{"id":28952841,"url":"https://github.com/materializeinc/terraform-aws-materialize","last_synced_at":"2026-04-10T16:01:28.856Z","repository":{"id":263635277,"uuid":"881350209","full_name":"MaterializeInc/terraform-aws-materialize","owner":"MaterializeInc","description":"Terraform module for deploying the required AWS infrastructure components for Materialize","archived":false,"fork":false,"pushed_at":"2026-01-12T15:06:04.000Z","size":266,"stargazers_count":2,"open_issues_count":9,"forks_count":8,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-12T21:31:10.291Z","etag":null,"topics":["aws","materialize","terraform"],"latest_commit_sha":null,"homepage":"https://materialize.com/docs/installation/install-on-aws/","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MaterializeInc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-10-31T11:59:00.000Z","updated_at":"2026-01-12T15:06:07.000Z","dependencies_parsed_at":"2024-11-19T16:42:17.473Z","dependency_job_id":"57ef3d02-534a-43a9-b897-c5e4f5c13359","html_url":"https://github.com/MaterializeInc/terraform-aws-materialize","commit_stats":null,"previous_names":["materializeinc/terraform-aws-materialize"],"tags_count":55,"template":false,"template_full_name":null,"purl":"pkg:github/MaterializeInc/terraform-aws-materialize","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MaterializeInc%2Fterraform-aws-materialize","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MaterializeInc%2Fterraform-aws-materialize/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MaterializeInc%2Fterraform-aws-materialize/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MaterializeInc%2Fterraform-aws-materialize/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MaterializeInc","download_url":"https://codeload.github.com/MaterializeInc/terraform-aws-materialize/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MaterializeInc%2Fterraform-aws-materialize/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28506593,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T10:25:30.148Z","status":"ssl_error","status_checked_at":"2026-01-17T10:25:29.718Z","response_time":85,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","materialize","terraform"],"created_at":"2025-06-23T17:30:50.137Z","updated_at":"2026-04-10T16:01:28.844Z","avatar_url":"https://github.com/MaterializeInc.png","language":"HCL","readme":"\u003c!-- BEGIN_TF_DOCS --\u003e\n# Materialize on AWS Cloud Platform\n\nTerraform module for deploying Materialize on AWS Cloud Platform with all required infrastructure components.\n\nThe module has been tested with:\n\n- PostgreSQL 15\n- Materialize Helm Operator Terraform Module v0.1.12\n\n\u003e [!WARNING]\n\u003e This module is intended for demonstration/evaluation purposes as well as for serving as a template when building your own production deployment of Materialize.\n\u003e\n\u003e This module should not be directly relied upon for production deployments: **future releases of the module will contain breaking changes.** Instead, to use as a starting point for your own production deployment, either:\n\u003e - Fork this repo and pin to a specific version, or\n\u003e - Use the code as a reference when developing your own deployment.\n\n## Providers Configuration\n\nThe module requires the following providers to be configured:\n\n```hcl\nprovider \"aws\" {\n  region = \"us-east-1\"\n  # Other AWS provider configuration as needed\n}\n\n# Required for EKS authentication\nprovider \"kubernetes\" {\n  host                   = module.eks.cluster_endpoint\n  cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)\n\n  exec {\n    api_version = \"client.authentication.k8s.io/v1beta1\"\n    args        = [\"eks\", \"get-token\", \"--cluster-name\", module.eks.cluster_name]\n    command     = \"aws\"\n  }\n}\n\n# Required for Materialize Operator installation\nprovider \"helm\" {\n  kubernetes {\n    host                   = module.eks.cluster_endpoint\n    cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)\n\n    exec {\n      api_version = \"client.authentication.k8s.io/v1beta1\"\n      args        = [\"eks\", \"get-token\", \"--cluster-name\", module.eks.cluster_name]\n      command     = \"aws\"\n    }\n  }\n}\n\n```\n\n\u003e **Note:** The Kubernetes and Helm providers are configured to use the AWS CLI for authentication with the EKS cluster. This requires that you have the AWS CLI installed and configured with access to the AWS account where the EKS cluster is deployed.\n\nYou can also set the `AWS_PROFILE` environment variable to the name of the profile you want to use for authentication with the EKS cluster:\n\n```bash\nexport AWS_PROFILE=your-profile-name\n```\n\n### Advanced Configuration\n\n## `materialize_instances` variable\n\nThe `materialize_instances` variable is a list of objects that define the configuration for each Materialize instance.\n\n### `environmentd_extra_args`\n\nOptional list of additional command-line arguments to pass to the `environmentd` container. This can be used to override default system parameters or enable specific features.\n\n```hcl\nenvironmentd_extra_args = [\n  \"--system-parameter-default=max_clusters=1000\",\n  \"--system-parameter-default=max_connections=1000\",\n  \"--system-parameter-default=max_tables=1000\",\n]\n```\n\nThese flags configure default limits for clusters, connections, and tables. You can provide any supported arguments [here](https://materialize.com/docs/sql/alter-system-set/#other-configuration-parameters).\n\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.0 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | ~\u003e 5.0 |\n| \u003ca name=\"requirement_deepmerge\"\u003e\u003c/a\u003e [deepmerge](#requirement\\_deepmerge) | ~\u003e 1.0 |\n| \u003ca name=\"requirement_helm\"\u003e\u003c/a\u003e [helm](#requirement\\_helm) | ~\u003e 2.0 |\n| \u003ca name=\"requirement_kubernetes\"\u003e\u003c/a\u003e [kubernetes](#requirement\\_kubernetes) | ~\u003e 2.0 |\n| \u003ca name=\"requirement_random\"\u003e\u003c/a\u003e [random](#requirement\\_random) | ~\u003e 3.0 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | 5.100.0 |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_aws_lbc\"\u003e\u003c/a\u003e [aws\\_lbc](#module\\_aws\\_lbc) | ./modules/aws-lbc | n/a |\n| \u003ca name=\"module_certificates\"\u003e\u003c/a\u003e [certificates](#module\\_certificates) | ./modules/certificates | n/a |\n| \u003ca name=\"module_database\"\u003e\u003c/a\u003e [database](#module\\_database) | ./modules/database | n/a |\n| \u003ca name=\"module_eks\"\u003e\u003c/a\u003e [eks](#module\\_eks) | ./modules/eks | n/a |\n| \u003ca name=\"module_materialize_node_group\"\u003e\u003c/a\u003e [materialize\\_node\\_group](#module\\_materialize\\_node\\_group) | ./modules/eks-node-group | n/a |\n| \u003ca name=\"module_networking\"\u003e\u003c/a\u003e [networking](#module\\_networking) | ./modules/networking | n/a |\n| \u003ca name=\"module_nlb\"\u003e\u003c/a\u003e [nlb](#module\\_nlb) | ./modules/nlb | n/a |\n| \u003ca name=\"module_operator\"\u003e\u003c/a\u003e [operator](#module\\_operator) | github.com/MaterializeInc/terraform-helm-materialize | v0.1.59 |\n| \u003ca name=\"module_storage\"\u003e\u003c/a\u003e [storage](#module\\_storage) | ./modules/storage | n/a |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_cloudwatch_log_group.materialize](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |\n| [aws_iam_role.materialize_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role_policy.materialize_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |\n| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |\n| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_availability_zones\"\u003e\u003c/a\u003e [availability\\_zones](#input\\_availability\\_zones) | List of availability zones | `list(string)` | \u003cpre\u003e[\u003cbr/\u003e  \"us-east-1a\",\u003cbr/\u003e  \"us-east-1b\",\u003cbr/\u003e  \"us-east-1c\"\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_bucket_force_destroy\"\u003e\u003c/a\u003e [bucket\\_force\\_destroy](#input\\_bucket\\_force\\_destroy) | Enable force destroy for the S3 bucket | `bool` | `true` | no |\n| \u003ca name=\"input_bucket_lifecycle_rules\"\u003e\u003c/a\u003e [bucket\\_lifecycle\\_rules](#input\\_bucket\\_lifecycle\\_rules) | List of lifecycle rules for the S3 bucket | \u003cpre\u003elist(object({\u003cbr/\u003e    id                                 = string\u003cbr/\u003e    enabled                            = bool\u003cbr/\u003e    prefix                             = string\u003cbr/\u003e    transition_days                    = number\u003cbr/\u003e    transition_storage_class           = string\u003cbr/\u003e    noncurrent_version_expiration_days = number\u003cbr/\u003e  }))\u003c/pre\u003e | \u003cpre\u003e[\u003cbr/\u003e  {\u003cbr/\u003e    \"enabled\": true,\u003cbr/\u003e    \"id\": \"cleanup\",\u003cbr/\u003e    \"noncurrent_version_expiration_days\": 90,\u003cbr/\u003e    \"prefix\": \"\",\u003cbr/\u003e    \"transition_days\": 90,\u003cbr/\u003e    \"transition_storage_class\": \"STANDARD_IA\"\u003cbr/\u003e  }\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_cert_manager_chart_version\"\u003e\u003c/a\u003e [cert\\_manager\\_chart\\_version](#input\\_cert\\_manager\\_chart\\_version) | Version of the cert-manager helm chart to install. | `string` | `\"v1.17.1\"` | no |\n| \u003ca name=\"input_cert_manager_install_timeout\"\u003e\u003c/a\u003e [cert\\_manager\\_install\\_timeout](#input\\_cert\\_manager\\_install\\_timeout) | Timeout for installing the cert-manager helm chart, in seconds. | `number` | `300` | no |\n| \u003ca name=\"input_cert_manager_namespace\"\u003e\u003c/a\u003e [cert\\_manager\\_namespace](#input\\_cert\\_manager\\_namespace) | The name of the namespace in which cert-manager is or will be installed. | `string` | `\"cert-manager\"` | no |\n| \u003ca name=\"input_cluster_enabled_log_types\"\u003e\u003c/a\u003e [cluster\\_enabled\\_log\\_types](#input\\_cluster\\_enabled\\_log\\_types) | List of desired control plane logging to enable | `list(string)` | \u003cpre\u003e[\u003cbr/\u003e  \"api\",\u003cbr/\u003e  \"audit\",\u003cbr/\u003e  \"authenticator\",\u003cbr/\u003e  \"controllerManager\",\u003cbr/\u003e  \"scheduler\"\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_cluster_version\"\u003e\u003c/a\u003e [cluster\\_version](#input\\_cluster\\_version) | Kubernetes version for the EKS cluster | `string` | `\"1.32\"` | no |\n| \u003ca name=\"input_create_vpc\"\u003e\u003c/a\u003e [create\\_vpc](#input\\_create\\_vpc) | Controls if VPC should be created (it affects almost all resources) | `bool` | `true` | no |\n| \u003ca name=\"input_database_name\"\u003e\u003c/a\u003e [database\\_name](#input\\_database\\_name) | Name of the database to create | `string` | `\"materialize\"` | no |\n| \u003ca name=\"input_database_password\"\u003e\u003c/a\u003e [database\\_password](#input\\_database\\_password) | Password for the database (should be provided via tfvars or environment variable) | `string` | n/a | yes |\n| \u003ca name=\"input_database_username\"\u003e\u003c/a\u003e [database\\_username](#input\\_database\\_username) | Username for the database | `string` | `\"materialize\"` | no |\n| \u003ca name=\"input_db_allocated_storage\"\u003e\u003c/a\u003e [db\\_allocated\\_storage](#input\\_db\\_allocated\\_storage) | Allocated storage for the RDS instance (in GB) | `number` | `20` | no |\n| \u003ca name=\"input_db_instance_class\"\u003e\u003c/a\u003e [db\\_instance\\_class](#input\\_db\\_instance\\_class) | Instance class for the RDS instance. This is used for concensus and metadata and is general not bottlnecked by memory or disk. Recomended instance family m7i, m6i, m7g, and m8g | `string` | `\"db.m6i.large\"` | no |\n| \u003ca name=\"input_db_max_allocated_storage\"\u003e\u003c/a\u003e [db\\_max\\_allocated\\_storage](#input\\_db\\_max\\_allocated\\_storage) | Maximum storage for autoscaling (in GB) | `number` | `100` | no |\n| \u003ca name=\"input_db_multi_az\"\u003e\u003c/a\u003e [db\\_multi\\_az](#input\\_db\\_multi\\_az) | Enable multi-AZ deployment for RDS | `bool` | `false` | no |\n| \u003ca name=\"input_enable_bucket_encryption\"\u003e\u003c/a\u003e [enable\\_bucket\\_encryption](#input\\_enable\\_bucket\\_encryption) | Enable server-side encryption for the S3 bucket | `bool` | `true` | no |\n| \u003ca name=\"input_enable_bucket_versioning\"\u003e\u003c/a\u003e [enable\\_bucket\\_versioning](#input\\_enable\\_bucket\\_versioning) | Enable versioning for the S3 bucket | `bool` | `true` | no |\n| \u003ca name=\"input_enable_cluster_creator_admin_permissions\"\u003e\u003c/a\u003e [enable\\_cluster\\_creator\\_admin\\_permissions](#input\\_enable\\_cluster\\_creator\\_admin\\_permissions) | To add the current caller identity as an administrator | `bool` | `true` | no |\n| \u003ca name=\"input_enable_monitoring\"\u003e\u003c/a\u003e [enable\\_monitoring](#input\\_enable\\_monitoring) | Enable CloudWatch monitoring | `bool` | `true` | no |\n| \u003ca name=\"input_environment\"\u003e\u003c/a\u003e [environment](#input\\_environment) | Environment name (e.g., prod, staging, dev) | `string` | n/a | yes |\n| \u003ca name=\"input_helm_chart\"\u003e\u003c/a\u003e [helm\\_chart](#input\\_helm\\_chart) | Chart name from repository or local path to chart. For local charts, set the path to the chart directory. | `string` | `\"materialize-operator\"` | no |\n| \u003ca name=\"input_helm_values\"\u003e\u003c/a\u003e [helm\\_values](#input\\_helm\\_values) | Additional Helm values to merge with defaults | `any` | `{}` | no |\n| \u003ca name=\"input_install_aws_load_balancer_controller\"\u003e\u003c/a\u003e [install\\_aws\\_load\\_balancer\\_controller](#input\\_install\\_aws\\_load\\_balancer\\_controller) | Whether to install the AWS Load Balancer Controller | `bool` | `true` | no |\n| \u003ca name=\"input_install_cert_manager\"\u003e\u003c/a\u003e [install\\_cert\\_manager](#input\\_install\\_cert\\_manager) | Whether to install cert-manager. | `bool` | `true` | no |\n| \u003ca name=\"input_install_materialize_operator\"\u003e\u003c/a\u003e [install\\_materialize\\_operator](#input\\_install\\_materialize\\_operator) | Whether to install the Materialize operator | `bool` | `true` | no |\n| \u003ca name=\"input_install_metrics_server\"\u003e\u003c/a\u003e [install\\_metrics\\_server](#input\\_install\\_metrics\\_server) | Whether to install the metrics-server for the Materialize Console | `bool` | `true` | no |\n| \u003ca name=\"input_kubernetes_namespace\"\u003e\u003c/a\u003e [kubernetes\\_namespace](#input\\_kubernetes\\_namespace) | The Kubernetes namespace for the Materialize resources | `string` | `\"materialize-environment\"` | no |\n| \u003ca name=\"input_log_group_name_prefix\"\u003e\u003c/a\u003e [log\\_group\\_name\\_prefix](#input\\_log\\_group\\_name\\_prefix) | Prefix for the CloudWatch log group name (will be combined with environment name) | `string` | `\"materialize\"` | no |\n| \u003ca name=\"input_materialize_instances\"\u003e\u003c/a\u003e [materialize\\_instances](#input\\_materialize\\_instances) | Configuration for Materialize instances. Due to limitations in Terraform, `materialize_instances` cannot be defined on the first `terraform apply`. | \u003cpre\u003elist(object({\u003cbr/\u003e    name                              = string\u003cbr/\u003e    namespace                         = optional(string)\u003cbr/\u003e    database_name                     = string\u003cbr/\u003e    environmentd_version              = optional(string)\u003cbr/\u003e    cpu_request                       = optional(string, \"1\")\u003cbr/\u003e    memory_request                    = optional(string, \"1Gi\")\u003cbr/\u003e    memory_limit                      = optional(string, \"1Gi\")\u003cbr/\u003e    create_database                   = optional(bool, true)\u003cbr/\u003e    create_nlb                        = optional(bool, true)\u003cbr/\u003e    internal_nlb                      = optional(bool, true)\u003cbr/\u003e    enable_cross_zone_load_balancing  = optional(bool, true)\u003cbr/\u003e    in_place_rollout                  = optional(bool, false)\u003cbr/\u003e    request_rollout                   = optional(string)\u003cbr/\u003e    force_rollout                     = optional(string)\u003cbr/\u003e    balancer_memory_request           = optional(string, \"256Mi\")\u003cbr/\u003e    balancer_memory_limit             = optional(string, \"256Mi\")\u003cbr/\u003e    balancer_cpu_request              = optional(string, \"100m\")\u003cbr/\u003e    license_key                       = optional(string)\u003cbr/\u003e    authenticator_kind                = optional(string, \"None\")\u003cbr/\u003e    external_login_password_mz_system = optional(string)\u003cbr/\u003e    environmentd_extra_args           = optional(list(string), [])\u003cbr/\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_materialize_node_group_desired_size\"\u003e\u003c/a\u003e [materialize\\_node\\_group\\_desired\\_size](#input\\_materialize\\_node\\_group\\_desired\\_size) | Desired number of worker nodes | `number` | `2` | no |\n| \u003ca name=\"input_materialize_node_group_iam_role_use_name_prefix\"\u003e\u003c/a\u003e [materialize\\_node\\_group\\_iam\\_role\\_use\\_name\\_prefix](#input\\_materialize\\_node\\_group\\_iam\\_role\\_use\\_name\\_prefix) | Use name prefix for Materialize node group IAM roles. Set to false to avoid AWS 38-character prefix limit when using long namespace/environment names. | `bool` | `true` | no |\n| \u003ca name=\"input_materialize_node_group_instance_types\"\u003e\u003c/a\u003e [materialize\\_node\\_group\\_instance\\_types](#input\\_materialize\\_node\\_group\\_instance\\_types) | Instance types for worker nodes.\u003cbr/\u003e\u003cbr/\u003eRecommended Configuration for Running Materialize with disk:\u003cbr/\u003e- Tested instance types: `r6gd`, `r7gd` families (ARM-based Graviton instances)\u003cbr/\u003e- Enable disk setup when using `r7gd`\u003cbr/\u003e- Note: Ensure instance store volumes are available and attached to the nodes for optimal performance with disk-based workloads. | `list(string)` | \u003cpre\u003e[\u003cbr/\u003e  \"r7gd.2xlarge\"\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_materialize_node_group_max_size\"\u003e\u003c/a\u003e [materialize\\_node\\_group\\_max\\_size](#input\\_materialize\\_node\\_group\\_max\\_size) | Maximum number of worker nodes | `number` | `4` | no |\n| \u003ca name=\"input_materialize_node_group_min_size\"\u003e\u003c/a\u003e [materialize\\_node\\_group\\_min\\_size](#input\\_materialize\\_node\\_group\\_min\\_size) | Minimum number of worker nodes | `number` | `1` | no |\n| \u003ca name=\"input_metrics_retention_days\"\u003e\u003c/a\u003e [metrics\\_retention\\_days](#input\\_metrics\\_retention\\_days) | Number of days to retain CloudWatch metrics | `number` | `7` | no |\n| \u003ca name=\"input_namespace\"\u003e\u003c/a\u003e [namespace](#input\\_namespace) | Namespace for all resources, usually the organization or project name | `string` | n/a | yes |\n| \u003ca name=\"input_network_id\"\u003e\u003c/a\u003e [network\\_id](#input\\_network\\_id) | The ID of the VPC in which resources will be deployed. Only used if create\\_vpc is false. | `string` | `\"\"` | no |\n| \u003ca name=\"input_network_private_subnet_ids\"\u003e\u003c/a\u003e [network\\_private\\_subnet\\_ids](#input\\_network\\_private\\_subnet\\_ids) | A list of private subnet IDs in the VPC. Only used if create\\_vpc is false. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_network_public_subnet_ids\"\u003e\u003c/a\u003e [network\\_public\\_subnet\\_ids](#input\\_network\\_public\\_subnet\\_ids) | A list of public subnet IDs in the VPC. Only used if create\\_vpc is false. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_operator_namespace\"\u003e\u003c/a\u003e [operator\\_namespace](#input\\_operator\\_namespace) | Namespace for the Materialize operator | `string` | `\"materialize\"` | no |\n| \u003ca name=\"input_operator_version\"\u003e\u003c/a\u003e [operator\\_version](#input\\_operator\\_version) | Version of the Materialize operator to install | `string` | `null` | no |\n| \u003ca name=\"input_orchestratord_version\"\u003e\u003c/a\u003e [orchestratord\\_version](#input\\_orchestratord\\_version) | Version of the Materialize orchestrator to install | `string` | `null` | no |\n| \u003ca name=\"input_postgres_version\"\u003e\u003c/a\u003e [postgres\\_version](#input\\_postgres\\_version) | Version of PostgreSQL to use | `string` | `\"17\"` | no |\n| \u003ca name=\"input_private_subnet_cidrs\"\u003e\u003c/a\u003e [private\\_subnet\\_cidrs](#input\\_private\\_subnet\\_cidrs) | CIDR blocks for private subnets | `list(string)` | \u003cpre\u003e[\u003cbr/\u003e  \"10.0.1.0/24\",\u003cbr/\u003e  \"10.0.2.0/24\",\u003cbr/\u003e  \"10.0.3.0/24\"\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_public_subnet_cidrs\"\u003e\u003c/a\u003e [public\\_subnet\\_cidrs](#input\\_public\\_subnet\\_cidrs) | CIDR blocks for public subnets | `list(string)` | \u003cpre\u003e[\u003cbr/\u003e  \"10.0.101.0/24\",\u003cbr/\u003e  \"10.0.102.0/24\",\u003cbr/\u003e  \"10.0.103.0/24\"\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_service_account_name\"\u003e\u003c/a\u003e [service\\_account\\_name](#input\\_service\\_account\\_name) | Name of the service account | `string` | `\"12345678-1234-1234-1234-123456789012\"` | no |\n| \u003ca name=\"input_single_nat_gateway\"\u003e\u003c/a\u003e [single\\_nat\\_gateway](#input\\_single\\_nat\\_gateway) | Use a single NAT Gateway for all private subnets | `bool` | `false` | no |\n| \u003ca name=\"input_system_node_group_desired_size\"\u003e\u003c/a\u003e [system\\_node\\_group\\_desired\\_size](#input\\_system\\_node\\_group\\_desired\\_size) | Desired number of worker nodes | `number` | `2` | no |\n| \u003ca name=\"input_system_node_group_instance_types\"\u003e\u003c/a\u003e [system\\_node\\_group\\_instance\\_types](#input\\_system\\_node\\_group\\_instance\\_types) | Instance types for system nodes. | `list(string)` | \u003cpre\u003e[\u003cbr/\u003e  \"r7g.xlarge\"\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_system_node_group_max_size\"\u003e\u003c/a\u003e [system\\_node\\_group\\_max\\_size](#input\\_system\\_node\\_group\\_max\\_size) | Maximum number of worker nodes | `number` | `4` | no |\n| \u003ca name=\"input_system_node_group_min_size\"\u003e\u003c/a\u003e [system\\_node\\_group\\_min\\_size](#input\\_system\\_node\\_group\\_min\\_size) | Minimum number of worker nodes | `number` | `1` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | Default tags to apply to all resources | `map(string)` | \u003cpre\u003e{\u003cbr/\u003e  \"Environment\": \"dev\",\u003cbr/\u003e  \"Project\": \"materialize\",\u003cbr/\u003e  \"Terraform\": \"true\"\u003cbr/\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_use_local_chart\"\u003e\u003c/a\u003e [use\\_local\\_chart](#input\\_use\\_local\\_chart) | Whether to use a local chart instead of one from a repository | `bool` | `false` | no |\n| \u003ca name=\"input_use_self_signed_cluster_issuer\"\u003e\u003c/a\u003e [use\\_self\\_signed\\_cluster\\_issuer](#input\\_use\\_self\\_signed\\_cluster\\_issuer) | Whether to install and use a self-signed ClusterIssuer for TLS. To work around limitations in Terraform, this will be treated as `false` if no materialize instances are defined. | `bool` | `true` | no |\n| \u003ca name=\"input_vpc_cidr\"\u003e\u003c/a\u003e [vpc\\_cidr](#input\\_vpc\\_cidr) | CIDR block for VPC | `string` | `\"10.0.0.0/16\"` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_cluster_certificate_authority_data\"\u003e\u003c/a\u003e [cluster\\_certificate\\_authority\\_data](#output\\_cluster\\_certificate\\_authority\\_data) | Base64 encoded certificate data required to communicate with the cluster |\n| \u003ca name=\"output_cluster_oidc_issuer_url\"\u003e\u003c/a\u003e [cluster\\_oidc\\_issuer\\_url](#output\\_cluster\\_oidc\\_issuer\\_url) | The URL on the EKS cluster for the OpenID Connect identity provider |\n| \u003ca name=\"output_database_endpoint\"\u003e\u003c/a\u003e [database\\_endpoint](#output\\_database\\_endpoint) | RDS instance endpoint |\n| \u003ca name=\"output_eks_cluster_endpoint\"\u003e\u003c/a\u003e [eks\\_cluster\\_endpoint](#output\\_eks\\_cluster\\_endpoint) | EKS cluster endpoint |\n| \u003ca name=\"output_eks_cluster_name\"\u003e\u003c/a\u003e [eks\\_cluster\\_name](#output\\_eks\\_cluster\\_name) | EKS cluster name |\n| \u003ca name=\"output_materialize_s3_role_arn\"\u003e\u003c/a\u003e [materialize\\_s3\\_role\\_arn](#output\\_materialize\\_s3\\_role\\_arn) | The ARN of the IAM role for Materialize |\n| \u003ca name=\"output_metadata_backend_url\"\u003e\u003c/a\u003e [metadata\\_backend\\_url](#output\\_metadata\\_backend\\_url) | PostgreSQL connection URL in the format required by Materialize |\n| \u003ca name=\"output_nlb_details\"\u003e\u003c/a\u003e [nlb\\_details](#output\\_nlb\\_details) | Details of the Materialize instance NLBs. |\n| \u003ca name=\"output_oidc_provider_arn\"\u003e\u003c/a\u003e [oidc\\_provider\\_arn](#output\\_oidc\\_provider\\_arn) | The ARN of the OIDC Provider |\n| \u003ca name=\"output_operator_details\"\u003e\u003c/a\u003e [operator\\_details](#output\\_operator\\_details) | Details of the installed Materialize operator |\n| \u003ca name=\"output_persist_backend_url\"\u003e\u003c/a\u003e [persist\\_backend\\_url](#output\\_persist\\_backend\\_url) | S3 connection URL in the format required by Materialize using IRSA |\n| \u003ca name=\"output_private_subnet_ids\"\u003e\u003c/a\u003e [private\\_subnet\\_ids](#output\\_private\\_subnet\\_ids) | List of private subnet IDs |\n| \u003ca name=\"output_public_subnet_ids\"\u003e\u003c/a\u003e [public\\_subnet\\_ids](#output\\_public\\_subnet\\_ids) | List of public subnet IDs |\n| \u003ca name=\"output_s3_bucket_name\"\u003e\u003c/a\u003e [s3\\_bucket\\_name](#output\\_s3\\_bucket\\_name) | Name of the S3 bucket |\n| \u003ca name=\"output_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#output\\_vpc\\_id) | VPC ID |\n\n## Post-Deployment Setup\n\nAfter successfully deploying the infrastructure with this module, you'll need to:\n\n1. (Optional) Configure storage classes\n1. Install the [Materialize Operator](https://github.com/MaterializeInc/materialize/tree/main/misc/helm-charts/operator)\n1. Deploy your first Materialize environment\n\nSee our [Operator Installation Guide](docs/operator-setup.md) for instructions.\n\n## Connecting to Materialize instances\n\nBy default, Network Load Balancers are created for each Materialize instance, with three listeners:\n1. Port 6875 for SQL connections to the database.\n1. Port 6876 for HTTP(S) connections to the database.\n1. Port 8080 for HTTP(S) connections to the web console.\n\nThe DNS name and ARN for the NLBs will be in the `terraform output` as `nlb_details`.\n\n#### TLS support\n\nTLS support is provided by using `cert-manager` and a self-signed `ClusterIssuer`.\n\nMore advanced TLS support using user-provided CAs or per-Materialize `Issuer`s are out of scope for this Terraform module. Please refer to the [cert-manager documentation](https://cert-manager.io/docs/configuration/) for detailed guidance on more advanced usage.\n\n## Upgrade Notes\n\n#### v0.9.0\n\nEnvironmentd now selects swap nodes by default.\n\n#### v0.8.0\n\nYou must upgrade to at least v0.7.x before upgrading to v0.8.x of this terraform code.\n\nBreaking changes:\n* The system node group is renamed and significantly modified, forcing a recreation.\n* Both node groups are now locked to Bottlerocket AMIs and ON\\_DEMAND scheduling.\n* Openebs is removed, and with it all support for lgalloc, our legacy spill to disk mechanism.\n\n#### v0.7.0\n\nThis is an intermediate version to handle some changes that must be applied in stages.\nIt is recommended to upgrade to v0.8.x after upgrading to this version.\n\nBreaking changes:\n* Swap is enabled by default.\n* Support for lgalloc, our legacy spill to disk mechanism, is deprecated, and will be removed in the next version.\n* We now always use two node groups, one for system workloads and one for Materialize workloads.\n    * Variables for configuring these node groups have been renamed, so they may be configured separately.\n\nTo avoid downtime when upgrading to future versions, you must perform a rollout at this version.\n1. Ensure your `environmentd_version` is at least `v26.0.0`.\n2. Update your `request_rollout` (and `force_rollout` if already at the correct `environmentd_version`).\n3. Run `terraform apply`.\n\nYou must upgrade to at least v0.6.x before upgrading to v0.7.0 of this terraform code.\n\nIt is strongly recommended to have enabled swap on v0.6.x before upgrading to v0.7.0 or higher.\n\n#### v0.6.1\n\nWe now have some initial support for swap.\n\nWe recommend upgrading to at least v0.5.10 before upgrading to v0.6.x of this terraform code.\n\nTo use swap:\n1. Set `swap_enabled` to `true`.\n2. Ensure your `environmentd_version` is at least `v26.0.0`.\n3. Update your `request_rollout` (and `force_rollout` if already at the correct `environmentd_version`).\n4. Run `terraform apply`.\n\nThis will create a new node group configured for swap, and migrate your clusterd pods there.\n\n#### v0.6.0\n\nThis version is missing the updated helm chart.\nSkip this version, go to v0.6.1.\n\n#### v0.4.0\nWe now install `cert-manager` and configure a self-signed `ClusterIssuer` by default.\n\nDue to limitations in Terraform, it cannot plan Kubernetes resources using CRDs that do not exist yet. We have worked around this for new users by only generating the certificate resources when creating Materialize instances that use them, which also cannot be created on the first run.\n\nFor existing users upgrading Materialize instances not previously configured for TLS:\n1. Leave `install_cert_manager` at its default of `true`.\n2. Set `use_self_signed_cluster_issuer` to `false`.\n3. Run `terraform apply`. This will install cert-manager and its CRDs.\n4. Set `use_self_signed_cluster_issuer` back to `true` (the default).\n5. Update the `request_rollout` field of the Materialize instance.\n6. Run `terraform apply`. This will generate the certificates and configure your Materialize instance to use them.\n\n#### v0.3.0\nWe now install the AWS Load Balancer Controller and create Network Load Balancers for each Materialize instance.\n\nIf managing Materialize instances with this module, additional action may be required to upgrade to this version.\n\n###### If you want to disable NLB support\n* Set `install_aws_load_balancer_controller` to `false`.\n* Set `materialize_instances[*].create_nlb` to `false`.\n\n###### If you want to enable NLB support\n* Leave `install_aws_load_balancer_controller` set to its default of `true`.\n* Set `materialize_instances[*].create_nlb` to `false`.\n* Run `terraform apply`.\n* Set `materialize_instances[*].create_nlb` to `true`.\n* Run `terraform apply`.\n\nDue to limitations in Terraform, it cannot plan Kubernetes resources using CRDs that do not exist yet. We need to first install the AWS Load Balancer Controller in the first `terraform apply`, before defining any `TargetGroupBinding` resources which get created in the second `terraform apply`.\n\u003c!-- END_TF_DOCS --\u003e\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaterializeinc%2Fterraform-aws-materialize","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmaterializeinc%2Fterraform-aws-materialize","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaterializeinc%2Fterraform-aws-materialize/lists"}