Auto-generated

This page is generated by terraform-docs at build time from the infra/ repo. Do not edit manually.

Vault ETL (shared)¶

Shared infrastructure for the Vault ETL pipeline: IAM roles, SSM config parameter, IAM user for S3/SQS access, and ECR repository lookup. Individual services are deployed as separate sub-modules.

Requirements¶

Name	Version
terraform	>= 1.6.0
aws	~> 5.0

Providers¶

Name	Version
aws	~> 5.0

Modules¶

No modules.

Resources¶

Name	Type
aws_iam_access_key.vault_ingest	resource
aws_iam_policy.read_ssm	resource
aws_iam_role.execution_role	resource
aws_iam_role.task_role	resource
aws_iam_role_policy_attachment.execution_read_ssm	resource
aws_iam_role_policy_attachment.execution_role_policy	resource
aws_iam_user.vault_ingest	resource
aws_iam_user_policy.vault_ingest	resource
aws_ssm_parameter.vault_ingest_access_key_id	resource
aws_ssm_parameter.vault_ingest_config	resource
aws_ssm_parameter.vault_ingest_secret_access_key	resource
aws_ecr_repository.vault_ingest	data source
aws_iam_policy_document.ecs_assume_role	data source

Inputs¶

Name	Description	Type	Default	Required
base_tags	Base tags to apply to all resources	`map(string)`	`{}`	no
environment	Environment name	`string`	n/a	yes
group	Resource group	`string`	n/a	yes
name_prefix	Prefix for resource names	`string`	n/a	yes
region	AWS region	`string`	n/a	yes
s3_cdn_logs_bucket_arn	ARN of the CDN logs S3 bucket (read access). Required for IAM user creation.	`string`	`null`	no
s3_consent_bucket_arn	ARN of the consent S3 bucket (read/write access). Required for IAM user creation.	`string`	`null`	no
sqs_consent_queue_arn	ARN of the consent SQS queue (read/delete access). Required for IAM user creation.	`string`	`null`	no

Outputs¶

Name	Description
ecr_repository_url	ECR repository URL for vault-ingest
execution_role_arn	ARN of the shared ECS execution role
ssm_config_arn	ARN of the vault ingest config SSM parameter
task_role_arn	ARN of the shared ECS task role