This folder contains a Terraform module to deploy a CloudQuery cluster in AWS on top of EKS.
Examples are included in the example folder, but simple usage is as follows:
module "cloudquery" {
source = "cloudquery/cloudquery/aws"
version = "~> 0.5"
name = "cloudquery"
cidr = "10.20.0.0/16"
azs = ["us-east-1a", "us-east-1b", "us-east-1c"]
public_subnets = ["10.20.1.0/24", "10.20.2.0/24", "10.20.3.0/24"]
private_subnets = ["10.20.101.0/24", "10.20.102.0/24", "10.20.103.0/24"]
database_subnets = ["10.10.21.0/24", "10.10.22.0/24"]
# path to your cloudquery config
config_file = "config.hcl"
}
This way allows integration with your existing AWS resources - VPC, public and private subnets. Specify the following arguments (see methods described above):
If vpc_id is specified it will take precedence over cidr and existing VPC will be used.
Make sure that both private and public subnets were created in the same set of availability zones.
Name | Version |
---|---|
terraform | >= 0.15 |
aws | ~> 4.15 |
helm | ~> 2.5 |
random | ~> 3.2 |
Name | Version |
---|---|
aws | ~> 4.15 |
helm | ~> 2.5 |
random | ~> 3.2 |
Name | Source | Version |
---|---|---|
cluster_irsa | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 4.20 |
cluster_irsa_cloudwatch | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 4.20 |
eks | terraform-aws-modules/eks/aws | ~> 18.17.0 |
iam_policy | terraform-aws-modules/iam/aws//modules/iam-policy | ~> 4 |
rds | terraform-aws-modules/rds-aurora/aws | ~> 7.1.0 |
security_group | terraform-aws-modules/security-group/aws | ~> 4.2 |
vpc | terraform-aws-modules/vpc/aws | ~> 3.0 |
Name | Type |
---|---|
aws_db_parameter_group.cloudquery | resource |
aws_iam_role_policy_attachment.irsa | resource |
aws_rds_cluster_parameter_group.cloudquery | resource |
aws_secretsmanager_secret.cloudquery_secret | resource |
aws_secretsmanager_secret_version.cloudquery_secret_version | resource |
helm_release.cloudquery | resource |
random_password.rds | resource |
aws_availability_zones.available | data source |
aws_eks_cluster_auth.cluster | data source |
aws_secretsmanager_secret_version.cloudquery_secret_version | data source |
aws_vpc.cq_vpc | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
allowed_cidr_blocks | If RDS is publicly accessible it is highly advised to specify allowed cidrs from where you are planning to connect | list(string) |
[] |
no |
chart_values | Variables to pass to the helm chart | string |
"" |
no |
chart_version | The version of CloudQuery helm chart | string |
"0.2.6" |
no |
cluster_version | Kubernetes <major>.<minor> version to use for the EKS cluster (i.e.: 1.21 ) |
string |
"1.22" |
no |
config_file | Path to the CloudQuery config.hcl | string |
"" |
no |
database_subnet_group | If vpc_id is specified, path the subnet_group name where the RDS should reside | string |
"" |
no |
install_helm_chart | Enable/Disable helm chart installation | bool |
true |
no |
name | Name to use on all resources created (VPC, RDS, etc) | string |
"cloudquery" |
no |
postgres_engine_version | Version of Amazon RDS Postgres engine to use | string |
"13.6" |
no |
postgres_family | Family of Amazon RDS Postgres engine to use | string |
"aurora-postgresql13" |
no |
postgres_instance_class | Postgresql Instance Class | string |
"db.t3.medium" |
no |
public_subnet_ids | A list of IDs of existing public subnets inside the VPC | list(string) |
[] |
no |
publicly_accessible | Make RDS publicly accessible (might be needed if you want to connect to it from Grafana or other tools). | bool |
false |
no |
role_policy_arns | Policies for the role to use for the EKS service account | list(string) |
[ |
no |
tags | A map of tags to use on all resources | map(string) |
{} |
no |
vpc_id | ID of an existing VPC where resources will be created | string |
null |
no |
Name | Description |
---|---|
eks_cluster_certificate_authority_data | Base64 encoded certificate data required to communicate with the cluster |
eks_cluster_endpoint | Endpoint for your Kubernetes API server |
eks_cluster_id | Amazon EKS Cluster Name |
eks_cluster_status | Amazon EKS Cluster Status |
eks_cluster_version | The Kubernetes version for the cluster |
eks_oidc_provider_arn | The ARN of the OIDC Provider if enable_irsa = true . |
irsa_arn | ARN of IRSA - (IAM Role for service account) |
irsa_name | Name of IRSA - (IAM Role for service account) |
oidc_provider | The OpenID Connect identity provider (issuer URL without leading https:// ) |
rds_cluster_master_password | Master password for cloudquery rds database |
vpc_id | ID of the VPC that was created or passed in |
If helm installtion is stuck in some hanging state you can run the following commands:
# check if helm is installed in cloudquery namespace
helm ls -n cloudquery
# If yes uninstall with the your release name
helm uninstall YOUR_RELEASE_NAME -n cloudquery
Module is maintained by Anton Babenko and CloudQuery Team.
Apache 2 Licensed. See LICENSE for full details.