AWS primitive modules for Weave GitOps Terraform Controller

This repository contain primitive modules generated from each resource of the Terraform AWS Provider. All primitive modules are bundled and delivered in the form of OCI image via the Flux's OCIRepository mechanism.

Currently, this repository contains resources prefixed by:

aws_acm
aws_ami
aws_app
aws_docdb
aws_dynamodb
aws_ec2
aws_ecr
aws_ecs
aws_eks
aws_elb
aws_iam
aws_instance
aws_lb
aws_load
aws_prometheus
aws_proxy
aws_s3

Requirements

Flux v0.34.x
Weave TF-controller v0.13.x
Terraform v1.3.x

Installation

Please apply the following YAML to install this package. You can apply it directly with kubectl, or copy only the YAML content, save it as a file and add it to a Git repository.

cat << EOF | kubectl apply -f -
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
  name: aws-package
  namespace: flux-system
spec:
  interval: 30s
  url: oci://ghcr.io/tf-controller/aws-primitive-modules
  ref:
    tag: v4.38.0-v1alpha9
EOF

AWS Credentials

~> CAUTION: On production clusters, we recommend you use the IRSA approach (IAM Roles for Service Accounts) for authentication. Connecting to AWS with your AWS credentials in a Secret is for the demonstration purpose only.

First, please prepare your credentials in the following format.

apiVersion: v1
kind: Secret
metadata:
  name: aws-credentials
  namespace: flux-system
type: Opaque
stringData:
  AWS_ACCESS_KEY_ID: Axxxxxxxxxxxxxxxxxxx
  AWS_SECRET_ACCESS_KEY: qxxxxxxxxxxxxxxxxxxxxxxxxx
  AWS_REGION: us-east-1 # the region you want

Then you can tell your Terraform object to use the above credentails by specify it as environment variables. The environment variables will be passed down to the container of the runner, then to the Terraform binary.

spec:
  runnerPodTemplate:
    spec:
      envFrom:
      - secretRef:
          name: aws-credentials

Here's a complete example to create an S3 Bucket using the credentials provided.

apiVersion: infra.contrib.fluxcd.io/v1alpha1
kind: Terraform
metadata:
  name: aws-s3-bucket
  namespace: flux-system
spec:
  path: aws_s3_bucket
  values:
    bucket: my-tf-controller-test-bucket
    tags:
      Environment: Dev
      Name: My bucket
  sourceRef:
    kind: OCIRepository
    name: aws-package
  approvePlan: auto
  interval: 1h0m
  destroyResourcesOnDeletion: true
  runnerPodTemplate:
    spec:
      envFrom:
      - secretRef:
          name: aws-credentials

Name		Name	Last commit message	Last commit date
Latest commit History 35 Commits
.github/workflows		.github/workflows
aws_acm_certificate		aws_acm_certificate
aws_acm_certificate_validation		aws_acm_certificate_validation
aws_acmpca_certificate		aws_acmpca_certificate
aws_acmpca_certificate_authority		aws_acmpca_certificate_authority
aws_acmpca_certificate_authority_certificate		aws_acmpca_certificate_authority_certificate
aws_acmpca_permission		aws_acmpca_permission
aws_acmpca_policy		aws_acmpca_policy
aws_ami		aws_ami
aws_ami_copy		aws_ami_copy
aws_ami_from_instance		aws_ami_from_instance
aws_ami_launch_permission		aws_ami_launch_permission
aws_app_cookie_stickiness_policy		aws_app_cookie_stickiness_policy
aws_appautoscaling_policy		aws_appautoscaling_policy
aws_appautoscaling_scheduled_action		aws_appautoscaling_scheduled_action
aws_appautoscaling_target		aws_appautoscaling_target
aws_appconfig_application		aws_appconfig_application
aws_appconfig_configuration_profile		aws_appconfig_configuration_profile
aws_appconfig_deployment		aws_appconfig_deployment
aws_appconfig_deployment_strategy		aws_appconfig_deployment_strategy
aws_appconfig_environment		aws_appconfig_environment
aws_appconfig_hosted_configuration_version		aws_appconfig_hosted_configuration_version
aws_appflow_connector_profile		aws_appflow_connector_profile
aws_appflow_flow		aws_appflow_flow
aws_appintegrations_event_integration		aws_appintegrations_event_integration
aws_applicationinsights_application		aws_applicationinsights_application
aws_appmesh_gateway_route		aws_appmesh_gateway_route
aws_appmesh_mesh		aws_appmesh_mesh
aws_appmesh_route		aws_appmesh_route
aws_appmesh_virtual_gateway		aws_appmesh_virtual_gateway
aws_appmesh_virtual_node		aws_appmesh_virtual_node
aws_appmesh_virtual_router		aws_appmesh_virtual_router
aws_appmesh_virtual_service		aws_appmesh_virtual_service
aws_apprunner_auto_scaling_configuration_version		aws_apprunner_auto_scaling_configuration_version
aws_apprunner_connection		aws_apprunner_connection
aws_apprunner_custom_domain_association		aws_apprunner_custom_domain_association
aws_apprunner_observability_configuration		aws_apprunner_observability_configuration
aws_apprunner_service		aws_apprunner_service
aws_apprunner_vpc_connector		aws_apprunner_vpc_connector
aws_apprunner_vpc_ingress_connection		aws_apprunner_vpc_ingress_connection
aws_appstream_directory_config		aws_appstream_directory_config
aws_appstream_fleet		aws_appstream_fleet
aws_appstream_fleet_stack_association		aws_appstream_fleet_stack_association
aws_appstream_image_builder		aws_appstream_image_builder
aws_appstream_stack		aws_appstream_stack
aws_appstream_user		aws_appstream_user
aws_appstream_user_stack_association		aws_appstream_user_stack_association
aws_appsync_api_cache		aws_appsync_api_cache
aws_appsync_api_key		aws_appsync_api_key
aws_appsync_datasource		aws_appsync_datasource
aws_appsync_domain_name		aws_appsync_domain_name
aws_appsync_domain_name_api_association		aws_appsync_domain_name_api_association
aws_appsync_function		aws_appsync_function
aws_appsync_graphql_api		aws_appsync_graphql_api
aws_appsync_resolver		aws_appsync_resolver
aws_docdb_cluster		aws_docdb_cluster
aws_docdb_cluster_instance		aws_docdb_cluster_instance
aws_docdb_cluster_parameter_group		aws_docdb_cluster_parameter_group
aws_docdb_cluster_snapshot		aws_docdb_cluster_snapshot
aws_docdb_event_subscription		aws_docdb_event_subscription
aws_docdb_global_cluster		aws_docdb_global_cluster
aws_docdb_subnet_group		aws_docdb_subnet_group
aws_dynamodb_contributor_insights		aws_dynamodb_contributor_insights
aws_dynamodb_global_table		aws_dynamodb_global_table
aws_dynamodb_kinesis_streaming_destination		aws_dynamodb_kinesis_streaming_destination
aws_dynamodb_table		aws_dynamodb_table
aws_dynamodb_table_item		aws_dynamodb_table_item
aws_dynamodb_table_replica		aws_dynamodb_table_replica
aws_dynamodb_tag		aws_dynamodb_tag
aws_ec2_availability_zone_group		aws_ec2_availability_zone_group
aws_ec2_capacity_reservation		aws_ec2_capacity_reservation
aws_ec2_carrier_gateway		aws_ec2_carrier_gateway
aws_ec2_client_vpn_authorization_rule		aws_ec2_client_vpn_authorization_rule
aws_ec2_client_vpn_endpoint		aws_ec2_client_vpn_endpoint
aws_ec2_client_vpn_network_association		aws_ec2_client_vpn_network_association
aws_ec2_client_vpn_route		aws_ec2_client_vpn_route
aws_ec2_fleet		aws_ec2_fleet
aws_ec2_host		aws_ec2_host
aws_ec2_local_gateway_route		aws_ec2_local_gateway_route
aws_ec2_local_gateway_route_table_vpc_association		aws_ec2_local_gateway_route_table_vpc_association
aws_ec2_managed_prefix_list		aws_ec2_managed_prefix_list
aws_ec2_managed_prefix_list_entry		aws_ec2_managed_prefix_list_entry
aws_ec2_network_insights_analysis		aws_ec2_network_insights_analysis
aws_ec2_network_insights_path		aws_ec2_network_insights_path
aws_ec2_serial_console_access		aws_ec2_serial_console_access
aws_ec2_subnet_cidr_reservation		aws_ec2_subnet_cidr_reservation
aws_ec2_tag		aws_ec2_tag
aws_ec2_traffic_mirror_filter		aws_ec2_traffic_mirror_filter
aws_ec2_traffic_mirror_filter_rule		aws_ec2_traffic_mirror_filter_rule
aws_ec2_traffic_mirror_session		aws_ec2_traffic_mirror_session
aws_ec2_traffic_mirror_target		aws_ec2_traffic_mirror_target
aws_ec2_transit_gateway		aws_ec2_transit_gateway
aws_ec2_transit_gateway_connect		aws_ec2_transit_gateway_connect
aws_ec2_transit_gateway_connect_peer		aws_ec2_transit_gateway_connect_peer
aws_ec2_transit_gateway_multicast_domain		aws_ec2_transit_gateway_multicast_domain
aws_ec2_transit_gateway_multicast_domain_association		aws_ec2_transit_gateway_multicast_domain_association
aws_ec2_transit_gateway_multicast_group_member		aws_ec2_transit_gateway_multicast_group_member
aws_ec2_transit_gateway_multicast_group_source		aws_ec2_transit_gateway_multicast_group_source
aws_ec2_transit_gateway_peering_attachment		aws_ec2_transit_gateway_peering_attachment
aws_ec2_transit_gateway_peering_attachment_accepter		aws_ec2_transit_gateway_peering_attachment_accepter

flux-iac/aws-primitive-modules

Folders and files

Latest commit

History