diff --git a/docs/reference/services/app-orchestration/amazon-ecs-cluster.md b/docs/reference/services/app-orchestration/amazon-ecs-cluster.md
index d7cc78bed2..12ff8db4c6 100644
--- a/docs/reference/services/app-orchestration/amazon-ecs-cluster.md
+++ b/docs/reference/services/app-orchestration/amazon-ecs-cluster.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Amazon ECS Cluster
-View Source
+
+View Source
Release Notes
@@ -108,9 +109,9 @@ For info on finding your Docker container logs and custom metrics in CloudWatch,
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/test): Automated tests for the modules and examples.
+* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples): This folder contains working examples of how to use the submodules.
+* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/test): Automated tests for the modules and examples.
## Deploy
@@ -118,7 +119,7 @@ For info on finding your Docker container logs and custom metrics in CloudWatch,
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -126,7 +127,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -178,20 +179,6 @@ object({
```
-
-
-
-
-```hcl
-
- Name/Value pairs to filter the AMI off of. There are several valid keys, for a full reference, check out the
- documentation for describe-images in the AWS CLI reference
- (https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-images.html).
-
-```
-
-
-
@@ -849,11 +836,11 @@ The CloudWatch Dashboard metric widget for the ECS cluster workers' Memory utili
diff --git a/docs/reference/services/app-orchestration/amazon-ecs-fargate-cluster.md b/docs/reference/services/app-orchestration/amazon-ecs-fargate-cluster.md
index ba456ad2ed..0ca974e90c 100644
--- a/docs/reference/services/app-orchestration/amazon-ecs-fargate-cluster.md
+++ b/docs/reference/services/app-orchestration/amazon-ecs-fargate-cluster.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Amazon ECS Fargate Cluster
-View Source
+
+View Source
Release Notes
@@ -64,9 +65,9 @@ To understand core concepts like what is ECS, and the different cluster types, s
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/test): Automated tests for the modules and examples.
+* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples): This folder contains working examples of how to use the submodules.
+* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/test): Automated tests for the modules and examples.
## Deploy
@@ -74,7 +75,7 @@ To understand core concepts like what is ECS, and the different cluster types, s
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -82,7 +83,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -153,11 +154,11 @@ The name of the ECS cluster.
diff --git a/docs/reference/services/app-orchestration/amazon-ecs-service.md b/docs/reference/services/app-orchestration/amazon-ecs-service.md
index 969cf6dd4c..ad2d78fc22 100644
--- a/docs/reference/services/app-orchestration/amazon-ecs-service.md
+++ b/docs/reference/services/app-orchestration/amazon-ecs-service.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Amazon ECS Service
-View Source
+
+View Source
Release Notes
@@ -63,10 +64,10 @@ more, see the documentation in the
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal
+* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal
submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/test): Automated tests for the modules and examples.
+* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples): This folder contains working examples of how to use the submodules.
+* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/test): Automated tests for the modules and examples.
## Deploy
@@ -74,14 +75,14 @@ more, see the documentation in the
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and testing (but not direct production usage).
### Production deployment
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -111,34 +112,6 @@ Any types represent complex values of variable type. For details, please consult
```
-
-
- Example
-
-
-```hcl
- container_definitions = [{
- name = "nginx"
- image = "nginx:1.21"
- }]
-
-```
-
-
-
-
-
-
-
-```hcl
-
- Ideally we can use a concrete type here, but container definitions have many optional fields which Terraform does
- not yet have good support for.
-
-```
-
-
-
@@ -233,34 +206,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- container_definitions = [{
- name = "nginx"
- image = "nginx:1.21"
- }]
-
-```
-
-
-
-
-
-
-
-```hcl
-
- Ideally we can use a concrete type here, but container definitions have many optional fields which Terraform does
- not yet have good support for.
-
-```
-
-
-
@@ -290,29 +235,6 @@ list(object({
-
-
- Example
-
-
-```hcl
- capacity_provider_strategy = [
- {
- capacity_provider = "FARGATE"
- weight = 1
- base = 2
- },
- {
- capacity_provider = "FARGATE_SPOT"
- weight = 2
- base = null
- },
- ]
-
-```
-
-
-
@@ -580,28 +502,6 @@ map(object({
-
-
- Example
-
-
-```hcl
- efs_volumes = {
- jenkins = {
- file_system_id = "fs-a1bc234d"
- container_path = "/efs"
- root_directory = "/jenkins"
- transit_encryption = "ENABLED"
- transit_encryption_port = 2999
- access_point_id = "fsap-123a4b5c5d7891234"
- iam = "ENABLED"
- }
- }
-
-```
-
-
-
@@ -645,20 +545,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
-
-
-```hcl
-
- `elb_target_groups` should be set to a map of keys to objects with one mapping per desired target group. The keys
- in the map can be any arbitrary name and are used to link the outputs with the inputs. The values of the map are an
- object containing these attributes:
-
-```
-
-
-
@@ -715,88 +601,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- {
- "health-path" = {
- priority = 130
-
- content_type = "text/plain"
- message_body = "HEALTHY"
- status_code = "200"
-
- Conditions:
- You need to provide *at least ONE* per set of rules. It should contain one of the following:
- host_headers = ["foo.com", "www.foo.com"]
- path_patterns = ["/health"]
- source_ips = ["127.0.0.1"]
- http_request_methods = ["GET"]
- query_strings = [
- {
- key = "foo" Key is optional, this can be ommited.
- value = "bar"
- }, {
- value = "hello"
- }
- ]
- }
- }
-
-```
-
-
-
-
-
-
-
-```hcl
-
- Each entry in the map supports the following attributes:
-
- REQUIRED
- - content_type [string]: The content type. Valid values are `text/plain`, `text/css`, `text/html`, `application/javascript`
- and `application/json`.
-
- OPTIONAL (defaults to value of corresponding module input):
- - priority [number] : A value between 1 and 50000. Leaving it unset will automatically set the rule with the next
- available priority after currently existing highest rule. This value must be unique for each
- listener.
- - listener_arns [list(string)]: A list of listener ARNs to override `var.default_listener_arns`
- - message_body [string] : The message body.
- - status_code [string] : The HTTP response code. Valid values are `2XX`, `4XX`, or `5XX`.
-
- Wildcard characters:
- * - matches 0 or more characters
- ? - matches exactly 1 character
- To search for a literal '*' or '?' character in a query string, escape the character with a backslash (\).
-
- Conditions (need to specify at least one):
- - path_patterns [list(string)] : A list of paths to match (note that "/foo" is different than "/foo/").
- Comparison is case sensitive. Wildcard characters supported: * and ?.
- It is compared to the path of the URL, not it's query string. To compare
- against query string, use the `query_strings` condition.
- - host_headers [list(string)] : A list of host header patterns to match. Comparison is case insensitive.
- Wildcard characters supported: * and ?.
- - source_ips [list(string)] : A list of IP CIDR notations to match. You can use both IPv4 and IPv6
- addresses. Wildcards are not supported. Condition is not satisfied by the
- addresses in the `X-Forwarded-For` header, use `http_headers` condition instead.
- - query_strings [list(map(string))]: Query string pairs or values to match. Comparison is case insensitive.
- Wildcard characters supported: * and ?. Only one pair needs to match for
- the condition to be satisfied.
- - http_request_methods [list(string)] : A list of HTTP request methods or verbs to match. Only allowed characters are
- A-Z, hyphen (-) and underscore (_). Comparison is case sensitive. Wildcards
- are not supported. AWS recommends that GET and HEAD requests are routed in the
- same way because the response to a HEAD request may be cached.
-
-```
-
-
-
@@ -808,132 +612,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- {
- "foo" = {
- priority = 120
-
- host_headers = ["www.foo.com", "*.foo.com"]
- path_patterns = ["/foo/*"]
- source_ips = ["127.0.0.1/32"]
- http_request_methods = ["GET"]
- query_strings = [
- {
- key = "foo" Key is optional, this can be ommited.
- value = "bar"
- }, {
- value = "hello"
- }
- ]
- },
- "auth" = {
- priority = 128
- listener_ports = ["443"]
-
- host_headers = ["intern.example.com]
- path_patterns = ["/admin", "/admin/*]
- authenticate_oidc = {
- authorization_endpoint = "https://myaccount.oktapreview.com/oauth2/v1/authorize"
- client_id = "0123456789aBcDeFgHiJ"
- client_secret = "clientsecret"
- issuer = "https://myaccount.oktapreview.com"
- token_endpoint = "https://myaccount.oktapreview.com/oauth2/v1/token"
- user_info_endpoint = "https://myaccount.oktapreview.com/oauth2/v1/userinfo"
- }
- }
-
-```
-
-
-
-
-
-
-
-```hcl
-
- Each entry in the map supports the following attributes:
-
- OPTIONAL (defaults to value of corresponding module input):
- - priority [number] : A value between 1 and 50000. Leaving it unset will automatically set
- the rule with the next available priority after currently existing highest
- rule. This value must be unique for each listener.
- - listener_arns [list(string)] : A list of listener ARNs to override `var.default_listener_arns`
- - stickiness [map(object[Stickiness])] : Target group stickiness for the rule. Only applies if more than one
- target_group_arn is defined.
- - authenticate_oidc map(object) : OIDC authentication configuration. Only applies, if not null.
-
-
-```
-
-
-
-
-
-```hcl
-
- Wildcard characters:
- * - matches 0 or more characters
- ? - matches exactly 1 character
- To search for a literal '*' or '?' character in a query string, escape the character with a backslash (\).
-
-```
-
-
-
-
-
-```hcl
-
- Conditions (need to specify at least one):
- - path_patterns [list(string)] : A list of paths to match (note that "/foo" is different than "/foo/").
- Comparison is case sensitive. Wildcard characters supported: * and ?.
- It is compared to the path of the URL, not it's query string. To compare
- against query string, use the `query_strings` condition.
- - host_headers [list(string)] : A list of host header patterns to match. Comparison is case insensitive.
- Wildcard characters supported: * and ?.
- - source_ips [list(string)] : A list of IP CIDR notations to match. You can use both IPv4 and IPv6
- addresses. Wildcards are not supported. Condition is not satisfied by the
- addresses in the `X-Forwarded-For` header, use `http_headers` condition instead.
- - query_strings [list(map(string))]: Query string pairs or values to match. Comparison is case insensitive.
- Wildcard characters supported: * and ?. Only one pair needs to match for
- the condition to be satisfied.
- - http_request_methods [list(string)] : A list of HTTP request methods or verbs to match. Only allowed characters are
- A-Z, hyphen (-) and underscore (_). Comparison is case sensitive. Wildcards
- are not supported. AWS recommends that GET and HEAD requests are routed in the
- same way because the response to a HEAD request may be cached.
-
-```
-
-
-
-
-
-```hcl
-
- Authenticate OIDC Blocks:
- authenticate_oidc:
- - authorization_endpoint string : (Required) The authorization endpoint of the IdP.
- - client_id string : (Required) The OAuth 2.0 client identifier.
- - client_secret string : (Required) The OAuth 2.0 client secret.
- - issuer string : (Required) The OIDC issuer identifier of the IdP.
- - token_endpoint string : (Required) The token endpoint of the IdP.
- - user_info_endpoint string : (Required) The user info endpoint of the IdP.
- - authentication_request_extra_params map(string): (Optional) The query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- - on_unauthenticated_request string : (Optional) The behavior if the user is not authenticated. Valid values: deny, allow and authenticate
- - scope string : (Optional) The set of user claims to be requested from the IdP.
- - session_cookie_name string : (Optional) The name of the cookie used to maintain session information.
- - session_timeout int : (Optional) The maximum duration of the authentication session, in seconds.
-
-```
-
-
-
@@ -1098,29 +776,6 @@ map(object({
-
-
- Example
-
-
-```hcl
- iam_policy = {
- S3Access = {
- actions = ["s3:*"]
- resources = ["arn:aws:s3:::mybucket"]
- effect = "Allow"
- },
- SecretsManagerAccess = {
- actions = ["secretsmanager:GetSecretValue"],
- resources = ["arn:aws:secretsmanager:us-east-1:0123456789012:secret:mysecert"]
- effect = "Allow"
- }
- }
-
-```
-
-
-
@@ -1217,52 +872,6 @@ object({
-
-
-
-
-```hcl
-
- The ID of the VPC used for the Fargate worker network. Must be non-null when security_group_rules are provided.
-
-```
-
-
-
-
-
-```hcl
-
- Security Group Rules to apply to the ECS Fargate worker. This module will create a new security group for the
- worker and attach these rules. Each entry accepts the same attributes as the aws_security_group_rule resource,
- except for security_group_id which will be set to the security group created within the module.
- Each entry corresponds to a rule. The key is a unique, user provided, arbitrary value that can be used by
- Terraform to know which rules to update across changes.
-
-```
-
-
-
-
-
-```hcl
-
- Additional existing Security Groups that should be bound to the ECS Fargate worker.
-
-```
-
-
-
-
-
-```hcl
-
- Whether or not the ECS Fargate worker should get a public IP address.
-
-```
-
-
-
@@ -1344,24 +953,6 @@ A map of network configuration parameters to provide the Container Network Inter
-
-
- Example
-
-
-```hcl
- properties = {
- AppPorts = "8080"
- EgressIgnoredIPs = "169.254.170.2,169.254.169.254"
- IgnoredUID = "1337"
- ProxyEgressPort = 15001
- ProxyIngressPort = 15000
- }
-
-```
-
-
-
@@ -1373,94 +964,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- {
- "old-website" = {
- priority = 120
- port = 443
- protocol = "HTTPS"
-
- status_code = "HTTP_301"
- host = "gruntwork.in"
- path = "/signup"
- query = "foo"
-
- Conditions:
- host_headers = ["foo.com", "www.foo.com"]
- path_patterns = ["/health"]
- source_ips = ["127.0.0.1"]
- http_request_methods = ["GET"]
- query_strings = [
- {
- key = "foo" Key is optional, this can be ommited.
- value = "bar"
- }, {
- value = "hello"
- }
- ]
- }
- }
-
-```
-
-
-
-
-
-
-
-```hcl
-
- Each entry in the map supports the following attributes:
-
- OPTIONAL (defaults to value of corresponding module input):
- - priority [number]: A value between 1 and 50000. Leaving it unset will automatically set the rule with the next
- available priority after currently existing highest rule. This value must be unique for each
- listener.
- - listener_arns [list(string)]: A list of listener ARNs to override `var.default_listener_arns`
- - status_code [string]: The HTTP redirect code. The redirect is either permanent `HTTP_301` or temporary `HTTP_302`.
-
- The URI consists of the following components: `protocol://hostname:port/path?query`. You must modify at least one of
- the following components to avoid a redirect loop: protocol, hostname, port, or path. Any components that you do not
- modify retain their original values.
- - host [string]: The hostname. The hostname can contain {host}.
- - path [string]: The absolute path, starting with the leading "/". The path can contain `host`, `path`, and `port`.
- - port [string]: The port. Specify a value from 1 to 65525.
- - protocol [string]: The protocol. Valid values are `HTTP` and `HTTPS`. You cannot redirect HTTPS to HTTP.
- - query [string]: The query params. Do not include the leading "?".
-
- Wildcard characters:
- * - matches 0 or more characters
- ? - matches exactly 1 character
- To search for a literal '*' or '?' character in a query string, escape the character with a backslash (\).
-
- Conditions (need to specify at least one):
- - path_patterns [list(string)] : A list of paths to match (note that "/foo" is different than "/foo/").
- Comparison is case sensitive. Wildcard characters supported: * and ?.
- It is compared to the path of the URL, not it's query string. To compare
- against query string, use the `query_strings` condition.
- - host_headers [list(string)] : A list of host header patterns to match. Comparison is case insensitive.
- Wildcard characters supported: * and ?.
- - source_ips [list(string)] : A list of IP CIDR notations to match. You can use both IPv4 and IPv6
- addresses. Wildcards are not supported. Condition is not satisfied by the
- addresses in the `X-Forwarded-For` header, use `http_headers` condition instead.
- - query_strings [list(map(string))]: Query string pairs or values to match. Comparison is case insensitive.
- Wildcard characters supported: * and ?. Only one pair needs to match for
- the condition to be satisfied.
- - http_request_methods [list(string)] : A list of HTTP request methods or verbs to match. Only allowed characters are
- A-Z, hyphen (-) and underscore (_). Comparison is case sensitive. Wildcards
- are not supported. AWS recommends that GET and HEAD requests are routed in the
- same way because the response to a HEAD request may be cached.
-
-```
-
-
-
@@ -1648,31 +1151,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- volumes = {
- datadog = {
- host_path = "/var/run/datadog"
- }
-
- logs = {
- host_path = "/var/log"
- docker_volume_configuration = {
- scope = "shared"
- autoprovision = true
- driver = "local"
- }
- }
- }
-
-```
-
-
-
@@ -1845,11 +1323,11 @@ The names of the ECS service's load balancer's target groups
diff --git a/docs/reference/services/app-orchestration/amazon-eks-core-services.md b/docs/reference/services/app-orchestration/amazon-eks-core-services.md
index f0bf119f31..092bb8c643 100644
--- a/docs/reference/services/app-orchestration/amazon-eks-core-services.md
+++ b/docs/reference/services/app-orchestration/amazon-eks-core-services.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Amazon EKS Core Services
-View Source
+
+View Source
Release Notes
@@ -68,9 +69,9 @@ For information on each of the core services deployed by this service, see the d
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/test): Automated tests for the modules and examples.
+* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples): This folder contains working examples of how to use the submodules.
+* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/test): Automated tests for the modules and examples.
## Deploy
@@ -78,7 +79,7 @@ For information on each of the core services deployed by this service, see the d
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -86,7 +87,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -206,42 +207,6 @@ list(object({
-
-
-
-
-```hcl
-
- Each item in the list represents a matchExpression for requiredDuringSchedulingIgnoredDuringExecution.
- https://kubernetes.io/docs/concepts/configuration/assign-pod-node/affinity-and-anti-affinity for the various
- configuration option.
-
- Example:
-
- [
- {
- "key" = "node-label-key"
- "values" = ["node-label-value", "another-node-label-value"]
- "operator" = "In"
- }
- ]
-
- Translates to:
-
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: node-label-key
- operator: In
- values:
- - node-label-value
- - another-node-label-value
-
-```
-
-
-
@@ -258,30 +223,6 @@ list(map(any))
-
-
-
-
-```hcl
-
- Each item in the list represents a particular toleration. See
- https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for the various rules you can specify.
-
- Example:
-
- [
- {
- key = "node.kubernetes.io/unreachable"
- operator = "Exists"
- effect = "NoExecute"
- tolerationSeconds = 6000
- }
- ]
-
-```
-
-
-
@@ -347,42 +288,6 @@ list(object({
-
-
-
-
-```hcl
-
- Each item in the list represents a matchExpression for requiredDuringSchedulingIgnoredDuringExecution.
- https://kubernetes.io/docs/concepts/configuration/assign-pod-node/affinity-and-anti-affinity for the various
- configuration option.
-
- Example:
-
- [
- {
- "key" = "node-label-key"
- "values" = ["node-label-value", "another-node-label-value"]
- "operator" = "In"
- }
- ]
-
- Translates to:
-
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: node-label-key
- operator: In
- values:
- - node-label-value
- - another-node-label-value
-
-```
-
-
-
@@ -399,39 +304,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
-
-
-```hcl
-
- We use any type here to avoid maintaining the kubernetes defined type spec for the resources here. That way, we can
- support wide range of kubernetes versions.
-
-```
-
-
-
-
-
-```hcl
-
- Example value:
- {
- requests = {
- memory = "1024Mi"
- cpu = "250m"
- }
- limits = {
- memory = "1024Mi"
- cpu = "250m"
- }
- }
-
-```
-
-
-
@@ -448,30 +320,6 @@ list(map(any))
-
-
-
-
-```hcl
-
- Each item in the list represents a particular toleration. See
- https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for the various rules you can specify.
-
- Example:
-
- [
- {
- key = "node.kubernetes.io/unreachable"
- operator = "Exists"
- effect = "NoExecute"
- tolerationSeconds = 6000
- }
- ]
-
-```
-
-
-
@@ -519,42 +367,6 @@ list(object({
-
-
-
-
-```hcl
-
- Each item in the list represents a matchExpression for requiredDuringSchedulingIgnoredDuringExecution.
- https://kubernetes.io/docs/concepts/configuration/assign-pod-node/affinity-and-anti-affinity for the various
- configuration option.
-
- Example:
-
- [
- {
- "key" = "node-label-key"
- "values" = ["node-label-value", "another-node-label-value"]
- "operator" = "In"
- }
- ]
-
- Translates to:
-
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: node-label-key
- operator: In
- values:
- - node-label-value
- - another-node-label-value
-
-```
-
-
-
@@ -586,30 +398,6 @@ Any types represent complex values of variable type. For details, please consult
```
-
-
-
-
-```hcl
-
- We use any type here to avoid maintaining the kubernetes defined type spec for the resources here. That way, we can
- support wide range of kubernetes versions.
-
-```
-
-
-
-
-
-```hcl
-
- cluster-autoscaler is known to fail on Fargate when the default resource limits are used, so we set a saner default
- here.
-
-```
-
-
-
@@ -626,30 +414,6 @@ list(map(any))
-
-
-
-
-```hcl
-
- Each item in the list represents a particular toleration. See
- https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for the various rules you can specify.
-
- Example:
-
- [
- {
- key = "node.kubernetes.io/unreachable"
- operator = "Exists"
- effect = "NoExecute"
- tolerationSeconds = 6000
- }
- ]
-
-```
-
-
-
@@ -805,42 +569,6 @@ list(object({
-
-
-
-
-```hcl
-
- Each item in the list represents a matchExpression for requiredDuringSchedulingIgnoredDuringExecution.
- https://kubernetes.io/docs/concepts/configuration/assign-pod-node/affinity-and-anti-affinity for the various
- configuration option.
-
- Example:
-
- [
- {
- "key" = "node-label-key"
- "values" = ["node-label-value", "another-node-label-value"]
- "operator" = "In"
- }
- ]
-
- Translates to:
-
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: node-label-key
- operator: In
- values:
- - node-label-value
- - another-node-label-value
-
-```
-
-
-
@@ -857,30 +585,6 @@ list(map(any))
-
-
-
-
-```hcl
-
- Each item in the list represents a particular toleration. See
- https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for the various rules you can specify.
-
- Example:
-
- [
- {
- key = "node.kubernetes.io/unreachable"
- operator = "Exists"
- effect = "NoExecute"
- tolerationSeconds = 6000
- }
- ]
-
-```
-
-
-
@@ -927,23 +631,6 @@ list(object({
-
-
- Example
-
-
-```hcl
- [
- {
- key = "Name"
- value = "current"
- }
- ]
-
-```
-
-
-
@@ -971,20 +658,6 @@ K8s resources type to be observed for new DNS entries by ExternalDNS.
```
-
-
-
-
-```hcl
-
- NOTE ON ISTIO: By default, external-dns will listen for "ingress" and "service" events. To use it with Istio, make
- sure to include the "istio-gateway" events here. See the docs for more details:
- https://github.com/kubernetes-incubator/external-dns/blob/master/docs/tutorials/istio.md
-
-```
-
-
-
@@ -1177,42 +850,6 @@ list(object({
-
-
-
-
-```hcl
-
- Each item in the list represents a matchExpression for requiredDuringSchedulingIgnoredDuringExecution.
- https://kubernetes.io/docs/concepts/configuration/assign-pod-node/affinity-and-anti-affinity for the various
- configuration option.
-
- Example:
-
- [
- {
- "key" = "node-label-key"
- "values" = ["node-label-value", "another-node-label-value"]
- "operator" = "In"
- }
- ]
-
- Translates to:
-
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: node-label-key
- operator: In
- values:
- - node-label-value
- - another-node-label-value
-
-```
-
-
-
@@ -1229,30 +866,6 @@ list(map(any))
-
-
-
-
-```hcl
-
- Each item in the list represents a particular toleration. See
- https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for the various rules you can specify.
-
- Example:
-
- [
- {
- key = "node.kubernetes.io/unreachable"
- operator = "Exists"
- effect = "NoExecute"
- tolerationSeconds = 6000
- }
- ]
-
-```
-
-
-
@@ -1352,28 +965,6 @@ map(object({
-
-
-
-
-```hcl
-
- Port to route requests
-
-```
-
-
-
-
-
-```hcl
-
- Namespace to create the underlying Kubernetes Service in.
-
-```
-
-
-
@@ -1429,11 +1020,11 @@ A list of names of Kubernetes PriorityClass objects created by this module.
diff --git a/docs/reference/services/app-orchestration/amazon-eks-workers.md b/docs/reference/services/app-orchestration/amazon-eks-workers.md
index 8737d50d21..2ff9c72a14 100644
--- a/docs/reference/services/app-orchestration/amazon-eks-workers.md
+++ b/docs/reference/services/app-orchestration/amazon-eks-workers.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Amazon EKS Workers
-View Source
+
+View Source
Release Notes
@@ -68,9 +69,9 @@ more, see the documentation in the [terraform-aws-eks](https://github.com/gruntw
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/test): Automated tests for the modules and examples.
+* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples): This folder contains working examples of how to use the submodules.
+* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/test): Automated tests for the modules and examples.
## Deploy
@@ -78,7 +79,7 @@ more, see the documentation in the [terraform-aws-eks](https://github.com/gruntw
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -86,7 +87,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -97,10 +98,10 @@ If you want to deploy this repo in production, check out the following resources
## Manage
For information on registering the worker IAM role to the EKS control plane, refer to the
-[IAM Roles and Kubernetes API Access](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/services/eks-workers/core-concepts.md#iam-roles-and-kubernetes-api-access) section of the documentation.
+[IAM Roles and Kubernetes API Access](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/services/eks-workers/core-concepts.md#iam-roles-and-kubernetes-api-access) section of the documentation.
For information on how to perform a blue-green deployment of the worker pools, refer to the
-[How do I perform a blue green release to roll out new versions of the module](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/services/eks-workers/core-concepts.md#how-do-i-perform-a-blue-green-release-to-roll-out-new-versions-of-the-module)
+[How do I perform a blue green release to roll out new versions of the module](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/services/eks-workers/core-concepts.md#how-do-i-perform-a-blue-green-release-to-roll-out-new-versions-of-the-module)
section of the documentation.
For information on how to manage your EKS cluster, including how to deploy Pods on Fargate, how to associate IAM roles
@@ -127,108 +128,6 @@ Any types represent complex values of variable type. For details, please consult
```
-
-
-
-
-```hcl
-
- Each configuration must be keyed by a unique string that will be used as a suffix for the ASG name. The values
- support the following attributes:
-
- REQUIRED (must be provided for every entry):
- - subnet_ids list(string) : A list of the subnets into which the EKS Cluster's worker nodes will be launched.
- These should usually be all private subnets and include one in each AWS Availability
- Zone. NOTE: If using a cluster autoscaler, each ASG may only belong to a single
- availability zone.
-
- OPTIONAL (defaults to value of corresponding module input):
- - min_size number : (Defaults to value from var.asg_default_min_size) The minimum number of
- EC2 Instances representing workers launchable for this EKS Cluster.
- Useful for auto-scaling limits.
- - max_size number : (Defaults to value from var.asg_default_max_size) The maximum number of
- EC2 Instances representing workers that must be running for this EKS
- Cluster. We recommend making this at least twice the min_size, even if
- you don't plan on scaling the cluster up and down, as the extra capacity
- will be used to deploy updates to the cluster.
- - asg_instance_type string : (Defaults to value from var.asg_default_instance_type) The type of
- instances to use for the ASG (e.g., t2.medium).
- - max_pods_allowed number : (Defaults to value from var.asg_default_max_pods_allowed) The
- maximum number of Pods allowed to be scheduled on the node. When null,
- the max will be automatically calculated based on the availability of
- total IP addresses to the instance type.
- - asg_instance_root_volume_size number : (Defaults to value from var.asg_default_instance_root_volume_size) The root volume size of
- instances to use for the ASG in GB (e.g., 40).
- - asg_instance_root_volume_type string : (Defaults to value from var.asg_default_instance_root_volume_type) The root volume type of
- instances to use for the ASG (e.g., "standard").
- - asg_instance_root_volume_iops number : (Defaults to value from var.asg_default_instance_root_volume_iops) The root volume iops of
- instances to use for the ASG (e.g., 200).
- - asg_instance_root_volume_throughput number : (Defaults to value from var.asg_default_instance_root_volume_throughput) The root volume throughput in MiBPS of
- instances to use for the ASG (e.g., 125).
- - asg_instance_root_volume_encryption bool : (Defaults to value from var.asg_default_instance_root_volume_encryption)
- Whether or not to enable root volume encryption for instances of the ASG.
- - tags list(object[Tag]) : (Defaults to value from var.asg_default_tags) Custom tags to apply to the
- EC2 Instances in this ASG. Refer to structure definition below for the
- object type of each entry in the list.
- - enable_detailed_monitoring bool : (Defaults to value from
- var.asg_default_enable_detailed_monitoring) Whether to enable
- detailed monitoring on the EC2 instances that comprise the ASG.
- - use_multi_instances_policy bool : (Defaults to value from var.asg_default_use_multi_instances_policy)
- Whether or not to use a multi_instances_policy for the ASG.
- - multi_instance_overrides list(MultiInstanceOverride) : (Defaults to value from var.asg_default_multi_instance_overrides)
- List of multi instance overrides to apply. Each element in the list is
- an object that specifies the instance_type to use for the override, and
- the weighted_capacity.
- - on_demand_allocation_strategy string : (Defaults to value from var.asg_default_on_demand_allocation_strategy)
- When using a multi_instances_policy the strategy to use when launching on-demand instances. Valid values: prioritized.
- - on_demand_base_capacity number : (Defaults to value from var.asg_default_on_demand_base_capacity)
- When using a multi_instances_policy the absolute minimum amount of desired capacity that must be fulfilled by on-demand instances.
- - on_demand_percentage_above_base_capacity number : (Defaults to value from var.asg_default_on_demand_percentage_above_base_capacity)
- When using a multi_instances_policy the percentage split between on-demand and Spot instances above the base on-demand capacity.
- - spot_allocation_strategy string : (Defaults to value from var.asg_default_spot_allocation_strategy)
- When using a multi_instances_policy how to allocate capacity across the Spot pools. Valid values: lowest-price, capacity-optimized.
- - spot_instance_pools number : (Defaults to value from var.asg_default_spot_instance_pools)
- When using a multi_instances_policy the Number of Spot pools per availability zone to allocate capacity.
- EC2 Auto Scaling selects the cheapest Spot pools and evenly allocates Spot capacity across the number of Spot pools that you specify.
- - spot_max_price string : (Defaults to value from var.asg_default_spot_max_price, an empty string which means the on-demand price.)
- When using a multi_instances_policy the maximum price per unit hour that the user is willing to pay for the Spot instances.
- - eks_kubelet_extra_args string : Extra args to pass to the kubelet process on node boot.
- - eks_bootstrap_script_options string : Extra option args to pass to the bootstrap.sh script. This will be
- passed through directly to the bootstrap script.
- - cloud_init_parts map(string) : (Defaults to value from var.cloud_init_parts)
- Per-ASG cloud init scripts to run at boot time on the node. See var.cloud_init_parts for accepted keys.
- - http_put_response_hop_limit number : (Defaults to value from var.asg_default_http_put_response_hop_limit) The
- desired HTTP PUT response hop limit for instance metadata requests.
-
- Structure of Tag object:
- - key string : The key for the tag to apply to the instance.
- - value string : The value for the tag to apply to the instance.
- - propagate_at_launch bool : Whether or not the tags should be propagated to the instance at launch time.
-
-
- Example:
- autoscaling_group_configurations = {
- "asg1" = {
- asg_instance_type = "t2.medium"
- subnet_ids = [data.terraform_remote_state.vpc.outputs.private_app_subnet_ids[0]]
- },
- "asg2" = {
- max_size = 3
- asg_instance_type = "t2.large"
- subnet_ids = [data.terraform_remote_state.vpc.outputs.private_app_subnet_ids[1]]
-
- tags = [{
- key = "size"
- value = "large"
- propagate_at_launch = true
- }]
- }
- }
-
-```
-
-
-
@@ -263,20 +162,6 @@ object({
```
-
-
-
-
-```hcl
-
- Name/Value pairs to filter the AMI off of. There are several valid keys, for a full reference, check out the
- documentation for describe-images in the AWS CLI reference
- (https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-images.html).
-
-```
-
-
-
@@ -300,112 +185,6 @@ Any types represent complex values of variable type. For details, please consult
```
-
-
-
-
-```hcl
-
- Each configuration must be keyed by a unique string that will be used as a suffix for the node group name. The
- values support the following attributes:
-
-
- OPTIONAL (defaults to value of corresponding module input):
- - subnet_ids list(string) : (Defaults to value from var.node_group_default_subnet_ids) A list of the
- subnets into which the EKS Cluster's managed nodes will be launched.
- These should usually be all private subnets and include one in each AWS
- Availability Zone. NOTE: If using a cluster autoscaler with EBS volumes,
- each ASG may only belong to a single availability zone.
- - min_size number : (Defaults to value from var.node_group_default_min_size) The minimum
- number of EC2 Instances representing workers launchable for this EKS
- Cluster. Useful for auto-scaling limits.
- - max_size number : (Defaults to value from var.node_group_default_max_size) The maximum
- number of EC2 Instances representing workers that must be running for
- this EKS Cluster. We recommend making this at least twice the min_size,
- even if you don't plan on scaling the cluster up and down, as the extra
- capacity will be used to deploy updates to the cluster.
- - desired_size number : (Defaults to value from var.node_group_default_desired_size) The current
- desired number of EC2 Instances representing workers that must be running
- for this EKS Cluster.
- - instance_types list(string) : (Defaults to value from var.node_group_default_instance_types) A list of
- instance types (e.g., t2.medium) to use for the EKS Cluster's worker
- nodes. EKS will choose from this list of instance types when launching
- new instances. When using launch templates, this setting will override
- the configured instance type of the launch template.
- - capacity_type string : (Defaults to value from var.node_group_default_capacity_type) Type of capacity
- associated with the EKS Node Group. Valid values: ON_DEMAND, SPOT.
- - launch_template LaunchTemplate : (Defaults to value from var.node_group_default_launch_template)
- Launch template to use for the node. Specify either Name or ID of launch
- template. Must include version. Although the API supports using the
- values "$Latest" and "$Default" to configure the version, this can lead
- to a perpetual diff. Use the `latest_version` or `default_version` output
- of the aws_launch_template data source or resource instead. See
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_grouplaunch_template-configuration-block
- for more information.
- - max_pods_allowed number : (Defaults to value from var.node_group_default_max_pods_allowed) The
- maximum number of Pods allowed to be scheduled on the node. When null,
- the max will be automatically calculated based on the availability of
- total IP addresses to the instance type.
- - imds_http_put_response_hop_limit number : (Defaults to value from
- var.node_group_default_imds_http_put_response_hop_limit) The desired
- HTTP PUT response hop limit for instance metadata requests from the
- underlying EC2 Instances.
- - instance_root_volume_name string : (Defaults to value from var.node_group_default_instance_root_volume_name)
- The root volume name of instances to use for the ASG (e.g., /dev/xvda)
- - instance_root_volume_size number : (Defaults to value from var.node_group_default_instance_root_volume_size)
- The root volume size of instances to use for the ASG in GB (e.g., 40).
- - instance_root_volume_type string : (Defaults to value from var.node_group_default_instance_root_volume_type)
- The root volume type of instances to use for the ASG (e.g., "standard").
- - instance_root_volume_encryption bool : (Defaults to value from var.node_group_default_instance_root_volume_encryption)
- Whether or not to enable root volume encryption for instances of the ASG.
- - tags map(string) : (Defaults to value from var.node_group_default_tags) Custom tags to apply
- to the EC2 Instances in this node group. This should be a key value pair,
- where the keys are tag keys and values are the tag values. Merged with
- var.common_tags.
- - labels map(string) : (Defaults to value from var.node_group_default_labels) Custom Kubernetes
- Labels to apply to the EC2 Instances in this node group. This should be a
- key value pair, where the keys are label keys and values are the label
- values. Merged with var.common_labels.
- - taints list(map(string)) : (Defaults to value from var.node_group_default_taints) Custom Kubernetes
- taint to apply to the EC2 Instances in this node group. See below for
- structure of taints.
- - enable_detailed_monitoring bool : (Defaults to value from
- var.node_group_default_enable_detailed_monitoring) Whether to enable
- detailed monitoring on the EC2 instances that comprise the Managed node
- group.
- - eks_kubelet_extra_args string : Extra args to pass to the kubelet process on node boot.
- - eks_bootstrap_script_options string : Extra option args to pass to the bootstrap.sh script. This will be
- passed through directly to the bootstrap script.
- - cloud_init_parts map(string) : (Defaults to value from var.cloud_init_parts)
- Per-ASG cloud init scripts to run at boot time on the node. See var.cloud_init_parts for accepted keys.
-
- Structure of LaunchTemplate object:
- - name string : The Name of the Launch Template to use. One of ID or Name should be provided.
- - id string : The ID of the Launch Template to use. One of ID or Name should be provided.
- - version string : The version of the Launch Template to use.
-
- Example:
- managed_node_group_configurations = {
- ngroup1 = {
- desired_size = 1
- min_size = 1
- max_size = 3
- subnet_ids = [data.terraform_remote_state.vpc.outputs.private_app_subnet_ids[0]]
- }
- asg2 = {
- desired_size = 1
- min_size = 1
- max_size = 3
- subnet_ids = [data.terraform_remote_state.vpc.outputs.private_app_subnet_ids[0]]
- disk_size = 50
- }
- ngroup2 = {} Only defaults
- }
-
-```
-
-
-
### Optional
@@ -568,40 +347,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- [
- {
- instance_type = "t3.micro"
- weighted_capacity = 2
- },
- {
- instance_type = "t3.medium"
- weighted_capacity = 1
- },
- ]
-
-```
-
-
-
-
-
-
-
-```hcl
-
- Ideally, we would use a concrete type here, but terraform doesn't support optional attributes yet, so we have to
- resort to the untyped any.
-
-```
-
-
-
@@ -774,29 +519,6 @@ map(object({
-
-
-
-
-```hcl
-
- A MIME-style content type to report in the header for the part. For example, use "text/x-shellscript" for a shell
- script.
-
-```
-
-
-
-
-
-```hcl
-
- The contents of the boot script to be called. This should be the full text of the script as a raw string.
-
-```
-
-
-
@@ -876,18 +598,6 @@ map(object({
-
-
-
-
-```hcl
-
- The target of the traffic. Only one of the following can be defined; the others must be configured to null.
-
-```
-
-
-
@@ -913,18 +623,6 @@ map(object({
-
-
-
-
-```hcl
-
- The source of the traffic. Only one of the following can be defined; the others must be configured to null.
-
-```
-
-
-
@@ -959,19 +657,6 @@ object({
```
-
-
-
-
-```hcl
-
- The width and height of the widget in grid units in a 24 column grid. E.g., a value of 12 will take up half the
- space.
-
-```
-
-
-
@@ -1006,19 +691,6 @@ object({
```
-
-
-
-
-```hcl
-
- The width and height of the widget in grid units in a 24 column grid. E.g., a value of 12 will take up half the
- space.
-
-```
-
-
-
@@ -1053,19 +725,6 @@ object({
```
-
-
-
-
-```hcl
-
- The width and height of the widget in grid units in a 24 column grid. E.g., a value of 12 will take up half the
- space.
-
-```
-
-
-
@@ -1628,11 +1287,11 @@ The list of names of the ASGs that were deployed to act as EKS workers.
diff --git a/docs/reference/services/app-orchestration/amazon-eks.md b/docs/reference/services/app-orchestration/amazon-eks.md
index 3b4f73b09a..00ec77a883 100644
--- a/docs/reference/services/app-orchestration/amazon-eks.md
+++ b/docs/reference/services/app-orchestration/amazon-eks.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Amazon EKS
-View Source
+
+View Source
Release Notes
@@ -68,9 +69,9 @@ more, see the documentation in the [terraform-aws-eks](https://github.com/gruntw
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/test): Automated tests for the modules and examples.
+* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples): This folder contains working examples of how to use the submodules.
+* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/test): Automated tests for the modules and examples.
## Deploy
@@ -78,7 +79,7 @@ more, see the documentation in the [terraform-aws-eks](https://github.com/gruntw
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -86,7 +87,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -319,40 +320,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- [
- {
- instance_type = "t3.micro"
- weighted_capacity = 2
- },
- {
- instance_type = "t3.medium"
- weighted_capacity = 1
- },
- ]
-
-```
-
-
-
-
-
-
-
-```hcl
-
- Ideally, we would use a concrete type here, but terraform doesn't support optional attributes yet, so we have to
- resort to the untyped any.
-
-```
-
-
-
@@ -488,108 +455,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
-
-
-```hcl
-
- Each configuration must be keyed by a unique string that will be used as a suffix for the ASG name. The values
- support the following attributes:
-
- REQUIRED (must be provided for every entry):
- - subnet_ids list(string) : A list of the subnets into which the EKS Cluster's worker nodes will be launched.
- These should usually be all private subnets and include one in each AWS Availability
- Zone. NOTE: If using a cluster autoscaler, each ASG may only belong to a single
- availability zone.
-
- OPTIONAL (defaults to value of corresponding module input):
- - min_size number : (Defaults to value from var.asg_default_min_size) The minimum number of
- EC2 Instances representing workers launchable for this EKS Cluster.
- Useful for auto-scaling limits.
- - max_size number : (Defaults to value from var.asg_default_max_size) The maximum number of
- EC2 Instances representing workers that must be running for this EKS
- Cluster. We recommend making this at least twice the min_size, even if
- you don't plan on scaling the cluster up and down, as the extra capacity
- will be used to deploy updates to the cluster.
- - asg_instance_type string : (Defaults to value from var.asg_default_instance_type) The type of
- instances to use for the ASG (e.g., t2.medium).
- - asg_instance_root_volume_size number : (Defaults to value from var.asg_default_instance_root_volume_size) The root volume size of
- instances to use for the ASG in GB (e.g., 40).
- - asg_instance_root_volume_type string : (Defaults to value from var.asg_default_instance_root_volume_type) The root volume type of
- instances to use for the ASG (e.g., "standard").
- - asg_instance_root_volume_iops number : (Defaults to value from var.asg_default_instance_root_volume_iops) The root volume iops of
- instances to use for the ASG (e.g., 200).
- - asg_instance_root_volume_throughput number : (Defaults to value from var.asg_default_instance_root_volume_throughput) The root volume throughput in MiBPS of
- instances to use for the ASG (e.g., 125).
- - asg_instance_root_volume_encryption bool : (Defaults to value from var.asg_default_instance_root_volume_encryption)
- Whether or not to enable root volume encryption for instances of the ASG.
- - max_pods_allowed number : (Defaults to value from var.asg_default_max_pods_allowed) The
- maximum number of Pods allowed to be scheduled on the node. When null,
- the max will be automatically calculated based on the availability of
- total IP addresses to the instance type.
- - tags list(object[Tag]) : (Defaults to value from var.asg_default_tags) Custom tags to apply to the
- EC2 Instances in this ASG. Refer to structure definition below for the
- object type of each entry in the list.
- - enable_detailed_monitoring bool : (Defaults to value from
- var.asg_default_enable_detailed_monitoring) Whether to enable
- detailed monitoring on the EC2 instances that comprise the ASG.
- - use_multi_instances_policy bool : (Defaults to value from var.asg_default_use_multi_instances_policy)
- Whether or not to use a multi_instances_policy for the ASG.
- - multi_instance_overrides list(MultiInstanceOverride) : (Defaults to value from var.asg_default_multi_instance_overrides)
- List of multi instance overrides to apply. Each element in the list is
- an object that specifies the instance_type to use for the override, and
- the weighted_capacity.
- - on_demand_allocation_strategy string : (Defaults to value from var.asg_default_on_demand_allocation_strategy)
- When using a multi_instances_policy the strategy to use when launching on-demand instances. Valid values: prioritized.
- - on_demand_base_capacity number : (Defaults to value from var.asg_default_on_demand_base_capacity)
- When using a multi_instances_policy the absolute minimum amount of desired capacity that must be fulfilled by on-demand instances.
- - on_demand_percentage_above_base_capacity number : (Defaults to value from var.asg_default_on_demand_percentage_above_base_capacity)
- When using a multi_instances_policy the percentage split between on-demand and Spot instances above the base on-demand capacity.
- - spot_allocation_strategy string : (Defaults to value from var.asg_default_spot_allocation_strategy)
- When using a multi_instances_policy how to allocate capacity across the Spot pools. Valid values: lowest-price, capacity-optimized.
- - spot_instance_pools number : (Defaults to value from var.asg_default_spot_instance_pools)
- When using a multi_instances_policy the Number of Spot pools per availability zone to allocate capacity.
- EC2 Auto Scaling selects the cheapest Spot pools and evenly allocates Spot capacity across the number of Spot pools that you specify.
- - spot_max_price string : (Defaults to value from var.asg_default_spot_max_price, an empty string which means the on-demand price.)
- When using a multi_instances_policy the maximum price per unit hour that the user is willing to pay for the Spot instances.
- - eks_kubelet_extra_args string : Extra args to pass to the kubelet process on node boot.
- - eks_bootstrap_script_options string : Extra option args to pass to the bootstrap.sh script. This will be
- passed through directly to the bootstrap script.
- - cloud_init_parts map(string) : (Defaults to value from var.cloud_init_parts)
- Per-ASG cloud init scripts to run at boot time on the node. See var.cloud_init_parts for accepted keys.
- - http_put_response_hop_limit number : (Defaults to value from var.asg_default_http_put_response_hop_limit) The
- desired HTTP PUT response hop limit for instance metadata requests.
-
- Structure of Tag object:
- - key string : The key for the tag to apply to the instance.
- - value string : The value for the tag to apply to the instance.
- - propagate_at_launch bool : Whether or not the tags should be propagated to the instance at launch time.
-
-
- Example:
- autoscaling_group_configurations = {
- "asg1" = {
- asg_instance_type = "t2.medium"
- subnet_ids = [data.terraform_remote_state.vpc.outputs.private_app_subnet_ids[0]]
- },
- "asg2" = {
- max_size = 3
- asg_instance_type = "t2.large"
- subnet_ids = [data.terraform_remote_state.vpc.outputs.private_app_subnet_ids[1]]
-
- tags = [{
- key = "size"
- value = "large"
- propagate_at_launch = true
- }]
- }
- }
-
-```
-
-
-
@@ -664,29 +529,6 @@ map(object({
-
-
-
-
-```hcl
-
- A MIME-style content type to report in the header for the part. For example, use "text/x-shellscript" for a shell
- script.
-
-```
-
-
-
-
-
-```hcl
-
- The contents of the boot script to be called. This should be the full text of the script as a raw string.
-
-```
-
-
-
@@ -732,20 +574,6 @@ object({
-
-
-
-
-```hcl
-
- Name/Value pairs to filter the AMI off of. There are several valid keys, for a full reference, check out the
- documentation for describe-images in the AWS CLI reference
- (https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-images.html).
-
-```
-
-
-
@@ -845,18 +673,6 @@ map(object({
-
-
-
-
-```hcl
-
- The target of the traffic. Only one of the following can be defined; the others must be configured to null.
-
-```
-
-
-
@@ -882,18 +698,6 @@ map(object({
-
-
-
-
-```hcl
-
- The source of the traffic. Only one of the following can be defined; the others must be configured to null.
-
-```
-
-
-
@@ -928,19 +732,6 @@ object({
```
-
-
-
-
-```hcl
-
- The width and height of the widget in grid units in a 24 column grid. E.g., a value of 12 will take up half the
- space.
-
-```
-
-
-
@@ -975,19 +766,6 @@ object({
```
-
-
-
-
-```hcl
-
- The width and height of the widget in grid units in a 24 column grid. E.g., a value of 12 will take up half the
- space.
-
-```
-
-
-
@@ -1022,19 +800,6 @@ object({
```
-
-
-
-
-```hcl
-
- The width and height of the widget in grid units in a 24 column grid. E.g., a value of 12 will take up half the
- space.
-
-```
-
-
-
@@ -1051,26 +816,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- eks_addons = {
- coredns = {}
- kube-proxy = {}
- vpc-cni = {
- addon_version = "1.10.1-eksbuild.1"
- resolve_conflicts = "NONE"
- service_account_role_arn = "arn:aws:iam::123456789012:role/role-name"
- }
- }
-
-```
-
-
-
@@ -1080,21 +825,6 @@ A map of custom tags to apply to the Security Group for the EKS Cluster Control
-
-
- Example
-
-
-```hcl
- {
- key1 = "value1"
- key2 = "value2"
- }
-
-```
-
-
-
@@ -1104,21 +834,6 @@ A map of custom tags to apply to the EKS Cluster Control Plane. The key is the t
-
-
- Example
-
-
-```hcl
- {
- key1 = "value1"
- key2 = "value2"
- }
-
-```
-
-
-
@@ -1137,22 +852,6 @@ When true, deploy the aws-auth-merger into Fargate. It is recommended to run the
-
-
-
-
-```hcl
-
- Since we will manage the IAM role mapping for the workers using the merger, we need to schedule the deployment onto
- Fargate. Otherwise, there is a chicken and egg problem where the workers won't be able to auth until the
- aws-auth-merger is deployed, but the aws-auth-merger can't be deployed until the workers are setup. Fargate IAM
- auth is automatically configured by AWS when we create the Fargate Profile, so we can break the cycle if we use
- Fargate.
-
-```
-
-
-
@@ -1360,20 +1059,6 @@ map(list(string))
-
-
- Example
-
-
-```hcl
- {
- "arn:aws:iam::ACCOUNT_ID:role/admin-role" = ["system:masters"]
- }
-
-```
-
-
-
@@ -1390,20 +1075,6 @@ map(list(string))
-
-
- Example
-
-
-```hcl
- {
- "arn:aws:iam::ACCOUNT_ID:user/admin-user" = ["system:masters"]
- }
-
-```
-
-
-
@@ -1438,110 +1109,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
-
-
-```hcl
-
- Each configuration must be keyed by a unique string that will be used as a suffix for the node group name. The
- values support the following attributes:
-
-
- OPTIONAL (defaults to value of corresponding module input):
- - subnet_ids list(string) : (Defaults to value from var.node_group_default_subnet_ids) A list of the
- subnets into which the EKS Cluster's managed nodes will be launched.
- These should usually be all private subnets and include one in each AWS
- Availability Zone. NOTE: If using a cluster autoscaler with EBS volumes,
- each ASG may only belong to a single availability zone.
- - min_size number : (Defaults to value from var.node_group_default_min_size) The minimum
- number of EC2 Instances representing workers launchable for this EKS
- Cluster. Useful for auto-scaling limits.
- - max_size number : (Defaults to value from var.node_group_default_max_size) The maximum
- number of EC2 Instances representing workers that must be running for
- this EKS Cluster. We recommend making this at least twice the min_size,
- even if you don't plan on scaling the cluster up and down, as the extra
- capacity will be used to deploy updates to the cluster.
- - desired_size number : (Defaults to value from var.node_group_default_desired_size) The current
- desired number of EC2 Instances representing workers that must be running
- for this EKS Cluster.
- - instance_types list(string) : (Defaults to value from var.node_group_default_instance_types) A list of
- instance types (e.g., t2.medium) to use for the EKS Cluster's worker
- nodes. EKS will choose from this list of instance types when launching
- new instances. When using launch templates, this setting will override
- the configured instance type of the launch template.
- - capacity_type string : (Defaults to value from var.node_group_default_capacity_type) Type of capacity
- associated with the EKS Node Group. Valid values: ON_DEMAND, SPOT.
- - launch_template LaunchTemplate : (Defaults to value from var.node_group_default_launch_template)
- Launch template to use for the node. Specify either Name or ID of launch
- template. Must include version. Although the API supports using the
- values "$Latest" and "$Default" to configure the version, this can lead
- to a perpetual diff. Use the `latest_version` or `default_version` output
- of the aws_launch_template data source or resource instead. See
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_grouplaunch_template-configuration-block
- for more information.
- - instance_root_volume_size number : (Defaults to value from var.node_group_default_instance_root_volume_size)
- The root volume size of instances to use for the ASG in GB (e.g., 40).
- - instance_root_volume_type string : (Defaults to value from var.node_group_default_instance_root_volume_type)
- The root volume type of instances to use for the ASG (e.g., "standard").
- - instance_root_volume_encryption bool : (Defaults to value from var.node_group_default_instance_root_volume_encryption)
- Whether or not to enable root volume encryption for instances of the ASG.
- - max_pods_allowed number : (Defaults to value from var.node_group_default_max_pods_allowed) The
- maximum number of Pods allowed to be scheduled on the node. When null,
- the max will be automatically calculated based on the availability of
- total IP addresses to the instance type.
- - http_put_response_hop_limit number : (Defaults to value from
- var.node_group_default_http_put_response_hop_limit) The desired
- HTTP PUT response hop limit for instance metadata requests from the
- underlying EC2 Instances.
- - tags map(string) : (Defaults to value from var.node_group_default_tags) Custom tags to apply
- to the EC2 Instances in this node group. This should be a key value pair,
- where the keys are tag keys and values are the tag values. Merged with
- var.common_tags.
- - labels map(string) : (Defaults to value from var.node_group_default_labels) Custom Kubernetes
- Labels to apply to the EC2 Instances in this node group. This should be a
- key value pair, where the keys are label keys and values are the label
- values. Merged with var.common_labels.
- - taints list(map(string)) : (Defaults to value from var.node_group_default_taints) Custom Kubernetes
- taint to apply to the EC2 Instances in this node group. See below for
- structure of taints.
- - enable_detailed_monitoring bool : (Defaults to value from
- var.node_group_default_enable_detailed_monitoring) Whether to enable
- detailed monitoring on the EC2 instances that comprise the Managed node
- group.
- - eks_kubelet_extra_args string : Extra args to pass to the kubelet process on node boot.
- - eks_bootstrap_script_options string : Extra option args to pass to the bootstrap.sh script. This will be
- passed through directly to the bootstrap script.
- - cloud_init_parts map(string) : (Defaults to value from var.cloud_init_parts)
- Per-ASG cloud init scripts to run at boot time on the node. See var.cloud_init_parts for accepted keys.
-
- Structure of LaunchTemplate object:
- - name string : The Name of the Launch Template to use. One of ID or Name should be provided.
- - id string : The ID of the Launch Template to use. One of ID or Name should be provided.
- - version string : The version of the Launch Template to use.
-
- Example:
- managed_node_group_configurations = {
- ngroup1 = {
- desired_size = 1
- min_size = 1
- max_size = 3
- subnet_ids = [data.terraform_remote_state.vpc.outputs.private_app_subnet_ids[0]]
- }
- asg2 = {
- desired_size = 1
- min_size = 1
- max_size = 3
- subnet_ids = [data.terraform_remote_state.vpc.outputs.private_app_subnet_ids[0]]
- disk_size = 50
- }
- ngroup2 = {} Only defaults
- }
-
-```
-
-
-
@@ -2085,11 +1652,11 @@ The ID of the AWS Security Group associated with the self-managed EKS workers.
diff --git a/docs/reference/services/app-orchestration/auto-scaling-group-asg.md b/docs/reference/services/app-orchestration/auto-scaling-group-asg.md
index ae3da3ac6e..6378fca23b 100644
--- a/docs/reference/services/app-orchestration/auto-scaling-group-asg.md
+++ b/docs/reference/services/app-orchestration/auto-scaling-group-asg.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Auto Scaling Group
-View Source
+
+View Source
Release Notes
@@ -55,7 +56,7 @@ access to this repo, email .
* [ASG Documentation](https://docs.aws.amazon.com/autoscaling/ec2/userguide/what-is-amazon-ec2-auto-scaling.html):
Amazon’s docs for ASG that cover core concepts such as launch templates and auto scaling groups.
-* [User Data](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/services/asg-service/core-concepts.md)
+* [User Data](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/services/asg-service/core-concepts.md)
## Deploy
@@ -63,7 +64,7 @@ access to this repo, email .
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -71,7 +72,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture/), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -115,20 +116,6 @@ object({
```
-
-
-
-
-```hcl
-
- Name/Value pairs to filter the AMI off of. There are several valid keys, for a full reference, check out the
- documentation for describe-images in the AWS CLI reference
- (https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-images.html).
-
-```
-
-
-
@@ -317,29 +304,6 @@ list(object({
-
-
- Example
-
-
-```hcl
- default = [
- {
- key = "foo"
- value = "bar"
- propagate_at_launch = true
- },
- {
- key = "baz"
- value = "blah"
- propagate_at_launch = true
- }
- ]
-
-```
-
-
-
@@ -356,22 +320,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
-
-
-```hcl
-
- Each entry in the map supports the following attributes:
- REQUIRED:
- - arn [string]: The ARN of the target group.
- OPTIONAL:
- - weight [number]: The weight. The range is 0 to 999. Only applies if len(target_group_arns) > 1.
-
-```
-
-
-
@@ -462,27 +410,6 @@ A list of metrics the ASG should enable for monitoring all instances in a group.
-
-
- Example
-
-
-```hcl
- enabled_metrics = [
- "GroupDesiredCapacity",
- "GroupInServiceInstances",
- "GroupMaxSize",
- "GroupMinSize",
- "GroupPendingInstances",
- "GroupStandbyInstances",
- "GroupTerminatingInstances",
- "GroupTotalInstances"
- ]
-
-```
-
-
-
@@ -508,88 +435,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- {
- "health-path" = {
- priority = 130
-
- content_type = "text/plain"
- message_body = "HEALTHY"
- status_code = "200"
-
- Conditions:
- You need to provide *at least ONE* per set of rules. It should contain one of the following:
- host_headers = ["foo.com", "www.foo.com"]
- path_patterns = ["/health"]
- source_ips = ["127.0.0.1"]
- http_request_methods = ["GET"]
- query_strings = [
- {
- key = "foo" Key is optional, this can be ommited.
- value = "bar"
- }, {
- value = "hello"
- }
- ]
- }
- }
-
-```
-
-
-
-
-
-
-
-```hcl
-
- Each entry in the map supports the following attributes:
-
- REQUIRED
- - content_type [string]: The content type. Valid values are `text/plain`, `text/css`, `text/html`, `application/javascript`
- and `application/json`.
-
- OPTIONAL (defaults to value of corresponding module input):
- - priority [number] : A value between 1 and 50000. Leaving it unset will automatically set the rule with the next
- available priority after currently existing highest rule. This value must be unique for each
- listener.
- - listener_arns [list(string)]: A list of listener ARNs to override `var.listener_arns`
- - message_body [string] : The message body.
- - status_code [string] : The HTTP response code. Valid values are `2XX`, `4XX`, or `5XX`.
-
- Wildcard characters:
- * - matches 0 or more characters
- ? - matches exactly 1 character
- To search for a literal '*' or '?' character in a query string, escape the character with a backslash (\).
-
- Conditions (need to specify at least one):
- - path_patterns [list(string)] : A list of paths to match (note that "/foo" is different than "/foo/").
- Comparison is case sensitive. Wildcard characters supported: * and ?.
- It is compared to the path of the URL, not it's query string. To compare
- against query string, use the `query_strings` condition.
- - host_headers [list(string)] : A list of host header patterns to match. Comparison is case insensitive.
- Wildcard characters supported: * and ?.
- - source_ips [list(string)] : A list of IP CIDR notations to match. You can use both IPv4 and IPv6
- addresses. Wildcards are not supported. Condition is not satisfied by the
- addresses in the `X-Forwarded-For` header, use `http_headers` condition instead.
- - query_strings [list(map(string))]: Query string pairs or values to match. Comparison is case insensitive.
- Wildcard characters supported: * and ?. Only one pair needs to match for
- the condition to be satisfied.
- - http_request_methods [list(string)] : A list of HTTP request methods or verbs to match. Only allowed characters are
- A-Z, hyphen (-) and underscore (_). Comparison is case sensitive. Wildcards
- are not supported. AWS recommends that GET and HEAD requests are routed in the
- same way because the response to a HEAD request may be cached.
-
-```
-
-
-
@@ -606,94 +451,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- {
- "foo" = {
- priority = 120
-
- host_headers = ["www.foo.com", "*.foo.com"]
- path_patterns = ["/foo/*"]
- source_ips = ["127.0.0.1/32"]
- http_request_methods = ["GET"]
- query_strings = [
- {
- key = "foo" Key is optional, this can be ommited.
- value = "bar"
- }, {
- value = "hello"
- }
- ]
- }
- }
-
-```
-
-
-
-
-
-
-
-```hcl
-
- Each entry in the map supports the following attributes:
-
- OPTIONAL (defaults to value of corresponding module input):
- - priority [number] : A value between 1 and 50000. Leaving it unset will automatically set
- the rule with the next available priority after currently existing highest
- rule. This value must be unique for each listener.
- - listener_arns [list(string)] : A list of listener ARNs to override `var.listener_arns`
- - stickiness [map(object[Stickiness])] : Target group stickiness for the rule. Only applies if more than one
- target_group_arn is defined.
-
-```
-
-
-
-
-
-```hcl
-
- Wildcard characters:
- * - matches 0 or more characters
- ? - matches exactly 1 character
- To search for a literal '*' or '?' character in a query string, escape the character with a backslash (\).
-
-```
-
-
-
-
-
-```hcl
-
- Conditions (need to specify at least one):
- - path_patterns [list(string)] : A list of paths to match (note that "/foo" is different than "/foo/").
- Comparison is case sensitive. Wildcard characters supported: * and ?.
- It is compared to the path of the URL, not it's query string. To compare
- against query string, use the `query_strings` condition.
- - host_headers [list(string)] : A list of host header patterns to match. Comparison is case insensitive.
- Wildcard characters supported: * and ?.
- - source_ips [list(string)] : A list of IP CIDR notations to match. You can use both IPv4 and IPv6
- addresses. Wildcards are not supported. Condition is not satisfied by the
- addresses in the `X-Forwarded-For` header, use `http_headers` condition instead.
- - query_strings [list(map(string))]: Query string pairs or values to match. Comparison is case insensitive.
- Wildcard characters supported: * and ?. Only one pair needs to match for
- the condition to be satisfied.
- - http_request_methods [list(string)] : A list of HTTP request methods or verbs to match. Only allowed characters are
- A-Z, hyphen (-) and underscore (_). Comparison is case sensitive. Wildcards
- are not supported. AWS recommends that GET and HEAD requests are routed in the
- same way because the response to a HEAD request may be cached.
-
-```
-
-
-
@@ -813,29 +570,6 @@ map(object({
-
-
- Example
-
-
-```hcl
- iam_policy = {
- S3Access = {
- actions = ["s3:*"]
- resources = ["arn:aws:s3:::mybucket"]
- effect = "Allow"
- },
- SecretsManagerAccess = {
- actions = ["secretsmanager:GetSecretValue"],
- resources = ["arn:aws:secretsmanager:us-east-1:0123456789012:secret:mysecert"]
- effect = "Allow"
- }
- }
-
-```
-
-
-
@@ -915,94 +649,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- {
- "old-website" = {
- priority = 120
- port = 443
- protocol = "HTTPS"
-
- status_code = "HTTP_301"
- host = "gruntwork.in"
- path = "/signup"
- query = "foo"
-
- Conditions:
- host_headers = ["foo.com", "www.foo.com"]
- path_patterns = ["/health"]
- source_ips = ["127.0.0.1"]
- http_request_methods = ["GET"]
- query_strings = [
- {
- key = "foo" Key is optional, this can be ommited.
- value = "bar"
- }, {
- value = "hello"
- }
- ]
- }
- }
-
-```
-
-
-
-
-
-
-
-```hcl
-
- Each entry in the map supports the following attributes:
-
- OPTIONAL (defaults to value of corresponding module input):
- - priority [number]: A value between 1 and 50000. Leaving it unset will automatically set the rule with the next
- available priority after currently existing highest rule. This value must be unique for each
- listener.
- - listener_arns [list(string)]: A list of listener ARNs to override `var.listener_arns`
- - status_code [string]: The HTTP redirect code. The redirect is either permanent `HTTP_301` or temporary `HTTP_302`.
-
- The URI consists of the following components: `protocol://hostname:port/path?query`. You must modify at least one of
- the following components to avoid a redirect loop: protocol, hostname, port, or path. Any components that you do not
- modify retain their original values.
- - host [string]: The hostname. The hostname can contain {host}.
- - path [string]: The absolute path, starting with the leading "/". The path can contain `host`, `path`, and `port`.
- - port [string]: The port. Specify a value from 1 to 65525.
- - protocol [string]: The protocol. Valid values are `HTTP` and `HTTPS`. You cannot redirect HTTPS to HTTP.
- - query [string]: The query params. Do not include the leading "?".
-
- Wildcard characters:
- * - matches 0 or more characters
- ? - matches exactly 1 character
- To search for a literal '*' or '?' character in a query string, escape the character with a backslash (\).
-
- Conditions (need to specify at least one):
- - path_patterns [list(string)] : A list of paths to match (note that "/foo" is different than "/foo/").
- Comparison is case sensitive. Wildcard characters supported: * and ?.
- It is compared to the path of the URL, not it's query string. To compare
- against query string, use the `query_strings` condition.
- - host_headers [list(string)] : A list of host header patterns to match. Comparison is case insensitive.
- Wildcard characters supported: * and ?.
- - source_ips [list(string)] : A list of IP CIDR notations to match. You can use both IPv4 and IPv6
- addresses. Wildcards are not supported. Condition is not satisfied by the
- addresses in the `X-Forwarded-For` header, use `http_headers` condition instead.
- - query_strings [list(map(string))]: Query string pairs or values to match. Comparison is case insensitive.
- Wildcard characters supported: * and ?. Only one pair needs to match for
- the condition to be satisfied.
- - http_request_methods [list(string)] : A list of HTTP request methods or verbs to match. Only allowed characters are
- A-Z, hyphen (-) and underscore (_). Comparison is case sensitive. Wildcards
- are not supported. AWS recommends that GET and HEAD requests are routed in the
- same way because the response to a HEAD request may be cached.
-
-```
-
-
-
@@ -1073,72 +719,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- server_ports = {
- "default-http" = {
- server_port = "8080"
- protocol = "HTTP"
- health_check_path = "/health"
- r53_health_check_path = "/health"
- enable_lb_health_check = false
- }
- }
-
-```
-
-
-
-
-
-
-
-```hcl
-
- Each entry in the map supports the following attributes:
-
- REQUIRED:
- - server_port number : The port of the endpoint to be checked (e.g. 80).
-
- OPTIONAL (defaults to value of corresponding module input):
- - target_group_name string : A unique name to use for the corresponding target group. If
- omitted, defaults to "SERVICE_NAME-ENTRY_KEY" where SERVICE_NAME
- corresponds to var.name and ENTRY_KEY corresponds to the map key
- for this server port entry.
- - tags map(string) : A map of tags to apply to the metric alarm. The key is the tag
- name and the value is the tag value.
- - protocol string : The protocol to use for health checks. See:
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_groupprotocol
- - health_check_path string : The path that the health check should use for requests (e.g. /health or /status).
- - r53_health_check_path string : The path that you want Amazon Route 53 to request when
- performing health checks (e.g. /status). Defaults to "/".
- - r53_health_check_type string : The protocol to use when performing health checks. Valid
- values are HTTP, HTTPS, HTTP_STR_MATCH, HTTPS_STR_MATCH,
- TCP, CALCULATED and CLOUDWATCH_METRIC. Defaults to HTTP.
- - r53_health_check_failure_threshold number : The number of consecutive health checks that must pass
- or fail for the health check to declare your site up or
- down. Defaults to 2.
- - r53_health_check_request_interval number : The number of seconds between health checks. Defaults to 30.
-
- - enable_lb_health_check bool : Set to false if you want to disable Target Group health's check.
- Defaults to true.
- - lb_healthy_threshold number : The number of consecutive health checks *successes* required before
- considering an unhealthy target healthy. Defaults to 3.
- - lb_unhealthy_threshold number : The number of consecutive health check *failures* required before
- considering the target unhealthy. Defaults to 3.
- - lb_request_interval number : The approximate amount of time, in seconds, between health checks
- of an individual target. Defaults to 30.
- - lb_timeout number : The amount of time, in seconds, during which no response means a
- failed health check. Defaults to 10.
-
-```
-
-
-
@@ -1304,11 +884,11 @@ The ID of the Security Group that belongs to the ASG.
diff --git a/docs/reference/services/app-orchestration/ec-2-instance.md b/docs/reference/services/app-orchestration/ec-2-instance.md
index 64b51494c3..a7ab041d09 100644
--- a/docs/reference/services/app-orchestration/ec-2-instance.md
+++ b/docs/reference/services/app-orchestration/ec-2-instance.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# EC2 Instance
-View Source
+
+View Source
Release Notes
@@ -58,9 +59,9 @@ If you’ve never used the Service Catalog before, make sure to read
### Core concepts
-* [How do I update my instance?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/services/ec2-instance/core-concepts.md#how-do-i-update-my-instance)
-* [How do I use User Data?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/services/ec2-instance/core-concepts.md#how-do-i-use-user-data)
-* [How do I mount an EBS volume?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/services/ec2-instance/core-concepts.md#how-do-i-mount-an-ebs-volume)
+* [How do I update my instance?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/services/ec2-instance/core-concepts.md#how-do-i-update-my-instance)
+* [How do I use User Data?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/services/ec2-instance/core-concepts.md#how-do-i-use-user-data)
+* [How do I mount an EBS volume?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/services/ec2-instance/core-concepts.md#how-do-i-mount-an-ebs-volume)
### The EC2 Instance AMI
@@ -85,7 +86,7 @@ This template configures the AMI to:
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The `examples/for-learning-and-testing`
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The `examples/for-learning-and-testing`
folder contains standalone sample code optimized for learning, experimenting, and testing (but not direct
production usage).
@@ -93,7 +94,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog, configure CI / CD for your apps and
@@ -194,20 +195,6 @@ object({
```
-
-
-
-
-```hcl
-
- Name/Value pairs to filter the AMI off of. There are several valid keys, for a full reference, check out the
- documentation for describe-images in the AWS CLI reference
- (https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-images.html).
-
-```
-
-
-
@@ -771,11 +758,11 @@ The input parameters for the EBS volumes.
diff --git a/docs/reference/services/app-orchestration/helm-service.md b/docs/reference/services/app-orchestration/helm-service.md
index a9b58c7c0c..f4fa4b8271 100644
--- a/docs/reference/services/app-orchestration/helm-service.md
+++ b/docs/reference/services/app-orchestration/helm-service.md
@@ -13,13 +13,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Helm Service
-View Source
+
+View Source
Release Notes
@@ -63,9 +64,9 @@ If you’ve never used the Service Catalog before, make sure to read
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/test): Automated tests for the modules and examples.
+* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples): This folder contains working examples of how to use the submodules.
+* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/test): Automated tests for the modules and examples.
## Deploy
@@ -73,7 +74,7 @@ If you’ve never used the Service Catalog before, make sure to read
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -81,7 +82,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -189,29 +190,6 @@ map(object({
-
-
- Example
-
-
-```hcl
- iam_policy = {
- S3Access = {
- actions = ["s3:*"]
- resources = ["arn:aws:s3:::mybucket"]
- effect = "Allow"
- },
- SecretsManagerAccess = {
- actions = ["secretsmanager:GetSecretValue"],
- resources = ["arn:aws:secretsmanager:us-east-1:0123456789012:secret:mysecert"]
- effect = "Allow"
- }
- }
-
-```
-
-
-
@@ -280,11 +258,11 @@ Number of seconds to wait for Pods to become healthy before marking the deployme
diff --git a/docs/reference/services/app-orchestration/kubernetes-namespace.md b/docs/reference/services/app-orchestration/kubernetes-namespace.md
index ef9ec21320..4472e06af7 100644
--- a/docs/reference/services/app-orchestration/kubernetes-namespace.md
+++ b/docs/reference/services/app-orchestration/kubernetes-namespace.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Kubernetes Namespace
-View Source
+
+View Source
Release Notes
@@ -65,9 +66,9 @@ subscriber and don’t have access to this repo, email .
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/test): Automated tests for the modules and examples.
+* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples): This folder contains working examples of how to use the submodules.
+* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/test): Automated tests for the modules and examples.
## Deploy
@@ -75,7 +76,7 @@ subscriber and don’t have access to this repo, email .
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -83,7 +84,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -146,28 +147,6 @@ list(object({
-
-
-
-
-```hcl
-
- The name of the entity (e.g., the username or group name, depending on kind).
-
-```
-
-
-
-
-
-```hcl
-
- The namespace where the entity is located. Only used for ServiceAccount.
-
-```
-
-
-
@@ -211,28 +190,6 @@ list(object({
-
-
-
-
-```hcl
-
- The name of the entity (e.g., the username or group name, depending on kind).
-
-```
-
-
-
-
-
-```hcl
-
- The namespace where the entity is located. Only used for ServiceAccount.
-
-```
-
-
-
@@ -287,11 +244,11 @@ The name of the rbac role that grants read only permissions on the namespace.
diff --git a/docs/reference/services/app-orchestration/kubernetes-service.md b/docs/reference/services/app-orchestration/kubernetes-service.md
index 10fb28e9cb..bca8e46efc 100644
--- a/docs/reference/services/app-orchestration/kubernetes-service.md
+++ b/docs/reference/services/app-orchestration/kubernetes-service.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Kubernetes Service
-View Source
+
+View Source
Release Notes
@@ -74,9 +75,9 @@ don’t have access to this repo, email .
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/test): Automated tests for the modules and examples.
+* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples): This folder contains working examples of how to use the submodules.
+* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/test): Automated tests for the modules and examples.
## Deploy
@@ -84,7 +85,7 @@ don’t have access to this repo, email .
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -92,7 +93,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -177,23 +178,6 @@ map(object({
-
-
- Example
-
-
-```hcl
- additional_ports = {
- prometheus = {
- port = 9102
- protocol = "TCP"
- }
- }
-
-```
-
-
-
@@ -314,24 +298,6 @@ map(map(string))
-
-
- Example
-
-
-```hcl
-
- Example: This will inject the foo key of the ConfigMap myconfig as the environment variable MY_CONFIG.
- {
- myconfig = {
- foo = "MY_CONFIG"
- }
- }
-
-```
-
-
-
@@ -348,31 +314,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
-
- Example: This will mount the ConfigMap myconfig to the path /etc/myconfig
- {
- myconfig = {
- mount_path = "/etc/myconfig"
- }
- }
- Example: This will mount the ConfigMap myconfig to the path /etc/nginx/nginx.conf
- {
- myconfig = {
- mount_path = "/etc/nginx/nginx.conf"
- sub_path = "nginx.conf"
- }
- }
-
-```
-
-
-
@@ -391,30 +332,6 @@ The map that lets you define Kubernetes resources you want installed and configu
-
-
- Example
-
-
-```hcl
-
- Example: the following example creates a custom ConfigMap from a string and a Secret from a file.
- {
- custom_configmap = <
-
-
@@ -571,29 +488,6 @@ map(object({
-
-
- Example
-
-
-```hcl
- iam_policy = {
- S3Access = {
- actions = ["s3:*"]
- resources = ["arn:aws:s3:::mybucket"]
- effect = "Allow"
- },
- SecretsManagerAccess = {
- actions = ["secretsmanager:GetSecretValue"],
- resources = ["arn:aws:secretsmanager:us-east-1:0123456789012:secret:mysecert"]
- effect = "Allow"
- }
- }
-
-```
-
-
-
@@ -648,20 +542,6 @@ A list of custom ingress annotations, such as health checks and TLS certificates
-
-
- Example
-
-
-```hcl
- {
- "alb.ingress.kubernetes.io/shield-advanced-protection" : "true"
- }
-
-```
-
-
-
@@ -868,20 +748,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
-
-
-```hcl
-
- Ideally we would define a concrete type here, but since the input value spec for the chart has dynamic optional
- values, we can't use a concrete object type for Terraform. Also, setting a type spec here will defeat the purpose of
- the escape hatch since it requires defining new input values here before users can use it.
-
-```
-
-
-
@@ -936,22 +802,6 @@ Paths that should be allocated as tmpfs volumes in the Deployment container. Eac
-
-
- Example
-
-
-```hcl
-
- Example: This will mount the tmpfs volume "foo" to the path "/mnt/scratch"
- {
- foo = "/mnt/scratch"
- }
-
-```
-
-
-
@@ -968,24 +818,6 @@ map(map(string))
-
-
- Example
-
-
-```hcl
-
- Example: This will inject the foo key of the Secret mysecret as the environment variable MY_SECRET.
- {
- mysecret = {
- foo = "MY_SECRET"
- }
- }
-
-```
-
-
-
@@ -1002,31 +834,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
-
- Example: This will mount the Secret mysecret to the path /etc/mysecret
- {
- mysecret = {
- mount_path = "/etc/mysecret"
- }
- }
- Example: This will mount the Secret mysecret to the path /etc/nginx/nginx.conf
- {
- mysecret = {
- mount_path = "/etc/nginx/nginx.conf"
- sub_path = "nginx.conf"
- }
- }
-
-```
-
-
-
@@ -1070,45 +877,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- sidecar_containers = {
- datadog = {
- image = "datadog/agent:latest"
- env = [
- {
- name = "DD_API_KEY"
- value = "ASDF-1234"
- },
- {
- name = "SD_BACKEND"
- value = "docker"
- },
- ]
- }
- }
-
-```
-
-
-
-
-
-
-
-```hcl
-
- Ideally we would define a concrete type here, but since the container spec for Pods have dynamic optional values, we
- can't use a concrete object type for Terraform.
-
-```
-
-
-
@@ -1168,11 +936,11 @@ Number of seconds to wait for Pods to become healthy before marking the deployme
diff --git a/docs/reference/services/app-orchestration/lambda.md b/docs/reference/services/app-orchestration/lambda.md
index 6c41efe7cc..4e0973b612 100644
--- a/docs/reference/services/app-orchestration/lambda.md
+++ b/docs/reference/services/app-orchestration/lambda.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Lambda
-View Source
+
+View Source
Release Notes
@@ -59,9 +60,9 @@ documentation in the [terraform-aws-lambda](https://github.com/gruntwork-io/terr
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules): The main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/test): Automated tests for the modules and examples.
+* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules): The main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples): This folder contains working examples of how to use the submodules.
+* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/test): Automated tests for the modules and examples.
## Deploy
@@ -69,7 +70,7 @@ documentation in the [terraform-aws-lambda](https://github.com/gruntwork-io/terr
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -77,7 +78,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -296,19 +297,6 @@ A map of environment variables to pass to the Lambda function. AWS will automati
```
-
-
-
-
-```hcl
-
- Lambda does not permit you to pass it an empty map of environment variables, so our default value has to contain
- this totally useless placeholder.
-
-```
-
-
-
@@ -365,29 +353,6 @@ map(object({
-
-
- Example
-
-
-```hcl
- iam_policy = {
- S3Access = {
- actions = ["s3:*"]
- resources = ["arn:aws:s3:::mybucket"]
- effect = "Allow"
- },
- SecretsManagerAccess = {
- actions = ["secretsmanager:GetSecretValue"],
- resources = ["arn:aws:secretsmanager:us-east-1:0123456789012:secret:mysecert"]
- effect = "Allow"
- }
- }
-
-```
-
-
-
@@ -780,11 +745,11 @@ Latest published version of your Lambda Function
diff --git a/docs/reference/services/app-orchestration/public-static-website.md b/docs/reference/services/app-orchestration/public-static-website.md
index 44e33bde52..75ff8a1ea5 100644
--- a/docs/reference/services/app-orchestration/public-static-website.md
+++ b/docs/reference/services/app-orchestration/public-static-website.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Public Static Website
-View Source
+
+View Source
Release Notes
@@ -60,7 +61,7 @@ If you’ve never used the Service Catalog before, make sure to read
### Core concepts
This module deploys a public website, so the S3 bucket and objects with it are readable by the public. It also is
-hosted in a Public Hosted Zone in Route 53. You may provide a `hosted_zone_id` in [variables](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/services/public-static-website/variables.tf),
+hosted in a Public Hosted Zone in Route 53. You may provide a `hosted_zone_id` in [variables](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/services/public-static-website/variables.tf),
or you may provide the `base_domain_name` associated with your Public Hosted Zone in Route 53, optionally along with
any tags that must match that zone in `base_domain_name_tags`. If you do the latter, this module will find the hosted
zone id for you.
@@ -71,17 +72,17 @@ website, and how to configure SSL, check out the documentation for the
and [s3-cloudfront](https://github.com/gruntwork-io/terraform-aws-static-assets/tree/master/modules/s3-cloudfront)
modules.
-* [Quick Start](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/services/public-static-website/core-concepts.md#quick-start)
+* [Quick Start](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/services/public-static-website/core-concepts.md#quick-start)
* [How to test the website](https://github.com/gruntwork-io/terraform-aws-static-assets/blob/master/modules/s3-static-website/core-concepts.md#how-to-test-the-website)
-* [How to configure HTTPS (SSL) or a CDN?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/services/public-static-website/core-concepts.md#how-to-configure-https-ssl-or-a-cdn)
+* [How to configure HTTPS (SSL) or a CDN?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/services/public-static-website/core-concepts.md#how-to-configure-https-ssl-or-a-cdn)
* [How to handle www + root domains](https://github.com/gruntwork-io/terraform-aws-static-assets/blob/master/modules/s3-static-website/core-concepts.md#how-do-i-handle-www—root-domains)
* [How do I configure Cross Origin Resource Sharing (CORS)?](https://github.com/gruntwork-io/terraform-aws-static-assets/blob/master/modules/s3-static-website/core-concepts.md#how-do-i-configure-cross-origin-resource-sharing-cors)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/test): Automated tests for the modules and examples.
+* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples): This folder contains working examples of how to use the submodules.
+* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/test): Automated tests for the modules and examples.
## Deploy
@@ -89,7 +90,7 @@ modules.
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -97,7 +98,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing/services/public-static-website/example-website):
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing/services/public-static-website/example-website):
The `examples/for-production` folder contains sample code optimized for direct usage in production. This is code from
the [Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -296,24 +297,6 @@ map(object({
```
-
-
- Example
-
-
-```hcl
- default = {
- 404 = {
- response_code = 404
- response_page_path = "404.html"
- error_caching_min_ttl = 0
- }
- }
-
-```
-
-
-
@@ -610,11 +593,11 @@ The ARN of the created S3 bucket associated with the website.
diff --git a/docs/reference/services/ci-cd-pipeline/ecs-deploy-runner.md b/docs/reference/services/ci-cd-pipeline/ecs-deploy-runner.md
index 60016c6e57..9a097f387e 100644
--- a/docs/reference/services/ci-cd-pipeline/ecs-deploy-runner.md
+++ b/docs/reference/services/ci-cd-pipeline/ecs-deploy-runner.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# ECS Deploy Runner
-View Source
+
+View Source
Release Notes
@@ -77,7 +78,7 @@ If you’ve never used the Service Catalog before, make sure to read
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -85,7 +86,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [shared account ecs-deploy-runner configuration in the for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production/infrastructure-live/shared/us-west-2/mgmt/ecs-deploy-runner/):
+* [shared account ecs-deploy-runner configuration in the for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production/infrastructure-live/shared/us-west-2/mgmt/ecs-deploy-runner/):
The `examples/for-production` folder contains sample code optimized for direct usage in production. This is code from
the [Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture/), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -180,116 +181,6 @@ object({
```
-
-
-
-
-```hcl
-
- An object defining the IAM policy statements to attach to the IAM role associated with the ECS task for the
- ami builder. Accepts a map of objects, where the map keys are sids for IAM policy statements, and the object
- fields are the resources, actions, and the effect (\"Allow\" or \"Deny\") of the statement.
- Note that you do not need to explicitly grant read access to the secrets manager entries set on the other
- variables (repo_access_ssh_key_secrets_manager_arn and secrets_manager_env_vars).
- iam_policy = {
- S3Access = {
- actions = ["s3:*"]
- resources = ["arn:aws:s3:::mybucket"]
- effect = "Allow"
- },
- EC2Access = {
- actions = ["ec2:*"],
- resources = ["*"]
- effect = "Allow"
- }
- }
-
-```
-
-
-
-
-
-```hcl
-
- List of repositories that are allowed to build docker images. These should be the SSH git URL of the repository
- (e.g., git@github.com:gruntwork-io/terraform-aws-ci.git).
-
-```
-
-
-
-
-
-```hcl
-
- List of repositories (matching the regex) that are allowed to build AMIs. These should be the SSH git URL of the repository
- (e.g., "(git@github.com:gruntwork-io/)+" ).
- Note that this is a list of individual regex because HCL doesn't allow bitwise operator: https://github.com/hashicorp/terraform/issues/25326
-
-```
-
-
-
-
-
-```hcl
-
- The ARN of a secrets manager entry containing the raw contents of a SSH private key to use when accessing remote
- git repositories containing packer templates.
-
-```
-
-
-
-
-
-```hcl
-
- Configurations for setting up private git repo access to https based git URLs for each supported VCS platform.
- The following keys are supported:
-
- - github_token_secrets_manager_arn : The ARN of an AWS Secrets Manager entry containing contents of a GitHub
- Personal Access Token for accessing git repos over HTTPS.
- - gitlab_token_secrets_manager_arn : The ARN of an AWS Secrets Manager entry containing contents of a GitLab
- Personal Access Token for accessing git repos over HTTPS.
- - bitbucket_token_secrets_manager_arn : The ARN of an AWS Secrets Manager entry containing contents of a BitBucket
- Personal Access Token for accessing git repos over HTTPS.
- bitbucket_username is required if this is set.
- - bitbucket_username : The username of the BitBucket user associated with the bitbucket token
- passed in with bitbucket_token_secrets_manager_arn.
-
-```
-
-
-
-
-
-```hcl
-
- ARNs of AWS Secrets Manager entries that you would like to expose to the packer process as environment
- variables. For example,
- secrets_manager_env_vars = {
- GITHUB_OAUTH_TOKEN = "ARN_OF_PAT"
- }
- Will inject the secret value stored in the secrets manager entry ARN_OF_PAT as the env var `GITHUB_OAUTH_TOKEN`
- in the container that can then be passed through to the AMI via the `env` directive in the packer template.
-
-```
-
-
-
-
-
-```hcl
-
- Map of environment variable names to values share with the container during runtime.
- Do NOT use this for sensitive variables! Use secrets_manager_env_vars for secrets.
-
-```
-
-
-
@@ -379,110 +270,6 @@ object({
```
-
-
-
-
-```hcl
-
- An object defining the IAM policy statements to attach to the IAM role associated with the ECS task for the docker
- image builder. Accepts a map of objects, where the map keys are sids for IAM policy statements, and the object
- fields are the resources, actions, and the effect (\"Allow\" or \"Deny\") of the statement.
- Note that you do not need to explicitly grant read access to the secrets manager entries set on the other
- variables (git_config and secrets_manager_env_vars).
- iam_policy = {
- S3Access = {
- actions = ["s3:*"]
- resources = ["arn:aws:s3:::mybucket"]
- effect = "Allow"
- },
- EC2Access = {
- actions = ["ec2:*"],
- resources = ["*"]
- effect = "Allow"
- }
- }
-
-```
-
-
-
-
-
-```hcl
-
- List of repositories that are allowed to build docker images. These should be the https git URL of the repository
- (e.g., https://github.com/gruntwork-io/terraform-aws-ci.git).
-
-```
-
-
-
-
-
-```hcl
-
- List of repositories (matching the regex) that are allowed to build AMIs. These should be the https git URL of the repository
- (e.g., "https://github.com/gruntwork-io/.+" ).
- Note that this is a list of individual regex because HCL doesn't allow bitwise operator: https://github.com/hashicorp/terraform/issues/25326
-
-```
-
-
-
-
-
-```hcl
-
- ARNs of AWS Secrets Manager entries that can be used for authenticating to HTTPS based git repos that contain the
- Dockerfile for building the images. The associated user is recommended to be limited to read access only.
-
- Settings for each git service provider:
-
- Github:
- - `username_secrets_manager_arn` should contain a valid Personal Access Token for the corresponding machine user.
- - `password_secrets_manager_arn` should be set to null.
-
- BitBucket:
- - `username_secrets_manager_arn` should contain the bitbucket username for the corresponding machine user.
- - `password_secrets_manager_arn` should contain a valid App password for the corresponding machine user.
-
- GitLab:
- - `username_secrets_manager_arn` should contain the hardcoded string "oauth2" (without the quotes).
- - `password_secrets_manager_arn` should contain a valid Personal Access Token for the corresponding machine user.
-
-```
-
-
-
-
-
-```hcl
-
- ARNs of AWS Secrets Manager entries that you would like to expose to the docker build process as environment
- variables that can be passed in as build args. For example,
- secrets_manager_env_vars = {
- GITHUB_OAUTH_TOKEN = "ARN_OF_PAT"
- }
- Will inject the secret value stored in the secrets manager entry ARN_OF_PAT as the env var `GITHUB_OAUTH_TOKEN`
- in the container that can then be passed through to the docker build if you pass in
- `--build-arg GITHUB_OAUTH_TOKEN`.
-
-```
-
-
-
-
-
-```hcl
-
- Map of environment variable names to values share with the container during runtime.
- Do NOT use this for sensitive variables! Use secrets_manager_env_vars for secrets.
-
-```
-
-
-
@@ -596,154 +383,6 @@ object({
```
-
-
-
-
-```hcl
-
- An object defining the IAM policy statements to attach to the IAM role associated with the ECS task for the
- terraform applier. Accepts a map of objects, where the map keys are sids for IAM policy statements, and the object
- fields are the resources, actions, and the effect (\"Allow\" or \"Deny\") of the statement.
- Note that you do not need to explicitly grant read access to the secrets manager entries set on the other
- variables (repo_access_ssh_key_secrets_manager_arn and secrets_manager_env_vars).
- iam_policy = {
- S3Access = {
- actions = ["s3:*"]
- resources = ["arn:aws:s3:::mybucket"]
- effect = "Allow"
- },
- EC2Access = {
- actions = ["ec2:*"],
- resources = ["*"]
- effect = "Allow"
- }
- }
-
-```
-
-
-
-
-
-```hcl
-
- List of Git repository containing infrastructure live configuration (top level terraform or terragrunt
- configuration to deploy infrastructure) that the deploy runner is allowed to deploy. These should be the SSH git
- URL of the repository (e.g., git@github.com:gruntwork-io/terraform-aws-ci.git).
- NOTE: when only a single repository is provided, this will automatically be included as a hardcoded option.
-
-```
-
-
-
-
-
-```hcl
-
- List of Git repositories (matching the regex) containing infrastructure live configuration (top level terraform or terragrunt
- configuration to deploy infrastructure) that the deploy runner is allowed to deploy. These should be the SSH git
- URL of the repository (e.g., git@github.com:gruntwork-io/terraform-aws-ci.git).
- Note that this is a list of individual regex because HCL doesn't allow bitwise operator: https://github.com/hashicorp/terraform/issues/25326
-
-```
-
-
-
-
-
-```hcl
-
- List of variable names that are allowed to be automatically updated by the CI/CD pipeline. Recommended to set to:
- ["tag", "docker_tag", "ami_version_tag", "ami"]
-
-```
-
-
-
-
-
-```hcl
-
- A list of Git Refs (branch or tag) that are approved for running apply on. Any git ref that does not match this
- list will not be allowed to run `apply` or `apply-all`. This is useful for protecting against internal threats
- where users have access to the CI script and bypass the approval flow by commiting a new CI flow on their branch.
- Set to null to allow all refs to apply.
-
-```
-
-
-
-
-
-```hcl
-
- User information to use when commiting updates to the infrastructure live configuration.
-
-```
-
-
-
-
-
-```hcl
-
- The ARN of a secrets manager entry containing the raw contents of a SSH private key to use when accessing remote
- repository containing the live infrastructure configuration. This SSH key should be for a machine user that has write
- access to the code when using with terraform-update-variable.
-
-```
-
-
-
-
-
-```hcl
-
- Configurations for setting up private git repo access to https based git URLs for each supported VCS platform.
- The following keys are supported:
-
- - github_token_secrets_manager_arn : The ARN of an AWS Secrets Manager entry containing contents of a GitHub
- Personal Access Token for accessing git repos over HTTPS.
- - gitlab_token_secrets_manager_arn : The ARN of an AWS Secrets Manager entry containing contents of a GitLab
- Personal Access Token for accessing git repos over HTTPS.
- - bitbucket_token_secrets_manager_arn : The ARN of an AWS Secrets Manager entry containing contents of a BitBucket
- Personal Access Token for accessing git repos over HTTPS.
- bitbucket_username is required if this is set.
- - bitbucket_username : The username of the BitBucket user associated with the bitbucket token
- passed in with bitbucket_token_secrets_manager_arn.
-
-```
-
-
-
-
-
-```hcl
-
- ARNs of AWS Secrets Manager entries that you would like to expose to the terraform/terragrunt process as
- environment variables. For example,
- secrets_manager_env_vars = {
- GITHUB_OAUTH_TOKEN = "ARN_OF_PAT"
- }
- Will inject the secret value stored in the secrets manager entry ARN_OF_PAT as the env var `GITHUB_OAUTH_TOKEN`
- in the container that can then be accessed through terraform/terragrunt.
-
-```
-
-
-
-
-
-```hcl
-
- Map of environment variable names to values share with the container during runtime.
- Do NOT use this for sensitive variables! Use secrets_manager_env_vars for secrets.
-
-```
-
-
-
@@ -832,119 +471,6 @@ object({
```
-
-
-
-
-```hcl
-
- An object defining the IAM policy statements to attach to the IAM role associated with the ECS task for the
- terraform planner. Accepts a map of objects, where the map keys are sids for IAM policy statements, and the object
- fields are the resources, actions, and the effect (\"Allow\" or \"Deny\") of the statement.
- Note that you do not need to explicitly grant read access to the secrets manager entries set on the other
- variables (repo_access_ssh_key_secrets_manager_arn and secrets_manager_env_vars).
- iam_policy = {
- S3Access = {
- actions = ["s3:*"]
- resources = ["arn:aws:s3:::mybucket"]
- effect = "Allow"
- },
- EC2Access = {
- actions = ["ec2:*"],
- resources = ["*"]
- effect = "Allow"
- }
- }
-
-```
-
-
-
-
-
-```hcl
-
- List of git repositories containing infrastructure live configuration (top level terraform or terragrunt
- configuration to deploy infrastructure) that the deploy runner is allowed to run plan on. These should be the SSH
- git URL of the repository (e.g., git@github.com:gruntwork-io/terraform-aws-ci.git).
- NOTE: when only a single repository is provided, this will automatically be included as a hardcoded option.
-
-```
-
-
-
-
-
-```hcl
-
- List of Git repositories (matching the regex) containing infrastructure live configuration (top level terraform or terragrunt
- configuration to deploy infrastructure) that the deploy runner is allowed to deploy. These should be the SSH git
- URL of the repository (e.g., git@github.com:gruntwork-io/terraform-aws-ci.git).
- Note that this is a list of individual regex because HCL doesn't allow bitwise operator: https://github.com/hashicorp/terraform/issues/25326
-
-```
-
-
-
-
-
-```hcl
-
- The ARN of a secrets manager entry containing the raw contents of a SSH private key to use when accessing the
- infrastructure live repository.
-
-```
-
-
-
-
-
-```hcl
-
- Configurations for setting up private git repo access to https based git URLs for each supported VCS platform.
- The following keys are supported:
-
- - github_token_secrets_manager_arn : The ARN of an AWS Secrets Manager entry containing contents of a GitHub
- Personal Access Token for accessing git repos over HTTPS.
- - gitlab_token_secrets_manager_arn : The ARN of an AWS Secrets Manager entry containing contents of a GitLab
- Personal Access Token for accessing git repos over HTTPS.
- - bitbucket_token_secrets_manager_arn : The ARN of an AWS Secrets Manager entry containing contents of a BitBucket
- Personal Access Token for accessing git repos over HTTPS.
- bitbucket_username is required if this is set.
- - bitbucket_username : The username of the BitBucket user associated with the bitbucket token
- passed in with bitbucket_token_secrets_manager_arn.
-
-```
-
-
-
-
-
-```hcl
-
- ARNs of AWS Secrets Manager entries that you would like to expose to the terraform/terragrunt process as
- environment variables. For example,
- secrets_manager_env_vars = {
- GITHUB_OAUTH_TOKEN = "ARN_OF_PAT"
- }
- Will inject the secret value stored in the secrets manager entry ARN_OF_PAT as the env var `GITHUB_OAUTH_TOKEN`
- in the container that can then be accessed through terraform/terragrunt.
-
-```
-
-
-
-
-
-```hcl
-
- Map of environment variable names to values share with the container during runtime.
- Do NOT use this for sensitive variables! Use secrets_manager_env_vars for secrets.
-
-```
-
-
-
@@ -1030,134 +556,6 @@ map(object({
-
-
-
-
-```hcl
-
- Map of environment variable names to secret manager arns of secrets to share with the container during runtime.
- Note that the container processes will not be able to directly read these secrets directly using the Secrets
- Manager API (they are only available implicitly through the env vars).
-
-```
-
-
-
-
-
-```hcl
-
- Map of environment variable names to values share with the container during runtime.
- Do NOT use this for sensitive variables! Use secrets_manager_env_vars for secrets.
-
-```
-
-
-
-
-
-```hcl
-
- List of additional secrets manager entries that the container should have access to, but not directly injected as
- environment variables. These secrets can be read by the container processes using the Secrets Manager API, unlike
- those shared as environment variables with `secrets_manager_env_vars`.
-
-```
-
-
-
-
-
-```hcl
-
- Security configuration for each script for each container. Each entry in the map corresponds to a script in the
- triggers directory. If a script is not included in the map, then the default is to allow no additional args to be
- passed in when invoked.
-
-```
-
-
-
-
-
-```hcl
-
- Unlike hardcoded_options, this is used for hardcoded positional args and will always be passed in at the end of
- the args list.
-
-```
-
-
-
-
-
-```hcl
-
- Whether or not positional args are allowed to be passed in.
-
-```
-
-
-
-
-
-```hcl
-
- This is a list of option keys that are explicitly allowed. When set, any option key that is not present in this
- list will cause an exception. Note that `null` means allow any option, as opposed to `[]` which means allow no
- option. Only one of `allowed_options` or `restricted_options` should be used.
-
-```
-
-
-
-
-
-```hcl
-
- List of options without arguments
-
-```
-
-
-
-
-
-```hcl
-
- This is a list of option keys that are not allowed. When set, any option key passed in that is in this list will
- cause an exception. Empty list means allow any option (unless restricted by allowed_options).
-
-```
-
-
-
-
-
-```hcl
-
- This is a map of option keys to a regex for specifying what args are allowed to be passed in for that option key.
- There is no restriction to the option if there is no entry in this map.
-
-```
-
-
-
-
-
-```hcl
-
- Whether or not the particular container is the default container for the pipeline. This container is used when no
- name is provided to the infrastructure deployer. Exactly one must be marked as the default. An arbitrary container
- will be picked amongst the list of defaults when multiple are marked as default.
- If no containers are marked as default, then the invoker lambda function always requires a container name to be
- provided.
-
-```
-
-
-
@@ -1187,29 +585,6 @@ object({
-
-
-
-
-```hcl
-
- S3 bucket and region (us-east-1) where the outputs will be stored.
-
-```
-
-
-
-
-
-```hcl
-
- Key prefix to use if lambda event does not specify. Outputs will be stored at PREFIX/stdout, PREFIX/stderr, and
- PREFIX/interleaved. Note that this will overwrite the output even if the key already exists.
-
-```
-
-
-
@@ -1325,62 +700,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- ec2_worker_pool_configuration = {
- ami_filters = {
- owners = ["self"]
- filters = [{
- name = "tag:version_tag"
- values = ["v0.20.4"]
- }]
- }
- }
-
-```
-
-
-
-
-
-
-
-```hcl
-
- We expect the following attributes on this object:
- - ami [string] (REQUIRED) : The ID of an AMI to use when deploying the instance. Either ami or ami_filters must be
- provided.
- - ami_filters [AMIFilter] (REQUIRED) : Properties on the AMI that can be used to lookup a prevuild AMI for use with
- the EC2 worker pool.
- - min_size [number] (default: 1) : The minimum number of EC2 Instances launchable for this ECS Cluster. Useful for
- auto-scaling limits.
- - max_size [number] (default: 2) : The maximum number of EC2 Instances that must be running for this ECS Cluster. We
- recommend making this twice min_size, even if you don't plan on scaling the
- cluster up and down, as the extra capacity will be used to deploy updates to the
- cluster.
- - instance_type [string] (default: m5.large) : Instance type (e.g. t2.micro) to use for the EC2 instances. We
- recommend using at least large class instances.
- - cloud_init_parts [map(CloudInitPart)] (default: {}) : Cloud init scripts to run on the host while it
- boots. See the part blocks in
- https://www.terraform.io/docs/providers/template/d/cloudinit_config.html
- for syntax.
- - enable_cloudwatch_log_aggregation [bool] (default: true) : Whether or not to send server logs to the CloudWatch
- Logs service.
- - enable_cloudwatch_metrics [bool] (default: true) : Whether or not to send metrics to the CloudWatch service.
- - enable_asg_cloudwatch_alarms [bool] (default: true) : Whether or not to configure cloudwatch alarms for the ASG.
- - enable_fail2ban [bool] (default: true) : Whether or not to enable the fail2ban service on the server.
- - enable_ip_lockdown [bool] (default: true) : Whether or not to enable the ip-lockdown service on the server.
- - alarms_sns_topic_arn [string] (default: null) : The ARN of an SNS topic for cloudwatch to send alerts to.
- - default_user [string] (default: ec2-user) : The default OS user that is created on the server.
-
-```
-
-
-
@@ -1526,38 +845,6 @@ map(object({
-
-
-
-
-```hcl
-
- The script within the container that should be invoked (e.g., infrastructure-deploy-script).
-
-```
-
-
-
-
-
-```hcl
-
- The args that should be passed to the script.
-
-```
-
-
-
-
-
-```hcl
-
- An expression that defines the schedule. For example, cron(0 20 * * ? *) or rate(5 minutes).
-
-```
-
-
-
@@ -1626,31 +913,6 @@ Create multi-region resources in the specified regions. The best practice is to
```
-
-
-
-
-```hcl
-
- By default, skip regions that are not enabled in most AWS accounts:
-
- "af-south-1", Cape Town
- "ap-east-1", Hong Kong
- "eu-south-1", Milan
- "me-central-1", UAE
- "me-south-1", Bahrain
- "us-gov-east-1", GovCloud
- "us-gov-west-1", GovCloud
- "cn-north-1", China
- "cn-northwest-1", China
-
- This region is enabled by default but is brand-new and some services like AWS Config don't work.
- "ap-northeast-3", Asia Pacific (Osaka)
-
-```
-
-
-
@@ -1822,11 +1084,11 @@ Security Group ID of the ECS task
diff --git a/docs/reference/services/ci-cd-pipeline/jenkins.md b/docs/reference/services/ci-cd-pipeline/jenkins.md
index ce84045a44..25b84efb67 100644
--- a/docs/reference/services/ci-cd-pipeline/jenkins.md
+++ b/docs/reference/services/ci-cd-pipeline/jenkins.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Jenkins CI Server
-View Source
+
+View Source
Release Notes
@@ -68,7 +69,7 @@ If you’ve never used the Service Catalog before, make sure to read
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -76,7 +77,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -139,20 +140,6 @@ object({
```
-
-
-
-
-```hcl
-
- Name/Value pairs to filter the AMI off of. There are several valid keys, for a full reference, check out the
- documentation for describe-images in the AWS CLI reference
- (https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-images.html).
-
-```
-
-
-
@@ -257,18 +244,6 @@ How often, in seconds, the backup job is expected to run. This is the same as
-
-
-
-
-```hcl
-
- One day in seconds
-
-```
-
-
-
@@ -897,11 +872,11 @@ The ID of the Security Group attached to the Jenkins EC2 Instance
diff --git a/docs/reference/services/data-storage/amazon-aurora.md b/docs/reference/services/data-storage/amazon-aurora.md
index cea0d87037..479226b2b6 100644
--- a/docs/reference/services/data-storage/amazon-aurora.md
+++ b/docs/reference/services/data-storage/amazon-aurora.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Amazon Aurora
-View Source
+
+View Source
Release Notes
@@ -70,7 +71,7 @@ If you’ve never used the Service Catalog before, make sure to read
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -78,7 +79,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the [Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture/),
and it shows you how we build an end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -176,18 +177,6 @@ How often, in seconds, the backup job is expected to run. This is the same as
-
-
-
-
-```hcl
-
- Default to hourly
-
-```
-
-
-
@@ -276,19 +265,6 @@ object({
```
-
-
-
-
-```hcl
-
- The width and height of the widget in grid units in a 24 column grid. E.g., a value of 12 will take up half the
- space.
-
-```
-
-
-
@@ -323,19 +299,6 @@ object({
```
-
-
-
-
-```hcl
-
- The width and height of the widget in grid units in a 24 column grid. E.g., a value of 12 will take up half the
- space.
-
-```
-
-
-
@@ -370,19 +333,6 @@ object({
```
-
-
-
-
-```hcl
-
- The width and height of the widget in grid units in a 24 column grid. E.g., a value of 12 will take up half the
- space.
-
-```
-
-
-
@@ -417,19 +367,6 @@ object({
```
-
-
-
-
-```hcl
-
- The width and height of the widget in grid units in a 24 column grid. E.g., a value of 12 will take up half the
- space.
-
-```
-
-
-
@@ -464,19 +401,6 @@ object({
```
-
-
-
-
-```hcl
-
- The width and height of the widget in grid units in a 24 column grid. E.g., a value of 12 will take up half the
- space.
-
-```
-
-
-
@@ -511,19 +435,6 @@ object({
```
-
-
-
-
-```hcl
-
- The width and height of the widget in grid units in a 24 column grid. E.g., a value of 12 will take up half the
- space.
-
-```
-
-
-
@@ -558,48 +469,6 @@ object({
-
-
-
-
-```hcl
-
- The family of the DB cluster parameter group.
-
-```
-
-
-
-
-
-```hcl
-
- The parameters to configure on the created parameter group.
-
-```
-
-
-
-
-
-```hcl
-
- Vaue to set the parameter.
-
-```
-
-
-
-
-
-```hcl
-
- When to apply the parameter. "immediate" or "pending-reboot".
-
-```
-
-
-
@@ -643,48 +512,6 @@ object({
-
-
-
-
-```hcl
-
- The family of the DB cluster parameter group.
-
-```
-
-
-
-
-
-```hcl
-
- The parameters to configure on the created parameter group.
-
-```
-
-
-
-
-
-```hcl
-
- Vaue to set the parameter.
-
-```
-
-
-
-
-
-```hcl
-
- When to apply the parameter. "immediate" or "pending-reboot".
-
-```
-
-
-
@@ -892,19 +719,6 @@ The instance type to use for the db (e.g. db.r3.large). Only used when
-
-
-
-
-```hcl
-
- See https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Managing.html for the instance types supported by
- Aurora
-
-```
-
-
-
@@ -932,18 +746,6 @@ Trigger an alarm if the amount of disk space, in Bytes, on the DB instance drops
-
-
-
-
-```hcl
-
- Default is 1GB (1 billion bytes)
-
-```
-
-
-
@@ -971,18 +773,6 @@ Trigger an alarm if the amount of free memory, in Bytes, on the DB instance drop
-
-
-
-
-```hcl
-
- Default is 100MB (100 million bytes)
-
-```
-
-
-
@@ -1208,19 +998,6 @@ Trigger an alarm if the number of connections to the DB instance goes above this
-
-
-
-
-```hcl
-
- The max number of connections allowed by RDS depends a) the type of DB, b) the DB instance type, and c) the
- use case, and it can vary from ~30 all the way up to 5,000, so we cannot pick a reasonable default here.
-
-```
-
-
-
@@ -1385,11 +1162,11 @@ The ARN of the AWS Lambda Function used for sharing manual snapshots with second
diff --git a/docs/reference/services/data-storage/amazon-ecr-repositories.md b/docs/reference/services/data-storage/amazon-ecr-repositories.md
index 74b50a46d9..9122025425 100644
--- a/docs/reference/services/data-storage/amazon-ecr-repositories.md
+++ b/docs/reference/services/data-storage/amazon-ecr-repositories.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Amazon ECR Repositories
-View Source
+
+View Source
Release Notes
@@ -59,7 +60,7 @@ If you’ve never used the Service Catalog before, make sure to read
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -67,7 +68,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture/), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -92,63 +93,6 @@ Any types represent complex values of variable type. For details, please consult
```
-
-
-
-
-```hcl
-
- Each entry in the map supports the following attributes:
-
- OPTIONAL (defaults to value of corresponding module input):
- - external_account_ids_with_read_access list(string) : List of account IDs that should have read
- access on the repo. If omitted, use
- var.default_external_account_ids_with_read_access.
- - external_account_ids_with_write_access list(string) : List of account IDs that should have write
- access on the repo. If omitted, use
- var.default_external_account_ids_with_write_access.
- - external_account_ids_with_lambda_access list(string) : List of account IDs that should have
- access to create lambda functions with
- container images in the repo. If omitted, use
- var.default_external_account_ids_with_lambda_access.
- - enable_automatic_image_scanning bool : Whether or not to enable image scanning. If
- omitted use var.default_automatic_image_scanning.
- - encryption_config object[EncryptionConfig] : Whether or not to enable encryption at rest for
- the container images, and how to encrypt. If
- omitted, use var.default_encryption_config. See
- below for the type schema.
- - image_tag_mutability string : The tag mutability setting for the repo. If
- omitted use var.default_image_tag_mutability.
- - tags map(string) : Map of tags (where the key and value correspond
- to tag keys and values) that should be assigned
- to the ECR repository. Merged with
- var.global_tags.
- - lifecycle_policy_rules list(object[LifecycleRule]) : List of lifecycle rules to apply to the ECR
- repository. See below for the schema of the
- lifecycle rule.
-
- Structure of EncryptionConfig object:
- - encryption_type string : The encryption type to use for the repository. Must be AES256 or KMS.
- - kms_key string : The KMS key to use for encrypting the images. Only used when encryption_type is KMS. If
- not specified, defaults to the default AWS managed key for ECR.
-
-
- Structure of LifecycleRule object:
- Refer to the AWS documentation on supported policy parameters:
- https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.htmllifecycle_policy_parameters
-
- Example:
-
- repositories = {
- myapp1 = {
- external_account_ids_with_read_access = ["11111111"]
- }
- }
-
-```
-
-
-
### Optional
@@ -305,11 +249,11 @@ A list of IAM policy actions necessary for ECR write access.
diff --git a/docs/reference/services/data-storage/amazon-elasti-cache-for-memcached.md b/docs/reference/services/data-storage/amazon-elasti-cache-for-memcached.md
index a12851aa9d..c1ee86b9ed 100644
--- a/docs/reference/services/data-storage/amazon-elasti-cache-for-memcached.md
+++ b/docs/reference/services/data-storage/amazon-elasti-cache-for-memcached.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Amazon ElastiCache for Memcached
-View Source
+
+View Source
Release Notes
@@ -64,7 +65,7 @@ If you’ve never used the Service Catalog before, make sure to read
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -72,7 +73,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture/), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -265,11 +266,11 @@ The configuration endpoint to allow host discovery.
diff --git a/docs/reference/services/data-storage/amazon-elasti-cache-for-redis.md b/docs/reference/services/data-storage/amazon-elasti-cache-for-redis.md
index b15598584c..f7fef3882a 100644
--- a/docs/reference/services/data-storage/amazon-elasti-cache-for-redis.md
+++ b/docs/reference/services/data-storage/amazon-elasti-cache-for-redis.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Amazon ElastiCache for Redis
-View Source
+
+View Source
Release Notes
@@ -67,7 +68,7 @@ If you’ve never used the Service Catalog before, make sure to read
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -75,7 +76,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture/), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -401,11 +402,11 @@ Security Group ID used for redis cluster.
diff --git a/docs/reference/services/data-storage/amazon-elasticsearch.md b/docs/reference/services/data-storage/amazon-elasticsearch.md
index 5491ecd29a..6130ab0071 100644
--- a/docs/reference/services/data-storage/amazon-elasticsearch.md
+++ b/docs/reference/services/data-storage/amazon-elasticsearch.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Amazon Elasticsearch Service
-View Source
+
+View Source
Release Notes
@@ -63,7 +64,7 @@ If you’ve never used the Service Catalog before, make sure to read
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -76,7 +77,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the [Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture/),
and it shows you how we build an end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -800,11 +801,11 @@ Domain-specific endpoint for Kibana without https scheme.
diff --git a/docs/reference/services/data-storage/amazon-rds.md b/docs/reference/services/data-storage/amazon-rds.md
index 1c96b4ebd1..9cd046355a 100644
--- a/docs/reference/services/data-storage/amazon-rds.md
+++ b/docs/reference/services/data-storage/amazon-rds.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Amazon Relational Database Service
-View Source
+
+View Source
Release Notes
@@ -69,7 +70,7 @@ If you’ve never used the Service Catalog before, make sure to read
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -77,12 +78,12 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture/), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
-* [How do I pass database configuration securely?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/data-stores/rds/core-concepts.md#how-do-i-pass-database-configuration-securely)
+* [How do I pass database configuration securely?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/data-stores/rds/core-concepts.md#how-do-i-pass-database-configuration-securely)
## Reference
@@ -203,18 +204,6 @@ How often, in seconds, the backup job is expected to run. This is the same as
-
-
-
-
-```hcl
-
- Default to hourly
-
-```
-
-
-
@@ -283,27 +272,6 @@ list(object({
-
-
- Example
-
-
-```hcl
- [
- {
- name = "arn:aws:iam::0000000000:user/dev"
- conditions = [{
- test = "StringLike"
- variable = "kms:ViaService"
- values = ["s3.ca-central-1.amazonaws.com"]
- }]
- },
- ]
-
-```
-
-
-
@@ -374,48 +342,6 @@ object({
-
-
-
-
-```hcl
-
- The family of the DB parameter group.
-
-```
-
-
-
-
-
-```hcl
-
- The parameters to configure on the created parameter group.
-
-```
-
-
-
-
-
-```hcl
-
- Vaue to set the parameter.
-
-```
-
-
-
-
-
-```hcl
-
- When to apply the parameter. "immediate" or "pending-reboot".
-
-```
-
-
-
@@ -459,19 +385,6 @@ object({
```
-
-
-
-
-```hcl
-
- The width and height of the widget in grid units in a 24 column grid. E.g., a value of 12 will take up half the
- space.
-
-```
-
-
-
@@ -506,19 +419,6 @@ object({
```
-
-
-
-
-```hcl
-
- The width and height of the widget in grid units in a 24 column grid. E.g., a value of 12 will take up half the
- space.
-
-```
-
-
-
@@ -553,19 +453,6 @@ object({
```
-
-
-
-
-```hcl
-
- The width and height of the widget in grid units in a 24 column grid. E.g., a value of 12 will take up half the
- space.
-
-```
-
-
-
@@ -600,19 +487,6 @@ object({
```
-
-
-
-
-```hcl
-
- The width and height of the widget in grid units in a 24 column grid. E.g., a value of 12 will take up half the
- space.
-
-```
-
-
-
@@ -647,19 +521,6 @@ object({
```
-
-
-
-
-```hcl
-
- The width and height of the widget in grid units in a 24 column grid. E.g., a value of 12 will take up half the
- space.
-
-```
-
-
-
@@ -694,19 +555,6 @@ object({
```
-
-
-
-
-```hcl
-
- The width and height of the widget in grid units in a 24 column grid. E.g., a value of 12 will take up half the
- space.
-
-```
-
-
-
@@ -932,18 +780,6 @@ Trigger an alarm if the amount of disk space, in Bytes, on the DB instance drops
-
-
-
-
-```hcl
-
- Default is 1GB (1 billion bytes)
-
-```
-
-
-
@@ -971,18 +807,6 @@ Trigger an alarm if the amount of free memory, in Bytes, on the DB instance drop
-
-
-
-
-```hcl
-
- Default is 100MB (100 million bytes)
-
-```
-
-
-
@@ -1226,19 +1050,6 @@ Trigger an alarm if the number of connections to the DB instance goes above this
-
-
-
-
-```hcl
-
- The max number of connections allowed by RDS depends a) the type of DB, b) the DB instance type, and c) the
- use case, and it can vary from ~30 all the way up to 5,000, so we cannot pick a reasonable default here.
-
-```
-
-
-
@@ -1412,11 +1223,11 @@ The ID of the Security Group that controls access to the RDS DB instance.
diff --git a/docs/reference/services/data-storage/s-3-bucket.md b/docs/reference/services/data-storage/s-3-bucket.md
index 951a1bba74..8c35c090b2 100644
--- a/docs/reference/services/data-storage/s-3-bucket.md
+++ b/docs/reference/services/data-storage/s-3-bucket.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# S3 Bucket
-View Source
+
+View Source
Release Notes
@@ -59,7 +60,7 @@ If you’ve never used the Service Catalog before, make sure to read
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -67,7 +68,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture/), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -139,41 +140,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- {
- AllIamUsersReadAccess = {
- effect = "Allow"
- actions = ["s3:GetObject"]
- principals = {
- AWS = ["arn:aws:iam::111111111111:user/ann", "arn:aws:iam::111111111111:user/bob"]
- }
- }
- }
-
-```
-
-
-
-
-
-
-
-```hcl
-
- Ideally, this would be a map(object({...})), but the Terraform object type constraint doesn't support optional
- parameters, whereas IAM policy statements have many optional params. And we can't even use map(any), as the
- Terraform map type constraint requires all values to have the same type ("shape"), but as each object in the map
- may specify different optional params, this won't work either. So, sadly, we are forced to fall back to "any."
-
-```
-
-
-
@@ -185,6 +151,15 @@ A prefix (i.e., folder path) to use for all access logs stored in access_logging
+
+
+
+Optional whether or not to use Amazon S3 Bucket Keys for SSE-KMS.
+
+
+
+
+
@@ -217,41 +192,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- {
- AllIamUsersReadAccess = {
- effect = "Allow"
- actions = ["s3:GetObject"]
- principals = {
- AWS = ["arn:aws:iam::111111111111:user/ann", "arn:aws:iam::111111111111:user/bob"]
- }
- }
- }
-
-```
-
-
-
-
-
-
-
-```hcl
-
- Ideally, this would be a map(object({...})), but the Terraform object type constraint doesn't support optional
- parameters, whereas IAM policy statements have many optional params. And we can't even use map(any), as the
- Terraform map type constraint requires all values to have the same type ("shape"), but as each object in the map
- may specify different optional params, this won't work either. So, sadly, we are forced to fall back to "any."
-
-```
-
-
-
@@ -277,57 +217,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- [
- {
- allowed_origins = ["*"]
- allowed_methods = ["GET", "HEAD"]
- allowed_headers = ["x-amz-*"]
- expose_headers = ["Etag"]
- max_age_seconds = 3000
- }
- ]
-
-```
-
-
-
-
-
-
-
-```hcl
-
- The objects that can define the following properties:
-
- - allowed_origins list(string) (required): The origins that you want to allow cross-domain requests from.
- - allowed_methods list(string) (required): From the set of GET, PUT, POST, DELETE, HEAD
- - allowed_headers list(string) (optional): The AllowedHeader element specifies which headers are allowed in a preflight request through the Access-Control-Request-Headers header.
- - expose_headers list(string) (optional): Each ExposeHeader element identifies a header in the response that you want customers to be able to access from their applications.
- - max_age_seconds number (optional): The MaxAgeSeconds element specifies the time in seconds that your browser can cache the response for a preflight request as identified by the resource, the HTTP method, and the origin.
-
-```
-
-
-
-
-
-```hcl
-
- Ideally, this would be a list(object({...})), but the Terraform object type constraint doesn't support optional
- parameters, whereas replication rules have many optional params. And we can't even use list(any), as the Terraform
- list type constraint requires all values to have the same type ("shape"), but as each object in the list may specify
- different optional params, this won't work either. So, sadly, we are forced to fall back to "any."
-
-```
-
-
-
@@ -389,21 +278,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
-
-
-```hcl
-
- Ideally, this would be a map(object({...})), but the Terraform object type constraint doesn't support optional
- parameters, whereas lifecycle rules have many optional params. And we can't even use map(any), as the Terraform
- map type constraint requires all values to have the same type ("shape"), but as each object in the map may specify
- different optional params, this won't work either. So, sadly, we are forced to fall back to "any."
-
-```
-
-
-
@@ -478,6 +352,15 @@ If set to true, replica bucket will be expected to already exist.
+
+
+
+Optional whether or not to use Amazon S3 Bucket Keys for SSE-KMS for the replica bucket.
+
+
+
+
+
@@ -517,41 +400,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- {
- AllIamUsersReadAccess = {
- effect = "Allow"
- actions = ["s3:GetObject"]
- principals = {
- AWS = ["arn:aws:iam::111111111111:user/ann", "arn:aws:iam::111111111111:user/bob"]
- }
- }
- }
-
-```
-
-
-
-
-
-
-
-```hcl
-
- Ideally, this would be a map(object({...})), but the Terraform object type constraint doesn't support optional
- parameters, whereas IAM policy statements have many optional params. And we can't even use map(any), as the
- Terraform map type constraint requires all values to have the same type ("shape"), but as each object in the map
- may specify different optional params, this won't work either. So, sadly, we are forced to fall back to "any."
-
-```
-
-
-
@@ -604,40 +452,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- {
- ExampleConfig = {
- prefix = "config/"
- status = "Enabled"
- destination_bucket = "arn:aws:s3:::my-destination-bucket"
- destination_storage_class = "STANDARD"
- }
- }
-
-```
-
-
-
-
-
-
-
-```hcl
-
- Ideally, this would be a list(object({...})), but the Terraform object type constraint doesn't support optional
- parameters, whereas replication rules have many optional params. And we can't even use list(any), as the Terraform
- list type constraint requires all values to have the same type ("shape"), but as each object in the list may specify
- different optional params, this won't work either. So, sadly, we are forced to fall back to "any."
-
-```
-
-
-
@@ -715,11 +529,11 @@ The name of the replica S3 bucket.
diff --git a/docs/reference/services/landing-zone/aws-app-account-baseline-wrapper.md b/docs/reference/services/landing-zone/aws-app-account-baseline-wrapper.md
index acacd42e2c..04bd2c2648 100644
--- a/docs/reference/services/landing-zone/aws-app-account-baseline-wrapper.md
+++ b/docs/reference/services/landing-zone/aws-app-account-baseline-wrapper.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Account Baseline for app accounts
-View Source
+
+View Source
Release Notes
@@ -57,13 +58,13 @@ If you’ve never used the Service Catalog before, make sure to read
* Learn more about each individual module, click the link in the [Features](#features) section.
* [How to configure a production-grade AWS account structure](https://docs.gruntwork.io/guides/build-it-yourself/landing-zone/)
-* [How to use multi-region services](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/landingzone/account-baseline-root/core-concepts.md#how-to-use-multi-region-services)
+* [How to use multi-region services](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/landingzone/account-baseline-root/core-concepts.md#how-to-use-multi-region-services)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/test): Automated tests for the modules and examples.
+* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples): This folder contains working examples of how to use the submodules.
+* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/test): Automated tests for the modules and examples.
## Deploy
@@ -71,7 +72,7 @@ If you’ve never used the Service Catalog before, make sure to read
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing/landingzone folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing/landingzone): The
+* [examples/for-learning-and-testing/landingzone folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing/landingzone): The
`examples/for-learning-and-testing/landingzone` folder contains standalone sample code optimized for learning,
experimenting, and testing (but not direct production usage).
@@ -79,7 +80,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture/), and it shows you how we build an
end-to-end integrated tech stack on top of the Gruntwork Service Catalog.
@@ -185,26 +186,6 @@ map(object({
-
-
- Example
-
-
-```hcl
- additional_config_rules = {
- acm-certificate-expiration-check = {
- description = "Checks whether ACM Certificates in your account are marked for expiration within the specified number of days.",
- identifier = "ACM_CERTIFICATE_EXPIRATION_CHECK",
- trigger_type = "PERIODIC",
- input_parameters = { "daysToExpiration": "14"},
- applies_to_global_resources = false
- }
- }
-
-```
-
-
-
@@ -527,52 +508,6 @@ list(object({
-
-
-
-
-```hcl
-
- The list of actions that the given service principal is allowed to perform (e.g. ["kms:DescribeKey",
- "kms:GenerateDataKey"]).
-
-```
-
-
-
-
-
-```hcl
-
- List of conditions to apply to the permissions for the service principal. Use this to apply conditions on the
- permissions for accessing the KMS key (e.g., only allow access for certain encryption contexts).
-
-```
-
-
-
-
-
-```hcl
-
- Name of a Context Variable to apply the condition to. Context variables may either be standard AWS variables
- starting with aws: or service-specific variables prefixed with the service name.
-
-```
-
-
-
-
-
-```hcl
-
- Values to evaluate the condition against. If multiple values are provided, the condition matches if at least one
- of them applies. That is, AWS evaluates multiple values as though using an "OR" boolean operation.
-
-```
-
-
-
@@ -1211,130 +1146,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
-
-
-```hcl
-
- Each entry in the map supports the following attributes:
-
- OPTIONAL (defaults to value of corresponding module input):
- - region string : The region (e.g., us-west-2) where the key should be created. If null or
- omitted, the key will be created in all enabled regions. Any keys
- targeting an opted out region or invalid region string will show up in the
- invalid_cmk_inputs output.
- - replica_regions list(string) : The regions (e.g., us-west-2) where the key should be replicated using the
- multi-region KMS key feature of AWS
- (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html).
- When the special region "*" is included (e.g., replica_regions = ["*"]),
- the key will be replicated in all enabled regions. This is different from
- creating the key in every region using region = null - when creating
- the key in every region, a new different key is provisioned for each region.
- With replica_regions, the same key is replicated in every region such that
- it can decrypt the same encrypted data in each region.
- - cmk_administrator_iam_arns list(string) : A list of IAM ARNs for users who should be given
- administrator access to this CMK (e.g.
- arn:aws:iam:::user/).
- - cmk_user_iam_arns list(object[CMKUser]) : A list of IAM ARNs for users who should be given
- permissions to use this CMK (e.g.
- arn:aws:iam:::user/).
- - cmk_read_only_user_iam_arns list(object[CMKUser]) : A list of IAM ARNs for users who should be given
- read-only (decrypt-only) permissions to use this CMK (e.g.
- arn:aws:iam:::user/).
- - cmk_external_user_iam_arns list(string) : A list of IAM ARNs for users from external AWS accounts
- who should be given permissions to use this CMK (e.g.
- arn:aws:iam:::root).
- - allow_manage_key_permissions_with_iam bool : If true, both the CMK's Key Policy and IAM Policies
- (permissions) can be used to grant permissions on the CMK.
- If false, only the CMK's Key Policy can be used to grant
- permissions on the CMK. False is more secure (and
- generally preferred), but true is more flexible and
- convenient.
- - deletion_window_in_days number : The number of days to keep this KMS Master Key around after it has been
- marked for deletion.
- - tags map(string) : A map of tags to apply to the KMS Key to be created. In this map
- variable, the key is the tag name and the value is the tag value. Note
- that this map is merged with var.global_tags, and can be used to override
- tags specified in that variable.
- - enable_key_rotation bool : Whether or not to enable automatic annual rotation of the KMS key.
- - spec string : Specifies whether the key contains a symmetric key or an asymmetric key
- pair and the encryption algorithms or signing algorithms that the key
- supports. Valid values: SYMMETRIC_DEFAULT, RSA_2048, RSA_3072, RSA_4096,
- ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, or ECC_SECG_P256K1.
- - cmk_service_principals list(object[ServicePrincipal]) : A list of Service Principals that should be given
- permissions to use this CMK (e.g. s3.amazonaws.com). See
- below for the structure of the object that should be passed
- in.
-
- Structure of ServicePrincipal object:
- - name string : The name of the service principal (e.g.: s3.amazonaws.com).
- - actions list(string) : The list of actions that the given service principal is allowed to
- perform (e.g. ["kms:DescribeKey", "kms:GenerateDataKey"]).
- - conditions list(object[Condition]) : (Optional) List of conditions to apply to the permissions for the service
- principal. Use this to apply conditions on the permissions for
- accessing the KMS key (e.g., only allow access for certain encryption
- contexts). The condition object accepts the same fields as the condition
- block on the IAM policy document (See
- https://www.terraform.io/docs/providers/aws/d/iam_policy_document.htmlcondition).
- Structure of CMKUser object:
- - name list(string) : The list of names of the AWS principal (e.g.: arn:aws:iam::0000000000:user/dev).
- - conditions list(object[Condition]) : (Optional) List of conditions to apply to the permissions for the CMK User
- Use this to apply conditions on the permissions for accessing the KMS key
- (e.g., only allow access for certain encryption contexts).
- The condition object accepts the same fields as the condition
- block on the IAM policy document (See
- https://www.terraform.io/docs/providers/aws/d/iam_policy_document.htmlcondition).
- Example:
- kms_customer_master_keys = {
- cmk-stage = {
- region = "us-west-1"
- cmk_administrator_iam_arns = ["arn:aws:iam::0000000000:user/admin"]
- cmk_user_iam_arns = [
- {
- name = ["arn:aws:iam::0000000000:user/dev"]
- conditions = []
- }
- ]
- cmk_read_only_user_iam_arns = [
- {
- name = ["arn:aws:iam::0000000000:user/qa"]
- conditions = []
- }
- ]
- cmk_external_user_iam_arns = ["arn:aws:iam::1111111111:user/root"]
- cmk_service_principals = [
- {
- name = "s3.amazonaws.com"
- actions = ["kms:Encrypt"]
- conditions = []
- }
- ]
- }
- cmk-prod = {
- region = "us-east-1"
- cmk_administrator_iam_arns = ["arn:aws:iam::0000000000:user/admin"]
- cmk_user_iam_arns = [
- {
- name = ["arn:aws:iam::0000000000:user/prod"]
- conditions = []
- }
- ]
- allow_manage_key_permissions_with_iam = true
- Override the default value for all keys configured with var.default_deletion_window_in_days
- deletion_window_in_days = 7
-
- Set extra tags on the CMK for prod
- tags = {
- Environment = "prod"
- }
- }
- }
-
-```
-
-
-
@@ -1373,32 +1184,6 @@ map(object({
-
-
-
-
-```hcl
-
- The principal that is given permission to perform the operations that the grant permits. This must be in ARN
- format. For example, the grantee principal for ASG is:
- arn:aws:iam::111122223333:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling
-
-```
-
-
-
-
-
-```hcl
-
- A list of operations that the grant permits. The permitted values are:
- Decrypt, Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext, ReEncryptFrom, ReEncryptTo, CreateGrant,
- RetireGrant, DescribeKey
-
-```
-
-
-
@@ -1759,11 +1544,11 @@ A map of ARNs of the service linked roles created from
diff --git a/docs/reference/services/landing-zone/aws-root-account-baseline-wrapper.md b/docs/reference/services/landing-zone/aws-root-account-baseline-wrapper.md
index 68f0d63fe5..b3504c7d9e 100644
--- a/docs/reference/services/landing-zone/aws-root-account-baseline-wrapper.md
+++ b/docs/reference/services/landing-zone/aws-root-account-baseline-wrapper.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Account Baseline for root account
-View Source
+
+View Source
Release Notes
@@ -58,16 +59,16 @@ If you’ve never used the Service Catalog before, make sure to read
* Learn more about each individual module, click the link in the [Features](#features) section
* [How to configure a production-grade AWS account structure](https://docs.gruntwork.io/guides/build-it-yourself/landing-zone/)
-* [How to create child accounts](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/core-concepts.md#creating-child-accounts)
-* [How to aggregate AWS Config and CloudTrail data in a logs account](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/core-concepts.md#aggregating-aws-config-and-cloudtrail-data-in-a-logs-account)
-* [Why does this module use account-level AWS Config Rules?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/core-concepts.md#why-does-this-module-use-account-level-aws-config-rules)
-* [How to use multi-region services](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/core-concepts.md#how-to-use-multi-region-services)
+* [How to create child accounts](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/core-concepts.md#creating-child-accounts)
+* [How to aggregate AWS Config and CloudTrail data in a logs account](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/core-concepts.md#aggregating-aws-config-and-cloudtrail-data-in-a-logs-account)
+* [Why does this module use account-level AWS Config Rules?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/core-concepts.md#why-does-this-module-use-account-level-aws-config-rules)
+* [How to use multi-region services](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/core-concepts.md#how-to-use-multi-region-services)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/test): Automated tests for the modules and examples.
+* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples): This folder contains working examples of how to use the submodules.
+* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/test): Automated tests for the modules and examples.
## Deploy
@@ -75,7 +76,7 @@ If you’ve never used the Service Catalog before, make sure to read
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing/landingzone folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing/landingzone): The
+* [examples/for-learning-and-testing/landingzone folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing/landingzone): The
`examples/for-learning-and-testing/landingzone` folder contains standalone sample code optimized for learning,
experimenting, and testing (but not direct production usage).
@@ -83,7 +84,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture/), and it shows you how we build an
end-to-end integrated tech stack on top of the Gruntwork Service Catalog.
@@ -126,106 +127,6 @@ Any types represent complex values of variable type. For details, please consult
```
-
-
-
-
-```hcl
-
- Ideally, this would be a map of (string, object), but object does not support optional properties, and we want
- users to be able to specify, say, tags for some accounts, but not for others. We can't use a map(any) either, as that
- would require the values to all have the same type, and due to optional parameters, that wouldn't work either. So,
- we have to lamely fall back to any.
-
-```
-
-
-
-
-
-```hcl
-
- Expected value for the `child_accounts` is a map of child accounts. The map key is the name of the account and
- the value is another map with one required key (email) and several optional keys:
-
- - email (required):
- Email address for the account.
-
- - is_logs_account:
- Set to `true` to mark this account as the "logs" account, which is the one to use to aggregate AWS Config and
- CloudTrail data. This module will create an S3 bucket for AWS Config and an S3 bucket and KMS CMK for CloudTrail
- in this child account, configure the root account to send all its AWS Config and CloudTrail data there, and return
- the names of the buckets and ARN of the KMS CMK as output variables. When you apply account baselines to the
- other child accounts (e.g., using the account-baseline-app or account-baseline-security modules), you'll want to
- configure those accounts to send AWS Config and CloudTrail data to the same S3 buckets and use the same KMS CMK.
- If is_logs_account is not set on any child account (not recommended!), then either you must disable AWS Config
- and CloudTrail (via the enable_config and enable_cloudtrail variables) or configure this module to use S3 buckets
- and a KMS CMK that ALREADY exist!
-
- - parent_id:
- Parent Organizational Unit ID or Root ID for the account
- Defaults to the Organization default Root ID.
-
- - role_name:
- The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts
- the master account, allowing users in the master account to assume the role, as permitted by the master account
- administrator. The role has administrator permissions in the new member account. Note that the Organizations API
- provides no method for reading this information after account creation.
- If no value is present and no ´default_role_name´ is provided, AWS automatically assigns a value.
-
- - iam_user_access_to_billing:
- If set to ´ALLOW´, the new account enables IAM users to access account billing information if they have the required
- permissions. If set to ´DENY´, then only the root user of the new account can access account billing information.
- Defaults to ´default_iam_user_access_to_billing´.
-
-
- - enable_config_rules:
- Set to `true` to enable org-level AWS Config Rules for this child account. This is only used if
- var.config_create_account_rules is false (which is NOT recommened) to force org-level rules. If you do go with
- org-level rules, you can only set enable_config_rules to true after deploying a Config Recorder in the child
- account. That means you have to: (1) initially set enable_config_rules to false, (2) run 'apply' in this root
- module to create the child account, (3) go to the child account and create a config recorder in it, e.g., by
- running 'apply' on a security baseline in that account, (4) come back to this root module and set
- enable_config_rules to true, (5) run 'apply' again. This is a brittle, error-prone, multi-step process, which is
- why we recommend using account-level rules (the default) and avoiding it entirely!
-
- - tags:
- Key-value mapping of resource tags.
-
-
- Example:
-
- child_accounts = {
- logs = {
- email = "root-accounts+logs@acme.com"
- is_logs_account = true
- }
- security = {
- email = "root-accounts+security@acme.com"
- role_name = "OrganizationAccountAccessRole"
- iam_user_access_to_billing = "DENY"
- tags = {
- Tag-Key = "tag-value"
- }
- }
- shared-services = {
- email = "root-accounts+shared-services@acme.com"
- }
- dev = {
- email = "root-accounts+dev@acme.com"
- }
- stage = {
- email = "root-accounts+stage@acme.com"
- }
- prod = {
- email = "root-accounts+prod@acme.com"
- }
- }
-
-```
-
-
-
@@ -296,26 +197,6 @@ map(object({
-
-
- Example
-
-
-```hcl
- additional_config_rules = {
- acm-certificate-expiration-check = {
- description = "Checks whether ACM Certificates in your account are marked for expiration within the specified number of days.",
- identifier = "ACM_CERTIFICATE_EXPIRATION_CHECK",
- trigger_type = "PERIODIC",
- input_parameters = { "daysToExpiration": "14"},
- applies_to_global_resources = false
- }
- }
-
-```
-
-
-
@@ -487,15 +368,10 @@ The ARN of the policy that is used to set the permissions boundary for the IAM r
-
+
-Map of advanced event selector name to list of field selectors to apply for that event selector. Advanced event selectors allow for more fine grained data logging of events.
-
-Note that you can not configure basic data logging (cloudtrail_data_logging_enabled) if advanced event logging is enabled.
-
-Refer to the AWS docs on data event selection for more details on the difference between basic data logging and advanced data logging.
-
+Additional IAM policies to apply to cloudtrail S3 bucket. You can use this to grant read/write access beyond what is provided to Cloudtrail. This should be a map, where each key is a unique statement ID (SID), and each value is an object that contains the parameters defined in the comment below.
@@ -505,68 +381,28 @@ Any types represent complex values of variable type. For details, please consult
```
-
-
-
+
+
+
+
-```hcl
+Map of advanced event selector name to list of field selectors to apply for that event selector. Advanced event selectors allow for more fine grained data logging of events.
- Ideally, we will use a more strict type here but since we want to support required and optional values, and since
- Terraform's type system only supports maps that have the same type for all values, we have to use the less useful
- `any` type.
+Note that you can not configure basic data logging (cloudtrail_data_logging_enabled) if advanced event logging is enabled.
-```
-
+Refer to the AWS docs on data event selection for more details on the difference between basic data logging and advanced data logging.
-
+
+
```hcl
-
- Each entry in the map is a list of field selector objects, each of which supports the following attributes:
-
- REQUIRED
- - field string : Specifies a field in an event record on which to filter events to be logged. You
- can specify only the following values: readOnly, eventSource, eventName,
- eventCategory, resources.type, resources.ARN.
- OPTIONAL (one of the following must be set)
- - equals list(string) : A list of values that includes events that match the exact value of the event
- record field specified as the value of field. This is the only valid operator
- that you can use with the readOnly, eventCategory, and resources.type fields.
- - not_equals list(string) : A list of values that excludes events that match the exact value of the event
- record field specified as the value of field.
- - starts_with list(string) : A list of values that includes events that match the first few characters of the
- event record field specified as the value of field.
- - not_starts_with list(string) : A list of values that excludes events that match the first few characters of the
- event record field specified as the value of field.
- - ends_with list(string) : A list of values that includes events that match the last few characters of the
- event record field specified as the value of field.
- - not_ends_with list(string) : A list of values that excludes events that match the last few characters of the
- event record field specified as the value of field.
-
- EXAMPLE:
- cloudtrail_advanced_event_selectors = {
- LogDeleteEvents = [
- {
- field = "eventCategory"
- equals = ["Data"]
- },
- {
- field = "eventName"
- starts_with = ["Delete"]
- },
- {
- field = "resources.type"
- equals = ["AWS::S3::Object"]
- },
- ]
- }
-
+Any types represent complex values of variable type. For details, please consult `variables.tf` in the source repo.
```
-
-
+
+
@@ -729,52 +565,6 @@ list(object({
-
-
-
-
-```hcl
-
- The list of actions that the given service principal is allowed to perform (e.g. ["kms:DescribeKey",
- "kms:GenerateDataKey"]).
-
-```
-
-
-
-
-
-```hcl
-
- List of conditions to apply to the permissions for the service principal. Use this to apply conditions on the
- permissions for accessing the KMS key (e.g., only allow access for certain encryption contexts).
-
-```
-
-
-
-
-
-```hcl
-
- Name of a Context Variable to apply the condition to. Context variables may either be standard AWS variables
- starting with aws: or service-specific variables prefixed with the service name.
-
-```
-
-
-
-
-
-```hcl
-
- Values to evaluate the condition against. If multiple values are provided, the condition matches if at least one
- of them applies. That is, AWS evaluates multiple values as though using an "OR" boolean operation.
-
-```
-
-
-
@@ -1316,30 +1106,6 @@ list(object({
-
-
- Example
-
-
-```hcl
- default = [
- {
- group_name = "stage-full-access"
- iam_role_arns = ["arn:aws:iam::123445678910:role/mgmt-full-access"]
- },
- {
- group_name = "prod-read-only-access"
- iam_role_arns = [
- "arn:aws:iam::9876543210:role/prod-read-only-ec2-access",
- "arn:aws:iam::9876543210:role/prod-read-only-rds-access"
- ]
- }
- ]
-
-```
-
-
-
@@ -1663,52 +1429,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- default = {
- alice = {
- groups = ["user-self-mgmt", "developers", "ssh-sudo-users"]
- }
-
- bob = {
- path = "/"
- groups = ["user-self-mgmt", "ops", "admins"]
- tags = {
- foo = "bar"
- }
- }
-
- carol = {
- groups = ["user-self-mgmt", "developers", "ssh-users"]
- pgp_key = "keybase:carol_on_keybase"
- create_login_profile = true
- create_access_keys = true
- }
- }
-
-```
-
-
-
-
-
-
-
-```hcl
-
- Ideally, this would be a map of (string, object), but object does not support optional properties, and we want
- users to be able to specify, say, tags for some users, but not for others. We can't use a map(any) either, as that
- would require the values to all have the same type, and due to optional parameters, that wouldn't work either. So,
- we have to lamely fall back to any.
-
-```
-
-
-
@@ -2174,11 +1894,11 @@ A map of user name to that user's AWS Web Console password, encrypted with that
diff --git a/docs/reference/services/landing-zone/aws-security-account-baseline-wrapper.md b/docs/reference/services/landing-zone/aws-security-account-baseline-wrapper.md
index bf4d4bfd2e..4aead66f69 100644
--- a/docs/reference/services/landing-zone/aws-security-account-baseline-wrapper.md
+++ b/docs/reference/services/landing-zone/aws-security-account-baseline-wrapper.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Account Baseline for security account
-View Source
+
+View Source
Release Notes
@@ -59,13 +60,13 @@ If you’ve never used the Service Catalog before, make sure to read
* Learn more about each individual module, click the link in the [Features](#features) section.
* [How to configure a production-grade AWS account structure](https://docs.gruntwork.io/guides/build-it-yourself/landing-zone/)
-* [How to use multi-region services](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/landingzone/account-baseline-root/core-concepts.md#how-to-use-multi-region-services)
+* [How to use multi-region services](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/landingzone/account-baseline-root/core-concepts.md#how-to-use-multi-region-services)
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/test): Automated tests for the modules and examples.
+* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples): This folder contains working examples of how to use the submodules.
+* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/test): Automated tests for the modules and examples.
## Deploy
@@ -73,7 +74,7 @@ If you’ve never used the Service Catalog before, make sure to read
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing/landingzone folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing/landingzone): The
+* [examples/for-learning-and-testing/landingzone folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing/landingzone): The
`examples/for-learning-and-testing/landingzone` folder contains standalone sample code optimized for learning,
experimenting, and testing (but not direct production usage).
@@ -81,7 +82,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture/), and it shows you how we build an end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -186,26 +187,6 @@ map(object({
-
-
- Example
-
-
-```hcl
- additional_config_rules = {
- acm-certificate-expiration-check = {
- description = "Checks whether ACM Certificates in your account are marked for expiration within the specified number of days.",
- identifier = "ACM_CERTIFICATE_EXPIRATION_CHECK",
- trigger_type = "PERIODIC",
- input_parameters = { "daysToExpiration": "14"},
- applies_to_global_resources = false
- }
- }
-
-```
-
-
-
@@ -528,52 +509,6 @@ list(object({
-
-
-
-
-```hcl
-
- The list of actions that the given service principal is allowed to perform (e.g. ["kms:DescribeKey",
- "kms:GenerateDataKey"]).
-
-```
-
-
-
-
-
-```hcl
-
- List of conditions to apply to the permissions for the service principal. Use this to apply conditions on the
- permissions for accessing the KMS key (e.g., only allow access for certain encryption contexts).
-
-```
-
-
-
-
-
-```hcl
-
- Name of a Context Variable to apply the condition to. Context variables may either be standard AWS variables
- starting with aws: or service-specific variables prefixed with the service name.
-
-```
-
-
-
-
-
-```hcl
-
- Values to evaluate the condition against. If multiple values are provided, the condition matches if at least one
- of them applies. That is, AWS evaluates multiple values as though using an "OR" boolean operation.
-
-```
-
-
-
@@ -1249,30 +1184,6 @@ list(object({
-
-
- Example
-
-
-```hcl
- default = [
- {
- group_name = "stage-full-access"
- iam_role_arns = ["arn:aws:iam::123445678910:role/mgmt-full-access"]
- },
- {
- group_name = "prod-read-only-access"
- iam_role_arns = [
- "arn:aws:iam::9876543210:role/prod-read-only-ec2-access",
- "arn:aws:iam::9876543210:role/prod-read-only-rds-access"
- ]
- }
- ]
-
-```
-
-
-
@@ -1415,142 +1326,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
-
-
-```hcl
-
- Each entry in the map supports the following attributes:
-
- OPTIONAL (defaults to value of corresponding module input):
- - region string : The region (e.g., us-west-2) where the key should be created. If null or
- omitted, the key will be created in all enabled regions. Any keys
- targeting an opted out region or invalid region string will show up in the
- invalid_cmk_inputs output.
- - replica_regions list(string) : The regions (e.g., us-west-2) where the key should be replicated using the
- multi-region KMS key feature of AWS
- (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html).
- When the special region "*" is included (e.g., replica_regions = ["*"]),
- the key will be replicated in all enabled regions. This is different from
- creating the key in every region using region = null - when creating
- the key in every region, a new different key is provisioned for each region.
- With replica_regions, the same key is replicated in every region such that
- it can decrypt the same encrypted data in each region.
- - cmk_administrator_iam_arns list(string) : A list of IAM ARNs for users who should be given
- administrator access to this CMK (e.g.
- arn:aws:iam:::user/).
- - cmk_user_iam_arns list(object[CMKUser]) : A list of IAM ARNs for users who should be given
- permissions to use this CMK (e.g.
- arn:aws:iam:::user/).
- - cmk_read_only_user_iam_arns list(object[CMKUser]) : A list of IAM ARNs for users who should be given
- read-only (decrypt-only) permissions to use this CMK (e.g.
- arn:aws:iam:::user/).
- - cmk_external_user_iam_arns list(string) : A list of IAM ARNs for users from external AWS accounts
- - cmk_describe_only_user_iam_arns list(object[CMKUser]) : A list of IAM ARNs for users who should be given
- describe-only (kms:DescribeKey) permissions to use this CMK (e.g.
- arn:aws:iam:::user/). This is
- useful for deploying services that depend on the
- key (e.g., Cloudtrail) in other accounts, to trade
- key aliases for CMK ARNs.
- who should be given permissions to use this CMK (e.g.
- arn:aws:iam:::root).
- - allow_manage_key_permissions_with_iam bool : If true, both the CMK's Key Policy and IAM Policies
- (permissions) can be used to grant permissions on the CMK.
- If false, only the CMK's Key Policy can be used to grant
- permissions on the CMK. False is more secure (and
- generally preferred), but true is more flexible and
- convenient.
- - deletion_window_in_days number : The number of days to keep this KMS Master Key around after it has been
- marked for deletion.
- - tags map(string) : A map of tags to apply to the KMS Key to be created. In this map
- variable, the key is the tag name and the value is the tag value. Note
- that this map is merged with var.global_tags, and can be used to override
- tags specified in that variable.
- - enable_key_rotation bool : Whether or not to enable automatic annual rotation of the KMS key.
- - spec string : Specifies whether the key contains a symmetric key or an asymmetric key
- pair and the encryption algorithms or signing algorithms that the key
- supports. Valid values: SYMMETRIC_DEFAULT, RSA_2048, RSA_3072, RSA_4096,
- ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, or ECC_SECG_P256K1.
- - cmk_service_principals list(object[ServicePrincipal]) : A list of Service Principals that should be given
- permissions to use this CMK (e.g. s3.amazonaws.com). See
- below for the structure of the object that should be passed
- in.
-
- Structure of ServicePrincipal object:
- - name string : The name of the service principal (e.g.: s3.amazonaws.com).
- - actions list(string) : The list of actions that the given service principal is allowed to
- perform (e.g. ["kms:DescribeKey", "kms:GenerateDataKey"]).
- - conditions list(object[Condition]) : (Optional) List of conditions to apply to the permissions for the service
- principal. Use this to apply conditions on the permissions for
- accessing the KMS key (e.g., only allow access for certain encryption
- contexts). The condition object accepts the same fields as the condition
- block on the IAM policy document (See
- https://www.terraform.io/docs/providers/aws/d/iam_policy_document.htmlcondition).
- Structure of CMKUser object:
- - name list(string) : The list of names of the AWS principal (e.g.: arn:aws:iam::0000000000:user/dev).
- - conditions list(object[Condition]) : (Optional) List of conditions to apply to the permissions for the CMK User
- Use this to apply conditions on the permissions for accessing the KMS key
- (e.g., only allow access for certain encryption contexts).
- The condition object accepts the same fields as the condition
- block on the IAM policy document (See
- https://www.terraform.io/docs/providers/aws/d/iam_policy_document.htmlcondition).
- Example:
- kms_customer_master_keys = {
- cmk-stage = {
- region = "us-west-1"
- cmk_administrator_iam_arns = ["arn:aws:iam::0000000000:user/admin"]
- cmk_user_iam_arns = [
- {
- name = ["arn:aws:iam::0000000000:user/dev"]
- conditions = []
- }
- ]
- cmk_read_only_user_iam_arns = [
- {
- name = ["arn:aws:iam::0000000000:user/qa"]
- conditions = []
- }
- ]
- cmk_describe_only_user_iam_arns = [
- {
- name = ["arn:aws:iam::0000000000:user/qa"]
- conditions = []
- }
- ]
- cmk_external_user_iam_arns = ["arn:aws:iam::1111111111:user/root"]
- cmk_service_principals = [
- {
- name = "s3.amazonaws.com"
- actions = ["kms:Encrypt"]
- conditions = []
- }
- ]
- }
- cmk-prod = {
- region = "us-east-1"
- cmk_administrator_iam_arns = ["arn:aws:iam::0000000000:user/admin"]
- cmk_user_iam_arns = [
- {
- name = ["arn:aws:iam::0000000000:user/prod"]
- conditions = []
- }
- ]
- allow_manage_key_permissions_with_iam = true
- Override the default value for all keys configured with var.default_deletion_window_in_days
- deletion_window_in_days = 7
-
- Set extra tags on the CMK for prod
- tags = {
- Environment = "prod"
- }
- }
- }
-
-```
-
-
-
@@ -1589,32 +1364,6 @@ map(object({
-
-
-
-
-```hcl
-
- The principal that is given permission to perform the operations that the grant permits. This must be in ARN
- format. For example, the grantee principal for ASG is:
- arn:aws:iam::111122223333:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling
-
-```
-
-
-
-
-
-```hcl
-
- A list of operations that the grant permits. The permitted values are:
- Decrypt, Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext, ReEncryptFrom, ReEncryptTo, CreateGrant,
- RetireGrant, DescribeKey
-
-```
-
-
-
@@ -1793,52 +1542,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- users = {
- alice = {
- groups = ["user-self-mgmt", "developers", "ssh-sudo-users"]
- }
-
- bob = {
- path = "/"
- groups = ["user-self-mgmt", "ops", "admins"]
- tags = {
- foo = "bar"
- }
- }
-
- carol = {
- groups = ["user-self-mgmt", "developers", "ssh-users"]
- pgp_key = "keybase:carol_on_keybase"
- create_login_profile = true
- create_access_keys = true
- }
- }
-
-```
-
-
-
-
-
-
-
-```hcl
-
- Ideally, this would be a map of (string, object), but object does not support optional properties, and we want
- users to be able to specify, say, tags for some users, but not for others. We can't use a map(any) either, as that
- would require the values to all have the same type, and due to optional parameters, that wouldn't work either. So,
- we have to lamely fall back to any.
-
-```
-
-
-
@@ -2256,11 +1959,11 @@ A map of usernames to that user's AWS Web Console password, encrypted with that
diff --git a/docs/reference/services/landing-zone/gruntwork-access.md b/docs/reference/services/landing-zone/gruntwork-access.md
index 2fecfc498a..7a54c50872 100644
--- a/docs/reference/services/landing-zone/gruntwork-access.md
+++ b/docs/reference/services/landing-zone/gruntwork-access.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Gruntwork Access
-View Source
+
+View Source
Release Notes
@@ -63,7 +64,7 @@ If you’ve never used the Service Catalog before, make sure to read
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -71,7 +72,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture/), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog, configure CI / CD for your apps and
@@ -173,11 +174,11 @@ The name of the IAM role
diff --git a/docs/reference/services/landing-zone/iam-users-and-iam-groups.md b/docs/reference/services/landing-zone/iam-users-and-iam-groups.md
index c6c7f5d08c..818cff0baa 100644
--- a/docs/reference/services/landing-zone/iam-users-and-iam-groups.md
+++ b/docs/reference/services/landing-zone/iam-users-and-iam-groups.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# IAM Users and IAM Groups
-View Source
+
+View Source
Release Notes
@@ -74,9 +75,9 @@ If you’ve never used the Service Catalog before, make sure to read
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/test): Automated tests for the modules and examples.
+* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules): the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples): This folder contains working examples of how to use the submodules.
+* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/test): Automated tests for the modules and examples.
## Deploy
@@ -84,7 +85,7 @@ If you’ve never used the Service Catalog before, make sure to read
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing/landingzone folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing/landingzone): The
+* [examples/for-learning-and-testing/landingzone folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing/landingzone): The
`examples/for-learning-and-testing/landingzone` folder contains standalone sample code optimized for learning,
experimenting, and testing (but not direct production usage).
@@ -92,7 +93,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture/), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -311,30 +312,6 @@ list(object({
-
-
- Example
-
-
-```hcl
- default = [
- {
- group_name = "stage-full-access"
- iam_role_arns = ["arn:aws:iam::123445678910:role/mgmt-full-access"]
- },
- {
- group_name = "prod-read-only-access"
- iam_role_arns = [
- "arn:aws:iam::9876543210:role/prod-read-only-ec2-access",
- "arn:aws:iam::9876543210:role/prod-read-only-rds-access"
- ]
- }
- ]
-
-```
-
-
-
@@ -513,52 +490,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- users = {
- alice = {
- groups = ["user-self-mgmt", "developers", "ssh-sudo-users"]
- }
-
- bob = {
- path = "/"
- groups = ["user-self-mgmt", "ops", "admins"]
- tags = {
- foo = "bar"
- }
- }
-
- carol = {
- groups = ["user-self-mgmt", "developers", "ssh-users"]
- pgp_key = "keybase:carol_on_keybase"
- create_login_profile = true
- create_access_keys = true
- }
- }
-
-```
-
-
-
-
-
-
-
-```hcl
-
- Ideally, this would be a map of (string, object), but object does not support optional properties, and we want
- users to be able to specify, say, tags for some users, but not for others. We can't use a map(any) either, as that
- would require the values to all have the same type, and due to optional parameters, that wouldn't work either. So,
- we have to lamely fall back to any.
-
-```
-
-
-
@@ -682,11 +613,11 @@ A map of usernames to that user's AWS Web Console password, encrypted with that
diff --git a/docs/reference/services/networking/elastic-load-balancer-elb.md b/docs/reference/services/networking/elastic-load-balancer-elb.md
index c55eba2fc2..7c446d74c7 100644
--- a/docs/reference/services/networking/elastic-load-balancer-elb.md
+++ b/docs/reference/services/networking/elastic-load-balancer-elb.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Application Load Balancer
-View Source
+
+View Source
Release Notes
@@ -62,7 +63,7 @@ If you’ve never used the Service Catalog before, make sure to read
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -70,7 +71,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -353,23 +354,6 @@ list(object({
-
-
- Example
-
-
-```hcl
- default = [
- {
- port = 443
- tls_domain_name = "foo.your-company.com"
- }
- ]
-
-```
-
-
-
@@ -389,23 +373,6 @@ list(object({
-
-
- Example
-
-
-```hcl
- default = [
- {
- port = 443
- tls_arn = "arn:aws:iam::123456789012:server-certificate/ProdServerCert"
- }
- ]
-
-```
-
-
-
@@ -533,11 +500,11 @@ The AWS-managed DNS name assigned to the ALB.
diff --git a/docs/reference/services/networking/management-vpc.md b/docs/reference/services/networking/management-vpc.md
index b9f9a3222c..defd0eaee5 100644
--- a/docs/reference/services/networking/management-vpc.md
+++ b/docs/reference/services/networking/management-vpc.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Management VPC
-View Source
+
+View Source
Release Notes
@@ -65,9 +66,9 @@ documentation in the [terraform-aws-vpc](https://github.com/gruntwork-io/terrafo
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules): The main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/test): Automated tests for the modules and examples.
+* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules): The main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples): This folder contains working examples of how to use the submodules.
+* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/test): Automated tests for the modules and examples.
## Deploy
@@ -75,7 +76,7 @@ documentation in the [terraform-aws-vpc](https://github.com/gruntwork-io/terrafo
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -83,7 +84,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized or direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -595,11 +596,11 @@ Indicates whether or not the VPC has finished creating
diff --git a/docs/reference/services/networking/route-53-hosted-zones.md b/docs/reference/services/networking/route-53-hosted-zones.md
index 108f0d082f..3debc9e859 100644
--- a/docs/reference/services/networking/route-53-hosted-zones.md
+++ b/docs/reference/services/networking/route-53-hosted-zones.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Route 53 Hosted Zones
-View Source
+
+View Source
Release Notes
@@ -49,7 +50,7 @@ If you’ve never used the Service Catalog before, make sure to read
:::
-* [Should you use AWS Route 53 or CloudMap for your DNS entries?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/networking/route53/core-concepts.md#should-i-use-route53-or-cloud-map)
+* [Should you use AWS Route 53 or CloudMap for your DNS entries?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/networking/route53/core-concepts.md#should-i-use-route53-or-cloud-map)
* [AWS Cloud Map Documentation](https://docs.aws.amazon.com/cloud-map/latest/dg/what-is-cloud-map.html): Amazon’s docs
for AWS Cloud Map that cover core concepts and configuration.
* [Route 53 Documentation](https://docs.aws.amazon.com/route53/): Amazon’s docs for Route 53 that cover core concepts
@@ -61,7 +62,7 @@ If you’ve never used the Service Catalog before, make sure to read
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -69,7 +70,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -109,42 +110,6 @@ map(object({
-
-
- Example
-
-
-```hcl
- private_zones = {
- "backend.com" = {
- comment = "Use for arbitrary comments"
- vpcs = [{
- id = "19233983937"
- region = null
- }]
- tags = {
- CanDelete = true
- }
- force_destroy = true
- }
- "database.com" = {
- comment = "This is prod - don't delete!"
- vpcs = [{
- id = "129734967447"
- region = null
- }]
- tags = {
- Application = "redis"
- Team = "apps"
- }
- force_destroy = false
- }
- }
-
-```
-
-
-
@@ -161,114 +126,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
-
- Example: Request a certificate protecting only the apex domain
-
- public_zones = {
- "example.com" = {
- comment = "You can add arbitrary text here"
- tags = {
- Foo = "bar"
- }
- force_destroy = true
- subject_alternative_names = []
- created_outside_terraform = true
- create_verification_record = true
- verify_certificate = true
- base_domain_name_tags = {
- original = true
- }
- apex_records = [
- {
- type = "MX"
- ttl = 3600
- records = [
- "1 mx.example.com.",
- "5 mx1.example.com.",
- "10 mx2.example.com.",
- ]
- },
- {
- type = "SPF"
- ttl = 3600
- records = [
- "v=spf1 include:_spf.example.com ~all"
- ]
- },
- {
- type = "TXT"
- ttl = 3600
- records = [
- "v=spf1 include:_spf.example.com ~all"
- ]
- }
- ]
- subdomains = {
- txt-test = {
- type = "TXT"
- ttl = 3600
- records = ["hello-world"]
- }
- txt-test-mx = {
- fqdn = "txt-test.example.com"
- type = "SPF"
- ttl = 3600
- records = ["hello-world"]
- }
- }
- }
- }
-
- Example: Request a wildcard certificate that does NOT protect the apex domain:
-
- public_zones = {
- "*.example.com = {
- comment = ""
- tags = {}
- force_destroy = true
- subject_alternative_names = []
- base_domain_name_tags = {}
- create_verification_record = true
- verify_certificate = true
- }
- }
-
- Example: Request a wildcard certificate that covers BOTH the apex and first-level subdomains
-
- public_zones = {
- "example.com" = {
- comment = ""
- tags = {}
- force_destroy = false
- subject_alternative_names = ["*.example.com"]
- base_domain_name_tags = {}
- create_verification_record = true
- verify_certificate = true
- }
- }
-
-```
-
-
-
-
-
-
-
-```hcl
-
- Allow empty maps to be passed by default - since we sometimes define only public zones or only private zones in a given module call
-
-```
-
-
-
@@ -291,28 +148,6 @@ map(object({
-
-
-
-
-```hcl
-
- A user friendly description for the namespace
-
-```
-
-
-
-
-
-```hcl
-
- Default to empty map so that private namespaces are only created when requested.
-
-```
-
-
-
@@ -329,36 +164,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
-
-
-```hcl
-
- Whether or not to create a Route 53 DNS record for use in validating the issued certificate. You may want to set this to false if you are not using Route 53 as your DNS provider.
- create_verification_record = bool
-
- Whether or not to attempt to verify the issued certificate via DNS entries automatically created via Route 53 records. You may want to set this to false on your certificate inputs if you are not using Route 53 as your DNS provider.
- verify_certificate = bool
-
- Whether or not to create ACM TLS certificates for the domain. When true, Route53 certificates will automatically be
- created for the root domain. Defaults to true.
- provision_certificates = bool
-
-```
-
-
-
-
-
-```hcl
-
- Default to empty map so that public namespaces are only created when requested.
-
-```
-
-
-
@@ -451,11 +256,11 @@ A map of domains to resource arns and hosted zones of the created Service Discov
diff --git a/docs/reference/services/networking/sns-topics.md b/docs/reference/services/networking/sns-topics.md
index 8bcf06fa9b..b0c7f59946 100644
--- a/docs/reference/services/networking/sns-topics.md
+++ b/docs/reference/services/networking/sns-topics.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Amazon Simple Notification Service
-View Source
+
+View Source
Release Notes
@@ -48,8 +49,8 @@ If you’ve never used the Service Catalog before, make sure to read
:::
* [SNS Documentation](https://docs.aws.amazon.com/sns/): Amazon’s docs for SNS that cover core concepts and configuration
-* [How do SNS topics work?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/networking/sns-topics/core-concepts.md#how-do-sns-topics-work)
-* [How do I get notified when a message is published to an SNS Topic?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/networking/sns-topics/core-concepts.md#how-do-i-get-notified)
+* [How do SNS topics work?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/networking/sns-topics/core-concepts.md#how-do-sns-topics-work)
+* [How do I get notified when a message is published to an SNS Topic?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/networking/sns-topics/core-concepts.md#how-do-i-get-notified)
## Deploy
@@ -57,7 +58,7 @@ If you’ve never used the Service Catalog before, make sure to read
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -65,7 +66,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -192,11 +193,11 @@ The ARN of the SNS topic.
diff --git a/docs/reference/services/networking/virtual-private-cloud-vpc.md b/docs/reference/services/networking/virtual-private-cloud-vpc.md
index e78f31a83c..b60bfabdeb 100644
--- a/docs/reference/services/networking/virtual-private-cloud-vpc.md
+++ b/docs/reference/services/networking/virtual-private-cloud-vpc.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# VPC
-View Source
+
+View Source
Release Notes
@@ -65,9 +66,9 @@ documentation in the [terraform-aws-vpc](https://github.com/gruntwork-io/terrafo
### Repo organization
-* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules): The main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
-* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples): This folder contains working examples of how to use the submodules.
-* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/test): Automated tests for the modules and examples.
+* [modules](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules): The main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
+* [examples](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples): This folder contains working examples of how to use the submodules.
+* [test](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/test): Automated tests for the modules and examples.
## Deploy
@@ -75,7 +76,7 @@ documentation in the [terraform-aws-vpc](https://github.com/gruntwork-io/terrafo
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -83,7 +84,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog.
@@ -616,50 +617,6 @@ A map of unique names to client IP CIDR block and inbound ports that should be e
-
-
-
-
-```hcl
-
- A rule number indicating priority. A lower number has precedence. Note that the default rules created by this
- module start with 100.
-
-```
-
-
-
-
-
-```hcl
-
- Network protocol (tcp, udp, icmp, or all) to expose.
-
-```
-
-
-
-
-
-```hcl
-
- Range of ports to expose.
-
-```
-
-
-
-
-
-```hcl
-
- ICMP types to expose
- Required if specifying ICMP for the protocol
-
-```
-
-
-
@@ -669,50 +626,6 @@ A map of unique names to destination IP CIDR block and outbound ports that shoul
-
-
-
-
-```hcl
-
- A rule number indicating priority. A lower number has precedence. Note that the default rules created by this
- module start with 100.
-
-```
-
-
-
-
-
-```hcl
-
- Network protocol (tcp, udp, icmp, or all) to expose.
-
-```
-
-
-
-
-
-```hcl
-
- Range of ports to expose.
-
-```
-
-
-
-
-
-```hcl
-
- ICMP types to expose
- Required if specifying ICMP for the protocol
-
-```
-
-
-
@@ -1103,11 +1016,11 @@ Indicates whether or not the VPC has finished creating
diff --git a/docs/reference/services/security/bastion.md b/docs/reference/services/security/bastion.md
index 738bf4f062..cd20c19f3a 100644
--- a/docs/reference/services/security/bastion.md
+++ b/docs/reference/services/security/bastion.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Bastion Host
-View Source
+
+View Source
Release Notes
@@ -87,7 +88,7 @@ The bastion host AMI is defined using the [Packer](https://www.packer.io/) templ
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -95,7 +96,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog, configure CI / CD for your apps and
@@ -148,20 +149,6 @@ object({
```
-
-
-
-
-```hcl
-
- Name/Value pairs to filter the AMI off of. There are several valid keys, for a full reference, check out the
- documentation for describe-images in the AWS CLI reference
- (https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-images.html).
-
-```
-
-
-
@@ -566,11 +553,11 @@ The fully qualified name of the bastion host.
diff --git a/docs/reference/services/security/open-vpn.md b/docs/reference/services/security/open-vpn.md
index c75b64046b..46cd1f113a 100644
--- a/docs/reference/services/security/open-vpn.md
+++ b/docs/reference/services/security/open-vpn.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# OpenVPN Server
-View Source
+
+View Source
Release Notes
@@ -74,7 +75,7 @@ documentation in the [package-openvpn](https://github.com/gruntwork-io/terraform
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -82,7 +83,7 @@ If you just want to try this repo out for experimenting and learning, check out
If you want to deploy this repo in production, check out the following resources:
-* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-production): The `examples/for-production` folder contains sample code
+* [examples/for-production folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-production): The `examples/for-production` folder contains sample code
optimized for direct usage in production. This is code from the
[Gruntwork Reference Architecture](https://gruntwork.io/reference-architecture/), and it shows you how we build an
end-to-end, integrated tech stack on top of the Gruntwork Service Catalog, configure CI / CD for your apps and
@@ -135,20 +136,6 @@ object({
```
-
-
-
-
-```hcl
-
- Name/Value pairs to filter the AMI off of. There are several valid keys, for a full reference, check out the
- documentation for describe-images in the AWS CLI reference
- (https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-images.html).
-
-```
-
-
-
@@ -840,11 +827,11 @@ The security group ID of the OpenVPN server.
diff --git a/docs/reference/services/security/tailscale-subnet-router.md b/docs/reference/services/security/tailscale-subnet-router.md
index 1bce561c0d..bc726fe581 100644
--- a/docs/reference/services/security/tailscale-subnet-router.md
+++ b/docs/reference/services/security/tailscale-subnet-router.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# Tailscale Subnet Router
-View Source
+
+View Source
Release Notes
@@ -77,7 +78,7 @@ If you’ve never used the Service Catalog before, make sure to read
If you just want to try this repo out for experimenting and learning, check out the following resources:
-* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/examples/for-learning-and-testing): The
+* [examples/for-learning-and-testing folder](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/examples/for-learning-and-testing): The
`examples/for-learning-and-testing` folder contains standalone sample code optimized for learning, experimenting, and
testing (but not direct production usage).
@@ -94,7 +95,7 @@ access services within your VPC through the tailnet.
### What AMI should I use?
-Any AMI can be used with this module, provided that the [install-tailscale](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/mgmt/tailscale-subnet-router/scripts/install-tailscale.sh) script is installed
+Any AMI can be used with this module, provided that the [install-tailscale](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/mgmt/tailscale-subnet-router/scripts/install-tailscale.sh) script is installed
into the AMI. The `install-tailscale` script ensures that Tailscale is installed with the `init-tailscale-subnet-router` boot
script, which can be used to load the auth key from AWS Secrets Manager to authenticate to Tailscale at boot time.
@@ -172,20 +173,6 @@ object({
```
-
-
-
-
-```hcl
-
- Name/Value pairs to filter the AMI off of. There are several valid keys, for a full reference, check out the
- documentation for describe-images in the AWS CLI reference
- (https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-images.html).
-
-```
-
-
-
@@ -598,11 +585,11 @@ ID of the primary security group attached to the Tailscale relay server.
diff --git a/docs/reference/services/security/tls-scripts.md b/docs/reference/services/security/tls-scripts.md
index 638326a71c..2532289df2 100644
--- a/docs/reference/services/security/tls-scripts.md
+++ b/docs/reference/services/security/tls-scripts.md
@@ -14,13 +14,14 @@ hide_title: true
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
import VersionBadge from '../../../../src/components/VersionBadge.tsx';
-import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../src/components/HclListItem.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue } from '../../../../src/components/HclListItem.tsx';
-
+
# TLS Scripts
-View Source
+
+View Source
Release Notes
@@ -54,33 +55,33 @@ If you’ve never used the Service Catalog before, make sure to read
### About TLS
-* [How does TLS/SSL work?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/tls-scripts/core-concepts.md#how-does-tlsssl-work)
-* [What are commercial or public Certificate Authorities?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/tls-scripts/core-concepts.md#what-are-commercial-or-public-certificate-authorities)
-* [How does Gruntwork generate a TLS cert for private services?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/tls-scripts/core-concepts.md#how-does-gruntwork-generate-a-tls-cert-for-private-services)
+* [How does TLS/SSL work?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/tls-scripts/core-concepts.md#how-does-tlsssl-work)
+* [What are commercial or public Certificate Authorities?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/tls-scripts/core-concepts.md#what-are-commercial-or-public-certificate-authorities)
+* [How does Gruntwork generate a TLS cert for private services?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/tls-scripts/core-concepts.md#how-does-gruntwork-generate-a-tls-cert-for-private-services)
### About the scripts specifically
-* [How does create-tls-cert work?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/tls-scripts/core-concepts.md#how-does-create-tls-cert-work)
-* [How does download-rds-ca-certs work?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/tls-scripts/core-concepts.md#how-does-download-rds-ca-certs-work)
-* [How does generate-trust-stores work?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/tls-scripts/core-concepts.md#how-does-generate-trust-stores-work)
+* [How does create-tls-cert work?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/tls-scripts/core-concepts.md#how-does-create-tls-cert-work)
+* [How does download-rds-ca-certs work?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/tls-scripts/core-concepts.md#how-does-download-rds-ca-certs-work)
+* [How does generate-trust-stores work?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/tls-scripts/core-concepts.md#how-does-generate-trust-stores-work)
## Deploy
### Running
-* [How do I run these scripts using Docker?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/tls-scripts/core-concepts.md#how-do-i-run-these-scripts-using-docker)
-* [How do I create self-signed TLS certs?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/tls-scripts/core-concepts.md#how-do-i-create-self-signed-tls-certs)
-* [Should I store certs in AWS Secrets Manager or Amazon Certificate Manager?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/tls-scripts/core-concepts.md#should-i-store-certs-in-aws-secrets-manager-or-amazon-certificate-manager)
-* [Generating self-signed certs for local dev and testing](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/tls-scripts/core-concepts.md#generating-self-signed-certs-for-local-dev-and-testing)
-* [Generating self-signed certs for prod, encrypting certs locally with KMS](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/tls-scripts/core-concepts.md#generating-self-signed-certs-for-prod-encrypting-certs-locally-with-kms)
-* [Generating self-signed certs for prod, using AWS Secrets Manager for storage](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/tls-scripts/core-concepts.md#generating-self-signed-certs-for-prod-using-aws-secrets-manager-for-storage)
-* [Generating self-signed certs for prod, using Amazon Certificate Manager for storage](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/tls-scripts/core-concepts.md#generating-self-signed-certs-for-prod-using-amazon-certificate-manager-for-storage)
-* [How do I download CA public keys for validating RDS TLS connections?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/tls-scripts/core-concepts.md#how-do-i-download-CA-public-keys-for-validating-rds-tls-connections)
-* [How do I generate key stores and trust stores to manage TLS certificates for JVM apps?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/tls-scripts/core-concepts.md#how-do-i-generate-key-stores-and-trust-stores-to-manage-tls-certificates-for-jvm-apps)
+* [How do I run these scripts using Docker?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/tls-scripts/core-concepts.md#how-do-i-run-these-scripts-using-docker)
+* [How do I create self-signed TLS certs?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/tls-scripts/core-concepts.md#how-do-i-create-self-signed-tls-certs)
+* [Should I store certs in AWS Secrets Manager or Amazon Certificate Manager?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/tls-scripts/core-concepts.md#should-i-store-certs-in-aws-secrets-manager-or-amazon-certificate-manager)
+* [Generating self-signed certs for local dev and testing](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/tls-scripts/core-concepts.md#generating-self-signed-certs-for-local-dev-and-testing)
+* [Generating self-signed certs for prod, encrypting certs locally with KMS](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/tls-scripts/core-concepts.md#generating-self-signed-certs-for-prod-encrypting-certs-locally-with-kms)
+* [Generating self-signed certs for prod, using AWS Secrets Manager for storage](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/tls-scripts/core-concepts.md#generating-self-signed-certs-for-prod-using-aws-secrets-manager-for-storage)
+* [Generating self-signed certs for prod, using Amazon Certificate Manager for storage](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/tls-scripts/core-concepts.md#generating-self-signed-certs-for-prod-using-amazon-certificate-manager-for-storage)
+* [How do I download CA public keys for validating RDS TLS connections?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/tls-scripts/core-concepts.md#how-do-i-download-CA-public-keys-for-validating-rds-tls-connections)
+* [How do I generate key stores and trust stores to manage TLS certificates for JVM apps?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/tls-scripts/core-concepts.md#how-do-i-generate-key-stores-and-trust-stores-to-manage-tls-certificates-for-jvm-apps)
### Testing
-* [How do I test these scripts using Docker?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.0/modules/tls-scripts/core-concepts.md#how-do-i-test-these-scripts-using-docker)
+* [How do I test these scripts using Docker?](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.102.1/modules/tls-scripts/core-concepts.md#how-do-i-test-these-scripts-using-docker)
## Reference
@@ -101,11 +102,11 @@ If you’ve never used the Service Catalog before, make sure to read