Skip to content

Latest commit

 

History

History
123 lines (106 loc) · 14.4 KB

README.md

File metadata and controls

123 lines (106 loc) · 14.4 KB

Terraform Module for CDP Environment Permissions on AWS

This module contains resource files and example variable definition files for creation the AWS IAM permissions required for Cloudera Data Platform (CDP) Public Cloud environment and datalake deployment.

Usage

The examples directory has the following examples for AWS Cloud permission deployments:

  • ex01-minimal-inputs uses the minimum set of inputs for the module.

In each directory an example terraform.tfvars.sample values file is included to show input variable values.

Requirements

Name Version
terraform >= 1.3.0
aws ~>5.30

Providers

Name Version
aws ~>5.30

Modules

No modules.

Resources

Name Type
aws_iam_instance_profile.cdp_datalake_admin_role_instance_profile resource
aws_iam_instance_profile.cdp_idbroker_role_instance_profile resource
aws_iam_instance_profile.cdp_log_role_instance_profile resource
aws_iam_instance_profile.cdp_ranger_audit_role_instance_profile resource
aws_iam_policy.cdp_backup_bucket_data_access_policy resource
aws_iam_policy.cdp_data_bucket_data_access_policy resource
aws_iam_policy.cdp_datalake_admin_s3_data_access_policy resource
aws_iam_policy.cdp_datalake_backup_policy resource
aws_iam_policy.cdp_datalake_restore_policy resource
aws_iam_policy.cdp_idbroker_policy resource
aws_iam_policy.cdp_log_bucket_data_access_policy resource
aws_iam_policy.cdp_log_data_access_policy resource
aws_iam_policy.cdp_ranger_audit_s3_data_access_policy resource
aws_iam_role.cdp_datalake_admin_role resource
aws_iam_role.cdp_idbroker_role resource
aws_iam_role.cdp_log_role resource
aws_iam_role.cdp_ranger_audit_role resource
aws_iam_role_policy_attachment.cdp_datalake_admin_role_attach1 resource
aws_iam_role_policy_attachment.cdp_datalake_admin_role_attach2 resource
aws_iam_role_policy_attachment.cdp_datalake_admin_role_attach3 resource
aws_iam_role_policy_attachment.cdp_datalake_admin_role_attach4 resource
aws_iam_role_policy_attachment.cdp_datalake_admin_role_attach5 resource
aws_iam_role_policy_attachment.cdp_datalake_admin_role_attach6 resource
aws_iam_role_policy_attachment.cdp_idbroker_role_attach1 resource
aws_iam_role_policy_attachment.cdp_idbroker_role_attach2 resource
aws_iam_role_policy_attachment.cdp_log_role_attach1 resource
aws_iam_role_policy_attachment.cdp_log_role_attach2 resource
aws_iam_role_policy_attachment.cdp_log_role_attach3 resource
aws_iam_role_policy_attachment.cdp_ranger_audit_role_attach1 resource
aws_iam_role_policy_attachment.cdp_ranger_audit_role_attach2 resource
aws_iam_role_policy_attachment.cdp_ranger_audit_role_attach3 resource
aws_iam_role_policy_attachment.cdp_ranger_audit_role_attach4 resource
aws_iam_role_policy_attachment.cdp_ranger_audit_role_attach5 resource
aws_iam_role_policy_attachment.cdp_ranger_audit_role_attach6 resource
aws_caller_identity.current data source
aws_iam_policy_document.cdp_datalake_admin_role_policy_doc data source
aws_iam_policy_document.cdp_idbroker_role_policy_doc data source
aws_iam_policy_document.cdp_log_role_policy_doc data source
aws_iam_policy_document.cdp_ranger_audit_role_policy_doc data source

Inputs

Name Description Type Default Required
backup_bucket_access_policy_doc Contents of Backup Bucket Access Data Access Policy string n/a yes
backup_bucket_access_policy_name Backup Bucket Access Data Access Policy Name string n/a yes
backup_storage_bucket Name of the Backup storage bucket string n/a yes
data_bucket_access_policy_doc Data Bucket Access Data Access Policy string n/a yes
data_bucket_access_policy_name Data Bucket Access Data Access Policy Name string n/a yes
data_storage_bucket Name of the Data storage bucket string n/a yes
datalake_admin_role_name Datalake Admin role Name string n/a yes
datalake_admin_s3_policy_doc Contents of Datalake Admin S3 Data Access Policy string n/a yes
datalake_admin_s3_policy_name Datalake Admin S3 Data Access Policy Name string n/a yes
datalake_backup_policy_doc Contents of Datalake Backup Data Access Policy string n/a yes
datalake_backup_policy_name Datalake backup Data Access Policy Name string n/a yes
idbroker_policy_doc Contents of IDBroker Assumer Policy Document. string n/a yes
idbroker_policy_name IDBroker Policy name string n/a yes
idbroker_role_name IDBroker service role Name string n/a yes
log_bucket_access_policy_doc Contents of Log Bucket Access Data Access Policy string n/a yes
log_bucket_access_policy_name Log Bucket Access Data Access Policy Name string n/a yes
log_data_access_policy_doc Contents of Log Data Access Policy string n/a yes
log_data_access_policy_name Log Data Access Policy Name string n/a yes
log_role_name Log service role Name string n/a yes
log_storage_bucket Name of the Log storage bucket string n/a yes
ranger_audit_role_name Ranger Audit role Name string n/a yes
ranger_audit_s3_policy_doc Contents of Ranger S3 Audit Data Access Policy string n/a yes
ranger_audit_s3_policy_name Ranger S3 Audit Data Access Policy Name string n/a yes
arn_partition The string used to subsitute ARN_PARTITION placeholder in policy documents. string "aws" no
backup_location_base The bucket and path to the location used for FreeIPA and Datalake backups. Should be specified as <backup_storage_bucket>/<some_path> string null no
datalake_restore_policy_doc Contents of Datalake Restore Data Access Policy string null no
datalake_restore_policy_name Datalake restore Data Access Policy Name string null no
log_location_base The bucket and path to the location for log storage. Should be specified as <log_storage_bucket>/<some_path> string null no
process_policy_placeholders Flag to enable replacement of the standard placeholders in the AWS CDP Policy documents bool true no
storage_location_base The bucket and path to the Data Lake storage directory. Should be specified as <data_storage_bucket>/<some_path> string null no
tags Tags applied to provised resources map(any) null no

Outputs

Name Description
aws_datalake_admin_role_arn Datalake Admin role ARN
aws_datalake_admin_role_name Datalake Admin role Name
aws_idbroker_instance_profile_arn IDBroker instance profile ARN
aws_idbroker_role_name IDBroker role Name
aws_log_instance_profile_arn Log instance profile ARN
aws_log_role_name Log role Name
aws_ranger_audit_role_arn Ranger Audit role ARN
aws_ranger_audit_role_name Ranger Audit role Name