{"id":22472985,"url":"https://github.com/truefoundry/terraform-aws-truefoundry-control-plane","last_synced_at":"2026-03-19T23:00:46.481Z","repository":{"id":178951517,"uuid":"662596860","full_name":"truefoundry/terraform-aws-truefoundry-control-plane","owner":"truefoundry","description":"Truefoundry AWS Control Plane Module","archived":false,"fork":false,"pushed_at":"2026-01-28T16:55:01.000Z","size":156,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-13T08:05:07.701Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/truefoundry.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-07-05T13:24:11.000Z","updated_at":"2026-01-28T17:04:11.000Z","dependencies_parsed_at":"2023-07-24T20:31:21.075Z","dependency_job_id":"7afd515f-388b-40f9-8ad7-7df6fa0cbd7e","html_url":"https://github.com/truefoundry/terraform-aws-truefoundry-control-plane","commit_stats":null,"previous_names":["truefoundry/terraform-aws-truefoundry-control-plane"],"tags_count":39,"template":false,"template_full_name":null,"purl":"pkg:github/truefoundry/terraform-aws-truefoundry-control-plane","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/truefoundry%2Fterraform-aws-truefoundry-control-plane","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/truefoundry%2Fterraform-aws-truefoundry-control-plane/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/truefoundry%2Fterraform-aws-truefoundry-control-plane/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/truefoundry%2Fterraform-aws-truefoundry-control-plane/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/truefoundry","download_url":"https://codeload.github.com/truefoundry/terraform-aws-truefoundry-control-plane/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/truefoundry%2Fterraform-aws-truefoundry-control-plane/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30052286,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-03T15:26:47.567Z","status":"ssl_error","status_checked_at":"2026-03-03T15:26:17.132Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-06T12:18:19.258Z","updated_at":"2026-03-19T23:00:46.451Z","avatar_url":"https://github.com/truefoundry.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# terraform-aws-truefoundry-control-plane\nTruefoundry AWS Control Plane Module\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | ~\u003e 1.9 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | ~\u003e 6.33 |\n| \u003ca name=\"requirement_random\"\u003e\u003c/a\u003e [random](#requirement\\_random) | ~\u003e 3.6 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | ~\u003e 6.33 |\n| \u003ca name=\"provider_random\"\u003e\u003c/a\u003e [random](#provider\\_random) | ~\u003e 3.6 |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_truefoundry_bucket\"\u003e\u003c/a\u003e [truefoundry\\_bucket](#module\\_truefoundry\\_bucket) | terraform-aws-modules/s3-bucket/aws | 5.10.0 |\n| \u003ca name=\"module_truefoundry_oidc_iam\"\u003e\u003c/a\u003e [truefoundry\\_oidc\\_iam](#module\\_truefoundry\\_oidc\\_iam) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | 5.39.1 |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_db_instance.truefoundry_db](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | resource |\n| [aws_db_parameter_group.truefoundry_db_parameter_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_parameter_group) | resource |\n| [aws_db_subnet_group.rds](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | resource |\n| [aws_iam_policy.svcfoundry_access_to_ecr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_policy.svcfoundry_access_to_eks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_policy.svcfoundry_access_to_multitenant_ssm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_policy.truefoundry_assume_role_all](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_policy.truefoundry_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_policy.truefoundry_db_iam_auth_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_role.truefoundry_db_monitoring_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role_policy_attachment.truefoundry_db_monitoring_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_kms_alias.truefoundry_db_master_user_secret_kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |\n| [aws_kms_key.truefoundry_db_master_user_secret_kms_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |\n| [aws_secretsmanager_secret_rotation.turefoundry_db_secret_rotation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_rotation) | resource |\n| [aws_security_group.rds](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |\n| [aws_security_group.rds-public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |\n| [random_password.truefoundry_db_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |\n| [aws_iam_policy_document.svcfoundry_access_to_ecr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.svcfoundry_access_to_eks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.svcfoundry_access_to_multitenant_ssm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.truefoundry_assume_role_all](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.truefoundry_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.truefoundry_db_iam_auth_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.truefoundry_db_master_user_secret_kms_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.truefoundry_db_monitoring_role_trust_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_aws_account_id\"\u003e\u003c/a\u003e [aws\\_account\\_id](#input\\_aws\\_account\\_id) | AWS Account ID | `string` | n/a | yes |\n| \u003ca name=\"input_aws_region\"\u003e\u003c/a\u003e [aws\\_region](#input\\_aws\\_region) | EKS Cluster region | `string` | n/a | yes |\n| \u003ca name=\"input_blob_storage_extra_tags\"\u003e\u003c/a\u003e [blob\\_storage\\_extra\\_tags](#input\\_blob\\_storage\\_extra\\_tags) | Extra tags for the s3 bucket | `map(string)` | `{}` | no |\n| \u003ca name=\"input_cluster_name\"\u003e\u003c/a\u003e [cluster\\_name](#input\\_cluster\\_name) | Cluster name | `string` | n/a | yes |\n| \u003ca name=\"input_cluster_oidc_issuer_url\"\u003e\u003c/a\u003e [cluster\\_oidc\\_issuer\\_url](#input\\_cluster\\_oidc\\_issuer\\_url) | The oidc url of the eks cluster | `string` | n/a | yes |\n| \u003ca name=\"input_disable_default_tags\"\u003e\u003c/a\u003e [disable\\_default\\_tags](#input\\_disable\\_default\\_tags) | Disable default tags for the resources created | `bool` | `false` | no |\n| \u003ca name=\"input_iam_database_authentication_enabled\"\u003e\u003c/a\u003e [iam\\_database\\_authentication\\_enabled](#input\\_iam\\_database\\_authentication\\_enabled) | Enable IAM database authentication | `bool` | `false` | no |\n| \u003ca name=\"input_manage_master_user_password\"\u003e\u003c/a\u003e [manage\\_master\\_user\\_password](#input\\_manage\\_master\\_user\\_password) | Enable master user password management. If set to true master user management is done by RDS in secrets manager, if false a random password is generated | `bool` | `false` | no |\n| \u003ca name=\"input_manage_master_user_password_rotation\"\u003e\u003c/a\u003e [manage\\_master\\_user\\_password\\_rotation](#input\\_manage\\_master\\_user\\_password\\_rotation) | Enable master user password rotation | `bool` | `false` | no |\n| \u003ca name=\"input_master_user_password_rotate_immediately\"\u003e\u003c/a\u003e [master\\_user\\_password\\_rotate\\_immediately](#input\\_master\\_user\\_password\\_rotate\\_immediately) | Rotate master user password immediately | `bool` | `false` | no |\n| \u003ca name=\"input_master_user_password_rotation_automatically_after_days\"\u003e\u003c/a\u003e [master\\_user\\_password\\_rotation\\_automatically\\_after\\_days](#input\\_master\\_user\\_password\\_rotation\\_automatically\\_after\\_days) | Rotate master user password automatically after days | `number` | `90` | no |\n| \u003ca name=\"input_master_user_password_rotation_duration\"\u003e\u003c/a\u003e [master\\_user\\_password\\_rotation\\_duration](#input\\_master\\_user\\_password\\_rotation\\_duration) | Master user password rotation duration | `string` | `\"3h\"` | no |\n| \u003ca name=\"input_mlfoundry_k8s_namespace\"\u003e\u003c/a\u003e [mlfoundry\\_k8s\\_namespace](#input\\_mlfoundry\\_k8s\\_namespace) | The k8s mlfoundry namespace | `string` | `\"truefoundry\"` | no |\n| \u003ca name=\"input_mlfoundry_k8s_service_account\"\u003e\u003c/a\u003e [mlfoundry\\_k8s\\_service\\_account](#input\\_mlfoundry\\_k8s\\_service\\_account) | The k8s mlfoundry service account name | `string` | `\"mlfoundry-server\"` | no |\n| \u003ca name=\"input_svcfoundry_k8s_namespace\"\u003e\u003c/a\u003e [svcfoundry\\_k8s\\_namespace](#input\\_svcfoundry\\_k8s\\_namespace) | The k8s svcfoundry namespace | `string` | `\"truefoundry\"` | no |\n| \u003ca name=\"input_svcfoundry_k8s_service_account\"\u003e\u003c/a\u003e [svcfoundry\\_k8s\\_service\\_account](#input\\_svcfoundry\\_k8s\\_service\\_account) | The k8s svcfoundry service account name | `string` | `\"servicefoundry-server\"` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | AWS Tags common to all the resources created | `map(string)` | `{}` | no |\n| \u003ca name=\"input_tfy_llm_gateway_k8s_namespace\"\u003e\u003c/a\u003e [tfy\\_llm\\_gateway\\_k8s\\_namespace](#input\\_tfy\\_llm\\_gateway\\_k8s\\_namespace) | Truefoundry k8s llm-gateway service account name | `string` | `\"truefoundry\"` | no |\n| \u003ca name=\"input_tfy_llm_gateway_k8s_service_account\"\u003e\u003c/a\u003e [tfy\\_llm\\_gateway\\_k8s\\_service\\_account](#input\\_tfy\\_llm\\_gateway\\_k8s\\_service\\_account) | Truefoundry k8s namespace | `string` | `\"tfy-llm-gateway\"` | no |\n| \u003ca name=\"input_tfy_workflow_admin_k8s_namespace\"\u003e\u003c/a\u003e [tfy\\_workflow\\_admin\\_k8s\\_namespace](#input\\_tfy\\_workflow\\_admin\\_k8s\\_namespace) | The k8s tfy workflow admin namespace | `string` | `\"truefoundry\"` | no |\n| \u003ca name=\"input_tfy_workflow_admin_k8s_service_account\"\u003e\u003c/a\u003e [tfy\\_workflow\\_admin\\_k8s\\_service\\_account](#input\\_tfy\\_workflow\\_admin\\_k8s\\_service\\_account) | The k8s tfy workflow admin service account name | `string` | `\"tfy-workflow-admin\"` | no |\n| \u003ca name=\"input_truefoundry_artifact_buckets_will_read\"\u003e\u003c/a\u003e [truefoundry\\_artifact\\_buckets\\_will\\_read](#input\\_truefoundry\\_artifact\\_buckets\\_will\\_read) | A list of bucket IDs mlfoundry will need read access to, in order to show the stored artifacts. It accepts any valid IAM resource, including ARNs with wildcards, so you can do something like arn:aws:s3:::bucket-prefix-* | `list(string)` | `[]` | no |\n| \u003ca name=\"input_truefoundry_cloudwatch_log_exports\"\u003e\u003c/a\u003e [truefoundry\\_cloudwatch\\_log\\_exports](#input\\_truefoundry\\_cloudwatch\\_log\\_exports) | Set of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported | `list(string)` | \u003cpre\u003e[\u003cbr/\u003e  \"postgresql\",\u003cbr/\u003e  \"upgrade\"\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_truefoundry_db_additional_security_group_ids\"\u003e\u003c/a\u003e [truefoundry\\_db\\_additional\\_security\\_group\\_ids](#input\\_truefoundry\\_db\\_additional\\_security\\_group\\_ids) | Additional security group IDs to add to the database | `list(string)` | `[]` | no |\n| \u003ca name=\"input_truefoundry_db_allocated_storage\"\u003e\u003c/a\u003e [truefoundry\\_db\\_allocated\\_storage](#input\\_truefoundry\\_db\\_allocated\\_storage) | Storage for RDS. Minimum storage allowed for gp3 volumes is 20GB | `string` | `\"20\"` | no |\n| \u003ca name=\"input_truefoundry_db_allow_major_version_upgrade\"\u003e\u003c/a\u003e [truefoundry\\_db\\_allow\\_major\\_version\\_upgrade](#input\\_truefoundry\\_db\\_allow\\_major\\_version\\_upgrade) | Allow major version upgrade. This should be set to true if you want to upgrade the db version | `bool` | `false` | no |\n| \u003ca name=\"input_truefoundry_db_backup_retention_period\"\u003e\u003c/a\u003e [truefoundry\\_db\\_backup\\_retention\\_period](#input\\_truefoundry\\_db\\_backup\\_retention\\_period) | Backup retention period for RDS | `number` | `14` | no |\n| \u003ca name=\"input_truefoundry_db_database_name\"\u003e\u003c/a\u003e [truefoundry\\_db\\_database\\_name](#input\\_truefoundry\\_db\\_database\\_name) | Name of the database in DB | `string` | `\"ctl\"` | no |\n| \u003ca name=\"input_truefoundry_db_deletion_protection\"\u003e\u003c/a\u003e [truefoundry\\_db\\_deletion\\_protection](#input\\_truefoundry\\_db\\_deletion\\_protection) | n/a | `bool` | `true` | no |\n| \u003ca name=\"input_truefoundry_db_enable_insights\"\u003e\u003c/a\u003e [truefoundry\\_db\\_enable\\_insights](#input\\_truefoundry\\_db\\_enable\\_insights) | Enable insights to truefoundry db | `bool` | `false` | no |\n| \u003ca name=\"input_truefoundry_db_enable_monitoring\"\u003e\u003c/a\u003e [truefoundry\\_db\\_enable\\_monitoring](#input\\_truefoundry\\_db\\_enable\\_monitoring) | Enable enhanced monitoring for the RDS DB instance.\u003cbr/\u003e\u003cbr/\u003e  This will create an IAM role and attach the necessary policies to the DB instance. If you want to use an existing IAM role, set `truefoundry_db_monitoring_role_arn`\u003cbr/\u003e\u003cbr/\u003e  Default collection interval is 5 seconds. Override with `truefoundry_db_monitoring_interval`.\u003cbr/\u003e\u003cbr/\u003e  https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.Enabling.html | `bool` | `false` | no |\n| \u003ca name=\"input_truefoundry_db_enable_override\"\u003e\u003c/a\u003e [truefoundry\\_db\\_enable\\_override](#input\\_truefoundry\\_db\\_enable\\_override) | Enable override for truefoundry db name. You must pass truefoundry\\_db\\_override\\_name | `bool` | `false` | no |\n| \u003ca name=\"input_truefoundry_db_enabled\"\u003e\u003c/a\u003e [truefoundry\\_db\\_enabled](#input\\_truefoundry\\_db\\_enabled) | variable to enable/disable truefoundry db creation | `bool` | `true` | no |\n| \u003ca name=\"input_truefoundry_db_engine_version\"\u003e\u003c/a\u003e [truefoundry\\_db\\_engine\\_version](#input\\_truefoundry\\_db\\_engine\\_version) | Truefoundry DB Postgres version | `string` | `\"17.5\"` | no |\n| \u003ca name=\"input_truefoundry_db_ingress_cidr_blocks\"\u003e\u003c/a\u003e [truefoundry\\_db\\_ingress\\_cidr\\_blocks](#input\\_truefoundry\\_db\\_ingress\\_cidr\\_blocks) | CIDR blocks allowed to connect to the database | `list(string)` | `[]` | no |\n| \u003ca name=\"input_truefoundry_db_ingress_security_group\"\u003e\u003c/a\u003e [truefoundry\\_db\\_ingress\\_security\\_group](#input\\_truefoundry\\_db\\_ingress\\_security\\_group) | SG allowed to connect to the database | `string` | `\"\"` | no |\n| \u003ca name=\"input_truefoundry_db_instance_class\"\u003e\u003c/a\u003e [truefoundry\\_db\\_instance\\_class](#input\\_truefoundry\\_db\\_instance\\_class) | Instance class for RDS | `string` | `\"db.t3.medium\"` | no |\n| \u003ca name=\"input_truefoundry_db_max_allocated_storage\"\u003e\u003c/a\u003e [truefoundry\\_db\\_max\\_allocated\\_storage](#input\\_truefoundry\\_db\\_max\\_allocated\\_storage) | Max allowed storage for RDS when autoscaling is enabled | `string` | `\"30\"` | no |\n| \u003ca name=\"input_truefoundry_db_monitoring_interval\"\u003e\u003c/a\u003e [truefoundry\\_db\\_monitoring\\_interval](#input\\_truefoundry\\_db\\_monitoring\\_interval) | The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance | `number` | `5` | no |\n| \u003ca name=\"input_truefoundry_db_monitoring_role_arn\"\u003e\u003c/a\u003e [truefoundry\\_db\\_monitoring\\_role\\_arn](#input\\_truefoundry\\_db\\_monitoring\\_role\\_arn) | Existing IAM role ARN for DB monitoring.\u003cbr/\u003e\u003cbr/\u003e  https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.Enabling.html#USER_Monitoring.OS.Enabling.Prerequisites | `string` | `\"\"` | no |\n| \u003ca name=\"input_truefoundry_db_multiple_az\"\u003e\u003c/a\u003e [truefoundry\\_db\\_multiple\\_az](#input\\_truefoundry\\_db\\_multiple\\_az) | Enable Multi-az (standby) instances for RDS instances | `bool` | `false` | no |\n| \u003ca name=\"input_truefoundry_db_override_name\"\u003e\u003c/a\u003e [truefoundry\\_db\\_override\\_name](#input\\_truefoundry\\_db\\_override\\_name) | Override name for truefoundry db.This is the name of the RDS resources in AWS . truefoundry\\_db\\_enable\\_override must be set true | `string` | `\"\"` | no |\n| \u003ca name=\"input_truefoundry_db_override_special_characters\"\u003e\u003c/a\u003e [truefoundry\\_db\\_override\\_special\\_characters](#input\\_truefoundry\\_db\\_override\\_special\\_characters) | Override special characters for the database name | `string` | `\"#%\u0026*()-_=+[]{}\u003c\u003e:\"` | no |\n| \u003ca name=\"input_truefoundry_db_postgres_parameter_group_enabled\"\u003e\u003c/a\u003e [truefoundry\\_db\\_postgres\\_parameter\\_group\\_enabled](#input\\_truefoundry\\_db\\_postgres\\_parameter\\_group\\_enabled) | Enable/disable postgres parameter group creation. If set to true, a new postgres parameter group will be created | `bool` | `true` | no |\n| \u003ca name=\"input_truefoundry_db_postgres_parameter_group_override_enabled\"\u003e\u003c/a\u003e [truefoundry\\_db\\_postgres\\_parameter\\_group\\_override\\_enabled](#input\\_truefoundry\\_db\\_postgres\\_parameter\\_group\\_override\\_enabled) | Enable override for postgres parameter group. You must pass truefoundry\\_db\\_postgres\\_parameter\\_group\\_override\\_name | `bool` | `false` | no |\n| \u003ca name=\"input_truefoundry_db_postgres_parameter_group_override_name\"\u003e\u003c/a\u003e [truefoundry\\_db\\_postgres\\_parameter\\_group\\_override\\_name](#input\\_truefoundry\\_db\\_postgres\\_parameter\\_group\\_override\\_name) | Override name for postgres parameter group. truefoundry\\_db\\_postgres\\_parameter\\_group\\_override\\_enabled must be set true | `string` | `\"\"` | no |\n| \u003ca name=\"input_truefoundry_db_publicly_accessible\"\u003e\u003c/a\u003e [truefoundry\\_db\\_publicly\\_accessible](#input\\_truefoundry\\_db\\_publicly\\_accessible) | Make database publicly accessible. Subnets and SG must match | `string` | `false` | no |\n| \u003ca name=\"input_truefoundry_db_skip_final_snapshot\"\u003e\u003c/a\u003e [truefoundry\\_db\\_skip\\_final\\_snapshot](#input\\_truefoundry\\_db\\_skip\\_final\\_snapshot) | n/a | `bool` | `false` | no |\n| \u003ca name=\"input_truefoundry_db_storage_encrypted\"\u003e\u003c/a\u003e [truefoundry\\_db\\_storage\\_encrypted](#input\\_truefoundry\\_db\\_storage\\_encrypted) | n/a | `bool` | `true` | no |\n| \u003ca name=\"input_truefoundry_db_storage_iops\"\u003e\u003c/a\u003e [truefoundry\\_db\\_storage\\_iops](#input\\_truefoundry\\_db\\_storage\\_iops) | Provisioned IOPS for the db | `number` | `0` | no |\n| \u003ca name=\"input_truefoundry_db_storage_type\"\u003e\u003c/a\u003e [truefoundry\\_db\\_storage\\_type](#input\\_truefoundry\\_db\\_storage\\_type) | Storage type for truefoundry db | `string` | `\"gp3\"` | no |\n| \u003ca name=\"input_truefoundry_db_subnet_ids\"\u003e\u003c/a\u003e [truefoundry\\_db\\_subnet\\_ids](#input\\_truefoundry\\_db\\_subnet\\_ids) | List of subnets where the RDS database will be deployed | `list(string)` | `[]` | no |\n| \u003ca name=\"input_truefoundry_iam_role_additional_oidc_subjects\"\u003e\u003c/a\u003e [truefoundry\\_iam\\_role\\_additional\\_oidc\\_subjects](#input\\_truefoundry\\_iam\\_role\\_additional\\_oidc\\_subjects) | List of fully qualifies oidc subjects that can assume the truefoundry IAM role | `list(string)` | `[]` | no |\n| \u003ca name=\"input_truefoundry_iam_role_additional_policies_arn\"\u003e\u003c/a\u003e [truefoundry\\_iam\\_role\\_additional\\_policies\\_arn](#input\\_truefoundry\\_iam\\_role\\_additional\\_policies\\_arn) | List of ARN of policies that you want to attach to the | `list(string)` | `[]` | no |\n| \u003ca name=\"input_truefoundry_iam_role_enable_override\"\u003e\u003c/a\u003e [truefoundry\\_iam\\_role\\_enable\\_override](#input\\_truefoundry\\_iam\\_role\\_enable\\_override) | Enable overriding the truefoundry IAM role name. You need to pass truefoundry\\_iam\\_role\\_override\\_name to pass the role name | `bool` | `false` | no |\n| \u003ca name=\"input_truefoundry_iam_role_enabled\"\u003e\u003c/a\u003e [truefoundry\\_iam\\_role\\_enabled](#input\\_truefoundry\\_iam\\_role\\_enabled) | variable to enable/disable truefoundry iam role creation | `bool` | `true` | no |\n| \u003ca name=\"input_truefoundry_iam_role_override_name\"\u003e\u003c/a\u003e [truefoundry\\_iam\\_role\\_override\\_name](#input\\_truefoundry\\_iam\\_role\\_override\\_name) | Truefoundry IAM role name | `string` | `\"\"` | no |\n| \u003ca name=\"input_truefoundry_iam_role_permission_boundary_arn\"\u003e\u003c/a\u003e [truefoundry\\_iam\\_role\\_permission\\_boundary\\_arn](#input\\_truefoundry\\_iam\\_role\\_permission\\_boundary\\_arn) | ARN of the permission boundary to attach to the truefoundry IAM role | `string` | `null` | no |\n| \u003ca name=\"input_truefoundry_iam_role_policy_prefix_override_enabled\"\u003e\u003c/a\u003e [truefoundry\\_iam\\_role\\_policy\\_prefix\\_override\\_enabled](#input\\_truefoundry\\_iam\\_role\\_policy\\_prefix\\_override\\_enabled) | Enable overriding the truefoundry IAM role policy prefix. You need to pass truefoundry\\_iam\\_role\\_policy\\_prefix\\_override\\_name to pass the policy prefix | `bool` | `false` | no |\n| \u003ca name=\"input_truefoundry_iam_role_policy_prefix_override_name\"\u003e\u003c/a\u003e [truefoundry\\_iam\\_role\\_policy\\_prefix\\_override\\_name](#input\\_truefoundry\\_iam\\_role\\_policy\\_prefix\\_override\\_name) | Truefoundry IAM role policy prefix. This is the prefix for the policies that will be attached to the truefoundry IAM role | `string` | `\"\"` | no |\n| \u003ca name=\"input_truefoundry_k8s_namespace\"\u003e\u003c/a\u003e [truefoundry\\_k8s\\_namespace](#input\\_truefoundry\\_k8s\\_namespace) | Truefoundry k8s namespace | `string` | `\"truefoundry\"` | no |\n| \u003ca name=\"input_truefoundry_s3_attach_deny_insecure_transport_policy\"\u003e\u003c/a\u003e [truefoundry\\_s3\\_attach\\_deny\\_insecure\\_transport\\_policy](#input\\_truefoundry\\_s3\\_attach\\_deny\\_insecure\\_transport\\_policy) | Attach deny insecure transport policy for mlfoundry s3 bucket | `bool` | `true` | no |\n| \u003ca name=\"input_truefoundry_s3_attach_policy\"\u003e\u003c/a\u003e [truefoundry\\_s3\\_attach\\_policy](#input\\_truefoundry\\_s3\\_attach\\_policy) | Attach policy for mlfoundry s3 bucket | `bool` | `true` | no |\n| \u003ca name=\"input_truefoundry_s3_attach_public_policy\"\u003e\u003c/a\u003e [truefoundry\\_s3\\_attach\\_public\\_policy](#input\\_truefoundry\\_s3\\_attach\\_public\\_policy) | Attach public policy for mlfoundry s3 bucket | `bool` | `true` | no |\n| \u003ca name=\"input_truefoundry_s3_attach_require_latest_tls_policy\"\u003e\u003c/a\u003e [truefoundry\\_s3\\_attach\\_require\\_latest\\_tls\\_policy](#input\\_truefoundry\\_s3\\_attach\\_require\\_latest\\_tls\\_policy) | Attach require latest TLS policy for mlfoundry s3 bucket | `bool` | `true` | no |\n| \u003ca name=\"input_truefoundry_s3_block_public_acls\"\u003e\u003c/a\u003e [truefoundry\\_s3\\_block\\_public\\_acls](#input\\_truefoundry\\_s3\\_block\\_public\\_acls) | Block public ACLs for mlfoundry s3 bucket | `bool` | `true` | no |\n| \u003ca name=\"input_truefoundry_s3_block_public_policy\"\u003e\u003c/a\u003e [truefoundry\\_s3\\_block\\_public\\_policy](#input\\_truefoundry\\_s3\\_block\\_public\\_policy) | Block public policy for mlfoundry s3 bucket | `bool` | `true` | no |\n| \u003ca name=\"input_truefoundry_s3_cors_origins\"\u003e\u003c/a\u003e [truefoundry\\_s3\\_cors\\_origins](#input\\_truefoundry\\_s3\\_cors\\_origins) | List of CORS origins for Mlfoundry bucket | `list(string)` | \u003cpre\u003e[\u003cbr/\u003e  \"*\"\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_truefoundry_s3_enable_override\"\u003e\u003c/a\u003e [truefoundry\\_s3\\_enable\\_override](#input\\_truefoundry\\_s3\\_enable\\_override) | Enable override for s3 bucket name. You must pass truefoundry\\_s3\\_override\\_name | `bool` | `false` | no |\n| \u003ca name=\"input_truefoundry_s3_enabled\"\u003e\u003c/a\u003e [truefoundry\\_s3\\_enabled](#input\\_truefoundry\\_s3\\_enabled) | variable to enable/disable truefoundry s3 bucket creation | `bool` | `true` | no |\n| \u003ca name=\"input_truefoundry_s3_encryption_algorithm\"\u003e\u003c/a\u003e [truefoundry\\_s3\\_encryption\\_algorithm](#input\\_truefoundry\\_s3\\_encryption\\_algorithm) | Algorithm used for encrypting the default bucket. | `string` | `\"AES256\"` | no |\n| \u003ca name=\"input_truefoundry_s3_encryption_key_arn\"\u003e\u003c/a\u003e [truefoundry\\_s3\\_encryption\\_key\\_arn](#input\\_truefoundry\\_s3\\_encryption\\_key\\_arn) | ARN of the key used to encrypt the bucket. Only needed if you set aws:kms as encryption algorithm. | `string` | `null` | no |\n| \u003ca name=\"input_truefoundry_s3_force_destroy\"\u003e\u003c/a\u003e [truefoundry\\_s3\\_force\\_destroy](#input\\_truefoundry\\_s3\\_force\\_destroy) | Force destroy for mlfoundry s3 bucket | `bool` | `false` | no |\n| \u003ca name=\"input_truefoundry_s3_ignore_public_acls\"\u003e\u003c/a\u003e [truefoundry\\_s3\\_ignore\\_public\\_acls](#input\\_truefoundry\\_s3\\_ignore\\_public\\_acls) | Ignore public ACLs for mlfoundry s3 bucket | `bool` | `true` | no |\n| \u003ca name=\"input_truefoundry_s3_override_name\"\u003e\u003c/a\u003e [truefoundry\\_s3\\_override\\_name](#input\\_truefoundry\\_s3\\_override\\_name) | Override name for s3 bucket. truefoundry\\_s3\\_enable\\_override must be set true | `string` | `\"\"` | no |\n| \u003ca name=\"input_truefoundry_s3_restrict_public_buckets\"\u003e\u003c/a\u003e [truefoundry\\_s3\\_restrict\\_public\\_buckets](#input\\_truefoundry\\_s3\\_restrict\\_public\\_buckets) | Restrict public buckets for mlfoundry s3 bucket | `bool` | `true` | no |\n| \u003ca name=\"input_truefoundry_service_account\"\u003e\u003c/a\u003e [truefoundry\\_service\\_account](#input\\_truefoundry\\_service\\_account) | Truefoundry k8s service account name | `string` | `\"truefoundry\"` | no |\n| \u003ca name=\"input_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#input\\_vpc\\_id) | AWS VPC to deploy Truefoundry rds | `string` | n/a | yes |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_truefoundry_bucket_id\"\u003e\u003c/a\u003e [truefoundry\\_bucket\\_id](#output\\_truefoundry\\_bucket\\_id) | n/a |\n| \u003ca name=\"output_truefoundry_db_address\"\u003e\u003c/a\u003e [truefoundry\\_db\\_address](#output\\_truefoundry\\_db\\_address) | n/a |\n| \u003ca name=\"output_truefoundry_db_database_name\"\u003e\u003c/a\u003e [truefoundry\\_db\\_database\\_name](#output\\_truefoundry\\_db\\_database\\_name) | n/a |\n| \u003ca name=\"output_truefoundry_db_endpoint\"\u003e\u003c/a\u003e [truefoundry\\_db\\_endpoint](#output\\_truefoundry\\_db\\_endpoint) | n/a |\n| \u003ca name=\"output_truefoundry_db_engine\"\u003e\u003c/a\u003e [truefoundry\\_db\\_engine](#output\\_truefoundry\\_db\\_engine) | n/a |\n| \u003ca name=\"output_truefoundry_db_id\"\u003e\u003c/a\u003e [truefoundry\\_db\\_id](#output\\_truefoundry\\_db\\_id) | n/a |\n| \u003ca name=\"output_truefoundry_db_password\"\u003e\u003c/a\u003e [truefoundry\\_db\\_password](#output\\_truefoundry\\_db\\_password) | n/a |\n| \u003ca name=\"output_truefoundry_db_port\"\u003e\u003c/a\u003e [truefoundry\\_db\\_port](#output\\_truefoundry\\_db\\_port) | n/a |\n| \u003ca name=\"output_truefoundry_db_username\"\u003e\u003c/a\u003e [truefoundry\\_db\\_username](#output\\_truefoundry\\_db\\_username) | n/a |\n| \u003ca name=\"output_truefoundry_iam_role_arn\"\u003e\u003c/a\u003e [truefoundry\\_iam\\_role\\_arn](#output\\_truefoundry\\_iam\\_role\\_arn) | n/a |\n\u003c!-- END_TF_DOCS --\u003e","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftruefoundry%2Fterraform-aws-truefoundry-control-plane","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftruefoundry%2Fterraform-aws-truefoundry-control-plane","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftruefoundry%2Fterraform-aws-truefoundry-control-plane/lists"}