diff --git a/.config/.terraform-docs.yml b/.config/.terraform-docs.yml index 6e9f5513..8d881767 100644 --- a/.config/.terraform-docs.yml +++ b/.config/.terraform-docs.yml @@ -1,12 +1,7 @@ formatter: markdown table -sections: - show: - - header - - inputs - - providers - - modules - - resources - - footer +sort: + enabled: true + by: required output: file: README.md mode: inject @@ -14,12 +9,3 @@ output: {{ .Content }} -sort: - enabled: true - by: required -settings: - indent: 4 - escape: false - default: false - required: false - type: true diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index 252570a6..b6fbca9c 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -68,7 +68,7 @@ jobs: { echo "#!/usr/bin/bash" - echo "docker run --rm quay.io/terraform-docs/terraform-docs:0.20.0 \"\$@\"" + echo "docker run --rm -v \$GITHUB_WORKSPACE:\$GITHUB_WORKSPACE -w \$GITHUB_WORKSPACE quay.io/terraform-docs/terraform-docs:0.20.0 \"\$@\"" } >> $RUNNER_TEMP/docker-aliases/terraform-docs chmod +x $RUNNER_TEMP/docker-aliases/terraform-docs diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index a03a7ead..1f356264 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -17,14 +17,25 @@ repos: rev: "3.2.457" hooks: - id: checkov - args: ["--config-file", ".config/.checkov.yml"] + args: ["--config-file", ".config/.checkov.yml", "--quiet"] + env: + LOG_LEVEL: ERROR - repo: https://github.com/antonbabenko/pre-commit-terraform rev: "v1.99.5" hooks: - id: terraform_docs args: - - --hook-config=--add-to-existing-file=true - - --hook-config=--create-file-if-not-exist=false + # Uses antonbabenko/pre-commit-terraform (supports monorepo with multiple modules) + # --hook-config: antonbabenko wrapper settings for file handling + - --hook-config=--add-to-existing-file=true # Update existing README.md files (requires BOTH and markers) + - --hook-config=--create-file-if-not-exist=false # Don't create new README.md files + # --args: terraform-docs binary arguments + - --args=--config=.config/.terraform-docs.yml # Use our terraform-docs config file + - --args=--lockfile=false # Ignore .terraform.lock.hcl, use versions.tf instead (fixes version mismatches) - id: terraform_validate + args: + - --tf-init-args=-upgrade # Always upgrade to match versions.tf (source of truth) + - --hook-config=--retry-once-with-cleanup=true # If validation fails, delete corrupted .terraform dirs and retry + - --args=-no-color # Cleaner output - id: terraform_fmt - id: terraform_tflint diff --git a/modules/jenkins/README.md b/modules/jenkins/README.md index e4e1a02f..13c8bb5d 100644 --- a/modules/jenkins/README.md +++ b/modules/jenkins/README.md @@ -96,10 +96,13 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [build\_farm\_subnets](#input\_build\_farm\_subnets) | The subnets to deploy the build farms into. | `list(string)` | n/a | yes | +| [jenkins\_alb\_subnets](#input\_jenkins\_alb\_subnets) | A list of subnet ids to deploy the Jenkins load balancer into. Public subnets are recommended. | `list(string)` | n/a | yes | +| [jenkins\_service\_subnets](#input\_jenkins\_service\_subnets) | A list of subnets to deploy the Jenkins service into. Private subnets are recommended. | `list(string)` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | The ID of the existing VPC you would like to deploy the Jenkins service and build farms into. | `string` | n/a | yes | | [artifact\_buckets](#input\_artifact\_buckets) | List of Amazon S3 buckets you wish to create to store build farm artifacts. | 
map(
    object({
      name                 = string
      enable_force_destroy = optional(bool, true)
      enable_versioning    = optional(bool, true)
      tags                 = optional(map(string), {})
    })
  )
| `null` | no | | [build\_farm\_compute](#input\_build\_farm\_compute) | Each object in this map corresponds to an ASG used by Jenkins as build agents. | 
map(object(
    {
      ami = string
      #TODO: Support mixed instances / spot with custom policies
      instance_type     = string
      ebs_optimized     = optional(bool, true)
      enable_monitoring = optional(bool, true)
    }
  ))
| `{}` | no | | [build\_farm\_fsx\_openzfs\_storage](#input\_build\_farm\_fsx\_openzfs\_storage) | Each object in this map corresponds to an FSx OpenZFS file system used by the Jenkins build agents. | 
map(object(
    {
      storage_capacity    = number
      throughput_capacity = number
      storage_type        = optional(string, "SSD") # "SSD", "HDD"
      deployment_type     = optional(string, "SINGLE_AZ_1")
      route_table_ids     = optional(list(string), null)
      tags                = optional(map(string), null)
    }
  ))
| `{}` | no | -| [build\_farm\_subnets](#input\_build\_farm\_subnets) | The subnets to deploy the build farms into. | `list(string)` | n/a | yes | | [certificate\_arn](#input\_certificate\_arn) | The TLS certificate ARN for the Jenkins service load balancer. | `string` | `null` | no | | [cluster\_name](#input\_cluster\_name) | The ARN of the cluster to deploy the Jenkins service into. Defaults to null and a cluster will be created. | `string` | `null` | no | | [container\_cpu](#input\_container\_cpu) | The CPU allotment for the Jenkins container. | `number` | `1024` | no | @@ -122,16 +125,13 @@ No modules. | [jenkins\_agent\_secret\_arns](#input\_jenkins\_agent\_secret\_arns) | A list of secretmanager ARNs (wildcards allowed) that contain any secrets which need to be accessed by the Jenkins service. | `list(string)` | `null` | no | | [jenkins\_alb\_access\_logs\_bucket](#input\_jenkins\_alb\_access\_logs\_bucket) | ID of the S3 bucket for Jenkins ALB access log storage. If access logging is enabled and this is null the module creates a bucket. | `string` | `null` | no | | [jenkins\_alb\_access\_logs\_prefix](#input\_jenkins\_alb\_access\_logs\_prefix) | Log prefix for Jenkins ALB access logs. If null the project prefix and module name are used. | `string` | `null` | no | -| [jenkins\_alb\_subnets](#input\_jenkins\_alb\_subnets) | A list of subnet ids to deploy the Jenkins load balancer into. Public subnets are recommended. | `list(string)` | n/a | yes | | [jenkins\_cloudwatch\_log\_retention\_in\_days](#input\_jenkins\_cloudwatch\_log\_retention\_in\_days) | The log retention in days of the cloudwatch log group for Jenkins. | `string` | `365` | no | | [jenkins\_efs\_performance\_mode](#input\_jenkins\_efs\_performance\_mode) | The performance mode of the EFS file system used by the Jenkins service. Defaults to general purpose. | `string` | `"generalPurpose"` | no | | [jenkins\_efs\_throughput\_mode](#input\_jenkins\_efs\_throughput\_mode) | The throughput mode of the EFS file system used by the Jenkins service. Defaults to bursting. | `string` | `"bursting"` | no | | [jenkins\_service\_desired\_container\_count](#input\_jenkins\_service\_desired\_container\_count) | The desired number of containers running the Jenkins service. | `number` | `1` | no | -| [jenkins\_service\_subnets](#input\_jenkins\_service\_subnets) | A list of subnets to deploy the Jenkins service into. Private subnets are recommended. | `list(string)` | n/a | yes | | [name](#input\_name) | The name attached to Jenkins module resources. | `string` | `"jenkins"` | no | | [project\_prefix](#input\_project\_prefix) | The project prefix for this workload. This is appeneded to the beginning of most resource names. | `string` | `"cgd"` | no | | [tags](#input\_tags) | Tags to apply to resources. | `map(any)` | 
{
  "iac-management": "CGD-Toolkit",
  "iac-module": "Jenkins",
  "iac-provider": "Terraform"
}
| no | -| [vpc\_id](#input\_vpc\_id) | The ID of the existing VPC you would like to deploy the Jenkins service and build farms into. | `string` | n/a | yes | ## Outputs diff --git a/modules/perforce/README.md b/modules/perforce/README.md index 3f69ea3e..44198ae9 100644 --- a/modules/perforce/README.md +++ b/modules/perforce/README.md @@ -176,7 +176,9 @@ packer build perforce_x86.pkr.hcl | [aws_lb_listener.perforce_web_services](https://registry.terraform.io/providers/hashicorp/aws/6.6.0/docs/resources/lb_listener) | resource | | [aws_lb_listener.perforce_web_services_http_listener](https://registry.terraform.io/providers/hashicorp/aws/6.6.0/docs/resources/lb_listener) | resource | | [aws_lb_listener_rule.p4_code_review](https://registry.terraform.io/providers/hashicorp/aws/6.6.0/docs/resources/lb_listener_rule) | resource | +| [aws_lb_listener_rule.p4_code_review_http](https://registry.terraform.io/providers/hashicorp/aws/6.6.0/docs/resources/lb_listener_rule) | resource | | [aws_lb_listener_rule.perforce_p4_auth](https://registry.terraform.io/providers/hashicorp/aws/6.6.0/docs/resources/lb_listener_rule) | resource | +| [aws_lb_listener_rule.perforce_p4_auth_http](https://registry.terraform.io/providers/hashicorp/aws/6.6.0/docs/resources/lb_listener_rule) | resource | | [aws_lb_target_group.perforce](https://registry.terraform.io/providers/hashicorp/aws/6.6.0/docs/resources/lb_target_group) | resource | | [aws_lb_target_group_attachment.perforce](https://registry.terraform.io/providers/hashicorp/aws/6.6.0/docs/resources/lb_target_group_attachment) | resource | | [aws_route53_record.internal_p4_server](https://registry.terraform.io/providers/hashicorp/aws/6.6.0/docs/resources/route53_record) | resource | @@ -205,6 +207,7 @@ packer build perforce_x86.pkr.hcl | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [vpc\_id](#input\_vpc\_id) | The VPC ID where the Perforce resources will be deployed. | `string` | n/a | yes | | [certificate\_arn](#input\_certificate\_arn) | The ARN of the ACM certificate to be used with the HTTPS listener for the NLB. | `string` | `null` | no | | [create\_default\_sgs](#input\_create\_default\_sgs) | Whether to create default security groups for the Perforce resources. | `bool` | `true` | no | | [create\_route53\_private\_hosted\_zone](#input\_create\_route53\_private\_hosted\_zone) | Whether to create a private Route53 Hosted Zone for the Perforce resources. This private hosted zone is used for internal communication between the P4 Server, P4 Auth Service, and P4 Code Review Service. | `bool` | `true` | no | @@ -229,7 +232,6 @@ packer build perforce_x86.pkr.hcl | [shared\_nlb\_access\_logs\_prefix](#input\_shared\_nlb\_access\_logs\_prefix) | Log prefix for shared NLB access logs. | `string` | `"perforce-nlb-"` | no | | [shared\_nlb\_subnets](#input\_shared\_nlb\_subnets) | A list of subnets to attach to the shared network load balancer. | `list(string)` | `null` | no | | [tags](#input\_tags) | Tags to apply to resources. | `map(any)` | 
{
  "IaC": "Terraform",
  "ModuleBy": "CGD-Toolkit",
  "ModuleName": "terraform-aws-perforce",
  "ModuleSource": "https://github.com/aws-games/cloud-game-development-toolkit/tree/main/modules/perforce/terraform-aws-perforce",
  "RootModuleName": "-"
}
| no | -| [vpc\_id](#input\_vpc\_id) | The VPC ID where the Perforce resources will be deployed. | `string` | n/a | yes | ## Outputs diff --git a/modules/perforce/modules/p4-auth/README.md b/modules/perforce/modules/p4-auth/README.md index ff133594..4c2e7842 100644 --- a/modules/perforce/modules/p4-auth/README.md +++ b/modules/perforce/modules/p4-auth/README.md @@ -80,9 +80,9 @@ curl -X POST -H 'Authorization: Bearer ' \ | Name | Version | |------|---------| -| [aws](#provider\_aws) | 5.97.0 | -| [awscc](#provider\_awscc) | 1.34.0 | -| [random](#provider\_random) | 3.7.1 | +| [aws](#provider\_aws) | 6.6.0 | +| [awscc](#provider\_awscc) | 1.50.0 | +| [random](#provider\_random) | 3.7.2 | ## Modules @@ -136,6 +136,8 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [subnets](#input\_subnets) | A list of subnets to deploy the P4Auth ECS Service into. Private subnets are recommended. | `list(string)` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | The ID of the existing VPC you would like to deploy P4Auth into. | `string` | n/a | yes | | [admin\_password\_secret\_arn](#input\_admin\_password\_secret\_arn) | Optionally provide the ARN of an AWS Secret for the P4Auth Administrator password. | `string` | `null` | no | | [admin\_username\_secret\_arn](#input\_admin\_username\_secret\_arn) | Optionally provide the ARN of an AWS Secret for the P4Auth Administrator username. | `string` | `null` | no | | [alb\_access\_logs\_bucket](#input\_alb\_access\_logs\_bucket) | ID of the S3 bucket for P4Auth ALB access log storage. If access logging is enabled and this is null the module creates a bucket. | `string` | `null` | no | @@ -168,9 +170,7 @@ No modules. | [project\_prefix](#input\_project\_prefix) | The project prefix for this workload. This is appended to the beginning of most resource names. | `string` | `"cgd"` | no | | [s3\_enable\_force\_destroy](#input\_s3\_enable\_force\_destroy) | Enables force destroy for the S3 bucket for P4Auth access log storage. Defaults to true. | `bool` | `true` | no | | [scim\_bearer\_token\_arn](#input\_scim\_bearer\_token\_arn) | If you would like to use SCIM to provision users and groups, you need to set this variable to the ARN of an AWS Secrets Manager secret containing the bearer token. | `string` | `null` | no | -| [subnets](#input\_subnets) | A list of subnets to deploy the P4Auth ECS Service into. Private subnets are recommended. | `list(string)` | n/a | yes | | [tags](#input\_tags) | Tags to apply to resources. | `map(any)` | 
{
  "IaC": "Terraform",
  "ModuleBy": "CGD-Toolkit",
  "ModuleName": "p4-auth",
  "ModuleSource": "https://github.com/aws-games/cloud-game-development-toolkit/tree/main/modules/perforce/terraform-aws-perforce",
  "RootModuleName": "terraform-aws-perforce"
}
| no | -| [vpc\_id](#input\_vpc\_id) | The ID of the existing VPC you would like to deploy P4Auth into. | `string` | n/a | yes | ## Outputs diff --git a/modules/perforce/modules/p4-code-review/README.md b/modules/perforce/modules/p4-code-review/README.md index b1fd78e7..9becf4d5 100644 --- a/modules/perforce/modules/p4-code-review/README.md +++ b/modules/perforce/modules/p4-code-review/README.md @@ -54,8 +54,8 @@ module "p4_code_review" { | Name | Version | |------|---------| -| [aws](#provider\_aws) | 5.97.0 | -| [random](#provider\_random) | 3.7.1 | +| [aws](#provider\_aws) | 6.6.0 | +| [random](#provider\_random) | 3.7.2 | ## Modules @@ -109,6 +109,12 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [p4\_code\_review\_user\_password\_secret\_arn](#input\_p4\_code\_review\_user\_password\_secret\_arn) | Optionally provide the ARN of an AWS Secret for the p4d P4 Code Review password. | `string` | n/a | yes | +| [p4\_code\_review\_user\_username\_secret\_arn](#input\_p4\_code\_review\_user\_username\_secret\_arn) | Optionally provide the ARN of an AWS Secret for the p4d P4 Code Review username. | `string` | n/a | yes | +| [subnets](#input\_subnets) | A list of subnets to deploy the P4 Code Review ECS Service into. Private subnets are recommended. | `list(string)` | n/a | yes | +| [super\_user\_password\_secret\_arn](#input\_super\_user\_password\_secret\_arn) | Optionally provide the ARN of an AWS Secret for the p4d super user password. | `string` | n/a | yes | +| [super\_user\_username\_secret\_arn](#input\_super\_user\_username\_secret\_arn) | Optionally provide the ARN of an AWS Secret for the p4d super user username. | `string` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | The ID of the existing VPC you would like to deploy P4 Code Review into. | `string` | n/a | yes | | [alb\_access\_logs\_bucket](#input\_alb\_access\_logs\_bucket) | ID of the S3 bucket for P4 Code Review ALB access log storage. If access logging is enabled and this is null the module creates a bucket. | `string` | `null` | no | | [alb\_access\_logs\_prefix](#input\_alb\_access\_logs\_prefix) | Log prefix for P4 Code Review ALB access logs. If null the project prefix and module name are used. | `string` | `null` | no | | [alb\_subnets](#input\_alb\_subnets) | A list of subnets to deploy the load balancer into. Public subnets are recommended. | `list(string)` | `[]` | no | @@ -135,17 +141,11 @@ No modules. | [fully\_qualified\_domain\_name](#input\_fully\_qualified\_domain\_name) | The fully qualified domain name that P4 Code Review should use for internal URLs. | `string` | `null` | no | | [internal](#input\_internal) | Set this flag to true if you do not want the P4 Code Review service load balancer to have a public IP. | `bool` | `false` | no | | [name](#input\_name) | The name attached to P4 Code Review module resources. | `string` | `"p4-code-review"` | no | -| [p4\_code\_review\_user\_password\_secret\_arn](#input\_p4\_code\_review\_user\_password\_secret\_arn) | Optionally provide the ARN of an AWS Secret for the p4d P4 Code Review password. | `string` | n/a | yes | -| [p4\_code\_review\_user\_username\_secret\_arn](#input\_p4\_code\_review\_user\_username\_secret\_arn) | Optionally provide the ARN of an AWS Secret for the p4d P4 Code Review username. | `string` | n/a | yes | | [p4charset](#input\_p4charset) | The P4CHARSET environment variable to set in the P4 Code Review container. | `string` | `"none"` | no | | [p4d\_port](#input\_p4d\_port) | The P4D\_PORT environment variable where P4 Code Review should look for P4 Code Review. Defaults to 'ssl:perforce:1666' | `string` | `"ssl:perforce:1666"` | no | | [project\_prefix](#input\_project\_prefix) | The project prefix for this workload. This is appended to the beginning of most resource names. | `string` | `"cgd"` | no | | [s3\_enable\_force\_destroy](#input\_s3\_enable\_force\_destroy) | Enables force destroy for the S3 bucket for P4 Code Review access log storage. Defaults to true. | `bool` | `true` | no | -| [subnets](#input\_subnets) | A list of subnets to deploy the P4 Code Review ECS Service into. Private subnets are recommended. | `list(string)` | n/a | yes | -| [super\_user\_password\_secret\_arn](#input\_super\_user\_password\_secret\_arn) | Optionally provide the ARN of an AWS Secret for the p4d super user password. | `string` | n/a | yes | -| [super\_user\_username\_secret\_arn](#input\_super\_user\_username\_secret\_arn) | Optionally provide the ARN of an AWS Secret for the p4d super user username. | `string` | n/a | yes | | [tags](#input\_tags) | Tags to apply to resources. | `map(any)` | 
{
  "IaC": "Terraform",
  "ModuleBy": "CGD-Toolkit",
  "ModuleName": "p4-code-review",
  "ModuleSource": "https://github.com/aws-games/cloud-game-development-toolkit/tree/main/modules/perforce/terraform-aws-perforce",
  "RootModuleName": "terraform-aws-perforce"
}
| no | -| [vpc\_id](#input\_vpc\_id) | The ID of the existing VPC you would like to deploy P4 Code Review into. | `string` | n/a | yes | ## Outputs diff --git a/modules/perforce/modules/p4-server/README.md b/modules/perforce/modules/p4-server/README.md index 34feb430..de607459 100644 --- a/modules/perforce/modules/p4-server/README.md +++ b/modules/perforce/modules/p4-server/README.md @@ -111,6 +111,10 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [instance\_subnet\_id](#input\_instance\_subnet\_id) | The subnet where the P4 Server instance will be deployed. | `string` | n/a | yes | +| [p4\_server\_type](#input\_p4\_server\_type) | The Perforce P4 Server type. | `string` | n/a | yes | +| [storage\_type](#input\_storage\_type) | The type of backing store [EBS, FSxN] | `string` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | The VPC where P4 Server should be deployed | `string` | n/a | yes | | [amazon\_fsxn\_filesystem\_id](#input\_amazon\_fsxn\_filesystem\_id) | The ID of the existing FSx ONTAP file system to use if storage type is FSxN. | `string` | `null` | no | | [amazon\_fsxn\_svm\_id](#input\_amazon\_fsxn\_svm\_id) | The ID of the Storage Virtual Machine (SVM) for the FSx ONTAP filesystem. | `string` | `null` | no | | [auth\_service\_url](#input\_auth\_service\_url) | The URL for the P4Auth Service. | `string` | `null` | no | @@ -129,23 +133,19 @@ No modules. | [fully\_qualified\_domain\_name](#input\_fully\_qualified\_domain\_name) | The fully qualified domain name where P4 Server will be available. This is used to generate self-signed certificates on the P4 Server. | `string` | `null` | no | | [instance\_architecture](#input\_instance\_architecture) | The architecture of the P4 Server instance. Allowed values are 'arm64' or 'x86\_64'. | `string` | `"x86_64"` | no | | [instance\_private\_ip](#input\_instance\_private\_ip) | The private IP address to assign to the P4 Server. | `string` | `null` | no | -| [instance\_subnet\_id](#input\_instance\_subnet\_id) | The subnet where the P4 Server instance will be deployed. | `string` | n/a | yes | | [instance\_type](#input\_instance\_type) | The instance type for Perforce P4 Server. Defaults to c6g.large. | `string` | `"c6i.large"` | no | | [internal](#input\_internal) | Set this flag to true if you do not want the P4 Server instance to have a public IP. | `bool` | `false` | no | | [logs\_volume\_size](#input\_logs\_volume\_size) | The size of the logs volume in GiB. Defaults to 32 GiB. | `number` | `32` | no | | [metadata\_volume\_size](#input\_metadata\_volume\_size) | The size of the metadata volume in GiB. Defaults to 32 GiB. | `number` | `32` | no | | [name](#input\_name) | The name attached to P4 Server module resources. | `string` | `"p4-server"` | no | -| [p4\_server\_type](#input\_p4\_server\_type) | The Perforce P4 Server type. | `string` | n/a | yes | | [plaintext](#input\_plaintext) | Whether to enable plaintext authentication for P4 Server. This is not recommended for production environments unless you are using a load balancer for TLS termination. | `bool` | `false` | no | | [project\_prefix](#input\_project\_prefix) | The project prefix for this workload. This is appended to the beginning of most resource names. | `string` | `"cgd"` | no | | [protocol](#input\_protocol) | Specify the protocol (NFS or ISCSI) | `string` | `null` | no | | [selinux](#input\_selinux) | Whether to apply SELinux label updates for P4 Server. Don't enable this if SELinux is disabled on your target operating system. | `bool` | `false` | no | -| [storage\_type](#input\_storage\_type) | The type of backing store [EBS, FSxN] | `string` | n/a | yes | | [super\_user\_password\_secret\_arn](#input\_super\_user\_password\_secret\_arn) | If you would like to manage your own super user credentials through AWS Secrets Manager provide the ARN for the super user's password here. | `string` | `null` | no | | [super\_user\_username\_secret\_arn](#input\_super\_user\_username\_secret\_arn) | If you would like to manage your own super user credentials through AWS Secrets Manager provide the ARN for the super user's username here. Otherwise, the default of 'perforce' will be used. | `string` | `null` | no | | [tags](#input\_tags) | Tags to apply to resources. | `map(any)` | 
{
  "IaC": "Terraform",
  "ModuleBy": "CGD-Toolkit",
  "ModuleName": "p4-server",
  "ModuleSource": "https://github.com/aws-games/cloud-game-development-toolkit/tree/main/modules/perforce/terraform-aws-perforce",
  "RootModuleName": "terraform-aws-perforce"
}
| no | | [unicode](#input\_unicode) | Whether to enable Unicode configuration for P4 Server the -xi flag for p4d. Set to true to enable Unicode support. | `bool` | `false` | no | -| [vpc\_id](#input\_vpc\_id) | The VPC where P4 Server should be deployed | `string` | n/a | yes | ## Outputs diff --git a/modules/teamcity/README.md b/modules/teamcity/README.md index 783cd097..4385db22 100644 --- a/modules/teamcity/README.md +++ b/modules/teamcity/README.md @@ -99,12 +99,14 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [service\_subnets](#input\_service\_subnets) | The subnets in which the TeamCity server service will be deployed | `list(string)` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which the service will be deployed | `string` | n/a | yes | | [agent\_log\_group\_retention\_in\_days](#input\_agent\_log\_group\_retention\_in\_days) | n/a | `number` | `7` | no | | [alb\_certificate\_arn](#input\_alb\_certificate\_arn) | The ARN of the SSL certificate to use for the ALB | `string` | `null` | no | | [alb\_subnets](#input\_alb\_subnets) | The subnets in which the ALB will be deployed | `list(string)` | `[]` | no | | [aurora\_instance\_count](#input\_aurora\_instance\_count) | Number of instances to provision for the Aurora cluster | `number` | `2` | no | | [aurora\_skip\_final\_snapshot](#input\_aurora\_skip\_final\_snapshot) | Flag for whether a final snapshot should be created when the cluster is destroyed. | `bool` | `true` | no | -| [build\_farm\_config](#input\_build\_farm\_config) | n/a | 
map(object({
    image         = string
    desired_count = number
    cpu           = number
    memory        = number
  }))
| `{}` | no | +| [build\_farm\_config](#input\_build\_farm\_config) | Map of build agent configurations where each key is the agent name and the value defines:
- image: Container image for the build agent
- desired\_count: Number of agent instances to run
- cpu: CPU units to allocate (1024 = 1 vCPU)
- memory: Memory in MiB to allocate
- environment: Optional map of custom environment variables for non-sensitive configuration
- ephemeral\_storage\_gib: Optional ephemeral storage size in GiB (defaults to 20 GiB) | 
map(object({
    image                 = string
    desired_count         = number
    cpu                   = number
    memory                = number
    environment           = optional(map(string), {})
    ephemeral_storage_gib = optional(number, 20)
  }))
| `{}` | no | | [cluster\_name](#input\_cluster\_name) | The name of the ECS cluster to deploy TeamCity to. | `string` | `null` | no | | [container\_cpu](#input\_container\_cpu) | The number of CPU units to allocate to the TeamCity server container | `number` | `1024` | no | | [container\_memory](#input\_container\_memory) | The number of MB of memory to allocate to the TeamCity server container | `number` | `4096` | no | @@ -123,14 +125,12 @@ No modules. | [enable\_teamcity\_alb\_deletion\_protection](#input\_enable\_teamcity\_alb\_deletion\_protection) | Enables deletion protection for the TeamCity ALB. Defaults to true. | `bool` | `false` | no | | [environment](#input\_environment) | The current environment (e.g. dev, prod, etc.) | `string` | `"dev"` | no | | [name](#input\_name) | The name applied to resources in the TeamCity module | `string` | `"teamcity"` | no | -| [service\_subnets](#input\_service\_subnets) | The subnets in which the TeamCity server service will be deployed | `list(string)` | n/a | yes | | [tags](#input\_tags) | Tags to apply to resources. | `map(any)` | 
{
  "iac-management": "CGD-Toolkit",
  "iac-module": "TeamCity",
  "iac-provider": "Terraform"
}
| no | | [teamcity\_alb\_access\_logs\_bucket](#input\_teamcity\_alb\_access\_logs\_bucket) | ID of the S3 bucket for TeamCity ALB access log storage. If access logging is enabled and this is null the module creates a bucket. | `string` | `null` | no | | [teamcity\_alb\_access\_logs\_prefix](#input\_teamcity\_alb\_access\_logs\_prefix) | Log prefix for TeamCity ALB access logs. If null the project prefix and module name are used. | `string` | `null` | no | | [teamcity\_cloudwatch\_log\_retention\_in\_days](#input\_teamcity\_cloudwatch\_log\_retention\_in\_days) | The log retention in days of the cloudwatch log group for TeamCity. | `string` | `365` | no | | [teamcity\_efs\_performance\_mode](#input\_teamcity\_efs\_performance\_mode) | The performance mode of the EFS file system used by the TeamCity service. Defaults to general purpose. | `string` | `"generalPurpose"` | no | | [teamcity\_efs\_throughput\_mode](#input\_teamcity\_efs\_throughput\_mode) | The throughput mode of the EFS file system used by the TeamCity service. Defaults to bursting. | `string` | `"bursting"` | no | -| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which the service will be deployed | `string` | n/a | yes | ## Outputs diff --git a/modules/unity/accelerator/README.md b/modules/unity/accelerator/README.md index 92cd44d0..ff11e855 100644 --- a/modules/unity/accelerator/README.md +++ b/modules/unity/accelerator/README.md @@ -25,9 +25,9 @@ For example configurations, please see the [examples](https://github.com/aws-gam | Name | Version | |------|---------| -| [aws](#provider\_aws) | 5.89.0 | +| [aws](#provider\_aws) | 6.6.0 | | [awscc](#provider\_awscc) | 1.50.0 | -| [random](#provider\_random) | 3.5.1 | +| [random](#provider\_random) | 3.7.2 | ## Modules @@ -97,6 +97,8 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [service\_subnets](#input\_service\_subnets) | The subnets in which the Unity Accelerator service will be deployed. | `list(string)` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which the service will be deployed. | `string` | n/a | yes | | [alb\_certificate\_arn](#input\_alb\_certificate\_arn) | The ARN of the SSL certificate to use for the Application Load Balancer. | `string` | `null` | no | | [alb\_is\_internal](#input\_alb\_is\_internal) | Set this flag to determine whether the Application Load Balancer to create is internal (true) or external (false). Value is ignored if no ALB is created. | `bool` | `false` | no | | [cloudwatch\_log\_retention\_in\_days](#input\_cloudwatch\_log\_retention\_in\_days) | The log retention in days of the cloudwatch log group for Unity Accelerator. | `string` | `365` | no | @@ -118,7 +120,6 @@ No modules. | [lb\_subnets](#input\_lb\_subnets) | The subnets in which the Application Load Balancer and Network Load Balancer will be deployed. | `list(string)` | `[]` | no | | [name](#input\_name) | The name applied to resources in the Unity Accelerator module. | `string` | `"unity-accelerator"` | no | | [nlb\_is\_internal](#input\_nlb\_is\_internal) | Set this flag to determine whether the Network Load Balancer to create is internal (true) or external (false). Value is ignored if no NLB is created. | `bool` | `false` | no | -| [service\_subnets](#input\_service\_subnets) | The subnets in which the Unity Accelerator service will be deployed. | `list(string)` | n/a | yes | | [tags](#input\_tags) | Tags to apply to resources. | `map(any)` | 
{
  "iac-management": "CGD-Toolkit",
  "iac-module": "UnityAccelerator",
  "iac-provider": "Terraform"
}
| no | | [unity\_accelerator\_alb\_access\_logs\_prefix](#input\_unity\_accelerator\_alb\_access\_logs\_prefix) | Log prefix for Unity Accelerator Application Load Balancer access logs. If null the project prefix and module name are used. | `string` | `null` | no | | [unity\_accelerator\_dashboard\_password\_arn](#input\_unity\_accelerator\_dashboard\_password\_arn) | ARN of the AWS Secrets Manager secret containing the Unity Accelerator web dashboard password. Password must be the only value and stored as text, not as key/value JSON. If not passed, one will be created randomly. | `string` | `null` | no | @@ -128,7 +129,6 @@ No modules. | [unity\_accelerator\_lb\_access\_logs\_bucket](#input\_unity\_accelerator\_lb\_access\_logs\_bucket) | ID of the S3 bucket for Unity Accelerator Application Load Balancer and Network Load Balancer access log storage. If access logging is enabled and this is null the module creates a bucket. | `string` | `null` | no | | [unity\_accelerator\_log\_stdout](#input\_unity\_accelerator\_log\_stdout) | When true, outputs logs to stdout only. When false, writes logs to the persist directory. | `string` | `"true"` | no | | [unity\_accelerator\_nlb\_access\_logs\_prefix](#input\_unity\_accelerator\_nlb\_access\_logs\_prefix) | Log prefix for Unity Accelerator Network Load Balancer access logs. If null the project prefix and module name are used. | `string` | `null` | no | -| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which the service will be deployed. | `string` | n/a | yes | ## Outputs diff --git a/modules/unity/floating-license-server/README.md b/modules/unity/floating-license-server/README.md index fc75241d..8124fdaf 100644 --- a/modules/unity/floating-license-server/README.md +++ b/modules/unity/floating-license-server/README.md @@ -57,11 +57,11 @@ For example configurations, please see the [examples](https://github.com/aws-gam | Name | Version | |------|---------| -| [aws](#provider\_aws) | 6.0.0 | -| [awscc](#provider\_awscc) | 1.51.0 | -| [local](#provider\_local) | 2.4.1 | -| [null](#provider\_null) | 3.2.4 | -| [random](#provider\_random) | 3.7.2 | +| [aws](#provider\_aws) | ~> 6.0 | +| [awscc](#provider\_awscc) | ~> 1.51 | +| [local](#provider\_local) | ~> 2.4 | +| [null](#provider\_null) | ~> 3.2 | +| [random](#provider\_random) | ~> 3.7 | ## Modules @@ -112,6 +112,9 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [unity\_license\_server\_file\_path](#input\_unity\_license\_server\_file\_path) | Local path to the Linux version of the Unity Floating License Server zip file. | `string` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which the Unity Floating License Server will be deployed. | `string` | n/a | yes | +| [vpc\_subnet](#input\_vpc\_subnet) | The subnet where the EC2 instance running the Unity Floating License Server will be deployed. | `string` | n/a | yes | | [add\_eni\_public\_ip](#input\_add\_eni\_public\_ip) | If true and "existing\_eni\_id" is not provided, an Elastic IP (EIP) will be created and associated with the newly created Elastic Network Interface (ENI) to be used with the Unity Floating License Server. If "existing\_eni\_id" is provided, this variable is ignored and no new EIP will be added to the provided ENI. | `bool` | `true` | no | | [alb\_access\_logs\_bucket](#input\_alb\_access\_logs\_bucket) | ID of the S3 bucket for Application Load Balancer access log storage. If access logging is enabled and this is null the module creates a bucket. | `string` | `null` | no | | [alb\_access\_logs\_prefix](#input\_alb\_access\_logs\_prefix) | Log prefix for Unity License Server Application Load Balancer access logs. If null the project prefix and module name are used. | `string` | `null` | no | @@ -128,14 +131,11 @@ No modules. | [tags](#input\_tags) | Tags to apply to resources created by this module. | `map(any)` | 
{
  "environment": "Dev",
  "iac-management": "CGD-Toolkit",
  "iac-module": "UnityFloatingLicenseServer",
  "iac-provider": "Terraform"
}
| no | | [unity\_license\_server\_admin\_password\_arn](#input\_unity\_license\_server\_admin\_password\_arn) | ARN of the AWS Secrets Manager secret containing the Unity Floating License Server admin dashboard password. Password must be the only value and stored as text, not as key/value JSON. If not passed, one will be created randomly. Password must be between 8-12 characters. | `string` | `null` | no | | [unity\_license\_server\_bucket\_name](#input\_unity\_license\_server\_bucket\_name) | Name of the Unity Floating License Server-specific S3 bucket to create. | `string` | `"unity-license-server-"` | no | -| [unity\_license\_server\_file\_path](#input\_unity\_license\_server\_file\_path) | Local path to the Linux version of the Unity Floating License Server zip file. | `string` | n/a | yes | | [unity\_license\_server\_instance\_ami\_id](#input\_unity\_license\_server\_instance\_ami\_id) | The Ubuntu-based AMI ID to use in the EC2 instance running the Unity Floating License Server. Defaults to the latest Ubuntu Server 24.04 LTS AMI. | `string` | `null` | no | | [unity\_license\_server\_instance\_ebs\_size](#input\_unity\_license\_server\_instance\_ebs\_size) | The size of the EBS volume in GB. | `string` | `"20"` | no | | [unity\_license\_server\_instance\_type](#input\_unity\_license\_server\_instance\_type) | The instance type to use for the Unity Floating License Server. Defaults to t3.small. | `string` | `"t3.small"` | no | | [unity\_license\_server\_name](#input\_unity\_license\_server\_name) | Name of the Unity Floating License Server. | `string` | `"UnityLicenseServer"` | no | | [unity\_license\_server\_port](#input\_unity\_license\_server\_port) | Port the Unity Floating License Server will listen on (between 1025 and 65535). Defaults to 8080. | `string` | `"8080"` | no | -| [vpc\_id](#input\_vpc\_id) | The ID of the VPC in which the Unity Floating License Server will be deployed. | `string` | n/a | yes | -| [vpc\_subnet](#input\_vpc\_subnet) | The subnet where the EC2 instance running the Unity Floating License Server will be deployed. | `string` | n/a | yes | ## Outputs diff --git a/modules/unreal/horde/README.md b/modules/unreal/horde/README.md index b98b5472..e5f3f970 100644 --- a/modules/unreal/horde/README.md +++ b/modules/unreal/horde/README.md @@ -132,12 +132,15 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [certificate\_arn](#input\_certificate\_arn) | The TLS certificate ARN for the Unreal Horde load balancer. | `string` | n/a | yes | +| [fully\_qualified\_domain\_name](#input\_fully\_qualified\_domain\_name) | The fully qualified domain name where your Unreal Engine Horde server will be available. This agents will use this to enroll. | `string` | n/a | yes | +| [unreal\_horde\_service\_subnets](#input\_unreal\_horde\_service\_subnets) | A list of subnets to deploy the Unreal Horde service into. Private subnets are recommended. | `list(string)` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | The ID of the existing VPC you would like to deploy Unreal Horde into. | `string` | n/a | yes | | [admin\_claim\_type](#input\_admin\_claim\_type) | The claim type for administrators. | `string` | `null` | no | | [admin\_claim\_value](#input\_admin\_claim\_value) | The claim value for administrators. | `string` | `null` | no | | [agent\_dotnet\_runtime\_version](#input\_agent\_dotnet\_runtime\_version) | The dotnet-runtime-{} package to install (see your engine version's release notes for supported version) | `string` | `"6.0"` | no | | [agents](#input\_agents) | Configures autoscaling groups to be used as build agents by Unreal Engine Horde. | 
map(object({
    ami           = string
    instance_type = string
    block_device_mappings = list(
      object({
        device_name = string
        ebs = object({
          volume_size = number
        })
      })
    )
    min_size = optional(number, 0)
    max_size = optional(number, 1)
  }))
| `{}` | no | | [auth\_method](#input\_auth\_method) | The authentication method for the Horde server. | `string` | `null` | no | -| [certificate\_arn](#input\_certificate\_arn) | The TLS certificate ARN for the Unreal Horde load balancer. | `string` | n/a | yes | | [cluster\_name](#input\_cluster\_name) | The name of the cluster to deploy the Unreal Horde into. Defaults to null and a cluster will be created. | `string` | `null` | no | | [container\_api\_port](#input\_container\_api\_port) | The container port for the Unreal Horde web server. | `number` | `5000` | no | | [container\_cpu](#input\_container\_cpu) | The CPU allotment for the Unreal Horde container. | `number` | `1024` | no | @@ -176,7 +179,6 @@ No modules. | [enable\_unreal\_horde\_alb\_deletion\_protection](#input\_enable\_unreal\_horde\_alb\_deletion\_protection) | Enables deletion protection for the Unreal Horde ALB. Defaults to true. | `bool` | `false` | no | | [environment](#input\_environment) | The current environment (e.g. Development, Staging, Production, etc.). This will tag ressources and set ASPNETCORE\_ENVIRONMENT variable. | `string` | `"Development"` | no | | [existing\_security\_groups](#input\_existing\_security\_groups) | A list of existing security group IDs to attach to the Unreal Horde load balancer. | `list(string)` | `[]` | no | -| [fully\_qualified\_domain\_name](#input\_fully\_qualified\_domain\_name) | The fully qualified domain name where your Unreal Engine Horde server will be available. This agents will use this to enroll. | `string` | n/a | yes | | [github\_credentials\_secret\_arn](#input\_github\_credentials\_secret\_arn) | A secret containing the Github username and password with permissions to the EpicGames organization. | `string` | `null` | no | | [image](#input\_image) | The Horde Server image to use in the ECS service. | `string` | `"ghcr.io/epicgames/horde-server:latest-bundled"` | no | | [name](#input\_name) | The name attached to Unreal Engine Horde module resources. | `string` | `"unreal-horde"` | no | @@ -195,8 +197,6 @@ No modules. | [unreal\_horde\_cloudwatch\_log\_retention\_in\_days](#input\_unreal\_horde\_cloudwatch\_log\_retention\_in\_days) | The log retention in days of the cloudwatch log group for Unreal Horde. | `string` | `365` | no | | [unreal\_horde\_external\_alb\_subnets](#input\_unreal\_horde\_external\_alb\_subnets) | A list of subnets to deploy the Unreal Horde load balancer into. Public subnets are recommended. | `list(string)` | `[]` | no | | [unreal\_horde\_internal\_alb\_subnets](#input\_unreal\_horde\_internal\_alb\_subnets) | A list of subnets to deploy the Unreal Horde internal load balancer into. Private subnets are recommended. | `list(string)` | `[]` | no | -| [unreal\_horde\_service\_subnets](#input\_unreal\_horde\_service\_subnets) | A list of subnets to deploy the Unreal Horde service into. Private subnets are recommended. | `list(string)` | n/a | yes | -| [vpc\_id](#input\_vpc\_id) | The ID of the existing VPC you would like to deploy Unreal Horde into. | `string` | n/a | yes | ## Outputs diff --git a/modules/unreal/unreal-cloud-ddc/unreal-cloud-ddc-infra/README.md b/modules/unreal/unreal-cloud-ddc/unreal-cloud-ddc-infra/README.md index dcdc4f18..9a8b541c 100644 --- a/modules/unreal/unreal-cloud-ddc/unreal-cloud-ddc-infra/README.md +++ b/modules/unreal/unreal-cloud-ddc/unreal-cloud-ddc-infra/README.md @@ -90,9 +90,9 @@ The `scylla_subnets` variable determines the deployment topology of your ScyllaD | Name | Version | |------|---------| -| [aws](#provider\_aws) | 6.13.0 | +| [aws](#provider\_aws) | >=5.89.0 | | [random](#provider\_random) | 3.7.2 | -| [tls](#provider\_tls) | 4.1.0 | +| [tls](#provider\_tls) | >= 4.0.6 | ## Modules @@ -172,6 +172,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [vpc\_id](#input\_vpc\_id) | String for VPC ID | `string` | n/a | yes | | [alb\_certificate\_arn](#input\_alb\_certificate\_arn) | The ARN of the certificate to use on the ALB | `string` | `null` | no | | [create\_application\_load\_balancer](#input\_create\_application\_load\_balancer) | Whether to create an application load balancer for the Scylla monitoring dashboard. | `bool` | `true` | no | | [create\_scylla\_monitoring\_stack](#input\_create\_scylla\_monitoring\_stack) | Whether to create the Scylla monitoring stack | `bool` | `true` | no | @@ -213,7 +214,6 @@ No modules. | [system\_managed\_node\_min\_size](#input\_system\_managed\_node\_min\_size) | Min number of system managed node group instances. | `number` | `1` | no | | [system\_node\_group\_label](#input\_system\_node\_group\_label) | Label applied to system node group | `map(string)` | 
{
  "pool": "system-pool"
}
| no | | [tags](#input\_tags) | Tags to apply to resources. | `map(any)` | 
{
  "IaC": "Terraform",
  "ModuleBy": "CGD-Toolkit",
  "ModuleName": "Unreal DDC"
}
| no | -| [vpc\_id](#input\_vpc\_id) | String for VPC ID | `string` | n/a | yes | | [worker\_managed\_node\_desired\_size](#input\_worker\_managed\_node\_desired\_size) | Desired number of worker managed node group instances. | `number` | `1` | no | | [worker\_managed\_node\_instance\_type](#input\_worker\_managed\_node\_instance\_type) | Worker managed node group instance type. | `string` | `"c5.large"` | no | | [worker\_managed\_node\_max\_size](#input\_worker\_managed\_node\_max\_size) | Max number of worker managed node group instances. | `number` | `1` | no | diff --git a/modules/unreal/unreal-cloud-ddc/unreal-cloud-ddc-intra-cluster/README.md b/modules/unreal/unreal-cloud-ddc/unreal-cloud-ddc-intra-cluster/README.md index 4450a6d2..e669ce07 100644 --- a/modules/unreal/unreal-cloud-ddc/unreal-cloud-ddc-intra-cluster/README.md +++ b/modules/unreal/unreal-cloud-ddc/unreal-cloud-ddc-intra-cluster/README.md @@ -126,15 +126,15 @@ The `unreal_cloud_ddc_helm_values` variable provides an open-ended way to config | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [certificate\_manager\_hosted\_zone\_arn](#input\_certificate\_manager\_hosted\_zone\_arn) | ARN of the Certificate Manager for Ingress. | `list(string)` | `[]` | no | | [cluster\_name](#input\_cluster\_name) | Name of the EKS Cluster | `string` | n/a | yes | | [cluster\_oidc\_provider\_arn](#input\_cluster\_oidc\_provider\_arn) | ARN of the OIDC Provider from EKS Cluster | `string` | n/a | yes | -| [enable\_certificate\_manager](#input\_enable\_certificate\_manager) | Enable Certificate Manager for Ingress. Required for TLS termination. | `bool` | `false` | no | | [ghcr\_credentials\_secret\_manager\_arn](#input\_ghcr\_credentials\_secret\_manager\_arn) | Arn for credentials stored in secret manager. Needs to be prefixed with 'ecr-pullthroughcache/' to be compatible with ECR pull through cache. | `string` | n/a | yes | +| [s3\_bucket\_id](#input\_s3\_bucket\_id) | ID of the S3 Bucket for Unreal Cloud DDC to use | `string` | n/a | yes | +| [certificate\_manager\_hosted\_zone\_arn](#input\_certificate\_manager\_hosted\_zone\_arn) | ARN of the Certificate Manager for Ingress. | `list(string)` | `[]` | no | +| [enable\_certificate\_manager](#input\_enable\_certificate\_manager) | Enable Certificate Manager for Ingress. Required for TLS termination. | `bool` | `false` | no | | [name](#input\_name) | Unreal Cloud DDC Workload Name | `string` | `"unreal-cloud-ddc"` | no | | [oidc\_credentials\_secret\_manager\_arn](#input\_oidc\_credentials\_secret\_manager\_arn) | Arn for oidc credentials stored in secret manager. | `string` | `null` | no | | [project\_prefix](#input\_project\_prefix) | The project prefix for this workload. This is appended to the beginning of most resource names. | `string` | `"cgd"` | no | -| [s3\_bucket\_id](#input\_s3\_bucket\_id) | ID of the S3 Bucket for Unreal Cloud DDC to use | `string` | n/a | yes | | [tags](#input\_tags) | Tags to apply to resources. | `map(any)` | 
{
  "IaC": "Terraform",
  "ModuleBy": "CGD-Toolkit",
  "ModuleName": "Unreal DDC"
}
| no | | [unreal\_cloud\_ddc\_helm\_values](#input\_unreal\_cloud\_ddc\_helm\_values) | List of YAML files for Unreal Cloud DDC | `list(string)` | `[]` | no | | [unreal\_cloud\_ddc\_namespace](#input\_unreal\_cloud\_ddc\_namespace) | Namespace for Unreal Cloud DDC | `string` | `"unreal-cloud-ddc"` | no | diff --git a/modules/vdi/README.md b/modules/vdi/README.md index b34cc80d..03470c91 100644 --- a/modules/vdi/README.md +++ b/modules/vdi/README.md @@ -517,11 +517,11 @@ This project is licensed under the MIT-0 License. See the [LICENSE](../../../LIC | Name | Version | |------|---------| -| [aws](#provider\_aws) | 6.5.0 | -| [awscc](#provider\_awscc) | 1.60.0 | -| [random](#provider\_random) | 3.7.2 | -| [time](#provider\_time) | 0.13.1 | -| [tls](#provider\_tls) | 4.1.0 | +| [aws](#provider\_aws) | >= 6.0.0 | +| [awscc](#provider\_awscc) | >= 1.0.0 | +| [random](#provider\_random) | >= 3.0.0 | +| [time](#provider\_time) | >= 0.9.0 | +| [tls](#provider\_tls) | >= 4.0.0 | ## Modules @@ -604,6 +604,8 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [region](#input\_region) | AWS region for deployment | `string` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | VPC ID where VDI instances will be deployed | `string` | n/a | yes | | [capacity\_reservation\_preference](#input\_capacity\_reservation\_preference) | Capacity reservation preference for EC2 instances | `string` | `null` | no | | [client\_vpn\_config](#input\_client\_vpn\_config) | Client VPN configuration for private connectivity | 
object({
    client_cidr_block       = optional(string, "192.168.0.0/16")
    generate_client_configs = optional(bool, true)
    split_tunnel            = optional(bool, true)
  })
| `{}` | no | | [create\_client\_vpn](#input\_create\_client\_vpn) | Create AWS Client VPN endpoint infrastructure (VPN endpoint, certificates, S3 bucket for configs) | `bool` | `false` | no | @@ -614,10 +616,8 @@ No modules. | [log\_retention\_days](#input\_log\_retention\_days) | CloudWatch log retention period in days | `number` | `30` | no | | [presets](#input\_presets) | Configuration blueprints defining instance types and named volumes with Windows drive mapping.

**KEY BECOMES PRESET NAME**: The map key (e.g., "ue-developer") becomes the preset name referenced by workstations.

Presets provide reusable configurations that can be referenced by multiple workstations via preset\_key.

Example:
presets = {
"ue-developer" = { # ← This key becomes the preset name
instance\_type = "g4dn.2xlarge"
gpu\_enabled = true
volumes = {
Root = { capacity = 256, type = "gp3" } # Root volume automatically gets C:
Projects = { capacity = 1024, type = "gp3", windows\_drive = "Z:" } # Specify drive letter
Cache = { capacity = 500, type = "gp3" } # Auto-assigned high-alphabet letter (Y:, X:, etc.)
}
}
"basic-workstation" = { # ← Another preset name
instance\_type = "g4dn.xlarge"
gpu\_enabled = true
volumes = {
Root = { capacity = 200, type = "gp3" } # Root volume automatically gets C:
UserData = { capacity = 500, type = "gp3" } # Auto-assigned high-alphabet letter
}
}
}

# Referenced by workstations:
workstations = {
"alice-ws" = {
preset\_key = "ue-developer" # ← References preset by key
}
}

Valid volume types: "gp2", "gp3", "io1", "io2"
Drive letters are auto-assigned by Windows (typically C: for root, D:, E:, F:, etc. for additional volumes).

additional\_policy\_arns: List of additional IAM policy ARNs to attach to the VDI instance role.
Example: ["arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess", "arn:aws:iam::123456789012:policy/MyCustomPolicy"] | 
map(object({
    # Core compute configuration
    instance_type = string
    ami           = optional(string, null)

    # Hardware configuration
    gpu_enabled = optional(bool, true)

    # Named volumes with auto-assigned drive letters
    volumes = map(object({
      capacity   = number
      type       = string
      iops       = optional(number, 3000)
      throughput = optional(number, 125)
      encrypted  = optional(bool, true)
    }))

    # Optional configuration
    iam_instance_profile   = optional(string, null)
    additional_policy_arns = optional(list(string), []) # Additional IAM policy ARNs to attach to the VDI instance role
    software_packages      = optional(list(string), null)
    tags                   = optional(map(string), {})
  }))
| `{}` | no | | [project\_prefix](#input\_project\_prefix) | Prefix for resource names | `string` | `"cgd"` | no | -| [region](#input\_region) | AWS region for deployment | `string` | n/a | yes | | [tags](#input\_tags) | Tags to apply to resources. | `map(any)` | 
{
  "IaC": "Terraform",
  "ModuleBy": "CGD-Toolkit",
  "ModuleName": "terraform-aws-vdi",
  "ModuleSource": "https://github.com/aws-games/cloud-game-development-toolkit/tree/main/modules/vdi",
  "RootModuleName": "-"
}
| no | | [users](#input\_users) | Local Windows user accounts with Windows group types and network connectivity (managed via Secrets Manager)

**KEY BECOMES WINDOWS USERNAME**: The map key (e.g., "john-doe") becomes the actual Windows username created on VDI instances.

type options (Windows groups):
- "fleet\_administrator": User added to Windows Administrators group, created on ALL workstations (fleet management)
- "administrator": User added to Windows Administrators group, created only on assigned workstation
- "user": User added to Windows Users group, created only on assigned workstation

use\_client\_vpn options (VPN access):
- false: User accesses VDI via public internet or external VPN (default)
- true: User accesses VDI via module's Client VPN (generates VPN config)

Example:
users = {
"vdiadmin" = { # ← This key becomes Windows username "vdiadmin"
given\_name = "VDI"
family\_name = "Administrator"
email = "admin@example.com"
type = "fleet\_administrator" # Windows Administrators group on ALL workstations
use\_client\_vpn = false # Accesses via public internet/external VPN
}
"alice" = { # ← Public connectivity user
given\_name = "Alice"
family\_name = "Smith"
email = "alice@example.com"
type = "user" # Windows Users group
use\_client\_vpn = false # Accesses via public internet (allowed\_cidr\_blocks)
}
"bob" = { # ← Private connectivity user
given\_name = "Bob"
family\_name = "Johnson"
email = "bob@example.com"
type = "user" # Windows Users group
use\_client\_vpn = true # Accesses via module's Client VPN
}
}

# User assignment is now direct:
# assigned\_user = "naruto-uzumaki" # References users{} key directly in workstation | 
map(object({
    given_name     = string
    family_name    = string
    email          = string
    type           = optional(string, "user") # "administrator" or "user" (Windows group)
    use_client_vpn = optional(bool, false)    # Whether this user connects via module's Client VPN
    tags           = optional(map(string), {})
  }))
| `{}` | no | -| [vpc\_id](#input\_vpc\_id) | VPC ID where VDI instances will be deployed | `string` | n/a | yes | | [workstations](#input\_workstations) | Physical infrastructure instances with template references and placement configuration.

**KEY BECOMES WORKSTATION NAME**: The map key (e.g., "alice-workstation") becomes the workstation identifier used throughout the module.

Workstations inherit configuration from templates via preset\_key reference.

Example:
workstations = {
# Public connectivity - user accesses via internet
"alice-workstation" = {
preset\_key = "ue-developer"
subnet\_id = "subnet-public-123" # Public subnet
security\_groups = ["sg-vdi-public"]
assigned\_user = "alice"
allowed\_cidr\_blocks = ["203.0.113.1/32"] # Alice's home IP
}
# Private connectivity - user accesses via VPN
"bob-workstation" = {
preset\_key = "basic-workstation"
subnet\_id = "subnet-private-456" # Private subnet
security\_groups = ["sg-vdi-private"]
assigned\_user = "bob"
# No allowed\_cidr\_blocks - accessed via Client VPN
}
# Additional volumes at workstation level
"dev-workstation" = {
preset\_key = "basic-workstation"
subnet\_id = "subnet-private-789"
security\_groups = ["sg-vdi-private"]
volumes = {
ExtraStorage = { capacity = 2000, type = "gp3", windows\_drive = "Y:" }
}
}
}

# User assignment is now direct:
# assigned\_user = "alice" # References users{} key directly in workstation

Drive letters are auto-assigned by Windows. Users can reassign them via Disk Management if needed.

additional\_policy\_arns: List of additional IAM policy ARNs to attach to the VDI instance role.
Example: ["arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess", "arn:aws:iam::123456789012:policy/MyCustomPolicy"] | 
map(object({
    # Preset reference (optional - can use direct config instead)
    preset_key = optional(string, null)

    # Infrastructure placement
    subnet_id       = string
    security_groups = list(string)
    assigned_user   = optional(string, null) # User assigned to this workstation (for administrator/user types only)

    # Direct configuration (used when preset_key is null or as overrides)
    ami           = optional(string, null)
    instance_type = optional(string, null)
    gpu_enabled   = optional(bool, null)
    volumes = optional(map(object({
      capacity   = number
      type       = string
      iops       = optional(number, 3000)
      throughput = optional(number, 125)
      encrypted  = optional(bool, true)
    })), null)
    iam_instance_profile   = optional(string, null)
    additional_policy_arns = optional(list(string), []) # Additional IAM policy ARNs to attach to the VDI instance role
    software_packages      = optional(list(string), null)

    # Optional overrides
    allowed_cidr_blocks             = optional(list(string), null)
    capacity_reservation_preference = optional(string, null)
    tags                            = optional(map(string), null)
  }))
| `{}` | no | ## Outputs diff --git a/modules/vdi/examples/private-connectivity/README.md b/modules/vdi/examples/private-connectivity/README.md index 71e32032..6d8b7bd3 100644 --- a/modules/vdi/examples/private-connectivity/README.md +++ b/modules/vdi/examples/private-connectivity/README.md @@ -86,7 +86,7 @@ Check installation progress via CloudWatch logs or SSM status commands in output | Name | Version | |------|---------| -| [aws](#provider\_aws) | 6.17.0 | +| [aws](#provider\_aws) | >= 6.0.0 | ## Modules diff --git a/modules/vdi/examples/public-connectivity/README.md b/modules/vdi/examples/public-connectivity/README.md index a41a3a22..07c33585 100644 --- a/modules/vdi/examples/public-connectivity/README.md +++ b/modules/vdi/examples/public-connectivity/README.md @@ -196,8 +196,8 @@ If custom AMIs aren't built, Terraform will fail with data source error: | Name | Version | |------|---------| -| [aws](#provider\_aws) | 6.19.0 | -| [http](#provider\_http) | 3.5.0 | +| [aws](#provider\_aws) | >= 6.0.0 | +| [http](#provider\_http) | >= 3.0.0 | ## Modules diff --git a/samples/unreal-cloud-ddc-single-region/README.md b/samples/unreal-cloud-ddc-single-region/README.md index 43340d17..e9470b87 100644 --- a/samples/unreal-cloud-ddc-single-region/README.md +++ b/samples/unreal-cloud-ddc-single-region/README.md @@ -138,9 +138,9 @@ This sample also deploys a ScyllaDB monitoring stack, enabling real-time insight | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [allow\_my\_ip](#input\_allow\_my\_ip) | Automatically add your IP to the security groups allowing access to the Unreal DDC and SycllaDB Monitoring load balancers | `bool` | `true` | no | | [github\_credential\_arn](#input\_github\_credential\_arn) | Github Credential ARN | `string` | n/a | yes | | [route53\_public\_hosted\_zone\_name](#input\_route53\_public\_hosted\_zone\_name) | The root domain name for the Hosted Zone where the ScyllaDB monitoring record should be created. | `string` | n/a | yes | +| [allow\_my\_ip](#input\_allow\_my\_ip) | Automatically add your IP to the security groups allowing access to the Unreal DDC and SycllaDB Monitoring load balancers | `bool` | `true` | no | ## Outputs diff --git a/test-vdi-components.ps1 b/test-vdi-components.ps1 index 6ed26488..cd532cc0 100644 --- a/test-vdi-components.ps1 +++ b/test-vdi-components.ps1 @@ -17,7 +17,7 @@ try { Write-Host "Downloading SSM Agent..." Invoke-WebRequest -Uri $ssmAgentUrl -OutFile $ssmAgentPath -TimeoutSec 300 - + Write-Host "Installing SSM Agent..." Start-Process -FilePath $ssmAgentPath -ArgumentList "/S" -Wait @@ -39,24 +39,24 @@ try { Write-Host "Downloading AWS CLI..." Invoke-WebRequest -Uri $awsCliUrl -OutFile $awsCliPath -TimeoutSec 300 - + Write-Host "Installing AWS CLI..." Start-Process -FilePath "msiexec.exe" -ArgumentList "/i", $awsCliPath, "/quiet", "/norestart" -Wait Write-Host "Verifying AWS CLI installation..." Start-Sleep -Seconds 10 # Wait for installation to complete - + # Check if AWS CLI executable exists $awsExePath = "${env:ProgramFiles}\Amazon\AWSCLIV2\aws.exe" if (Test-Path $awsExePath) { Write-Host "AWS CLI executable found at: $awsExePath" -ForegroundColor Green - + # Test AWS CLI functionality $awsVersion = & $awsExePath --version 2>&1 Write-Host "AWS CLI version: $awsVersion" -ForegroundColor Green } else { Write-Host "AWS CLI executable NOT found at expected location" -ForegroundColor Red - + # Check alternate locations $altPaths = @( "${env:ProgramFiles(x86)}\Amazon\AWSCLIV2\aws.exe", @@ -79,7 +79,7 @@ Write-Host "`n3. Testing PATH availability..." -ForegroundColor Yellow try { # Refresh PATH environment $env:Path = [System.Environment]::GetEnvironmentVariable("Path", "Machine") - + # Test if 'aws' command works from PATH $awsFromPath = aws --version 2>&1 Write-Host "AWS CLI from PATH: $awsFromPath" -ForegroundColor Green @@ -88,4 +88,4 @@ try { } Write-Host "`n=== Test Complete ===" -ForegroundColor Cyan -Write-Host "Run this script on a fresh Windows Server 2025 instance to see what fails" \ No newline at end of file +Write-Host "Run this script on a fresh Windows Server 2025 instance to see what fails"