Auto-generated
This page is generated by terraform-docs at build time from the infra/ repo. Do not edit manually.
Vault ClickHouse¶
Self-managed ClickHouse instance on EC2 for analytics data storage. Runs on a dedicated EBS data volume with KMS encryption and automated backups via AWS Backup. Accessible from ECS services and has a private DNS record on the internal zone.
Requirements¶
| Name | Version |
|---|---|
| terraform | >= 1.6.0 |
| aws | ~> 5.0 |
Providers¶
| Name | Version |
|---|---|
| aws | ~> 5.0 |
Modules¶
No modules.
Resources¶
| Name | Type |
|---|---|
| aws_ebs_volume.data | resource |
| aws_iam_instance_profile.this | resource |
| aws_iam_role.this | resource |
| aws_iam_role_policy.kms_decrypt_for_ssm | resource |
| aws_iam_role_policy.ssm_read | resource |
| aws_iam_role_policy_attachment.ssm_core | resource |
| aws_instance.this | resource |
| aws_kms_alias.this | resource |
| aws_kms_key.this | resource |
| aws_route53_record.this | resource |
| aws_security_group.this | resource |
| aws_security_group_rule.ingress_http_from_ecs | resource |
| aws_security_group_rule.ingress_https_from_ecs | resource |
| aws_security_group_rule.ingress_native_from_ecs | resource |
| aws_security_group_rule.ingress_native_tls_from_ecs | resource |
| aws_ssm_parameter.admin_password | resource |
| aws_volume_attachment.this | resource |
| aws_ami.al2023 | data source |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.ec2_assume_role | data source |
| aws_iam_policy_document.kms_key_policy | data source |
| aws_route53_zone.selected | data source |
| aws_subnet.selected | data source |
Inputs¶
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| admin_password | ClickHouse admin password | string |
n/a | yes |
| backup_role_arn | Optional ARN of a backup role to grant KMS permissions to | string |
null |
no |
| base_tags | Base tags for resources | map(string) |
{} |
no |
| data_volume_size | Size in GB for ClickHouse data volume | number |
n/a | yes |
| disable_api_termination | If true, enables EC2 Instance Termination Protection | bool |
false |
no |
| ecs_security_group_id | Security group ID of ECS tasks allowing ingress | string |
n/a | yes |
| environment | Environment name | string |
n/a | yes |
| group | Logical group/area | string |
"vault" |
no |
| instance_type | EC2 instance type for ClickHouse | string |
n/a | yes |
| name_prefix | Prefix for resource names | string |
n/a | yes |
| region | AWS region | string |
n/a | yes |
| root_volume_size | Size in GB for root volume | number |
64 |
no |
| subnet_id | Subnet ID for the instance | string |
n/a | yes |
| volume_attachment_device_name | Device name to expose to the instance (e.g. /dev/xvdb) | string |
"/dev/xvdb" |
no |
| volume_device_name | Device name for the data volume | string |
"/dev/nvme1n1" |
no |
| volume_iops | Provisioned IOPS for the data volume | number |
3000 |
no |
| volume_throughput | Throughput for the data volume in MiB/s | number |
125 |
no |
| vpc_id | VPC ID where resources will be created | string |
n/a | yes |
| zone_id | Route53 zone ID for DNS records | string |
n/a | yes |
Outputs¶
| Name | Description |
|---|---|
| instance_id | ID of the ClickHouse instance |
| private_ip | Private IP of the ClickHouse instance |
| role_name | Name of the IAM role attached to the instance |
| security_group_id | ID of the ClickHouse security group |