diff --git a/docs/configurations/deployments/forge_tenant.md b/docs/configurations/deployments/forge_tenant.md index 831ff6e3..724b8b30 100644 --- a/docs/configurations/deployments/forge_tenant.md +++ b/docs/configurations/deployments/forge_tenant.md @@ -23,35 +23,35 @@ Copy these templates and place them at the correct paths: ### Templates to Copy -- `examples/templates/tenant/_global_settings/_global.yaml` -- `examples/templates/tenant/_environment_wide_settings/_environment.yaml` -- `examples/templates/tenant/_vpc_wide_settings/_vpc.yaml` +- `examples/templates/tenant/_global_settings/_global.yml` +- `examples/templates/tenant/_environment_wide_settings/_environment.yml` +- `examples/templates/tenant/_vpc_wide_settings/_vpc.yml` ### Destination Paths ``` -examples/deployments/forge-tenant/terragrunt/_global_settings/_global.yaml +examples/deployments/forge-tenant/terragrunt/_global_settings/_global.yml -examples/deployments/forge-tenant/terragrunt/environments//_environment_wide_settings/_environment.yaml +examples/deployments/forge-tenant/terragrunt/environments//_environment_wide_settings/_environment.yml -examples/deployments/forge-tenant/terragrunt/environments//regions//vpcs//_vpc_wide_settings/_vpc.yaml +examples/deployments/forge-tenant/terragrunt/environments//regions//vpcs//_vpc_wide_settings/_vpc.yml ``` ### Edit the Config Files -Before editing your tenant's `config.yaml`, review and update these supporting configuration files: +Before editing your tenant's `config.yml`, review and update these supporting configuration files: -- **\_global.yaml**\ +- **\_global.yml**\ Set global values such as team name, product name, AWS account prefix, GitHub organization, and contact email.\ - *(Path: `_global_settings/_global.yaml`)* + *(Path: `_global_settings/_global.yml`)* -- **\_environment.yaml**\ +- **\_environment.yml**\ Define environment-wide settings like environment name, AWS region, and account ID.\ - *(Path: `environments//_environment_wide_settings/_environment.yaml`)* + *(Path: `environments//_environment_wide_settings/_environment.yml`)* -- **\_vpc.yaml**\ +- **\_vpc.yml**\ Specify VPC-wide settings including VPC alias, VPC ID, subnet IDs, and cluster name.\ - *(Path: `environments//regions//vpcs//_vpc_wide_settings/_vpc.yaml`)* + *(Path: `environments//regions//vpcs//_vpc_wide_settings/_vpc.yml`)* These files provide the foundational settings used by your tenant and runner modules.\ **Be sure to replace all placeholder values (`<...>`) with your actual environment details.** diff --git a/docs/configurations/deployments/new_tenant.md b/docs/configurations/deployments/new_tenant.md index 9f44951a..4d44fc1d 100644 --- a/docs/configurations/deployments/new_tenant.md +++ b/docs/configurations/deployments/new_tenant.md @@ -13,7 +13,7 @@ Copy these templates and place them at the correct paths. - `examples/templates/tenant/_global_settings/tenant.hcl` - `examples/templates/tenant/tenant/terragrunt.hcl` - `examples/templates/tenant/tenant/runner_settings.hcl` -- `examples/templates/tenant/tenant/config.yaml` +- `examples/templates/tenant/tenant/config.yml` ### Destination Paths @@ -24,7 +24,7 @@ examples/deployments/forge-tenant/terragrunt/environments//regions/ examples/deployments/forge-tenant/terragrunt/environments//regions//vpcs//tenants//runner_settings.hcl -examples/deployments/forge-tenant/terragrunt/environments//regions//vpcs//tenants//config.yaml +examples/deployments/forge-tenant/terragrunt/environments//regions//vpcs//tenants//config.yml ``` ### Example for tenant=`sbg`, account=`sec-plat`, region=`eu-west-1`, vpc_alias=`shared` @@ -41,15 +41,15 @@ cp examples/templates/tenant/tenant/terragrunt.hcl \ cp examples/templates/tenant/tenant/runner_settings.hcl \ examples/deployments/forge-tenant/terragrunt/environments/sec-plat/regions/eu-west-1/vpcs/shared/tenants/sbg/runner_settings.hcl -cp examples/templates/tenant/tenant/config.yaml \ - examples/deployments/forge-tenant/terragrunt/environments/sec-plat/regions/eu-west-1/vpcs/shared/tenants/sbg/config.yaml +cp examples/templates/tenant/tenant/config.yml \ + examples/deployments/forge-tenant/terragrunt/environments/sec-plat/regions/eu-west-1/vpcs/shared/tenants/sbg/config.yml ``` ______________________________________________________________________ -## 2. Edit `config.yaml` — Tenant Configuration Fields +## 2. Edit `config.yml` — Tenant Configuration Fields -Controls GitHub integration, IAM roles, runner specs (EC2 & ARC). +Controls GitHub integration, IAM roles, EC2-wide runner settings, and runner specs (EC2 & ARC). ______________________________________________________________________ @@ -81,18 +81,40 @@ tenant: github_logs_reader_role_arns: # (Optional) IAM role ARNs granted read (+ KMS decrypt) access to archived GitHub job/workflow logs - arn:aws:iam:::role/ +ec2_config: + enable_dynamic_labels: # Enable dynamic ghr-* labels for EC2 runners + ec2_runner_specs: - : # e.g. small, medium, gpu - ami_name: # AMI name pattern, supports wildcard *, e.g. forge-gh-runner-v* - ami_owner: # AWS account ID owning AMI - ami_kms_key_arn: '' # Set to '' if AMI is unencrypted, else KMS ARN string - max_instances: # Max EC2 runners allowed in parallel - instance_types: # List of allowed instance types (prefer spot-compatible) - - # e.g. t3.large, m5.large - pool_config: # Warm pool config for pre-warming runners; empty list [] disables - - size: # Number of instances to keep warm + : # e.g. small, medium, gpu, mac + type: # Runner type label advertised to GitHub + ami_name: # AMI name pattern, supports wildcard *, e.g. forge-gh-runner-v* + ami_owner: # AWS account ID owning AMI + ami_kms_key_arn: # Set to '' if AMI is unencrypted, else KMS ARN string + runner_os: # linux, osx, or windows + runner_architecture: # x64 or arm64 + runner_user: # OS user that runs the GitHub runner process + placement: # Required for macOS dedicated-host runners; omit otherwise + host_resource_group_arn: + tenancy: host + availability_zone: + max_instances: # Max EC2 runners allowed in parallel + license_specifications: # Optional License Manager config for dedicated hosts + use_dedicated_host: # Set true for macOS EC2 runners + vpc_id: # Optional override; defaults to tenant VPC when omitted + subnet_ids: # Optional override; defaults to tenant subnets when omitted + - + instance_types: # List of allowed instance types + - # e.g. t3.large, m5.large, mac2.metal + pool_config: # Warm pool config for pre-warming runners; empty list [] disables + - size: # Number of instances to keep warm schedule_expression: # AWS cron expression (6 fields, use AWS docs) schedule_expression_timezone: # Optional timezone, e.g. UTC, America/New_York + volume: + size: + device_name: + iops: + throughput: + type: arc_runner_specs: : # e.g. dependabot, k8s @@ -108,6 +130,11 @@ arc_runner_specs: container_requests_memory: # Kubernetes memory requests, e.g. 1Gi (mandatory unit) container_limits_cpu: # Kubernetes CPU limits container_limits_memory: # Kubernetes memory limits + volume_requests_storage_type: # Storage class/type for runner workspace volume + volume_requests_storage_size: # Size for runner workspace volume + +arc_cluster_name: +migrate_arc_cluster: ``` @@ -116,6 +143,7 @@ ______________________________________________________________________ ### Field Guidance & Gotchas - **`ghes_url`**: empty for github.com, full URL for GHES. +- **`repository_selection`**: use `all` or `selected`, matching the GitHub App installation scope. - **`iam_roles_to_assume`**: full ARNs only, no wildcards. - **`ecr_registries`**: must be full URLs, including account and region. - **`github_logs_reader_role_arns`**: @@ -123,12 +151,24 @@ ______________________________________________________________________ - Leave the list empty (or omit) if no external roles should access logs. - Roles are added to the S3 bucket policy (GetObject/ListBucket) and KMS key policy (Decrypt/Describe/GenerateDataKey\*). - Avoid granting organization-wide wildcard roles; principle of least privilege. +- **`ec2_config.enable_dynamic_labels`**: set to `true` to allow EC2 jobs to use dynamic `ghr-` labels, such as labels that override EC2 runtime options or add dynamic runner labels. Keep `false` unless the tenant needs this behavior. +- **`type`**: logical EC2 runner type used in generated GitHub labels. - **`ami_kms_key_arn`**: must be explicitly set to `''` if AMI not encrypted; otherwise runner fails. +- **`runner_os`**: set the operating system for the runner AMI, for example `linux`, `osx`, or `windows`. +- **`runner_architecture`**: set the runner CPU architecture, for example `x64` or `arm64`. +- **`runner_user`**: OS user that runs the GitHub runner process on the EC2 instance. - **`max_instances`**: check AWS EC2 quota before setting. +- **`vpc_id` / `subnet_ids`**: optional per-runner network overrides. Omit them to use the tenant-level VPC and subnets. - **`instance_types`**: spot-compatible preferred for cost savings. +- **`volume`**: root volume settings for the runner AMI, including size, device name, IOPS, throughput, and EBS type. +- **`use_dedicated_host`**: set to `true` for macOS EC2 runners, because Mac instances require EC2 Dedicated Hosts. Pair it with `placement.tenancy: host`, a host resource group or host ID, and an availability zone that has matching Mac host capacity. +- **`license_specifications`**: include License Manager configuration ARNs when your dedicated host resource group requires them for macOS runners. - **`pool_config.schedule_expression`**: AWS cron syntax with 6 fields, **not** standard cron. Example: `cron(0 8 * * ? *)`. See [AWS docs](https://docs.aws.amazon.com/eventbridge/latest/userguide/scheduled-events.html#cron-expressions). - **`scale_set_type`**: only `dind` or `k8s`. Wrong values cause runtime errors. - **`scale_set_labels`**: labels used in workflow `runs-on` matching for ARC runners. Include at least the intended runner type label. +- **`volume_requests_storage_type` / `volume_requests_storage_size`**: storage class/type and size used for ARC runner workspace volumes. +- **`arc_cluster_name`**: EKS cluster where ARC runners are deployed. +- **`migrate_arc_cluster`**: set to `true` only for an intentional ARC cluster migration flow; otherwise keep `false`. - **Kubernetes CPU/memory fields**: units mandatory (e.g., `500m`, `1Gi`). Missing units break pods. #### `github_webhook_relay` Guidance @@ -140,12 +180,51 @@ ______________________________________________________________________ - All `destination_*` keys are ignored when `enabled: false` (can be left as placeholders). - Typical use cases: central analytics, multi-account runner orchestration, or security event aggregation. +#### macOS EC2 Runner Guidance + +macOS runners must run on EC2 Dedicated Hosts. Configure the runner spec with `use_dedicated_host: true`, host placement, and Mac instance types: + +```yaml +ec2_runner_specs: + mac: + type: mac + ami_name: forge-gh-runner-macarm-v* + ami_owner: '123456789012' + ami_kms_key_arn: '' + runner_os: osx + runner_architecture: arm64 + runner_user: ec2-user + placement: + host_resource_group_arn: arn:aws:resource-groups:::group/ + tenancy: host + availability_zone: + license_specifications: + - license_configuration_arn: arn:aws:license-manager:::license-configuration: + use_dedicated_host: true + vpc_id: + subnet_ids: + - + max_instances: + instance_types: + - mac2.metal + pool_config: [] + volume: + size: + device_name: + iops: + throughput: + type: gp3 +``` + +Use a subnet in the same availability zone as the dedicated host placement. If your host resource group does not require License Manager, omit `license_specifications`. + ______________________________________________________________________ ### Common Pitfalls — Avoid These - Wildcard or invalid IAM roles → runner startup failures. - Forgetting `ami_kms_key_arn` = `''` when AMI isn’t encrypted → Terraform errors. +- Setting up macOS runners without `use_dedicated_host: true` or matching host placement → EC2 launch failures. - Incorrect cron syntax → scheduled warm pools don’t trigger. - Setting max runners beyond quotas → failures or throttling. - Missing units in k8s resource requests/limits → pod rejection. @@ -218,12 +297,13 @@ sec-plat-euw1-shared-sbg-cicd-forge ______________________________________________________________________ -## 4. Minimal Working `config.yaml` Example +## 4. Minimal Working `config.yml` Example ```yaml gh_config: ghes_url: '' ghes_org: cisco-sbg + repository_selection: selected github_webhook_relay: enabled: false destination_account_id: "" @@ -244,12 +324,22 @@ tenant: github_logs_reader_role_arns: - arn:aws:iam::123456789012:role/github_logs_reader +ec2_config: + enable_dynamic_labels: false + ec2_runner_specs: small: + type: small ami_name: forge-gh-runner-v* ami_owner: '123456789012' ami_kms_key_arn: '' + runner_os: linux + runner_architecture: x64 + runner_user: ubuntu max_instances: 10 + vpc_id: vpc-0abc1234def567890 + subnet_ids: + - subnet-0abc1234def567890 instance_types: - t3.small - t3.medium @@ -257,6 +347,12 @@ ec2_runner_specs: - size: 2 schedule_expression: "cron(*/10 8 * * ? *)" schedule_expression_timezone: "America/Los_Angeles" + volume: + size: 200 + device_name: /dev/sda1 + iops: 3000 + throughput: 125 + type: gp3 arc_runner_specs: dependabot: @@ -273,6 +369,11 @@ arc_runner_specs: container_requests_memory: 1Gi container_limits_cpu: '1' container_limits_memory: 2Gi + volume_requests_storage_type: gp2 + volume_requests_storage_size: 10Gi + +arc_cluster_name: forge-arc-cluster +migrate_arc_cluster: false ``` ______________________________________________________________________ diff --git a/examples/deployments/forge-tenant/terragrunt/_global_settings/tenant.hcl b/examples/deployments/forge-tenant/terragrunt/_global_settings/tenant.hcl index 9c76410e..ec6a1cd1 100644 --- a/examples/deployments/forge-tenant/terragrunt/_global_settings/tenant.hcl +++ b/examples/deployments/forge-tenant/terragrunt/_global_settings/tenant.hcl @@ -58,6 +58,7 @@ inputs = { lambda_vpc_id = local.config.locals.lambda_vpc_id subnet_ids = local.config.locals.subnet_ids vpc_id = local.config.locals.vpc_id + ec2_config = local.config.ec2_config.enable_dynamic_labels runner_specs = local.config.locals.ec2_runner_specs } diff --git a/examples/deployments/forge-tenant/terragrunt/environments/prod/regions/eu-west-1/vpcs/sl/tenants/acme/config.yml b/examples/deployments/forge-tenant/terragrunt/environments/prod/regions/eu-west-1/vpcs/sl/tenants/acme/config.yml index a3063a65..350214de 100644 --- a/examples/deployments/forge-tenant/terragrunt/environments/prod/regions/eu-west-1/vpcs/sl/tenants/acme/config.yml +++ b/examples/deployments/forge-tenant/terragrunt/environments/prod/regions/eu-west-1/vpcs/sl/tenants/acme/config.yml @@ -17,6 +17,8 @@ tenant: - 123456789012.dkr.ecr.eu-west-1.amazonaws.com github_logs_reader_role_arns: - arn:aws:iam::123456789012:role/github_logs_reader +ec2_config: + enable_dynamic_labels: true ec2_runner_specs: small: type: small diff --git a/examples/deployments/forge-tenant/terragrunt/environments/prod/regions/eu-west-1/vpcs/sl/tenants/acme/runner_settings.hcl b/examples/deployments/forge-tenant/terragrunt/environments/prod/regions/eu-west-1/vpcs/sl/tenants/acme/runner_settings.hcl index 42b0e12c..0977416e 100644 --- a/examples/deployments/forge-tenant/terragrunt/environments/prod/regions/eu-west-1/vpcs/sl/tenants/acme/runner_settings.hcl +++ b/examples/deployments/forge-tenant/terragrunt/environments/prod/regions/eu-west-1/vpcs/sl/tenants/acme/runner_settings.hcl @@ -60,6 +60,8 @@ locals { } } + ec2_config = local.config.ec2_config + ec2_runner_specs = { for size, spec in local.config.ec2_runner_specs : size => { diff --git a/examples/templates/tenant/_global_settings/tenant.hcl b/examples/templates/tenant/_global_settings/tenant.hcl index eeb4e5df..521395e5 100644 --- a/examples/templates/tenant/_global_settings/tenant.hcl +++ b/examples/templates/tenant/_global_settings/tenant.hcl @@ -55,11 +55,12 @@ inputs = { # Runners (EC2/ARC) ec2_deployment_specs = { - lambda_subnet_ids = local.config.locals.lambda_subnet_ids - lambda_vpc_id = local.config.locals.lambda_vpc_id - subnet_ids = local.config.locals.subnet_ids - vpc_id = local.config.locals.vpc_id - runner_specs = local.config.locals.ec2_runner_specs + lambda_subnet_ids = local.config.locals.lambda_subnet_ids + lambda_vpc_id = local.config.locals.lambda_vpc_id + subnet_ids = local.config.locals.subnet_ids + vpc_id = local.config.locals.vpc_id + enable_dynamic_labels = local.config.locals.ec2_config.enable_dynamic_labels + runner_specs = local.config.locals.ec2_runner_specs } arc_deployment_specs = { diff --git a/examples/templates/tenant/tenant/config.yml b/examples/templates/tenant/tenant/config.yml index ac8b8b6f..c3bab8a2 100644 --- a/examples/templates/tenant/tenant/config.yml +++ b/examples/templates/tenant/tenant/config.yml @@ -21,6 +21,8 @@ tenant: - .dkr.ecr..amazonaws.com github_logs_reader_role_arns: - arn:aws:iam:::role/ +ec2_config: + enable_dynamic_labels: ec2_runner_specs: : type: diff --git a/examples/templates/tenant/tenant/runner_settings.hcl b/examples/templates/tenant/tenant/runner_settings.hcl index 42b0e12c..0977416e 100644 --- a/examples/templates/tenant/tenant/runner_settings.hcl +++ b/examples/templates/tenant/tenant/runner_settings.hcl @@ -60,6 +60,8 @@ locals { } } + ec2_config = local.config.ec2_config + ec2_runner_specs = { for size, spec in local.config.ec2_runner_specs : size => { diff --git a/modules/core/arc/README.md b/modules/core/arc/README.md index 034244cc..edb9f315 100644 --- a/modules/core/arc/README.md +++ b/modules/core/arc/README.md @@ -2,9 +2,9 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | | [external](#requirement\_external) | >= 2.3 | | [helm](#requirement\_helm) | >= 3.0.0 | | [kubernetes](#requirement\_kubernetes) | >= 3.0 | @@ -13,23 +13,23 @@ ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | -| [external](#provider\_external) | 2.3.5 | -| [kubernetes](#provider\_kubernetes) | 3.0.1 | -| [null](#provider\_null) | 3.2.4 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | +| [external](#provider\_external) | 2.4.0 | +| [kubernetes](#provider\_kubernetes) | 3.2.0 | +| [null](#provider\_null) | 3.3.0 | ## Modules | Name | Source | Version | -|------|--------|---------| +| ---- | ------ | ------- | | [controller](#module\_controller) | ./scale_set_controller | n/a | | [scale\_sets](#module\_scale\_sets) | ./scale_set | n/a | ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [kubernetes_manifest.storage_class](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource | | [null_resource.apply_ec2_node_class](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [null_resource.apply_node_pool](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | @@ -43,7 +43,7 @@ ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes | | [aws\_region](#input\_aws\_region) | Assuming single region for now. | `string` | n/a | yes | | [controller\_config](#input\_controller\_config) | controller\_config = {
release\_name: "Name of the Helm release."
namespace: "Namespace for chart installation."
chart\_name: "Chart name for the Helm chart."
chart\_version: "Chart version for the Helm chart."
name: "Name of the controller."
} | 
object({
    release_name  = string
    namespace     = string
    chart_name    = string
    chart_version = string
    name          = string
  })
| n/a | yes | @@ -59,7 +59,7 @@ ## Outputs | Name | Description | -|------|-------------| +| ---- | ----------- | | [runners\_map](#output\_runners\_map) | n/a | | [subnet\_cidr\_blocks](#output\_subnet\_cidr\_blocks) | n/a | diff --git a/modules/core/arc/scale_set/README.md b/modules/core/arc/scale_set/README.md index 230100f6..2c3ff26e 100644 --- a/modules/core/arc/scale_set/README.md +++ b/modules/core/arc/scale_set/README.md @@ -2,19 +2,19 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | | [helm](#requirement\_helm) | >= 3.0.0 | | [kubernetes](#requirement\_kubernetes) | >= 3.0 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | -| [helm](#provider\_helm) | 3.1.1 | -| [kubernetes](#provider\_kubernetes) | 3.0.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | +| [helm](#provider\_helm) | 3.2.0 | +| [kubernetes](#provider\_kubernetes) | 3.2.0 | ## Modules @@ -23,7 +23,7 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_eks_pod_identity_association.eks_pod_identity](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_pod_identity_association) | resource | | [aws_iam_role.runner_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role_policy_attachment.runner_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | @@ -38,7 +38,7 @@ No modules. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [chart\_name](#input\_chart\_name) | Chart URL for the Helm chart | `string` | n/a | yes | | [chart\_version](#input\_chart\_version) | Chart version for the Helm chart | `string` | n/a | yes | | [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster. | `string` | n/a | yes | @@ -71,6 +71,6 @@ No modules. ## Outputs | Name | Description | -|------|-------------| +| ---- | ----------- | | [runner\_role\_arn](#output\_runner\_role\_arn) | n/a | diff --git a/modules/core/arc/scale_set_controller/README.md b/modules/core/arc/scale_set_controller/README.md index a96426d8..3b142fff 100644 --- a/modules/core/arc/scale_set_controller/README.md +++ b/modules/core/arc/scale_set_controller/README.md @@ -2,18 +2,18 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | | [helm](#requirement\_helm) | >= 3.0.0 | | [kubernetes](#requirement\_kubernetes) | >= 3.0 | ## Providers | Name | Version | -|------|---------| -| [helm](#provider\_helm) | 3.1.1 | -| [kubernetes](#provider\_kubernetes) | 3.0.1 | +| ---- | ------- | +| [helm](#provider\_helm) | 3.2.0 | +| [kubernetes](#provider\_kubernetes) | 3.2.0 | ## Modules @@ -22,7 +22,7 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [helm_release.gha_runner_scale_set_controller](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [kubernetes_namespace_v1.controller_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource | | [kubernetes_secret_v1.github_app](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource | @@ -30,7 +30,7 @@ No modules. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [chart\_name](#input\_chart\_name) | Chart URL for the Helm chart | `string` | n/a | yes | | [chart\_version](#input\_chart\_version) | Chart version for the Helm chart | `string` | n/a | yes | | [controller\_config](#input\_controller\_config) | n/a | 
object({
    name = string
  })
| n/a | yes | diff --git a/modules/infra/ami_policy/README.md b/modules/infra/ami_policy/README.md index 4f5d5121..6b883c3b 100644 --- a/modules/infra/ami_policy/README.md +++ b/modules/infra/ami_policy/README.md @@ -2,15 +2,15 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | ## Modules @@ -19,7 +19,7 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_dlm_lifecycle_policy.dlm_lifecycle](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dlm_lifecycle_policy) | resource | | [aws_ebs_encryption_by_default.gpol_encrypt_ebs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_encryption_by_default) | resource | | [aws_iam_role.dlm_lifecycle_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | @@ -28,7 +28,7 @@ No modules. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes | | [aws\_region](#input\_aws\_region) | Assuming single region for now. | `string` | n/a | yes | | [default\_tags](#input\_default\_tags) | A map of tags to apply to resources. | `map(string)` | n/a | yes | diff --git a/modules/infra/ami_sharing/README.md b/modules/infra/ami_sharing/README.md index 654c0716..d37c25d4 100644 --- a/modules/infra/ami_sharing/README.md +++ b/modules/infra/ami_sharing/README.md @@ -2,15 +2,15 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | ## Modules @@ -19,14 +19,14 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_ami_launch_permission.share_amis](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ami_launch_permission) | resource | | [aws_ami.selected](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source | ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [account\_ids](#input\_account\_ids) | List of AWS accounts to share AMIs with | `list(string)` | n/a | yes | | [ami\_name\_filters](#input\_ami\_name\_filters) | AMI name filter to use to find AMIs to share | `list(string)` | n/a | yes | | [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes | diff --git a/modules/infra/cloud_custodian/README.md b/modules/infra/cloud_custodian/README.md index 83dc2c7f..fd3ebed0 100644 --- a/modules/infra/cloud_custodian/README.md +++ b/modules/infra/cloud_custodian/README.md @@ -2,15 +2,15 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | ## Modules @@ -19,7 +19,7 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_iam_policy.cloud_custodian_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_role.cloud_custodian](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role_policy_attachment.attach_cloud_custodian_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | @@ -29,7 +29,7 @@ No modules. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes | | [aws\_region](#input\_aws\_region) | Assuming single region for now. | `string` | n/a | yes | | [default\_tags](#input\_default\_tags) | A map of tags to apply to resources. | `map(string)` | n/a | yes | diff --git a/modules/infra/cloud_formation/README.md b/modules/infra/cloud_formation/README.md index da244f51..2503bf57 100644 --- a/modules/infra/cloud_formation/README.md +++ b/modules/infra/cloud_formation/README.md @@ -2,15 +2,15 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | ## Modules @@ -19,7 +19,7 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_iam_role.cloudformation_admin_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role.cloudformation_execution_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role_policy.admin_assume_execution_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | @@ -33,7 +33,7 @@ No modules. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes | | [aws\_region](#input\_aws\_region) | Default AWS region. | `string` | n/a | yes | | [default\_tags](#input\_default\_tags) | A map of tags to apply to resources. | `map(string)` | n/a | yes | diff --git a/modules/infra/ecr/README.md b/modules/infra/ecr/README.md index 1f7dd802..847a20ee 100644 --- a/modules/infra/ecr/README.md +++ b/modules/infra/ecr/README.md @@ -2,15 +2,15 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | ## Modules @@ -19,14 +19,14 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_ecr_lifecycle_policy.ops_cleanup_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_lifecycle_policy) | resource | | [aws_ecr_repository.ops_container_repository](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository) | resource | ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes | | [aws\_region](#input\_aws\_region) | Default AWS region. | `string` | n/a | yes | | [default\_tags](#input\_default\_tags) | A map of tags to apply to resources. | `map(string)` | n/a | yes | @@ -36,6 +36,6 @@ No modules. ## Outputs | Name | Description | -|------|-------------| +| ---- | ----------- | | [ops\_container\_repository\_names](#output\_ops\_container\_repository\_names) | n/a | diff --git a/modules/infra/eks/README.md b/modules/infra/eks/README.md index 7b823d05..27f41c83 100644 --- a/modules/infra/eks/README.md +++ b/modules/infra/eks/README.md @@ -2,9 +2,9 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | | [external](#requirement\_external) | >= 2.3 | | [helm](#requirement\_helm) | >= 3.0.0 | | [kubectl](#requirement\_kubectl) | >= 1.19.0 | @@ -15,15 +15,15 @@ ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | -| [external](#provider\_external) | 2.3.5 | -| [null](#provider\_null) | 3.2.4 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | +| [external](#provider\_external) | 2.4.0 | +| [null](#provider\_null) | 3.3.0 | ## Modules | Name | Source | Version | -|------|--------|---------| +| ---- | ------ | ------- | | [ebs\_csi\_irsa\_role](#module\_ebs\_csi\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts | 6.6.1 | | [eks](#module\_eks) | terraform-aws-modules/eks/aws | 21.23.0 | | [karpenter](#module\_karpenter) | terraform-aws-modules/eks/aws//modules/karpenter | 21.23.0 | @@ -32,7 +32,7 @@ ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_eks_addon.aws_ebs_csi_driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource | | [aws_eks_addon.coredns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource | | [aws_eks_addon.eks_pod_identity_agent](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) | resource | @@ -52,7 +52,7 @@ ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes | | [aws\_region](#input\_aws\_region) | Default AWS region. | `string` | n/a | yes | | [cluster\_admin\_role\_arn](#input\_cluster\_admin\_role\_arn) | Full ARN of IAM role for EKS cluster admin access. | `string` | `""` | no | @@ -73,7 +73,7 @@ ## Outputs | Name | Description | -|------|-------------| +| ---- | ----------- | | [aws\_region](#output\_aws\_region) | AWS region. | | [cluster\_endpoint](#output\_cluster\_endpoint) | Endpoint for EKS control plane. | | [cluster\_security\_group\_id](#output\_cluster\_security\_group\_id) | Security group ids attached to the cluster control plane. | diff --git a/modules/infra/opt_in_regions/README.md b/modules/infra/opt_in_regions/README.md index a0ccb3f1..144bd4d5 100644 --- a/modules/infra/opt_in_regions/README.md +++ b/modules/infra/opt_in_regions/README.md @@ -2,15 +2,15 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | ## Modules @@ -19,13 +19,13 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_account_region.enabled_regions](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/account_region) | resource | ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes | | [aws\_region](#input\_aws\_region) | Default AWS region. | `string` | n/a | yes | | [default\_tags](#input\_default\_tags) | A map of tags to apply to resources. | `map(string)` | n/a | yes | diff --git a/modules/infra/service_linked_roles/README.md b/modules/infra/service_linked_roles/README.md index 6da06a59..b59cf7e8 100644 --- a/modules/infra/service_linked_roles/README.md +++ b/modules/infra/service_linked_roles/README.md @@ -2,15 +2,15 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | ## Modules @@ -19,13 +19,13 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_iam_service_linked_role.spot](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_service_linked_role) | resource | ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes | | [aws\_region](#input\_aws\_region) | Default AWS region. | `string` | n/a | yes | | [default\_tags](#input\_default\_tags) | A map of tags to apply to resources. | `map(string)` | n/a | yes | diff --git a/modules/infra/storage/README.md b/modules/infra/storage/README.md index bd4f06fd..24f2876c 100644 --- a/modules/infra/storage/README.md +++ b/modules/infra/storage/README.md @@ -2,15 +2,15 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | ## Modules @@ -19,7 +19,7 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_s3_bucket.s3_long_term](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | | [aws_s3_bucket.s3_short_term](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | | [aws_s3_bucket_lifecycle_configuration.s3_short_term](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_lifecycle_configuration) | resource | @@ -36,7 +36,7 @@ No modules. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes | | [aws\_region](#input\_aws\_region) | Default AWS region. | `string` | n/a | yes | | [default\_tags](#input\_default\_tags) | A map of tags to apply to resources. | `map(string)` | n/a | yes | @@ -45,7 +45,7 @@ No modules. ## Outputs | Name | Description | -|------|-------------| +| ---- | ----------- | | [s3\_long\_term\_settings](#output\_s3\_long\_term\_settings) | Path to use for long-term storage of artifacts in S3. | | [s3\_short\_term\_settings](#output\_s3\_short\_term\_settings) | Path to use for short-term storage of artifacts in S3. | diff --git a/modules/integrations/github_webhook_relay_destination/README.md b/modules/integrations/github_webhook_relay_destination/README.md index c4ba6421..f7983a43 100644 --- a/modules/integrations/github_webhook_relay_destination/README.md +++ b/modules/integrations/github_webhook_relay_destination/README.md @@ -39,17 +39,17 @@ graph TD ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | | [external](#requirement\_external) | >= 2.3 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | -| [external](#provider\_external) | 2.3.5 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | +| [external](#provider\_external) | 2.4.0 | ## Modules @@ -58,7 +58,7 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_cloudwatch_event_bus.destination](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_bus) | resource | | [aws_cloudwatch_event_bus_policy.allow_source](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_bus_policy) | resource | | [aws_cloudwatch_event_rule.receive](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource | @@ -73,7 +73,7 @@ No modules. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes | | [aws\_region](#input\_aws\_region) | AWS region to use. | `string` | n/a | yes | | [default\_tags](#input\_default\_tags) | n/a | `map(string)` | n/a | yes | @@ -84,7 +84,7 @@ No modules. ## Outputs | Name | Description | -|------|-------------| +| ---- | ----------- | | [role\_arn](#output\_role\_arn) | Local role ARN. | | [webhook](#output\_webhook) | Webhook relay and secret fetched from source account. | diff --git a/modules/integrations/github_webhook_relay_destination_receivers/README.md b/modules/integrations/github_webhook_relay_destination_receivers/README.md index 50390365..c3c59bd2 100644 --- a/modules/integrations/github_webhook_relay_destination_receivers/README.md +++ b/modules/integrations/github_webhook_relay_destination_receivers/README.md @@ -2,33 +2,33 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | ## Modules | Name | Source | Version | -|------|--------|---------| +| ---- | ------ | ------- | | [webex\_webhook\_relay](#module\_webex\_webhook\_relay) | ./webex_webhook_relay | n/a | | [webhook\_relay\_destination](#module\_webhook\_relay\_destination) | ../github_webhook_relay_destination | n/a | ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes | | [aws\_region](#input\_aws\_region) | Default AWS region. | `string` | n/a | yes | | [default\_tags](#input\_default\_tags) | A map of tags to apply to resources. | `map(string)` | n/a | yes | @@ -42,7 +42,7 @@ ## Outputs | Name | Description | -|------|-------------| +| ---- | ----------- | | [role\_arn](#output\_role\_arn) | Local role ARN. | | [webhook](#output\_webhook) | Webhook relay and secret fetched from source account. | diff --git a/modules/integrations/github_webhook_relay_destination_receivers/webex_webhook_relay/README.md b/modules/integrations/github_webhook_relay_destination_receivers/webex_webhook_relay/README.md index a6bd42aa..3b16cd53 100644 --- a/modules/integrations/github_webhook_relay_destination_receivers/webex_webhook_relay/README.md +++ b/modules/integrations/github_webhook_relay_destination_receivers/webex_webhook_relay/README.md @@ -46,28 +46,28 @@ Both `token` and `room_id` keys are required. The function will prepend `Bearer ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | | [time](#requirement\_time) | >= 0.13.1 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | -| [time](#provider\_time) | 0.13.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | +| [time](#provider\_time) | 0.14.0 | ## Modules | Name | Source | Version | -|------|--------|---------| +| ---- | ------ | ------- | | [webex](#module\_webex) | terraform-aws-modules/lambda/aws | 8.8.0 | ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_cloudwatch_log_group.webex](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | | [aws_kms_alias.webex_alias](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource | | [aws_kms_key.webex](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource | @@ -80,7 +80,7 @@ Both `token` and `room_id` keys are required. The function will prepend `Bearer ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [aws\_region](#input\_aws\_region) | Default AWS region. | `string` | n/a | yes | | [default\_tags](#input\_default\_tags) | A map of tags to apply to resources. | `map(string)` | n/a | yes | | [log\_level](#input\_log\_level) | Log level for application logging (e.g., INFO, DEBUG, WARN, ERROR) | `string` | `"INFO"` | no | @@ -90,6 +90,6 @@ Both `token` and `room_id` keys are required. The function will prepend `Bearer ## Outputs | Name | Description | -|------|-------------| +| ---- | ----------- | | [lambda\_function\_arn](#output\_lambda\_function\_arn) | n/a | diff --git a/modules/integrations/github_webhook_relay_source/README.md b/modules/integrations/github_webhook_relay_source/README.md index 7fd8091f..e03ecea2 100644 --- a/modules/integrations/github_webhook_relay_source/README.md +++ b/modules/integrations/github_webhook_relay_source/README.md @@ -58,26 +58,26 @@ curl -X POST "$(terraform output -raw webhook_endpoint)/webhook" \ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | ## Modules | Name | Source | Version | -|------|--------|---------| +| ---- | ------ | ------- | | [validate\_signature\_lambda](#module\_validate\_signature\_lambda) | terraform-aws-modules/lambda/aws | 8.8.0 | ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_apigatewayv2_api.webhook](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_api) | resource | | [aws_apigatewayv2_integration.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_integration) | resource | | [aws_apigatewayv2_route.post_hook](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_route) | resource | @@ -105,7 +105,7 @@ curl -X POST "$(terraform output -raw webhook_endpoint)/webhook" \ ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [destination\_account\_id](#input\_destination\_account\_id) | Destination (receiver) AWS account ID | `string` | n/a | yes | | [destination\_event\_bus\_name](#input\_destination\_event\_bus\_name) | Destination bus name in destination account | `string` | n/a | yes | | [destination\_region](#input\_destination\_region) | Destination region (omit for same as source) | `string` | `null` | no | @@ -120,7 +120,7 @@ curl -X POST "$(terraform output -raw webhook_endpoint)/webhook" \ ## Outputs | Name | Description | -|------|-------------| +| ---- | ----------- | | [event\_source](#output\_event\_source) | EventBridge source field value | | [source\_event\_bus\_arn](#output\_source\_event\_bus\_arn) | Source bus ARN | | [source\_event\_bus\_name](#output\_source\_event\_bus\_name) | Source bus name | diff --git a/modules/integrations/splunk_aws_billing/README.md b/modules/integrations/splunk_aws_billing/README.md index 99aec70c..7143ad49 100644 --- a/modules/integrations/splunk_aws_billing/README.md +++ b/modules/integrations/splunk_aws_billing/README.md @@ -2,10 +2,10 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | | [archive](#requirement\_archive) | >= 2.7.0 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | | [external](#requirement\_external) | >= 2.3 | | [null](#requirement\_null) | >= 3.2 | | [random](#requirement\_random) | >= 3.6 | @@ -13,13 +13,13 @@ ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | ## Modules | Name | Source | Version | -|------|--------|---------| +| ---- | ------ | ------- | | [cur\_per\_resource](#module\_cur\_per\_resource) | terraform-aws-modules/lambda/aws | 8.8.0 | | [cur\_per\_resource\_process](#module\_cur\_per\_resource\_process) | terraform-aws-modules/lambda/aws | 8.8.0 | | [cur\_per\_service](#module\_cur\_per\_service) | terraform-aws-modules/lambda/aws | 8.8.0 | @@ -27,7 +27,7 @@ ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_bcmdataexports_export.cur_per_resource](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/bcmdataexports_export) | resource | | [aws_bcmdataexports_export.cur_per_service](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/bcmdataexports_export) | resource | | [aws_cloudwatch_log_group.cur_per_resource](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | @@ -53,7 +53,7 @@ ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes | | [aws\_region](#input\_aws\_region) | Default AWS region. | `string` | n/a | yes | | [default\_tags](#input\_default\_tags) | A map of tags to apply to resources. | `map(string)` | n/a | yes | diff --git a/modules/integrations/splunk_cloud_conf_shared/README.md b/modules/integrations/splunk_cloud_conf_shared/README.md index e54d6d7a..ac125719 100644 --- a/modules/integrations/splunk_cloud_conf_shared/README.md +++ b/modules/integrations/splunk_cloud_conf_shared/README.md @@ -11,7 +11,7 @@ | Name | Version | | ---- | ------- | -| [aws](#provider\_aws) | 6.47.0 | +| [aws](#provider\_aws) | 6.49.0 | | [splunk](#provider\_splunk) | 1.5.1 | ## Modules diff --git a/modules/integrations/splunk_cloud_data_manager_common/README.md b/modules/integrations/splunk_cloud_data_manager_common/README.md index 78899e79..802fc933 100644 --- a/modules/integrations/splunk_cloud_data_manager_common/README.md +++ b/modules/integrations/splunk_cloud_data_manager_common/README.md @@ -2,17 +2,17 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | | [external](#requirement\_external) | >= 2.3 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | -| [external](#provider\_external) | 2.3.5 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | +| [external](#provider\_external) | 2.4.0 | ## Modules @@ -21,7 +21,7 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_iam_role.splunk_dm_read_only](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role_policy.splunk_dm_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | @@ -34,7 +34,7 @@ No modules. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes | | [aws\_region](#input\_aws\_region) | Default AWS region. | `string` | n/a | yes | | [default\_tags](#input\_default\_tags) | A map of tags to apply to resources. | `map(string)` | n/a | yes | diff --git a/modules/integrations/splunk_cloud_s3_runner_logs/README.md b/modules/integrations/splunk_cloud_s3_runner_logs/README.md index 05add256..88adac9e 100644 --- a/modules/integrations/splunk_cloud_s3_runner_logs/README.md +++ b/modules/integrations/splunk_cloud_s3_runner_logs/README.md @@ -2,28 +2,28 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | | [external](#requirement\_external) | >= 2.3 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | -| [external](#provider\_external) | 2.3.5 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | +| [external](#provider\_external) | 2.4.0 | ## Modules | Name | Source | Version | -|------|--------|---------| +| ---- | ------ | ------- | | [splunk\_s3\_runner\_logs\_lambda](#module\_splunk\_s3\_runner\_logs\_lambda) | terraform-aws-modules/lambda/aws | 8.8.0 | ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_cloudwatch_log_group.firehose_splunk](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | | [aws_cloudwatch_log_group.splunk_s3_runner_logs_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | | [aws_iam_policy.firehose_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | @@ -54,7 +54,7 @@ ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes | | [aws\_region](#input\_aws\_region) | Default AWS region. | `string` | n/a | yes | | [default\_tags](#input\_default\_tags) | A map of tags to apply to resources. | `map(string)` | n/a | yes | diff --git a/modules/integrations/splunk_o11y_aws_integration/README.md b/modules/integrations/splunk_o11y_aws_integration/README.md index 662d0e95..9da25cb0 100644 --- a/modules/integrations/splunk_o11y_aws_integration/README.md +++ b/modules/integrations/splunk_o11y_aws_integration/README.md @@ -2,15 +2,15 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | ## Modules @@ -19,7 +19,7 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_cloudformation_stack.splunk_integration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack) | resource | | [aws_secretsmanager_secret.secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/secretsmanager_secret) | data source | | [aws_secretsmanager_secret_version.secrets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/secretsmanager_secret_version) | data source | @@ -27,7 +27,7 @@ No modules. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes | | [aws\_region](#input\_aws\_region) | Default AWS region. | `string` | n/a | yes | | [default\_tags](#input\_default\_tags) | A map of tags to apply to resources. | `map(string)` | n/a | yes | diff --git a/modules/integrations/splunk_o11y_aws_integration_common/README.md b/modules/integrations/splunk_o11y_aws_integration_common/README.md index e10c1bf8..3cb21a26 100644 --- a/modules/integrations/splunk_o11y_aws_integration_common/README.md +++ b/modules/integrations/splunk_o11y_aws_integration_common/README.md @@ -2,19 +2,19 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | | [signalfx](#requirement\_signalfx) | < 10.0.0 | | [time](#requirement\_time) | >= 0.13 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | -| [signalfx](#provider\_signalfx) | 9.25.1 | -| [time](#provider\_time) | 0.13.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | +| [signalfx](#provider\_signalfx) | 9.30.1 | +| [time](#provider\_time) | 0.14.0 | ## Modules @@ -23,7 +23,7 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_iam_role.splunk_integration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role_policy.splunk_integration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | | [aws_iam_role_policy.splunk_managed_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | @@ -40,7 +40,7 @@ No modules. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes | | [aws\_region](#input\_aws\_region) | Default AWS region. | `string` | n/a | yes | | [default\_tags](#input\_default\_tags) | A map of tags to apply to resources. | `map(string)` | n/a | yes | @@ -53,6 +53,6 @@ No modules. ## Outputs | Name | Description | -|------|-------------| +| ---- | ----------- | | [iam\_role\_splunk\_integration](#output\_iam\_role\_splunk\_integration) | n/a | diff --git a/modules/integrations/splunk_o11y_conf_shared/README.md b/modules/integrations/splunk_o11y_conf_shared/README.md index 509d72d9..e1b8a8bc 100644 --- a/modules/integrations/splunk_o11y_conf_shared/README.md +++ b/modules/integrations/splunk_o11y_conf_shared/README.md @@ -11,8 +11,8 @@ | Name | Version | | ---- | ------- | -| [aws](#provider\_aws) | 6.47.0 | -| [signalfx](#provider\_signalfx) | 9.29.0 | +| [aws](#provider\_aws) | 6.49.0 | +| [signalfx](#provider\_signalfx) | 9.30.1 | ## Modules diff --git a/modules/integrations/splunk_o11y_conf_shared/dashboards/billing/README.md b/modules/integrations/splunk_o11y_conf_shared/dashboards/billing/README.md index 1b9696a5..f201e6ed 100644 --- a/modules/integrations/splunk_o11y_conf_shared/dashboards/billing/README.md +++ b/modules/integrations/splunk_o11y_conf_shared/dashboards/billing/README.md @@ -2,15 +2,15 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | | [signalfx](#requirement\_signalfx) | < 10.0.0 | ## Providers | Name | Version | -|------|---------| -| [signalfx](#provider\_signalfx) | 9.25.1 | +| ---- | ------- | +| [signalfx](#provider\_signalfx) | 9.30.1 | ## Modules @@ -19,7 +19,7 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [signalfx_dashboard.billing](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/dashboard) | resource | | [signalfx_time_chart.cost_per_service](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/time_chart) | resource | | [signalfx_time_chart.cost_per_tenant](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/time_chart) | resource | @@ -31,7 +31,7 @@ No modules. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [dashboard\_group](#input\_dashboard\_group) | Dashboard group name for organizing dashboards. | `string` | n/a | yes | | [dynamic\_variables](#input\_dynamic\_variables) | Additional dynamic variable definitions for the dashboard. | 
list(object({
    property               = string
    alias                  = string
    description            = string
    values                 = list(string)
    value_required         = bool
    values_suggested       = list(string)
    restricted_suggestions = bool
  }))
| `[]` | no | | [tenant\_names](#input\_tenant\_names) | List of tenant names used for the dashboard. | `list(string)` | n/a | yes | diff --git a/modules/integrations/splunk_o11y_conf_shared/dashboards/dynamodb/README.md b/modules/integrations/splunk_o11y_conf_shared/dashboards/dynamodb/README.md index 09ad4894..4d9bc491 100644 --- a/modules/integrations/splunk_o11y_conf_shared/dashboards/dynamodb/README.md +++ b/modules/integrations/splunk_o11y_conf_shared/dashboards/dynamodb/README.md @@ -2,15 +2,15 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | | [signalfx](#requirement\_signalfx) | < 10.0.0 | ## Providers | Name | Version | -|------|---------| -| [signalfx](#provider\_signalfx) | 9.25.1 | +| ---- | ------- | +| [signalfx](#provider\_signalfx) | 9.30.1 | ## Modules @@ -19,7 +19,7 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [signalfx_dashboard.dynamodb](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/dashboard) | resource | | [signalfx_single_value_chart.avg_request_latency_single](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/single_value_chart) | resource | | [signalfx_single_value_chart.system_errors_single](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/single_value_chart) | resource | @@ -38,7 +38,7 @@ No modules. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [dashboard\_group](#input\_dashboard\_group) | Dashboard group name for organizing dashboards. | `string` | n/a | yes | | [dynamic\_variables](#input\_dynamic\_variables) | Additional dynamic variable definitions for the dashboard. | 
list(object({
    property               = string
    alias                  = string
    description            = string
    values                 = list(string)
    value_required         = bool
    values_suggested       = list(string)
    restricted_suggestions = bool
  }))
| `[]` | no | | [tenant\_names](#input\_tenant\_names) | List of tenant names used for the dashboard. | `list(string)` | n/a | yes | diff --git a/modules/integrations/splunk_o11y_conf_shared/dashboards/ebs/README.md b/modules/integrations/splunk_o11y_conf_shared/dashboards/ebs/README.md index 7ac85a61..26af2155 100644 --- a/modules/integrations/splunk_o11y_conf_shared/dashboards/ebs/README.md +++ b/modules/integrations/splunk_o11y_conf_shared/dashboards/ebs/README.md @@ -2,15 +2,15 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | | [signalfx](#requirement\_signalfx) | < 10.0.0 | ## Providers | Name | Version | -|------|---------| -| [signalfx](#provider\_signalfx) | 9.25.1 | +| ---- | ------- | +| [signalfx](#provider\_signalfx) | 9.30.1 | ## Modules @@ -19,7 +19,7 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [signalfx_dashboard.ebs](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/dashboard) | resource | | [signalfx_single_value_chart.state](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/single_value_chart) | resource | | [signalfx_time_chart.avg_queue_length](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/time_chart) | resource | @@ -40,7 +40,7 @@ No modules. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [dashboard\_group](#input\_dashboard\_group) | Dashboard group name for organizing dashboards. | `string` | n/a | yes | | [dynamic\_variables](#input\_dynamic\_variables) | Additional dynamic variable definitions for the dashboard. | 
list(object({
    property               = string
    alias                  = string
    description            = string
    values                 = list(string)
    value_required         = bool
    values_suggested       = list(string)
    restricted_suggestions = bool
  }))
| `[]` | no | | [tenant\_names](#input\_tenant\_names) | List of tenant names used for the dashboard. | `list(string)` | n/a | yes | diff --git a/modules/integrations/splunk_o11y_conf_shared/dashboards/lambda/README.md b/modules/integrations/splunk_o11y_conf_shared/dashboards/lambda/README.md index 20982d27..ae779d27 100644 --- a/modules/integrations/splunk_o11y_conf_shared/dashboards/lambda/README.md +++ b/modules/integrations/splunk_o11y_conf_shared/dashboards/lambda/README.md @@ -2,15 +2,15 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | | [signalfx](#requirement\_signalfx) | < 10.0.0 | ## Providers | Name | Version | -|------|---------| -| [signalfx](#provider\_signalfx) | 9.25.1 | +| ---- | ------- | +| [signalfx](#provider\_signalfx) | 9.30.1 | ## Modules @@ -19,7 +19,7 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [signalfx_dashboard.lambda](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/dashboard) | resource | | [signalfx_list_chart.avg_duration_by_version](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/list_chart) | resource | | [signalfx_list_chart.percent_invocations_by_version](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/list_chart) | resource | @@ -40,7 +40,7 @@ No modules. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [dashboard\_group](#input\_dashboard\_group) | Dashboard group name for organizing dashboards. | `string` | n/a | yes | | [dynamic\_variables](#input\_dynamic\_variables) | Additional dynamic variable definitions for the dashboard. | 
list(object({
    property               = string
    alias                  = string
    description            = string
    values                 = list(string)
    value_required         = bool
    values_suggested       = list(string)
    restricted_suggestions = bool
  }))
| `[]` | no | | [tenant\_names](#input\_tenant\_names) | List of tenant names used for the dashboard. | `list(string)` | n/a | yes | diff --git a/modules/integrations/splunk_o11y_conf_shared/dashboards/runner_ec2/README.md b/modules/integrations/splunk_o11y_conf_shared/dashboards/runner_ec2/README.md index bbb56528..0cb33689 100644 --- a/modules/integrations/splunk_o11y_conf_shared/dashboards/runner_ec2/README.md +++ b/modules/integrations/splunk_o11y_conf_shared/dashboards/runner_ec2/README.md @@ -2,15 +2,15 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | | [signalfx](#requirement\_signalfx) | < 10.0.0 | ## Providers | Name | Version | -|------|---------| -| [signalfx](#provider\_signalfx) | 9.25.1 | +| ---- | ------- | +| [signalfx](#provider\_signalfx) | 9.30.1 | ## Modules @@ -19,7 +19,7 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [signalfx_dashboard.runner_ec2](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/dashboard) | resource | | [signalfx_list_chart.chart_active_hosts_by_availability_zone](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/list_chart) | resource | | [signalfx_list_chart.chart_active_hosts_per_instance_type](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/list_chart) | resource | @@ -47,7 +47,7 @@ No modules. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [dashboard\_group](#input\_dashboard\_group) | Dashboard group name for organizing dashboards. | `string` | n/a | yes | | [dynamic\_variables](#input\_dynamic\_variables) | Additional dynamic variable definitions for the dashboard. | 
list(object({
    property               = string
    alias                  = string
    description            = string
    values                 = list(string)
    value_required         = bool
    values_suggested       = list(string)
    restricted_suggestions = bool
  }))
| `[]` | no | | [tenant\_names](#input\_tenant\_names) | List of tenant names used for the dashboard. | `list(string)` | n/a | yes | diff --git a/modules/integrations/splunk_o11y_conf_shared/dashboards/runner_k8s/README.md b/modules/integrations/splunk_o11y_conf_shared/dashboards/runner_k8s/README.md index 0dd4bf76..28d3f5b1 100644 --- a/modules/integrations/splunk_o11y_conf_shared/dashboards/runner_k8s/README.md +++ b/modules/integrations/splunk_o11y_conf_shared/dashboards/runner_k8s/README.md @@ -2,15 +2,15 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | | [signalfx](#requirement\_signalfx) | < 10.0.0 | ## Providers | Name | Version | -|------|---------| -| [signalfx](#provider\_signalfx) | 9.25.1 | +| ---- | ------- | +| [signalfx](#provider\_signalfx) | 9.30.1 | ## Modules @@ -19,7 +19,7 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [signalfx_dashboard.runner_k8s](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/dashboard) | resource | | [signalfx_list_chart.k8s_network_errors_per_sec](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/list_chart) | resource | | [signalfx_list_chart.k8s_pods_by_phase](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/list_chart) | resource | @@ -35,7 +35,7 @@ No modules. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [dashboard\_group](#input\_dashboard\_group) | Dashboard group name for organizing dashboards. | `string` | n/a | yes | | [dynamic\_variables](#input\_dynamic\_variables) | Additional dynamic variable definitions for the dashboard. | 
list(object({
    property               = string
    alias                  = string
    description            = string
    values                 = list(string)
    value_required         = bool
    values_suggested       = list(string)
    restricted_suggestions = bool
  }))
| `[]` | no | | [tenant\_names](#input\_tenant\_names) | List of tenant names used for the dashboard. | `list(string)` | n/a | yes | diff --git a/modules/integrations/splunk_o11y_conf_shared/dashboards/sqs/README.md b/modules/integrations/splunk_o11y_conf_shared/dashboards/sqs/README.md index 0ccf41e5..868a3699 100644 --- a/modules/integrations/splunk_o11y_conf_shared/dashboards/sqs/README.md +++ b/modules/integrations/splunk_o11y_conf_shared/dashboards/sqs/README.md @@ -2,15 +2,15 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | | [signalfx](#requirement\_signalfx) | < 10.0.0 | ## Providers | Name | Version | -|------|---------| -| [signalfx](#provider\_signalfx) | 9.25.1 | +| ---- | ------- | +| [signalfx](#provider\_signalfx) | 9.30.1 | ## Modules @@ -19,7 +19,7 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [signalfx_dashboard.sqs](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/dashboard) | resource | | [signalfx_list_chart.oldest_message_age](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/list_chart) | resource | | [signalfx_list_chart.top_queues_by_message_received](https://registry.terraform.io/providers/splunk-terraform/signalfx/latest/docs/resources/list_chart) | resource | @@ -34,7 +34,7 @@ No modules. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [dashboard\_group](#input\_dashboard\_group) | Dashboard group name for organizing dashboards. | `string` | n/a | yes | | [dynamic\_variables](#input\_dynamic\_variables) | Additional dynamic variable definitions for the dashboard. | 
list(object({
    property               = string
    alias                  = string
    description            = string
    values                 = list(string)
    value_required         = bool
    values_suggested       = list(string)
    restricted_suggestions = bool
  }))
| `[]` | no | | [tenant\_names](#input\_tenant\_names) | List of tenant names used for the dashboard. | `list(string)` | n/a | yes | diff --git a/modules/integrations/splunk_o11y_conf_shared/detectors/k8s/README.md b/modules/integrations/splunk_o11y_conf_shared/detectors/k8s/README.md index 138a47fd..21fd7c37 100644 --- a/modules/integrations/splunk_o11y_conf_shared/detectors/k8s/README.md +++ b/modules/integrations/splunk_o11y_conf_shared/detectors/k8s/README.md @@ -10,7 +10,7 @@ | Name | Version | | ---- | ------- | -| [signalfx](#provider\_signalfx) | < 10.0.0 | +| [signalfx](#provider\_signalfx) | 9.30.1 | ## Modules diff --git a/modules/integrations/splunk_otel_eks/README.md b/modules/integrations/splunk_otel_eks/README.md index b7c2ac02..2d037879 100644 --- a/modules/integrations/splunk_otel_eks/README.md +++ b/modules/integrations/splunk_otel_eks/README.md @@ -2,18 +2,18 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | | [helm](#requirement\_helm) | >= 3.0.0 | | [kubernetes](#requirement\_kubernetes) | >= 3.0 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | -| [helm](#provider\_helm) | 3.1.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | +| [helm](#provider\_helm) | 3.2.0 | ## Modules @@ -22,7 +22,7 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_eks_pod_identity_association.eks_pod_identity](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_pod_identity_association) | resource | | [aws_iam_policy.ec2_describe_instances](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_role.splunk_otel_ec2_describe](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | @@ -39,12 +39,12 @@ No modules. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes | | [aws\_region](#input\_aws\_region) | Default AWS region. | `string` | n/a | yes | | [cluster\_name](#input\_cluster\_name) | The name of the EKS cluster | `string` | n/a | yes | | [default\_tags](#input\_default\_tags) | A map of tags to apply to resources. | `map(string)` | n/a | yes | -| [splunk\_otel\_collector](#input\_splunk\_otel\_collector) | Configuration for the Splunk OpenTelemetry Collector | 
object({
    splunk_observability_realm     = string
    splunk_platform_endpoint       = string
    splunk_platform_index          = string
    gateway                        = bool
    splunk_observability_profiling = bool
    environment                    = string
    discovery                      = bool
  })
| n/a | yes | +| [splunk\_otel\_collector](#input\_splunk\_otel\_collector) | Configuration for the Splunk OpenTelemetry Collector | 
object({
    splunk_platform_endpoint        = string
    splunk_platform_index           = string
    gateway                         = bool
    environment                     = string
    discovery                       = bool
    splunk_observability_realm      = string
    splunk_observability_ingest_url = string
    splunk_observability_api_url    = string
    splunk_observability_profiling  = bool
  })
| n/a | yes | | [tags](#input\_tags) | A map of tags to apply to resources. | `map(string)` | n/a | yes | ## Outputs diff --git a/modules/integrations/teleport/README.md b/modules/integrations/teleport/README.md index 8ca03bb4..b59c1603 100644 --- a/modules/integrations/teleport/README.md +++ b/modules/integrations/teleport/README.md @@ -2,29 +2,29 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | | [helm](#requirement\_helm) | >= 3.0.0 | | [kubernetes](#requirement\_kubernetes) | >= 3.0 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | -| [kubernetes](#provider\_kubernetes) | 3.0.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | +| [kubernetes](#provider\_kubernetes) | 3.2.0 | ## Modules | Name | Source | Version | -|------|--------|---------| +| ---- | ------ | ------- | | [tenant](#module\_tenant) | ./tenant | n/a | ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_iam_policy.eks_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_role.teleport_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role_policy_attachment.attach_eks_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | @@ -38,7 +38,7 @@ ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes | | [aws\_region](#input\_aws\_region) | Assuming single region for now. | `string` | n/a | yes | | [default\_tags](#input\_default\_tags) | A map of tags to apply to resources. | `map(string)` | n/a | yes | @@ -49,7 +49,7 @@ ## Outputs | Name | Description | -|------|-------------| +| ---- | ----------- | | [teleport\_account\_id](#output\_teleport\_account\_id) | AWS account ID where Teleport role and resources are created. | | [teleport\_cluster\_name](#output\_teleport\_cluster\_name) | EKS cluster name used by the Teleport integration. | | [teleport\_role\_arn](#output\_teleport\_role\_arn) | ARN of the IAM role created for Teleport access to the EKS cluster. | diff --git a/modules/integrations/teleport/tenant/README.md b/modules/integrations/teleport/tenant/README.md index 89a70897..bed39f74 100644 --- a/modules/integrations/teleport/tenant/README.md +++ b/modules/integrations/teleport/tenant/README.md @@ -2,17 +2,17 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | | [helm](#requirement\_helm) | >= 3.0.0 | | [kubernetes](#requirement\_kubernetes) | >= 3.0 | ## Providers | Name | Version | -|------|---------| -| [kubernetes](#provider\_kubernetes) | 3.0.1 | +| ---- | ------- | +| [kubernetes](#provider\_kubernetes) | 3.2.0 | ## Modules @@ -21,7 +21,7 @@ No modules. ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [kubernetes_cluster_role_binding_v1.impersonate](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding_v1) | resource | | [kubernetes_cluster_role_v1.impersonate](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_v1) | resource | | [kubernetes_cluster_role_v1.pods](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_v1) | resource | @@ -30,7 +30,7 @@ No modules. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [namespace](#input\_namespace) | Namespace for chart installation | `string` | n/a | yes | ## Outputs diff --git a/modules/platform/arc_deployment/README.md b/modules/platform/arc_deployment/README.md index 599162ee..04066345 100644 --- a/modules/platform/arc_deployment/README.md +++ b/modules/platform/arc_deployment/README.md @@ -2,7 +2,7 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | ## Providers @@ -12,7 +12,7 @@ No providers. ## Modules | Name | Source | Version | -|------|--------|---------| +| ---- | ------ | ------- | | [arc](#module\_arc) | ../../core/arc | n/a | ## Resources @@ -22,7 +22,7 @@ No resources. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes | | [aws\_region](#input\_aws\_region) | Assuming single region for now. | `string` | n/a | yes | | [runner\_configs](#input\_runner\_configs) | n/a | 
object({
    prefix           = string
    arc_cluster_name = string
    ghes_url         = string
    ghes_org         = string
    github_app = object({
      key_base64      = string
      id              = string
      installation_id = string
    })
    migrate_arc_cluster                 = optional(bool, false)
    runner_iam_role_managed_policy_arns = list(string)
    runner_group_name                   = string
    runner_specs = map(object({
      runner_size = object({
        max_runners = number
        min_runners = number
      })
      scale_set_name               = string
      scale_set_type               = string
      scale_set_labels             = list(string)
      container_actions_runner     = string
      container_limits_cpu         = string
      container_limits_memory      = string
      volume_requests_storage_size = string
      volume_requests_storage_type = string
      container_requests_cpu       = string
      container_requests_memory    = string
    }))
  })
| n/a | yes | @@ -31,7 +31,7 @@ No resources. ## Outputs | Name | Description | -|------|-------------| +| ---- | ----------- | | [arc\_cluster\_name](#output\_arc\_cluster\_name) | Name of the Kubernetes cluster used for ARC runners. | | [arc\_runners\_arn\_map](#output\_arc\_runners\_arn\_map) | Map of ARC runner keys to their IAM role ARNs. | | [subnet\_cidr\_blocks](#output\_subnet\_cidr\_blocks) | Map of ARC runner subnet IDs to their CIDR blocks. | diff --git a/modules/platform/ec2_deployment/README.md b/modules/platform/ec2_deployment/README.md index 13165123..3355f369 100644 --- a/modules/platform/ec2_deployment/README.md +++ b/modules/platform/ec2_deployment/README.md @@ -2,31 +2,31 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | | [archive](#requirement\_archive) | >= 2.7.0 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | | [external](#requirement\_external) | >= 2.3 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | -| [external](#provider\_external) | 2.3.5 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | +| [external](#provider\_external) | 2.4.0 | ## Modules | Name | Source | Version | -|------|--------|---------| +| ---- | ------ | ------- | | [ec2\_update\_runner\_ssm\_ami](#module\_ec2\_update\_runner\_ssm\_ami) | ./ec2_update_runner_ssm_ami | n/a | | [ec2\_update\_runner\_tags](#module\_ec2\_update\_runner\_tags) | ./ec2_update_runner_tags | n/a | -| [runners](#module\_runners) | git::https://github.com/edersonbrilhante/terraform-aws-github-runner.git//modules/multi-runner | feat-macos-support | +| [runners](#module\_runners) | git::https://github.com/edersonbrilhante/terraform-aws-github-runner.git//modules/multi-runner | pre-7.7.0 | ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_iam_policy.ec2_tags](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_kms_alias.github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource | | [aws_kms_key.github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource | @@ -40,16 +40,16 @@ ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [aws\_region](#input\_aws\_region) | Assuming single region for now. | `string` | n/a | yes | | [network\_configs](#input\_network\_configs) | n/a | 
object({
    vpc_id            = string
    subnet_ids        = list(string)
    lambda_vpc_id     = string
    lambda_subnet_ids = list(string)
  })
| n/a | yes | -| [runner\_configs](#input\_runner\_configs) | n/a | 
object({
    env                       = string
    prefix                    = string
    ghes_url                  = string
    ghes_org                  = string
    log_level                 = string
    logging_retention_in_days = string
    github_app = object({
      key_base64     = string
      id             = string
      webhook_secret = string
    })
    runner_iam_role_managed_policy_arns = list(string)
    runner_group_name                   = string
    scale_errors                        = optional(list(string), [])
    runner_specs = map(object({
      ami_filter = object({
        name  = list(string)
        state = list(string)
      })
      ami_kms_key_arn     = string
      ami_owners          = list(string)
      runner_labels       = list(string)
      runner_os           = string
      runner_architecture = string
      extra_labels        = list(string)
      max_instances       = number
      min_run_time        = number
      instance_types      = list(string)
      license_specifications = optional(list(object({
        license_configuration_arn = string
      })), null)
      placement = optional(object({
        affinity                = optional(string)
        availability_zone       = optional(string)
        group_id                = optional(string)
        group_name              = optional(string)
        host_id                 = optional(string)
        host_resource_group_arn = optional(string)
        spread_domain           = optional(string)
        tenancy                 = optional(string)
        partition_number        = optional(number)
      }), null)
      pool_config = list(object({
        size                         = number
        schedule_expression          = string
        schedule_expression_timezone = string
      }))
      runner_user                   = string
      enable_userdata               = bool
      instance_target_capacity_type = string
      vpc_id                        = optional(string, null)
      subnet_ids                    = optional(list(string), null)
      block_device_mappings = list(object({
        delete_on_termination = bool
        device_name           = string
        encrypted             = bool
        iops                  = number
        kms_key_id            = string
        snapshot_id           = string
        throughput            = number
        volume_size           = number
        volume_type           = string
      }))
    }))
  })
| n/a | yes | +| [runner\_configs](#input\_runner\_configs) | n/a | 
object({
    env                       = string
    prefix                    = string
    ghes_url                  = string
    ghes_org                  = string
    log_level                 = string
    logging_retention_in_days = string
    github_app = object({
      key_base64     = string
      id             = string
      webhook_secret = string
    })
    runner_iam_role_managed_policy_arns = list(string)
    runner_group_name                   = string
    scale_errors                        = optional(list(string), [])
    enable_dynamic_labels               = optional(bool, false)
    runner_specs = map(object({
      ami_filter = object({
        name  = list(string)
        state = list(string)
      })
      ami_kms_key_arn     = string
      ami_owners          = list(string)
      runner_labels       = list(string)
      runner_os           = string
      runner_architecture = string
      extra_labels        = list(string)
      max_instances       = number
      min_run_time        = number
      instance_types      = list(string)
      license_specifications = optional(list(object({
        license_configuration_arn = string
      })), null)
      placement = optional(object({
        affinity                = optional(string)
        availability_zone       = optional(string)
        group_id                = optional(string)
        group_name              = optional(string)
        host_id                 = optional(string)
        host_resource_group_arn = optional(string)
        spread_domain           = optional(string)
        tenancy                 = optional(string)
        partition_number        = optional(number)
      }), null)
      use_dedicated_host = optional(bool, false)
      pool_config = list(object({
        size                         = number
        schedule_expression          = string
        schedule_expression_timezone = string
      }))
      runner_user                   = string
      enable_userdata               = bool
      instance_target_capacity_type = string
      vpc_id                        = optional(string, null)
      subnet_ids                    = optional(list(string), null)
      block_device_mappings = list(object({
        delete_on_termination = bool
        device_name           = string
        encrypted             = bool
        iops                  = number
        kms_key_id            = string
        snapshot_id           = string
        throughput            = number
        volume_size           = number
        volume_type           = string
      }))
    }))
  })
| n/a | yes | | [tenant\_configs](#input\_tenant\_configs) | n/a | 
object({
    ecr_registries = list(string)
    tags           = map(string)
  })
| n/a | yes | ## Outputs | Name | Description | -|------|-------------| +| ---- | ----------- | | [ec2\_runners\_ami\_name\_map](#output\_ec2\_runners\_ami\_name\_map) | Map of EC2 runner keys to the AMI names used for each runner. | | [ec2\_runners\_arn\_map](#output\_ec2\_runners\_arn\_map) | Map of EC2 runner keys to their IAM role ARNs. | | [event\_bus\_name](#output\_event\_bus\_name) | Name of the EventBridge event bus used by the webhook relay. | diff --git a/modules/platform/ec2_deployment/ec2_update_runner_ssm_ami/README.md b/modules/platform/ec2_deployment/ec2_update_runner_ssm_ami/README.md index 652ebd43..60d86a0c 100644 --- a/modules/platform/ec2_deployment/ec2_update_runner_ssm_ami/README.md +++ b/modules/platform/ec2_deployment/ec2_update_runner_ssm_ami/README.md @@ -2,26 +2,26 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | ## Modules | Name | Source | Version | -|------|--------|---------| +| ---- | ------ | ------- | | [ec2\_update\_runner\_ssm\_ami\_lambda](#module\_ec2\_update\_runner\_ssm\_ami\_lambda) | terraform-aws-modules/lambda/aws | 8.8.0 | ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_cloudwatch_event_rule.ec2_update_runner_ssm_ami_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource | | [aws_cloudwatch_event_target.ec2_update_runner_ssm_ami_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource | | [aws_cloudwatch_log_group.ec2_update_runner_ssm_ami_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | @@ -31,7 +31,7 @@ ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [log\_level](#input\_log\_level) | Log level for application logging (e.g., INFO, DEBUG, WARN, ERROR) | `string` | `"INFO"` | no | | [logging\_retention\_in\_days](#input\_logging\_retention\_in\_days) | Retention in days for CloudWatch Log Group for the Lambdas. | `number` | `30` | no | | [prefix](#input\_prefix) | Prefix for all resources | `string` | n/a | yes | diff --git a/modules/platform/ec2_deployment/ec2_update_runner_tags/README.md b/modules/platform/ec2_deployment/ec2_update_runner_tags/README.md index a3acf306..40c3d5bf 100644 --- a/modules/platform/ec2_deployment/ec2_update_runner_tags/README.md +++ b/modules/platform/ec2_deployment/ec2_update_runner_tags/README.md @@ -2,26 +2,26 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | ## Modules | Name | Source | Version | -|------|--------|---------| +| ---- | ------ | ------- | | [ec2\_update\_runner\_tags\_lambda](#module\_ec2\_update\_runner\_tags\_lambda) | terraform-aws-modules/lambda/aws | 8.8.0 | ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_cloudwatch_event_rule.ec2_update_runner_tags_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource | | [aws_cloudwatch_event_target.ec2_update_runner_tags_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource | | [aws_cloudwatch_log_group.ec2_update_runner_tags_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | @@ -31,7 +31,7 @@ ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [event\_bus](#input\_event\_bus) | The name of the EventBridge event bus to subscribe to. | `string` | n/a | yes | | [log\_level](#input\_log\_level) | Log level for application logging (e.g., INFO, DEBUG, WARN, ERROR) | `string` | `"INFO"` | no | | [logging\_retention\_in\_days](#input\_logging\_retention\_in\_days) | Retention in days for CloudWatch Log Group for the Lambdas. | `number` | `30` | no | diff --git a/modules/platform/ec2_deployment/main.tf b/modules/platform/ec2_deployment/main.tf index e8bfdc28..4d78453c 100644 --- a/modules/platform/ec2_deployment/main.tf +++ b/modules/platform/ec2_deployment/main.tf @@ -34,12 +34,12 @@ data "aws_subnet" "runner_subnet" { } data "external" "download_lambdas" { - program = ["bash", "${path.module}/scripts/download_lambdas.sh", "/tmp/${var.runner_configs.prefix}/", "v7.6.0"] + program = ["bash", "${path.module}/scripts/download_lambdas.sh", "/tmp/${var.runner_configs.prefix}/", "v7.7.0", "github-aws-runners/terraform-aws-github-runner"] } module "runners" { - source = "git::https://github.com/edersonbrilhante/terraform-aws-github-runner.git//modules/multi-runner?ref=feat-macos-support" + source = "git::https://github.com/github-aws-runners/terraform-aws-github-runner.git//modules/multi-runner?ref=v7.7.0" aws_region = var.aws_region @@ -62,6 +62,8 @@ module "runners" { tags = var.tenant_configs.tags parameter_store_tags = var.tenant_configs.tags + enable_dynamic_labels = var.runner_configs.enable_dynamic_labels + # Verbose logging. log_level = var.runner_configs.log_level @@ -134,6 +136,7 @@ module "runners" { block_device_mappings = val["block_device_mappings"] license_specifications = val["license_specifications"] placement = val["placement"] + use_dedicated_host = val["use_dedicated_host"] runner_log_files = concat( // Linux/macOS-only logs val["runner_os"] == "windows" ? [] : [ diff --git a/modules/platform/ec2_deployment/scripts/download_lambdas.sh b/modules/platform/ec2_deployment/scripts/download_lambdas.sh index 9591d2c6..cb65c173 100755 --- a/modules/platform/ec2_deployment/scripts/download_lambdas.sh +++ b/modules/platform/ec2_deployment/scripts/download_lambdas.sh @@ -1,13 +1,14 @@ #!/bin/bash set -x -if [ "$#" -lt 2 ]; then - echo "Usage: $0 " +if [ "$#" -lt 3 ]; then + echo "Usage: $0 " exit 1 fi DOWNLOAD_PATH="$1" VERSION="$2" +REPO="$3" if [ -n "$USE_CACHE" ] && [ -n "$CACHE_PATH" ] && [ -d "$CACHE_PATH" ]; then echo "USE_CACHE is set and $CACHE_PATH exists, skipping download." >&2 @@ -18,9 +19,9 @@ else mkdir -p "$DOWNLOAD_PATH" # Download files to the specified directory - wget --no-verbose -P "$DOWNLOAD_PATH" "https://github.com/github-aws-runners/terraform-aws-github-runner/releases/download/${VERSION}/runner-binaries-syncer.zip" - wget --no-verbose -P "$DOWNLOAD_PATH" "https://github.com/github-aws-runners/terraform-aws-github-runner/releases/download/${VERSION}/runners.zip" - wget --no-verbose -P "$DOWNLOAD_PATH" "https://github.com/github-aws-runners/terraform-aws-github-runner/releases/download/${VERSION}/webhook.zip" + wget --no-verbose -P "$DOWNLOAD_PATH" "https://github.com/${REPO}/releases/download/${VERSION}/runner-binaries-syncer.zip" + wget --no-verbose -P "$DOWNLOAD_PATH" "https://github.com/${REPO}/releases/download/${VERSION}/runners.zip" + wget --no-verbose -P "$DOWNLOAD_PATH" "https://github.com/${REPO}/releases/download/${VERSION}/webhook.zip" fi -echo -n "{\"version\":\"${VERSION}\",\"path\":\"${DOWNLOAD_PATH}\"}" +echo -n "{\"version\":\"${VERSION}\",\"path\":\"${DOWNLOAD_PATH}\",\"repo\":\"${REPO}\"}" diff --git a/modules/platform/ec2_deployment/variables.tf b/modules/platform/ec2_deployment/variables.tf index 3831e0f2..eb79d60a 100644 --- a/modules/platform/ec2_deployment/variables.tf +++ b/modules/platform/ec2_deployment/variables.tf @@ -19,6 +19,7 @@ variable "runner_configs" { runner_iam_role_managed_policy_arns = list(string) runner_group_name = string scale_errors = optional(list(string), []) + enable_dynamic_labels = optional(bool, false) runner_specs = map(object({ ami_filter = object({ name = list(string) @@ -47,6 +48,7 @@ variable "runner_configs" { tenancy = optional(string) partition_number = optional(number) }), null) + use_dedicated_host = optional(bool, false) pool_config = list(object({ size = number schedule_expression = string diff --git a/modules/platform/forge_runners/README.md b/modules/platform/forge_runners/README.md index fe8978f7..d0a13240 100644 --- a/modules/platform/forge_runners/README.md +++ b/modules/platform/forge_runners/README.md @@ -2,10 +2,10 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | | [archive](#requirement\_archive) | >= 2.7.0 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | | [external](#requirement\_external) | >= 2.3 | | [local](#requirement\_local) | >= 2.5 | | [null](#requirement\_null) | >= 3.2 | @@ -15,16 +15,16 @@ ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | -| [null](#provider\_null) | 3.2.4 | -| [random](#provider\_random) | 3.8.1 | -| [time](#provider\_time) | 0.13.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | +| [null](#provider\_null) | 3.3.0 | +| [random](#provider\_random) | 3.9.0 | +| [time](#provider\_time) | 0.14.0 | ## Modules | Name | Source | Version | -|------|--------|---------| +| ---- | ------ | ------- | | [arc\_runners](#module\_arc\_runners) | ../arc_deployment | n/a | | [ec2\_runners](#module\_ec2\_runners) | ../ec2_deployment | n/a | | [forge\_trust\_validator](#module\_forge\_trust\_validator) | ./forge_trust_validator | n/a | @@ -37,7 +37,7 @@ ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_iam_policy.ecr_access_for_ec2_instances](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_policy.role_assumption_for_forge_runners](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_servicecatalogappregistry_application.forge](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/servicecatalogappregistry_application) | resource | @@ -60,13 +60,13 @@ ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [arc\_deployment\_specs](#input\_arc\_deployment\_specs) | Deployment configuration for Azure Container Apps (ARC) runners.

Top-level fields:
- cluster\_name : Name of the EKS cluster used for ARC runners.
- migrate\_cluster: Optional flag to indicate a one-time migration or
blue/green cutover of the ARC runner cluster.
- runner\_specs : Map of ARC runner pool keys to their sizing and
container resource settings.

runner\_specs[*] object fields:
- runner\_size.max\_runners: Maximum concurrent ARC runners for this pool.
- runner\_size.min\_runners: Minimum number of warm runners.
- scale\_set\_name : Logical name for the scale set / pool.
- scale\_set\_type : Backing type for the scale set (for example,
kubernetes or containerapp, depending on integration).
- scale\_set\_labels : GitHub runner labels advertised by this ARC
scale set.
- container\_actions\_runner : Container image used for the ARC runner.
- container\_limits\_cpu : CPU limit for the runner container.
- container\_limits\_memory : Memory limit for the runner container.
- container\_requests\_cpu : CPU request (baseline reservation).
- container\_requests\_memory : Memory request (baseline reservation).
- volume\_requests\_storage\_size: Size of attached storage for the runner.
- volume\_requests\_storage\_type: Storage class or type for attached volume. | 
object({
    cluster_name    = string
    migrate_cluster = optional(bool, false)
    runner_specs = map(object({
      runner_size = object({
        max_runners = number
        min_runners = number
      })
      scale_set_name               = string
      scale_set_type               = string
      scale_set_labels             = list(string)
      container_actions_runner     = string
      container_limits_cpu         = string
      container_limits_memory      = string
      container_requests_cpu       = string
      container_requests_memory    = string
      volume_requests_storage_size = string
      volume_requests_storage_type = string
    }))
  })
| n/a | yes | | [aws\_profile](#input\_aws\_profile) | AWS profile to use. | `string` | n/a | yes | | [aws\_region](#input\_aws\_region) | AWS region where Forge runners and supporting infrastructure are deployed. | `string` | n/a | yes | | [default\_tags](#input\_default\_tags) | A map of tags to apply to resources. | `map(string)` | n/a | yes | | [deployment\_config](#input\_deployment\_config) | High-level deployment configuration for a Forge runner installation.

Top-level fields:
- deployment\_prefix: Prefix used when naming resources (for example,
log groups, KMS keys, and SSM parameters).
- env : Logical environment name (for example, dev, stage,
prod). Used for tagging and dashboards.

github\_app object:
- id : Numeric GitHub App ID.
- client\_id : OAuth client ID for the app.
- installation\_id: GitHub App installation ID for this tenant.
- name : GitHub App name, used to build URLs and logs.

github object:
- ghes\_org : GitHub organization that owns the repos where
runners will be used.
- ghes\_url : GitHub.com or GHES base URL. Empty string implies
public github.com.
- repository\_selection: Scope for runners (all or selected repositories).
- runner\_group\_name : GitHub runner group to attach new runners to.

tenant object:
- name : Tenant identifier used in naming and
tagging.
- iam\_roles\_to\_assume : Optional list of IAM role ARNs that
runners are allowed to assume for workload execution.
- ecr\_registries : Optional list of ECR registry URLs that
runners may need to pull images from.
- github\_logs\_reader\_role\_arns: Optional list of IAM roles that can read
GitHub Actions logs for this tenant. | 
object({
    deployment_prefix = string
    secret_suffix     = string
    env               = string
    github_app = object({
      id              = string
      client_id       = string
      installation_id = string
      name            = string
    })
    github = object({
      ghes_org             = string
      ghes_url             = string
      repository_selection = string
      runner_group_name    = string
    })
    tenant = object({
      name                         = string
      iam_roles_to_assume          = optional(list(string), [])
      ecr_registries               = optional(list(string), [])
      github_logs_reader_role_arns = optional(list(string), [])
    })
  })
| n/a | yes | -| [ec2\_deployment\_specs](#input\_ec2\_deployment\_specs) | EC2 deployment configuration for GitHub Actions runners.

Top-level fields:
- lambda\_subnet\_ids: Subnets where runner-related lambdas execute.
These can be more permissive than the runner subnets.
- subnet\_ids : Subnets where the EC2 runners are launched.
- vpc\_id : VPC that contains both runner and lambda subnets.
- runner\_specs : Map of runner pool keys to their EC2 sizing and
scheduling configuration.

runner\_specs[*] object fields:
- ami\_filter : Name/state filters used to select the runner AMI.
- ami\_kms\_key\_arn : KMS key ARN used to encrypt AMI EBS volumes.
- ami\_owners : List of AWS account IDs that own the AMI.
- runner\_labels : Base GitHub labels applied to jobs for this pool.
- runner\_os : Runner operating system (for example, linux).
- runner\_architecture: CPU architecture (for example, x86\_64 or arm64).
- extra\_labels : Additional GitHub labels that further specialize
this runner pool.
- max\_instances : Maximum number of EC2 runners in this pool.
- min\_run\_time : Minimum job run time (in minutes) before a runner
is eligible for scale-down.
- instance\_types : Allowed EC2 instance types for runners in this pool.
- pool\_config : List of pool size schedules (size + cron expression
and optional time zone) controlling baseline capacity.
- runner\_user : OS user under which the GitHub runner process runs.
- enable\_userdata : Whether the module should inject its standard
userdata to configure the runner VM.
- instance\_target\_capacity\_type: EC2 capacity type to use (spot or
on-demand).
- block\_device\_mappings: EBS volume configuration for the runner
instances, including size, type, encryption, and KMS. | 
object({
    lambda_subnet_ids = list(string)
    subnet_ids        = list(string)
    lambda_vpc_id     = string
    vpc_id            = string
    scale_errors      = optional(list(string), [])
    runner_specs = map(object({
      ami_filter = object({
        name  = list(string)
        state = list(string)
      })
      ami_kms_key_arn     = string
      ami_owners          = list(string)
      runner_labels       = list(string)
      runner_os           = string
      runner_architecture = string
      extra_labels        = list(string)
      max_instances       = number
      min_run_time        = number
      instance_types      = list(string)
      license_specifications = optional(list(object({
        license_configuration_arn = string
      })), null)
      placement = optional(object({
        affinity                = optional(string)
        availability_zone       = optional(string)
        group_id                = optional(string)
        group_name              = optional(string)
        host_id                 = optional(string)
        host_resource_group_arn = optional(string)
        spread_domain           = optional(string)
        tenancy                 = optional(string)
        partition_number        = optional(number)
      }), null)
      pool_config = list(object({
        size                         = number
        schedule_expression          = string
        schedule_expression_timezone = string
      }))
      runner_user                   = string
      enable_userdata               = bool
      instance_target_capacity_type = string
      vpc_id                        = optional(string, null)
      subnet_ids                    = optional(list(string), null)
      block_device_mappings = list(object({
        delete_on_termination = bool
        device_name           = string
        encrypted             = bool
        iops                  = number
        kms_key_id            = string
        snapshot_id           = string
        throughput            = number
        volume_size           = number
        volume_type           = string
      }))
    }))
  })
| n/a | yes | +| [ec2\_deployment\_specs](#input\_ec2\_deployment\_specs) | EC2 deployment configuration for GitHub Actions runners.

Top-level fields:
- lambda\_subnet\_ids: Subnets where runner-related lambdas execute.
These can be more permissive than the runner subnets.
- subnet\_ids : Subnets where the EC2 runners are launched.
- vpc\_id : VPC that contains both runner and lambda subnets.
- enable\_dynamic\_labels: Enables dynamic `ghr-` labels for EC2 runners.
- runner\_specs : Map of runner pool keys to their EC2 sizing and
scheduling configuration.

runner\_specs[*] object fields:
- ami\_filter : Name/state filters used to select the runner AMI.
- ami\_kms\_key\_arn : KMS key ARN used to encrypt AMI EBS volumes.
- ami\_owners : List of AWS account IDs that own the AMI.
- runner\_labels : Base GitHub labels applied to jobs for this pool.
- runner\_os : Runner operating system (for example, linux).
- runner\_architecture: CPU architecture (for example, x86\_64 or arm64).
- extra\_labels : Additional GitHub labels that further specialize
this runner pool.
- max\_instances : Maximum number of EC2 runners in this pool.
- min\_run\_time : Minimum job run time (in minutes) before a runner
is eligible for scale-down.
- instance\_types : Allowed EC2 instance types for runners in this pool.
- placement : Optional EC2 placement configuration for the runner
launch template.
- license\_specifications: Optional EC2 License Manager configuration ARNs.
- use\_dedicated\_host: Whether this runner pool should use EC2 dedicated
hosts.
- pool\_config : List of pool size schedules (size + cron expression
and optional time zone) controlling baseline capacity.
- runner\_user : OS user under which the GitHub runner process runs.
- enable\_userdata : Whether the module should inject its standard
userdata to configure the runner VM.
- instance\_target\_capacity\_type: EC2 capacity type to use (spot or
on-demand).
- block\_device\_mappings: EBS volume configuration for the runner
instances, including size, type, encryption, and KMS. | 
object({
    lambda_subnet_ids     = list(string)
    subnet_ids            = list(string)
    lambda_vpc_id         = string
    vpc_id                = string
    scale_errors          = optional(list(string), [])
    enable_dynamic_labels = optional(bool, false)
    runner_specs = map(object({
      ami_filter = object({
        name  = list(string)
        state = list(string)
      })
      ami_kms_key_arn     = string
      ami_owners          = list(string)
      runner_labels       = list(string)
      runner_os           = string
      runner_architecture = string
      extra_labels        = list(string)
      max_instances       = number
      min_run_time        = number
      instance_types      = list(string)
      license_specifications = optional(list(object({
        license_configuration_arn = string
      })), null)
      placement = optional(object({
        affinity                = optional(string)
        availability_zone       = optional(string)
        group_id                = optional(string)
        group_name              = optional(string)
        host_id                 = optional(string)
        host_resource_group_arn = optional(string)
        spread_domain           = optional(string)
        tenancy                 = optional(string)
        partition_number        = optional(number)
      }), null)
      use_dedicated_host = optional(bool, false)
      pool_config = list(object({
        size                         = number
        schedule_expression          = string
        schedule_expression_timezone = string
      }))
      runner_user                   = string
      enable_userdata               = bool
      instance_target_capacity_type = string
      vpc_id                        = optional(string, null)
      subnet_ids                    = optional(list(string), null)
      block_device_mappings = list(object({
        delete_on_termination = bool
        device_name           = string
        encrypted             = bool
        iops                  = number
        kms_key_id            = string
        snapshot_id           = string
        throughput            = number
        volume_size           = number
        volume_type           = string
      }))
    }))
  })
| n/a | yes | | [github\_webhook\_relay](#input\_github\_webhook\_relay) | Configuration for the (optional) webhook relay source module.
If enabled=true we provision the API Gateway + source EventBridge forwarding rule.
destination\_event\_bus\_name must already exist or be created in the destination account (or via the destination submodule run there). | 
object({
    enabled                     = bool
    destination_account_id      = optional(string)
    destination_event_bus_name  = optional(string)
    destination_region          = optional(string)
    destination_reader_role_arn = optional(string)
  })
| 
{
  "destination_account_id": "",
  "destination_event_bus_name": "",
  "destination_reader_role_arn": "",
  "destination_region": "",
  "enabled": false
}
| no | | [log\_level](#input\_log\_level) | Log level for application logging (e.g., INFO, DEBUG, WARN, ERROR) | `string` | n/a | yes | | [logging\_retention\_in\_days](#input\_logging\_retention\_in\_days) | Logging retention period in days. | `string` | n/a | yes | @@ -75,7 +75,7 @@ ## Outputs | Name | Description | -|------|-------------| +| ---- | ----------- | | [forge\_core](#output\_forge\_core) | Core tenant-level metadata (non-sensitive). | | [forge\_github\_actions\_job\_logs](#output\_forge\_github\_actions\_job\_logs) | GitHub Actions job log archival resources. | | [forge\_github\_app](#output\_forge\_github\_app) | GitHub App related outputs. | diff --git a/modules/platform/forge_runners/ec2_runners.tf b/modules/platform/forge_runners/ec2_runners.tf index 009c0af6..33d4c64a 100644 --- a/modules/platform/forge_runners/ec2_runners.tf +++ b/modules/platform/forge_runners/ec2_runners.tf @@ -42,8 +42,9 @@ module "ec2_runners" { id = var.deployment_config.github_app.id webhook_secret = aws_ssm_parameter.github_app_webhook_secret.value } - runner_group_name = var.deployment_config.github.runner_group_name - scale_errors = var.ec2_deployment_specs.scale_errors - runner_specs = var.ec2_deployment_specs.runner_specs + runner_group_name = var.deployment_config.github.runner_group_name + scale_errors = var.ec2_deployment_specs.scale_errors + enable_dynamic_labels = var.ec2_deployment_specs.enable_dynamic_labels + runner_specs = var.ec2_deployment_specs.runner_specs } } diff --git a/modules/platform/forge_runners/forge_trust_validator/README.md b/modules/platform/forge_runners/forge_trust_validator/README.md index 33cb8008..e8c123ac 100644 --- a/modules/platform/forge_runners/forge_trust_validator/README.md +++ b/modules/platform/forge_runners/forge_trust_validator/README.md @@ -10,7 +10,7 @@ | Name | Version | | ---- | ------- | -| [aws](#provider\_aws) | 6.47.0 | +| [aws](#provider\_aws) | 6.49.0 | ## Modules diff --git a/modules/platform/forge_runners/github_actions_job_logs/README.md b/modules/platform/forge_runners/github_actions_job_logs/README.md index 2c18f6e1..f5bc6697 100644 --- a/modules/platform/forge_runners/github_actions_job_logs/README.md +++ b/modules/platform/forge_runners/github_actions_job_logs/README.md @@ -122,27 +122,27 @@ See parent repository license. ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | ## Modules | Name | Source | Version | -|------|--------|---------| +| ---- | ------ | ------- | | [job\_log\_archiver](#module\_job\_log\_archiver) | terraform-aws-modules/lambda/aws | 8.8.0 | | [job\_log\_dispatcher](#module\_job\_log\_dispatcher) | terraform-aws-modules/lambda/aws | 8.8.0 | ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_cloudwatch_event_rule.job_log_dispatcher](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource | | [aws_cloudwatch_event_target.job_log_dispatcher](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource | | [aws_cloudwatch_log_group.job_log_archiver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | @@ -174,7 +174,7 @@ See parent repository license. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [event\_bus\_name](#input\_event\_bus\_name) | Name of the EventBridge event bus to listen for workflow job events. | `string` | n/a | yes | | [ghes\_url](#input\_ghes\_url) | GitHub Enterprise Server URL. | `string` | `""` | no | | [github\_app](#input\_github\_app) | GitHub App configuration | 
object({
    key_base64_ssm = object({
      arn = string
    })
    id_ssm = object({
      arn = string
    })
    installation_id_ssm = object({
      arn = string
    })
  })
| n/a | yes | @@ -187,7 +187,7 @@ See parent repository license. ## Outputs | Name | Description | -|------|-------------| +| ---- | ----------- | | [internal\_s3\_reader\_role\_arn](#output\_internal\_s3\_reader\_role\_arn) | The ARN of the IAM role used for reading from the S3 bucket. | | [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | The ARN of the S3 bucket where GitHub Actions job logs are stored. | diff --git a/modules/platform/forge_runners/github_app_runner_group/README.md b/modules/platform/forge_runners/github_app_runner_group/README.md index 0b2f2175..1add9e7b 100644 --- a/modules/platform/forge_runners/github_app_runner_group/README.md +++ b/modules/platform/forge_runners/github_app_runner_group/README.md @@ -2,26 +2,26 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | ## Modules | Name | Source | Version | -|------|--------|---------| +| ---- | ------ | ------- | | [register\_github\_app\_runner\_group\_lambda](#module\_register\_github\_app\_runner\_group\_lambda) | terraform-aws-modules/lambda/aws | 8.8.0 | ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_cloudwatch_event_rule.register_github_app_runner_group_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource | | [aws_cloudwatch_event_target.register_github_app_runner_group_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource | | [aws_cloudwatch_log_group.register_github_app_runner_group_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | @@ -32,7 +32,7 @@ ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [ghes\_org](#input\_ghes\_org) | GitHub organization (GHES or GitHub.com). | `string` | n/a | yes | | [github\_api](#input\_github\_api) | Base URL for the GitHub API (set to GHES API endpoint if using Enterprise). | `string` | `"https://api.github.com"` | no | | [github\_app](#input\_github\_app) | GitHub App configuration | 
object({
    key_base64_ssm = object({
      arn = string
    })
    id_ssm = object({
      arn = string
    })
    installation_id_ssm = object({
      arn = string
    })
  })
| n/a | yes | diff --git a/modules/platform/forge_runners/github_global_lock/README.md b/modules/platform/forge_runners/github_global_lock/README.md index 212ec22a..6c001af3 100644 --- a/modules/platform/forge_runners/github_global_lock/README.md +++ b/modules/platform/forge_runners/github_global_lock/README.md @@ -2,26 +2,26 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | ## Modules | Name | Source | Version | -|------|--------|---------| +| ---- | ------ | ------- | | [clean\_global\_lock\_lambda](#module\_clean\_global\_lock\_lambda) | terraform-aws-modules/lambda/aws | 8.8.0 | ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_cloudwatch_event_rule.clean_global_lock_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource | | [aws_cloudwatch_event_target.clean_global_lock_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource | | [aws_cloudwatch_log_group.clean_global_lock_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | @@ -35,7 +35,7 @@ ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [github\_app](#input\_github\_app) | GitHub App configuration | 
object({
    key_base64_ssm = object({
      arn = string
    })
    id_ssm = object({
      arn = string
    })
    installation_id_ssm = object({
      arn = string
    })
  })
| n/a | yes | | [log\_level](#input\_log\_level) | Log level for application logging (e.g., INFO, DEBUG, WARN, ERROR) | `string` | `"INFO"` | no | | [logging\_retention\_in\_days](#input\_logging\_retention\_in\_days) | Retention in days for CloudWatch Log Group for the Lambdas. | `number` | `30` | no | @@ -45,6 +45,6 @@ ## Outputs | Name | Description | -|------|-------------| +| ---- | ----------- | | [dynamodb\_policy\_arn](#output\_dynamodb\_policy\_arn) | ARN of the IAM policy granting DynamoDB lock table CRUD access. | diff --git a/modules/platform/forge_runners/github_webhook_relay/README.md b/modules/platform/forge_runners/github_webhook_relay/README.md index 544b7b06..de2974cf 100644 --- a/modules/platform/forge_runners/github_webhook_relay/README.md +++ b/modules/platform/forge_runners/github_webhook_relay/README.md @@ -2,28 +2,28 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | | [random](#requirement\_random) | >= 3.6 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | -| [random](#provider\_random) | 3.8.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | +| [random](#provider\_random) | 3.9.0 | ## Modules | Name | Source | Version | -|------|--------|---------| +| ---- | ------ | ------- | | [github\_webhook\_relay\_source](#module\_github\_webhook\_relay\_source) | ../../../integrations/github_webhook_relay_source | n/a | ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_iam_role.secret_reader](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role_policy.secret_reader_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | | [aws_kms_alias.github_webhook_relay](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource | @@ -38,7 +38,7 @@ ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [github\_webhook\_relay](#input\_github\_webhook\_relay) | Configuration for the (optional) webhook relay source module.
If enabled=true we provision the API Gateway + source EventBridge forwarding rule.
destination\_event\_bus\_name must already exist or be created in the destination account (or via the destination submodule run there). | 
object({
    enabled                     = bool
    destination_account_id      = optional(string)
    destination_event_bus_name  = optional(string)
    destination_region          = optional(string)
    destination_reader_role_arn = optional(string)
  })
| 
{
  "destination_account_id": "",
  "destination_event_bus_name": "",
  "destination_reader_role_arn": "",
  "destination_region": "",
  "enabled": false
}
| no | | [log\_level](#input\_log\_level) | Log level for application logging (e.g., INFO, DEBUG, WARN, ERROR) | `string` | `"INFO"` | no | | [logging\_retention\_in\_days](#input\_logging\_retention\_in\_days) | Retention in days for CloudWatch Log Group for the Lambdas. | `number` | `30` | no | @@ -49,7 +49,7 @@ ## Outputs | Name | Description | -|------|-------------| +| ---- | ----------- | | [source\_secret\_arn](#output\_source\_secret\_arn) | ARN of the GitHub webhook relay secret | | [source\_secret\_region](#output\_source\_secret\_region) | AWS region the secret resides in | | [source\_secret\_role\_arn](#output\_source\_secret\_role\_arn) | ARN of IAM role permitted to read/decrypt the webhook relay secret | diff --git a/modules/platform/forge_runners/redrive_deadletter/README.md b/modules/platform/forge_runners/redrive_deadletter/README.md index 25fae2e5..0e5066a5 100644 --- a/modules/platform/forge_runners/redrive_deadletter/README.md +++ b/modules/platform/forge_runners/redrive_deadletter/README.md @@ -2,26 +2,26 @@ ## Requirements | Name | Version | -|------|---------| +| ---- | ------- | | [terraform](#requirement\_terraform) | ~> 1.11 | -| [aws](#requirement\_aws) | >= 6.25 | +| [aws](#requirement\_aws) | >= 6.47 | ## Providers | Name | Version | -|------|---------| -| [aws](#provider\_aws) | 6.35.1 | +| ---- | ------- | +| [aws](#provider\_aws) | 6.49.0 | ## Modules | Name | Source | Version | -|------|--------|---------| +| ---- | ------ | ------- | | [redrive\_deadletter\_lambda](#module\_redrive\_deadletter\_lambda) | terraform-aws-modules/lambda/aws | 8.8.0 | ## Resources | Name | Type | -|------|------| +| ---- | ---- | | [aws_cloudwatch_event_rule.redrive_deadletter_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource | | [aws_cloudwatch_event_target.redrive_deadletter_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource | | [aws_cloudwatch_log_group.redrive_deadletter_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | @@ -31,7 +31,7 @@ ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| +| ---- | ----------- | ---- | ------- | :------: | | [log\_level](#input\_log\_level) | Log level for application logging (e.g., INFO, DEBUG, WARN, ERROR) | `string` | `"INFO"` | no | | [logging\_retention\_in\_days](#input\_logging\_retention\_in\_days) | Retention in days for CloudWatch Log Group for the Lambdas. | `number` | `30` | no | | [prefix](#input\_prefix) | Prefix for all resources | `string` | n/a | yes | diff --git a/modules/platform/forge_runners/variables.tf b/modules/platform/forge_runners/variables.tf index 1109310f..a35fe9e1 100644 --- a/modules/platform/forge_runners/variables.tf +++ b/modules/platform/forge_runners/variables.tf @@ -10,11 +10,12 @@ variable "aws_region" { variable "ec2_deployment_specs" { type = object({ - lambda_subnet_ids = list(string) - subnet_ids = list(string) - lambda_vpc_id = string - vpc_id = string - scale_errors = optional(list(string), []) + lambda_subnet_ids = list(string) + subnet_ids = list(string) + lambda_vpc_id = string + vpc_id = string + scale_errors = optional(list(string), []) + enable_dynamic_labels = optional(bool, false) runner_specs = map(object({ ami_filter = object({ name = list(string) @@ -43,6 +44,7 @@ variable "ec2_deployment_specs" { tenancy = optional(string) partition_number = optional(number) }), null) + use_dedicated_host = optional(bool, false) pool_config = list(object({ size = number schedule_expression = string @@ -75,6 +77,7 @@ variable "ec2_deployment_specs" { These can be more permissive than the runner subnets. - subnet_ids : Subnets where the EC2 runners are launched. - vpc_id : VPC that contains both runner and lambda subnets. + - enable_dynamic_labels: Enables dynamic `ghr-` labels for EC2 runners. - runner_specs : Map of runner pool keys to their EC2 sizing and scheduling configuration. @@ -91,6 +94,11 @@ variable "ec2_deployment_specs" { - min_run_time : Minimum job run time (in minutes) before a runner is eligible for scale-down. - instance_types : Allowed EC2 instance types for runners in this pool. + - placement : Optional EC2 placement configuration for the runner + launch template. + - license_specifications: Optional EC2 License Manager configuration ARNs. + - use_dedicated_host: Whether this runner pool should use EC2 dedicated + hosts. - pool_config : List of pool size schedules (size + cron expression and optional time zone) controlling baseline capacity. - runner_user : OS user under which the GitHub runner process runs.