diff --git a/docs/data-sources/account.md b/docs/data-sources/account.md index d9ed8e2..bad2ee7 100644 --- a/docs/data-sources/account.md +++ b/docs/data-sources/account.md @@ -1,14 +1,13 @@ --- -# generated by https://github.com/hashicorp/terraform-plugin-docs page_title: "datafy_account Data Source - datafy" subcategory: "" description: |- - Retrieves a specific Datafy account. + Retrieves information about an existing Datafy account. --- # datafy_account (Data Source) -Retrieves a specific Datafy account. +Use this data source to retrieve information about an existing Datafy account. This is useful when you need to reference an account that was created outside of Terraform or in a different Terraform configuration. ## Example Usage @@ -18,6 +17,19 @@ data "datafy_account" "example" { } ``` +### Use with Other Resources + +```terraform +data "datafy_account" "existing" { + id = "79c406c5-7b64-43f2-ba76-9b01e74e3d90" +} + +resource "datafy_role_arn" "example" { + account_id = data.datafy_account.existing.id + arn = "arn:aws:iam::123456789012:role/DatafyRole" +} +``` + ## Schema diff --git a/docs/data-sources/autoscaling_rule.md b/docs/data-sources/autoscaling_rule.md index 1013a00..ccaa1be 100644 --- a/docs/data-sources/autoscaling_rule.md +++ b/docs/data-sources/autoscaling_rule.md @@ -1,14 +1,13 @@ --- -# generated by https://github.com/hashicorp/terraform-plugin-docs page_title: "datafy_autoscaling_rule Data Source - datafy" subcategory: "" description: |- - Retrieves a specific Datafy Autoscaling Rule. + Retrieves information about an existing Datafy autoscaling rule. --- # datafy_autoscaling_rule (Data Source) -Retrieves a specific Datafy Autoscaling Rule. +Use this data source to retrieve information about an existing Datafy autoscaling rule. This is useful when you need to reference a rule that was created outside of Terraform or in a different Terraform configuration. ## Example Usage diff --git a/docs/data-sources/role_arn.md b/docs/data-sources/role_arn.md index fc69793..f3ada18 100644 --- a/docs/data-sources/role_arn.md +++ b/docs/data-sources/role_arn.md @@ -1,19 +1,18 @@ --- -# generated by https://github.com/hashicorp/terraform-plugin-docs page_title: "datafy_role_arn Data Source - datafy" subcategory: "" description: |- - Retrieves a specific Datafy role ARN. + Retrieves the AWS IAM role ARN associated with a Datafy account. --- # datafy_role_arn (Data Source) -Retrieves a specific Datafy role ARN. +Use this data source to retrieve the AWS IAM role ARN associated with an existing Datafy account. This is useful when you need to reference the IAM role that was configured outside of Terraform or in a different Terraform configuration. ## Example Usage ```terraform -data "datafy_rolearn" "example" { +data "datafy_role_arn" "example" { account_id = "79c406c5-7b64-43f2-ba76-9b01e74e3d90" } ``` diff --git a/docs/data-sources/token.md b/docs/data-sources/token.md index 3fc539c..3fe4bd7 100644 --- a/docs/data-sources/token.md +++ b/docs/data-sources/token.md @@ -1,14 +1,13 @@ --- -# generated by https://github.com/hashicorp/terraform-plugin-docs page_title: "datafy_token Data Source - datafy" subcategory: "" description: |- - Retrieves a specific Datafy token. + Retrieves information about an existing Datafy access token. --- # datafy_token (Data Source) -Retrieves a specific Datafy token. +Use this data source to retrieve information about an existing Datafy access token. This returns metadata about the token (description, role IDs, expiration) but **not** the token secret. ## Example Usage diff --git a/docs/index.md b/docs/index.md index 1e7ab0a..c712f98 100644 --- a/docs/index.md +++ b/docs/index.md @@ -1,23 +1,75 @@ --- -# generated by https://github.com/hashicorp/terraform-plugin-docs -page_title: "datafy Provider" +page_title: "Datafy Provider" subcategory: "" description: |- - + The Datafy provider enables Terraform to manage Datafy accounts, IAM role associations, access tokens, and autoscaling rules. --- -# datafy Provider +# Datafy Provider +The Datafy provider allows you to manage your [Datafy](https://docs.datafy.io) infrastructure as code using Terraform. With this provider you can create and manage accounts, associate AWS IAM roles, generate access tokens, and configure autoscaling rules. +## Prerequisites + +Before using the Datafy Terraform provider, you need: + +1. **An organization account** — Your organization account must be set up by the Datafy team. Contact Datafy to get started. +2. **An API token** — Once your organization account is ready, generate an API token from the [Datafy UI](https://docs.datafy.io). This token authenticates the provider with the Datafy API. + +## Getting Started + +1. Configure the provider with your API token. +2. Create one or more **accounts** (`datafy_account`) to represent your cloud environments. +3. Associate an **IAM role** (`datafy_role_arn`) with each account so Datafy can access your AWS resources. +4. Optionally, create **access tokens** (`datafy_token`) for programmatic API access. +5. Optionally, define **autoscaling rules** (`datafy_autoscaling_rule`) to control which resources are managed by Datafy's autoscaler. + +## Resource Relationships + +``` +Organization (authenticated via provider token) + └── Account (datafy_account) + ├── IAM Role (datafy_role_arn) — one per account + ├── Access Tokens (datafy_token) — zero or more per account + └── Autoscaling Rules (datafy_autoscaling_rule) — zero or more per account +``` + +- Each **account** belongs to your organization and is identified by a unique ID. +- Each account can have exactly **one IAM role ARN** associated with it. This role grants Datafy permissions to manage resources in the corresponding AWS account. +- Each account can have multiple **access tokens** for programmatic API access. +- Each account can have multiple **autoscaling rules** that define which resources the Datafy autoscaler should manage. ## Example Usage ```terraform provider "datafy" { - token = "eZa0qICnUV-COvO46NfDysUDN4bFKMeWssXVCIsIIn0.eyJzdW" + # The token can also be set via the DATAFY_TOKEN environment variable. + token = var.datafy_token } ``` +## Authentication + +The provider requires an API token for authentication. You can provide it in two ways: + +1. **In the provider configuration** (not recommended for production — avoid committing tokens to version control): + +```terraform +provider "datafy" { + token = "your-api-token" +} +``` + +2. **Via environment variable** (recommended): + +```bash +export DATAFY_TOKEN="your-api-token" +``` + +```terraform +provider "datafy" {} +``` + ## Schema diff --git a/docs/resources/account.md b/docs/resources/account.md index 80ce13b..7126ab7 100644 --- a/docs/resources/account.md +++ b/docs/resources/account.md @@ -1,23 +1,51 @@ --- -# generated by https://github.com/hashicorp/terraform-plugin-docs page_title: "datafy_account Resource - datafy" subcategory: "" description: |- - Create a Datafy account + Manages a Datafy account. Accounts represent cloud environments within your organization. --- # datafy_account (Resource) -Create a Datafy account +Manages a Datafy account. Accounts are the primary organizational unit in Datafy and represent a cloud environment (e.g., production, staging, development) within your organization. + +Each account can have an associated [IAM role](role_arn.md) for AWS access, [access tokens](token.md) for programmatic API access, and [autoscaling rules](autoscaling_rule.md) for controlling the Datafy autoscaler. + +For more information, see the [Datafy documentation](http://docs.datafy.io). ## Example Usage +### Basic Account + ```terraform resource "datafy_account" "example" { name = "example-account" } ``` +### Account with IAM Role and Token + +```terraform +# Create an account +resource "datafy_account" "production" { + name = "production" +} + +# Associate an IAM role with the account +resource "datafy_role_arn" "production" { + account_id = datafy_account.production.id + arn = "arn:aws:iam::123456789012:role/DatafyRole" +} + +# Create an access token for the account +resource "datafy_token" "production" { + account_id = datafy_account.production.id + description = "CI/CD pipeline token" + ttl = "720h" + role_ids = ["admin"] +} +``` + ## Schema diff --git a/docs/resources/autoscaling_rule.md b/docs/resources/autoscaling_rule.md index 5862eaa..df1ac3c 100644 --- a/docs/resources/autoscaling_rule.md +++ b/docs/resources/autoscaling_rule.md @@ -1,33 +1,118 @@ --- -# generated by https://github.com/hashicorp/terraform-plugin-docs page_title: "datafy_autoscaling_rule Resource - datafy" subcategory: "" description: |- - Create a Datafy Autoscaling Rule + Manages a Datafy autoscaling rule that defines which resources the Datafy autoscaler should manage. --- # datafy_autoscaling_rule (Resource) -Create a Datafy Autoscaling Rule +Manages a Datafy autoscaling rule. Autoscaling rules define conditions that determine which resources in your AWS account the Datafy autoscaler should manage. Each account can have multiple rules. + +Rules are written using a subset of [JsonLogic](https://jsonlogic.com/) syntax and can match resources based on instance IDs, cluster names, node group names, and tags. + +-> **Note:** Changing the `account_id` will destroy the existing rule and create a new one in the target account. ## Example Usage +### Match Specific Instances + ```terraform resource "datafy_autoscaling_rule" "example" { - account_id = "79c406c5-7b64-43f2-ba76-9b01e74e3d90" - active = false + account_id = datafy_account.example.id + active = true rule = jsonencode({ - "in" : [ - { "var" : "instance_id" }, - [ - "i-1234567890", - "i-1234567891" - ] + "and" : [ + { + "in" : [ + { "var" : "instance_id" }, + [ + "i-1234567890", + "i-1234567891" + ] + ] + } ] }) } ``` +### Match by Tags + +```terraform +resource "datafy_autoscaling_rule" "by_tags" { + account_id = datafy_account.example.id + active = true + rule = jsonencode({ + "and" : [ + { + "some" : [ + { "var" : "tags" }, + { + "in" : [ + { "var" : "" }, + ["env:production", "env:prod"] + ] + } + ] + } + ] + }) +} +``` + +### Multiple Conditions (AND) + +```terraform +resource "datafy_autoscaling_rule" "complex" { + account_id = datafy_account.example.id + active = true + rule = jsonencode({ + "and" : [ + { + "in" : [ + { "var" : "cluster_name" }, + ["prod-cluster", "staging-cluster"] + ] + }, + { + "!" : { + "in" : [ + { "var" : "node_group_name" }, + ["system-nodegroup"] + ] + } + } + ] + }) +} +``` + +### Exclude Specific Instances + +```terraform +resource "datafy_autoscaling_rule" "exclude" { + account_id = datafy_account.example.id + active = true + rule = jsonencode({ + "and" : [ + { + "!" : { + "in" : [ + { "var" : "instance_id" }, + ["i-exclude1", "i-exclude2"] + ] + } + } + ] + }) +} +``` + +## Rule Syntax + +For full details on rule syntax, supported operators, and data variables, see the [Datafy autoscaling rules documentation](http://docs.datafy.io). + ## Schema diff --git a/docs/resources/role_arn.md b/docs/resources/role_arn.md index 277d0f3..88e94c6 100644 --- a/docs/resources/role_arn.md +++ b/docs/resources/role_arn.md @@ -1,17 +1,24 @@ --- -# generated by https://github.com/hashicorp/terraform-plugin-docs page_title: "datafy_role_arn Resource - datafy" subcategory: "" description: |- - Manages a Datafy role ARN, which represents an AWS IAM role associated with a Datafy account. + Manages the AWS IAM role ARN associated with a Datafy account. --- # datafy_role_arn (Resource) -Manages a Datafy role ARN, which represents an AWS IAM role associated with a Datafy account. +Manages the AWS IAM role ARN associated with a Datafy account. This IAM role grants Datafy the permissions needed to manage resources in your AWS account. + +Each Datafy account can have exactly **one** IAM role ARN. Setting a new ARN replaces the existing one. + +Before associating a role, ensure the IAM role exists in your AWS account and has the required trust policy and permissions for Datafy. For details on the required IAM role configuration, see the [Datafy documentation](http://docs.datafy.io). + +-> **Note:** Datafy validates that the IAM role exists and has the required permissions when you set or update the ARN. If the role cannot be validated (for example, due to AWS Service Control Policies), the operation will fail. ## Example Usage +### Basic Usage + ```terraform resource "datafy_role_arn" "example" { account_id = "5f19d868-64f2-4251-a98f-b19571d1f4e9" @@ -19,6 +26,38 @@ resource "datafy_role_arn" "example" { } ``` +### With Account Creation + +```terraform +resource "datafy_account" "example" { + name = "my-aws-account" +} + +resource "datafy_role_arn" "example" { + account_id = datafy_account.example.id + arn = "arn:aws:iam::123456789012:role/DatafyRole" +} +``` + +### Using the Datafy IAM Role Module + +```terraform +resource "datafy_account" "example" { + name = "my-aws-account" +} + +module "datafy_iam_role" { + source = "datafy-io/datafy-iam-role/aws" + + account_id = datafy_account.example.id +} + +resource "datafy_role_arn" "example" { + account_id = datafy_account.example.id + arn = module.datafy_iam_role.role_arn +} +``` + ## Schema diff --git a/docs/resources/token.md b/docs/resources/token.md index dad61e8..811c46e 100644 --- a/docs/resources/token.md +++ b/docs/resources/token.md @@ -1,17 +1,22 @@ --- -# generated by https://github.com/hashicorp/terraform-plugin-docs page_title: "datafy_token Resource - datafy" subcategory: "" description: |- - Create a Datafy token, which represents an access token associated with a Datafy account. + Manages a Datafy access token for programmatic API access to a specific account. --- # datafy_token (Resource) -Create a Datafy token, which represents an access token associated with a Datafy account. +Manages a Datafy access token. Tokens provide programmatic API access to a specific Datafy account and can be used to authenticate API calls. + +~> **Important:** The token `secret` is only available at creation time and cannot be retrieved afterwards. Make sure to store it securely (e.g., in a secrets manager). If you lose the secret, you must create a new token. + +~> **Important:** All attributes of this resource are immutable. Changing any attribute will destroy the existing token and create a new one. ## Example Usage +### Token with Expiration + ```terraform resource "datafy_token" "example" { account_id = "79c406c5-7b64-43f2-ba76-9b01e74e3d90" @@ -21,6 +26,36 @@ resource "datafy_token" "example" { } ``` +### Token without Expiration + +```terraform +resource "datafy_token" "persistent" { + account_id = datafy_account.example.id + description = "Long-lived service token" + role_ids = ["viewer"] +} +``` + +### Storing the Secret in AWS Secrets Manager + +```terraform +resource "datafy_token" "example" { + account_id = datafy_account.example.id + description = "CI/CD token" + ttl = "720h" + role_ids = ["admin"] +} + +resource "aws_secretsmanager_secret" "datafy_token" { + name = "datafy/api-token" +} + +resource "aws_secretsmanager_secret_version" "datafy_token" { + secret_id = aws_secretsmanager_secret.datafy_token.id + secret_string = datafy_token.example.secret +} +``` + ## Schema diff --git a/examples/data-sources/datafy_role_arn/data-source.tf b/examples/data-sources/datafy_role_arn/data-source.tf index 4996924..4ff83e1 100644 --- a/examples/data-sources/datafy_role_arn/data-source.tf +++ b/examples/data-sources/datafy_role_arn/data-source.tf @@ -1,3 +1,3 @@ -data "datafy_rolearn" "example" { +data "datafy_role_arn" "example" { account_id = "79c406c5-7b64-43f2-ba76-9b01e74e3d90" } diff --git a/examples/provider/provider.tf b/examples/provider/provider.tf index 1a14a7b..0673dbb 100644 --- a/examples/provider/provider.tf +++ b/examples/provider/provider.tf @@ -1,3 +1,4 @@ provider "datafy" { - token = "eZa0qICnUV-COvO46NfDysUDN4bFKMeWssXVCIsIIn0.eyJzdW" + # The token can also be set via the DATAFY_TOKEN environment variable. + token = var.datafy_token } diff --git a/examples/resources/datafy_autoscaling_rule/resource.tf b/examples/resources/datafy_autoscaling_rule/resource.tf index a365d2b..65dca6b 100644 --- a/examples/resources/datafy_autoscaling_rule/resource.tf +++ b/examples/resources/datafy_autoscaling_rule/resource.tf @@ -1,13 +1,17 @@ resource "datafy_autoscaling_rule" "example" { - account_id = "79c406c5-7b64-43f2-ba76-9b01e74e3d90" - active = false + account_id = datafy_account.example.id + active = true rule = jsonencode({ - "in" : [ - { "var" : "instance_id" }, - [ - "i-1234567890", - "i-1234567891" - ] + "and" : [ + { + "in" : [ + { "var" : "instance_id" }, + [ + "i-1234567890", + "i-1234567891" + ] + ] + } ] }) } diff --git a/templates/data-sources/account.md.tmpl b/templates/data-sources/account.md.tmpl new file mode 100644 index 0000000..87e42bf --- /dev/null +++ b/templates/data-sources/account.md.tmpl @@ -0,0 +1,29 @@ +--- +page_title: "datafy_account Data Source - datafy" +subcategory: "" +description: |- + Retrieves information about an existing Datafy account. +--- + +# {{ .Name }} (Data Source) + +Use this data source to retrieve information about an existing Datafy account. This is useful when you need to reference an account that was created outside of Terraform or in a different Terraform configuration. + +## Example Usage + +{{ tffile "examples/data-sources/datafy_account/data-source.tf" }} + +### Use with Other Resources + +```terraform +data "datafy_account" "existing" { + id = "79c406c5-7b64-43f2-ba76-9b01e74e3d90" +} + +resource "datafy_role_arn" "example" { + account_id = data.datafy_account.existing.id + arn = "arn:aws:iam::123456789012:role/DatafyRole" +} +``` + +{{ .SchemaMarkdown | trimspace }} diff --git a/templates/data-sources/autoscaling_rule.md.tmpl b/templates/data-sources/autoscaling_rule.md.tmpl new file mode 100644 index 0000000..9a87746 --- /dev/null +++ b/templates/data-sources/autoscaling_rule.md.tmpl @@ -0,0 +1,16 @@ +--- +page_title: "datafy_autoscaling_rule Data Source - datafy" +subcategory: "" +description: |- + Retrieves information about an existing Datafy autoscaling rule. +--- + +# {{ .Name }} (Data Source) + +Use this data source to retrieve information about an existing Datafy autoscaling rule. This is useful when you need to reference a rule that was created outside of Terraform or in a different Terraform configuration. + +## Example Usage + +{{ tffile "examples/data-sources/datafy_autoscaling_rule/data-source.tf" }} + +{{ .SchemaMarkdown | trimspace }} diff --git a/templates/data-sources/role_arn.md.tmpl b/templates/data-sources/role_arn.md.tmpl new file mode 100644 index 0000000..d143d0a --- /dev/null +++ b/templates/data-sources/role_arn.md.tmpl @@ -0,0 +1,16 @@ +--- +page_title: "datafy_role_arn Data Source - datafy" +subcategory: "" +description: |- + Retrieves the AWS IAM role ARN associated with a Datafy account. +--- + +# {{ .Name }} (Data Source) + +Use this data source to retrieve the AWS IAM role ARN associated with an existing Datafy account. This is useful when you need to reference the IAM role that was configured outside of Terraform or in a different Terraform configuration. + +## Example Usage + +{{ tffile "examples/data-sources/datafy_role_arn/data-source.tf" }} + +{{ .SchemaMarkdown | trimspace }} diff --git a/templates/data-sources/token.md.tmpl b/templates/data-sources/token.md.tmpl new file mode 100644 index 0000000..4b0e0bb --- /dev/null +++ b/templates/data-sources/token.md.tmpl @@ -0,0 +1,16 @@ +--- +page_title: "datafy_token Data Source - datafy" +subcategory: "" +description: |- + Retrieves information about an existing Datafy access token. +--- + +# {{ .Name }} (Data Source) + +Use this data source to retrieve information about an existing Datafy access token. This returns metadata about the token (description, role IDs, expiration) but **not** the token secret. + +## Example Usage + +{{ tffile "examples/data-sources/datafy_token/data-source.tf" }} + +{{ .SchemaMarkdown | trimspace }} diff --git a/templates/index.md.tmpl b/templates/index.md.tmpl new file mode 100644 index 0000000..eae7165 --- /dev/null +++ b/templates/index.md.tmpl @@ -0,0 +1,68 @@ +--- +page_title: "Datafy Provider" +subcategory: "" +description: |- + The Datafy provider enables Terraform to manage Datafy accounts, IAM role associations, access tokens, and autoscaling rules. +--- + +# Datafy Provider + +The Datafy provider allows you to manage your [Datafy](https://docs.datafy.io) infrastructure as code using Terraform. With this provider you can create and manage accounts, associate AWS IAM roles, generate access tokens, and configure autoscaling rules. + +## Prerequisites + +Before using the Datafy Terraform provider, you need: + +1. **An organization account** — Your organization account must be set up by the Datafy team. Contact Datafy to get started. +2. **An API token** — Once your organization account is ready, generate an API token from the [Datafy UI](https://docs.datafy.io). This token authenticates the provider with the Datafy API. + +## Getting Started + +1. Configure the provider with your API token. +2. Create one or more **accounts** (`datafy_account`) to represent your cloud environments. +3. Associate an **IAM role** (`datafy_role_arn`) with each account so Datafy can access your AWS resources. +4. Optionally, create **access tokens** (`datafy_token`) for programmatic API access. +5. Optionally, define **autoscaling rules** (`datafy_autoscaling_rule`) to control which resources are managed by Datafy's autoscaler. + +## Resource Relationships + +``` +Organization (authenticated via provider token) + └── Account (datafy_account) + ├── IAM Role (datafy_role_arn) — one per account + ├── Access Tokens (datafy_token) — zero or more per account + └── Autoscaling Rules (datafy_autoscaling_rule) — zero or more per account +``` + +- Each **account** belongs to your organization and is identified by a unique ID. +- Each account can have exactly **one IAM role ARN** associated with it. This role grants Datafy permissions to manage resources in the corresponding AWS account. +- Each account can have multiple **access tokens** for programmatic API access. +- Each account can have multiple **autoscaling rules** that define which resources the Datafy autoscaler should manage. + +## Example Usage + +{{ tffile "examples/provider/provider.tf" }} + +## Authentication + +The provider requires an API token for authentication. You can provide it in two ways: + +1. **In the provider configuration** (not recommended for production — avoid committing tokens to version control): + +```terraform +provider "datafy" { + token = "your-api-token" +} +``` + +2. **Via environment variable** (recommended): + +```bash +export DATAFY_TOKEN="your-api-token" +``` + +```terraform +provider "datafy" {} +``` + +{{ .SchemaMarkdown | trimspace }} diff --git a/templates/resources/account.md.tmpl b/templates/resources/account.md.tmpl new file mode 100644 index 0000000..68e60c6 --- /dev/null +++ b/templates/resources/account.md.tmpl @@ -0,0 +1,45 @@ +--- +page_title: "datafy_account Resource - datafy" +subcategory: "" +description: |- + Manages a Datafy account. Accounts represent cloud environments within your organization. +--- + +# {{ .Name }} (Resource) + +Manages a Datafy account. Accounts are the primary organizational unit in Datafy and represent a cloud environment (e.g., production, staging, development) within your organization. + +Each account can have an associated [IAM role](role_arn.md) for AWS access, [access tokens](token.md) for programmatic API access, and [autoscaling rules](autoscaling_rule.md) for controlling the Datafy autoscaler. + +For more information, see the [Datafy documentation](http://docs.datafy.io). + +## Example Usage + +### Basic Account + +{{ tffile "examples/resources/datafy_account/resource.tf" }} + +### Account with IAM Role and Token + +```terraform +# Create an account +resource "datafy_account" "production" { + name = "production" +} + +# Associate an IAM role with the account +resource "datafy_role_arn" "production" { + account_id = datafy_account.production.id + arn = "arn:aws:iam::123456789012:role/DatafyRole" +} + +# Create an access token for the account +resource "datafy_token" "production" { + account_id = datafy_account.production.id + description = "CI/CD pipeline token" + ttl = "720h" + role_ids = ["admin"] +} +``` + +{{ .SchemaMarkdown | trimspace }} diff --git a/templates/resources/autoscaling_rule.md.tmpl b/templates/resources/autoscaling_rule.md.tmpl new file mode 100644 index 0000000..3397852 --- /dev/null +++ b/templates/resources/autoscaling_rule.md.tmpl @@ -0,0 +1,98 @@ +--- +page_title: "datafy_autoscaling_rule Resource - datafy" +subcategory: "" +description: |- + Manages a Datafy autoscaling rule that defines which resources the Datafy autoscaler should manage. +--- + +# {{ .Name }} (Resource) + +Manages a Datafy autoscaling rule. Autoscaling rules define conditions that determine which resources in your AWS account the Datafy autoscaler should manage. Each account can have multiple rules. + +Rules are written using a subset of [JsonLogic](https://jsonlogic.com/) syntax and can match resources based on instance IDs, cluster names, node group names, and tags. + +-> **Note:** Changing the `account_id` will destroy the existing rule and create a new one in the target account. + +## Example Usage + +### Match Specific Instances + +{{ tffile "examples/resources/datafy_autoscaling_rule/resource.tf" }} + +### Match by Tags + +```terraform +resource "datafy_autoscaling_rule" "by_tags" { + account_id = datafy_account.example.id + active = true + rule = jsonencode({ + "and" : [ + { + "some" : [ + { "var" : "tags" }, + { + "in" : [ + { "var" : "" }, + ["env:production", "env:prod"] + ] + } + ] + } + ] + }) +} +``` + +### Multiple Conditions (AND) + +```terraform +resource "datafy_autoscaling_rule" "complex" { + account_id = datafy_account.example.id + active = true + rule = jsonencode({ + "and" : [ + { + "in" : [ + { "var" : "cluster_name" }, + ["prod-cluster", "staging-cluster"] + ] + }, + { + "!" : { + "in" : [ + { "var" : "node_group_name" }, + ["system-nodegroup"] + ] + } + } + ] + }) +} +``` + +### Exclude Specific Instances + +```terraform +resource "datafy_autoscaling_rule" "exclude" { + account_id = datafy_account.example.id + active = true + rule = jsonencode({ + "and" : [ + { + "!" : { + "in" : [ + { "var" : "instance_id" }, + ["i-exclude1", "i-exclude2"] + ] + } + } + ] + }) +} +``` + +## Rule Syntax + +For full details on rule syntax, supported operators, and data variables, see the [Datafy autoscaling rules documentation](http://docs.datafy.io). + +{{ .SchemaMarkdown | trimspace }} diff --git a/templates/resources/role_arn.md.tmpl b/templates/resources/role_arn.md.tmpl new file mode 100644 index 0000000..4dd0f24 --- /dev/null +++ b/templates/resources/role_arn.md.tmpl @@ -0,0 +1,56 @@ +--- +page_title: "datafy_role_arn Resource - datafy" +subcategory: "" +description: |- + Manages the AWS IAM role ARN associated with a Datafy account. +--- + +# {{ .Name }} (Resource) + +Manages the AWS IAM role ARN associated with a Datafy account. This IAM role grants Datafy the permissions needed to manage resources in your AWS account. + +Each Datafy account can have exactly **one** IAM role ARN. Setting a new ARN replaces the existing one. + +Before associating a role, ensure the IAM role exists in your AWS account and has the required trust policy and permissions for Datafy. For details on the required IAM role configuration, see the [Datafy documentation](http://docs.datafy.io). + +-> **Note:** Datafy validates that the IAM role exists and has the required permissions when you set or update the ARN. If the role cannot be validated (for example, due to AWS Service Control Policies), the operation will fail. + +## Example Usage + +### Basic Usage + +{{ tffile "examples/resources/datafy_role_arn/resource.tf" }} + +### With Account Creation + +```terraform +resource "datafy_account" "example" { + name = "my-aws-account" +} + +resource "datafy_role_arn" "example" { + account_id = datafy_account.example.id + arn = "arn:aws:iam::123456789012:role/DatafyRole" +} +``` + +### Using the Datafy IAM Role Module + +```terraform +resource "datafy_account" "example" { + name = "my-aws-account" +} + +module "datafy_iam_role" { + source = "datafy-io/datafy-iam-role/aws" + + account_id = datafy_account.example.id +} + +resource "datafy_role_arn" "example" { + account_id = datafy_account.example.id + arn = module.datafy_iam_role.role_arn +} +``` + +{{ .SchemaMarkdown | trimspace }} diff --git a/templates/resources/token.md.tmpl b/templates/resources/token.md.tmpl new file mode 100644 index 0000000..79d6f13 --- /dev/null +++ b/templates/resources/token.md.tmpl @@ -0,0 +1,52 @@ +--- +page_title: "datafy_token Resource - datafy" +subcategory: "" +description: |- + Manages a Datafy access token for programmatic API access to a specific account. +--- + +# {{ .Name }} (Resource) + +Manages a Datafy access token. Tokens provide programmatic API access to a specific Datafy account and can be used to authenticate API calls. + +~> **Important:** The token `secret` is only available at creation time and cannot be retrieved afterwards. Make sure to store it securely (e.g., in a secrets manager). If you lose the secret, you must create a new token. + +~> **Important:** All attributes of this resource are immutable. Changing any attribute will destroy the existing token and create a new one. + +## Example Usage + +### Token with Expiration + +{{ tffile "examples/resources/datafy_token/resource.tf" }} + +### Token without Expiration + +```terraform +resource "datafy_token" "persistent" { + account_id = datafy_account.example.id + description = "Long-lived service token" + role_ids = ["viewer"] +} +``` + +### Storing the Secret in AWS Secrets Manager + +```terraform +resource "datafy_token" "example" { + account_id = datafy_account.example.id + description = "CI/CD token" + ttl = "720h" + role_ids = ["admin"] +} + +resource "aws_secretsmanager_secret" "datafy_token" { + name = "datafy/api-token" +} + +resource "aws_secretsmanager_secret_version" "datafy_token" { + secret_id = aws_secretsmanager_secret.datafy_token.id + secret_string = datafy_token.example.secret +} +``` + +{{ .SchemaMarkdown | trimspace }}