec2_carrier_gateway
 
 
aws_ec2_client_vpn_authorization_rule
aws_ec2_client_vpn_authorization_rule
 
 
aws_ec2_client_vpn_endpoint
aws_ec2_client_vpn_endpoint
 
 
aws_ec2_client_vpn_network_association
aws_ec2_client_vpn_network_association
 
 
aws_ec2_client_vpn_route
aws_ec2_client_vpn_route
 
 
aws_ec2_fleet
aws_ec2_fleet
 
 
aws_ec2_host
aws_ec2_host
 
 
aws_ec2_local_gateway_route
aws_ec2_local_gateway_route
 
 
aws_ec2_local_gateway_route_table_vpc_association
aws_ec2_local_gateway_route_table_vpc_association
 
 
aws_ec2_managed_prefix_list
aws_ec2_managed_prefix_list
 
 
aws_ec2_managed_prefix_list_entry
aws_ec2_managed_prefix_list_entry
 
 
aws_ec2_network_insights_analysis
aws_ec2_network_insights_analysis
 
 
aws_ec2_network_insights_path
aws_ec2_network_insights_path
 
 
aws_ec2_serial_console_access
aws_ec2_serial_console_access
 
 
aws_ec2_subnet_cidr_reservation
aws_ec2_subnet_cidr_reservation
 
 
aws_ec2_tag
aws_ec2_tag
 
 
aws_ec2_traffic_mirror_filter
aws_ec2_traffic_mirror_filter
 
 
aws_ec2_traffic_mirror_filter_rule
aws_ec2_traffic_mirror_filter_rule
 
 
aws_ec2_traffic_mirror_session
aws_ec2_traffic_mirror_session
 
 
aws_ec2_traffic_mirror_target
aws_ec2_traffic_mirror_target
 
 
aws_ec2_transit_gateway
aws_ec2_transit_gateway
 
 
aws_ec2_transit_gateway_connect
aws_ec2_transit_gateway_connect
 
 
aws_ec2_transit_gateway_connect_peer
aws_ec2_transit_gateway_connect_peer
 
 
aws_ec2_transit_gateway_multicast_domain
aws_ec2_transit_gateway_multicast_domain
 
 
aws_ec2_transit_gateway_multicast_domain_association
aws_ec2_transit_gateway_multicast_domain_association
 
 
aws_ec2_transit_gateway_multicast_group_member
aws_ec2_transit_gateway_multicast_group_member
 
 
aws_ec2_transit_gateway_multicast_group_source
aws_ec2_transit_gateway_multicast_group_source
 
 
aws_ec2_transit_gateway_peering_attachment
aws_ec2_transit_gateway_peering_attachment
 
 
aws_ec2_transit_gateway_peering_attachment_accepter
aws_ec2_transit_gateway_peering_attachment_accepter
 
 

Repository files navigation

AWS primitive modules for Weave GitOps Terraform Controller

This repository contain primitive modules generated from each resource of the Terraform AWS Provider. All primitive modules are bundled and delivered in the form of OCI image via the Flux's OCIRepository mechanism.

Currently, this repository contains resources prefixed by:

  • aws_acm
  • aws_ami
  • aws_app
  • aws_docdb
  • aws_dynamodb
  • aws_ec2
  • aws_ecr
  • aws_ecs
  • aws_eks
  • aws_elb
  • aws_iam
  • aws_instance
  • aws_lb
  • aws_load
  • aws_prometheus
  • aws_proxy
  • aws_s3

Requirements

  • Flux v0.34.x
  • Weave TF-controller v0.13.x
  • Terraform v1.3.x

Installation

Please apply the following YAML to install this package. You can apply it directly with kubectl, or copy only the YAML content, save it as a file and add it to a Git repository.

cat << EOF | kubectl apply -f -
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
  name: aws-package
  namespace: flux-system
spec:
  interval: 30s
  url: oci://ghcr.io/tf-controller/aws-primitive-modules
  ref:
    tag: v4.38.0-v1alpha9
EOF

AWS Credentials

~> CAUTION: On production clusters, we recommend you use the IRSA approach (IAM Roles for Service Accounts) for authentication. Connecting to AWS with your AWS credentials in a Secret is for the demonstration purpose only.

First, please prepare your credentials in the following format.

apiVersion: v1
kind: Secret
metadata:
  name: aws-credentials
  namespace: flux-system
type: Opaque
stringData:
  AWS_ACCESS_KEY_ID: Axxxxxxxxxxxxxxxxxxx
  AWS_SECRET_ACCESS_KEY: qxxxxxxxxxxxxxxxxxxxxxxxxx
  AWS_REGION: us-east-1 # the region you want

Then you can tell your Terraform object to use the above credentails by specify it as environment variables. The environment variables will be passed down to the container of the runner, then to the Terraform binary.

spec:
  runnerPodTemplate:
    spec:
      envFrom:
      - secretRef:
          name: aws-credentials

Here's a complete example to create an S3 Bucket using the credentials provided.

apiVersion: infra.contrib.fluxcd.io/v1alpha1
kind: Terraform
metadata:
  name: aws-s3-bucket
  namespace: flux-system
spec:
  path: aws_s3_bucket
  values:
    bucket: my-tf-controller-test-bucket
    tags:
      Environment: Dev
      Name: My bucket
  sourceRef:
    kind: OCIRepository
    name: aws-package
  approvePlan: auto
  interval: 1h0m
  destroyResourcesOnDeletion: true
  runnerPodTemplate:
    spec:
      envFrom:
      - secretRef:
          name: aws-credentials

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

9 tags

Packages

 
 
 

Languages