Truefoundry AWS Control Plane Module
| Name | Version |
|---|---|
| terraform | ~> 1.4 |
| aws | ~> 5.57 |
| random | ~> 3.6 |
| Name | Version |
|---|---|
| aws | ~> 5.57 |
| random | ~> 3.6 |
| Name | Source | Version |
|---|---|---|
| truefoundry_bucket | terraform-aws-modules/s3-bucket/aws | 3.14.0 |
| truefoundry_oidc_iam | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | 5.39.1 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| aws_account_id | AWS Account ID | string |
n/a | yes |
| aws_region | EKS Cluster region | string |
n/a | yes |
| blob_storage_extra_tags | Extra tags for the s3 bucket | map(string) |
{} |
no |
| cluster_name | Cluster name | string |
n/a | yes |
| cluster_oidc_issuer_url | The oidc url of the eks cluster | string |
n/a | yes |
| disable_default_tags | Disable default tags for the resources created | bool |
false |
no |
| iam_database_authentication_enabled | Enable IAM database authentication | bool |
false |
no |
| manage_master_user_password | Enable master user password management. If set to true master user management is done by RDS in secrets manager, if false a random password is generated | bool |
false |
no |
| manage_master_user_password_rotation | Enable master user password rotation | bool |
false |
no |
| master_user_password_rotate_immediately | Rotate master user password immediately | bool |
false |
no |
| master_user_password_rotation_automatically_after_days | Rotate master user password automatically after days | number |
90 |
no |
| master_user_password_rotation_duration | Master user password rotation duration | string |
"3h" |
no |
| mlfoundry_k8s_namespace | The k8s mlfoundry namespace | string |
"truefoundry" |
no |
| mlfoundry_k8s_service_account | The k8s mlfoundry service account name | string |
"mlfoundry-server" |
no |
| svcfoundry_k8s_namespace | The k8s svcfoundry namespace | string |
"truefoundry" |
no |
| svcfoundry_k8s_service_account | The k8s svcfoundry service account name | string |
"servicefoundry-server" |
no |
| tags | AWS Tags common to all the resources created | map(string) |
{} |
no |
| tfy_llm_gateway_k8s_namespace | Truefoundry k8s llm-gateway service account name | string |
"truefoundry" |
no |
| tfy_llm_gateway_k8s_service_account | Truefoundry k8s namespace | string |
"tfy-llm-gateway" |
no |
| tfy_workflow_admin_k8s_namespace | The k8s tfy workflow admin namespace | string |
"truefoundry" |
no |
| tfy_workflow_admin_k8s_service_account | The k8s tfy workflow admin service account name | string |
"tfy-workflow-admin" |
no |
| truefoundry_artifact_buckets_will_read | A list of bucket IDs mlfoundry will need read access to, in order to show the stored artifacts. It accepts any valid IAM resource, including ARNs with wildcards, so you can do something like arn:aws:s3:::bucket-prefix-* | list(string) |
[] |
no |
| truefoundry_cloudwatch_log_exports | Set of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported | list(string) |
[ |
no |
| truefoundry_db_additional_security_group_ids | Additional security group IDs to add to the database | list(string) |
[] |
no |
| truefoundry_db_allocated_storage | Storage for RDS. Minimum storage allowed for gp3 volumes is 20GB | string |
"20" |
no |
| truefoundry_db_backup_retention_period | Backup retention period for RDS | number |
14 |
no |
| truefoundry_db_database_name | Name of the database in DB | string |
"ctl" |
no |
| truefoundry_db_deletion_protection | n/a | bool |
true |
no |
| truefoundry_db_enable_insights | Enable insights to truefoundry db | bool |
false |
no |
| truefoundry_db_enable_override | Enable override for truefoundry db name. You must pass truefoundry_db_override_name | bool |
false |
no |
| truefoundry_db_enabled | variable to enable/disable truefoundry db creation | bool |
true |
no |
| truefoundry_db_engine_version | Truefoundry DB Postgres version | string |
"13.20" |
no |
| truefoundry_db_ingress_cidr_blocks | CIDR blocks allowed to connect to the database | list(string) |
[] |
no |
| truefoundry_db_ingress_security_group | SG allowed to connect to the database | string |
"" |
no |
| truefoundry_db_instance_class | Instance class for RDS | string |
"db.t3.medium" |
no |
| truefoundry_db_max_allocated_storage | Max allowed storage for RDS when autoscaling is enabled | string |
"30" |
no |
| truefoundry_db_multiple_az | Enable Multi-az (standby) instances for RDS instances | bool |
false |
no |
| truefoundry_db_override_name | Override name for truefoundry db.This is the name of the RDS resources in AWS . truefoundry_db_enable_override must be set true | string |
"" |
no |
| truefoundry_db_override_special_characters | Override special characters for the database name | string |
"#%&*()-_=+[]{}<>:" |
no |
| truefoundry_db_publicly_accessible | Make database publicly accessible. Subnets and SG must match | string |
false |
no |
| truefoundry_db_skip_final_snapshot | n/a | bool |
false |
no |
| truefoundry_db_storage_encrypted | n/a | bool |
true |
no |
| truefoundry_db_storage_iops | Provisioned IOPS for the db | number |
0 |
no |
| truefoundry_db_storage_type | Storage type for truefoundry db | string |
"gp3" |
no |
| truefoundry_db_subnet_ids | List of subnets where the RDS database will be deployed | list(string) |
[] |
no |
| truefoundry_iam_role_additional_oidc_subjects | List of fully qualifies oidc subjects that can assume the truefoundry IAM role | list(string) |
[] |
no |
| truefoundry_iam_role_additional_policies_arn | List of ARN of policies that you want to attach to the | list(string) |
[] |
no |
| truefoundry_iam_role_enable_override | Enable overriding the truefoundry IAM role name. You need to pass truefoundry_iam_role_override_name to pass the role name | bool |
false |
no |
| truefoundry_iam_role_enabled | variable to enable/disable truefoundry iam role creation | bool |
true |
no |
| truefoundry_iam_role_override_name | Truefoundry IAM role name | string |
"" |
no |
| truefoundry_iam_role_permission_boundary_arn | ARN of the permission boundary to attach to the truefoundry IAM role | string |
null |
no |
| truefoundry_iam_role_policy_prefix_override_enabled | Enable overriding the truefoundry IAM role policy prefix. You need to pass truefoundry_iam_role_policy_prefix_override_name to pass the policy prefix | bool |
false |
no |
| truefoundry_iam_role_policy_prefix_override_name | Truefoundry IAM role policy prefix. This is the prefix for the policies that will be attached to the truefoundry IAM role | string |
"" |
no |
| truefoundry_k8s_namespace | Truefoundry k8s namespace | string |
"truefoundry" |
no |
| truefoundry_s3_attach_deny_insecure_transport_policy | Attach deny insecure transport policy for mlfoundry s3 bucket | bool |
true |
no |
| truefoundry_s3_attach_policy | Attach policy for mlfoundry s3 bucket | bool |
true |
no |
| truefoundry_s3_attach_public_policy | Attach public policy for mlfoundry s3 bucket | bool |
true |
no |
| truefoundry_s3_attach_require_latest_tls_policy | Attach require latest TLS policy for mlfoundry s3 bucket | bool |
true |
no |
| truefoundry_s3_block_public_acls | Block public ACLs for mlfoundry s3 bucket | bool |
true |
no |
| truefoundry_s3_block_public_policy | Block public policy for mlfoundry s3 bucket | bool |
true |
no |
| truefoundry_s3_cors_origins | List of CORS origins for Mlfoundry bucket | list(string) |
[ |
no |
| truefoundry_s3_enable_override | Enable override for s3 bucket name. You must pass truefoundry_s3_override_name | bool |
false |
no |
| truefoundry_s3_enabled | variable to enable/disable truefoundry s3 bucket creation | bool |
true |
no |
| truefoundry_s3_encryption_algorithm | Algorithm used for encrypting the default bucket. | string |
"AES256" |
no |
| truefoundry_s3_encryption_key_arn | ARN of the key used to encrypt the bucket. Only needed if you set aws:kms as encryption algorithm. | string |
null |
no |
| truefoundry_s3_force_destroy | Force destroy for mlfoundry s3 bucket | bool |
false |
no |
| truefoundry_s3_ignore_public_acls | Ignore public ACLs for mlfoundry s3 bucket | bool |
true |
no |
| truefoundry_s3_override_name | Override name for s3 bucket. truefoundry_s3_enable_override must be set true | string |
"" |
no |
| truefoundry_s3_restrict_public_buckets | Restrict public buckets for mlfoundry s3 bucket | bool |
true |
no |
| truefoundry_service_account | Truefoundry k8s service account name | string |
"truefoundry" |
no |
| vpc_id | AWS VPC to deploy Truefoundry rds | string |
n/a | yes |
| Name | Description |
|---|---|
| truefoundry_bucket_id | n/a |
| truefoundry_db_address | n/a |
| truefoundry_db_database_name | n/a |
| truefoundry_db_endpoint | n/a |
| truefoundry_db_engine | n/a |
| truefoundry_db_id | n/a |
| truefoundry_db_password | n/a |
| truefoundry_db_port | n/a |
| truefoundry_db_username | n/a |
| truefoundry_iam_role_arn | n/a |