diff --git a/CHANGELOG.md b/CHANGELOG.md
index 45d525a6..7d99f4b8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,12 @@
# Changelog
+## [4.0.1](https://github.com/nullplatform/tofu-modules/compare/v4.0.0...v4.0.1) (2026-06-09)
+
+
+### Bug Fixes
+
+* **ecr:** add cross-account pull and repository policy support ([#384](https://github.com/nullplatform/tofu-modules/issues/384)) ([cf6431f](https://github.com/nullplatform/tofu-modules/commit/cf6431f69c5ce3055c60ff3d659a23c12d9162f9))
+
## [4.0.0](https://github.com/nullplatform/tofu-modules/compare/v3.5.2...v4.0.0) (2026-06-02)
diff --git a/infrastructure/aws/acm/README.md b/infrastructure/aws/acm/README.md
index 8d0a2cf4..71216e2d 100644
--- a/infrastructure/aws/acm/README.md
+++ b/infrastructure/aws/acm/README.md
@@ -18,7 +18,7 @@ The module creates an aws_acm_certificate resource with DNS validation, which is
```hcl
module "acm" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/acm?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/acm?ref=v4.0.1"
domain_name = "your-domain-name"
zone_id = "your-zone-id"
diff --git a/infrastructure/aws/aws_load_balancer_controller/README.md b/infrastructure/aws/aws_load_balancer_controller/README.md
index 06655dd8..082b344f 100644
--- a/infrastructure/aws/aws_load_balancer_controller/README.md
+++ b/infrastructure/aws/aws_load_balancer_controller/README.md
@@ -18,7 +18,7 @@ This module creates a helm_release resource to deploy the AWS Load Balancer Cont
```hcl
module "aws_load_balancer_controller" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/aws_load_balancer_controller?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/aws_load_balancer_controller?ref=v4.0.1"
cluster_name = "your-cluster-name"
vpc_id = "your-vpc-id"
diff --git a/infrastructure/aws/backend/README.md b/infrastructure/aws/backend/README.md
index 2eb06df1..4c5dfec1 100644
--- a/infrastructure/aws/backend/README.md
+++ b/infrastructure/aws/backend/README.md
@@ -20,7 +20,7 @@ This module creates an S3 bucket with versioning and server-side encryption enab
```hcl
module "backend" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/backend?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/backend?ref=v4.0.1"
}
```
diff --git a/infrastructure/aws/dns/README.md b/infrastructure/aws/dns/README.md
index d57912a0..ddde2410 100644
--- a/infrastructure/aws/dns/README.md
+++ b/infrastructure/aws/dns/README.md
@@ -20,7 +20,7 @@ The module conditionally creates an aws_route53_zone resource for a public hoste
```hcl
module "dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/dns?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/dns?ref=v4.0.1"
domain_name = "your-domain-name"
vpc_id = "your-vpc-id"
diff --git a/infrastructure/aws/eks/README.md b/infrastructure/aws/eks/README.md
index 3a37818f..958385d0 100644
--- a/infrastructure/aws/eks/README.md
+++ b/infrastructure/aws/eks/README.md
@@ -22,7 +22,7 @@ The module wraps terraform-aws-modules/eks to create the EKS cluster (aws_eks_cl
```hcl
module "eks" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/eks?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/eks?ref=v4.0.1"
aws_subnets_private_ids = "your-aws-subnets-private-ids"
aws_vpc_vpc_id = "your-aws-vpc-vpc-id"
diff --git a/infrastructure/aws/iam/agent/README.md b/infrastructure/aws/iam/agent/README.md
index e166cd3e..4388ae11 100644
--- a/infrastructure/aws/iam/agent/README.md
+++ b/infrastructure/aws/iam/agent/README.md
@@ -19,7 +19,7 @@ This module creates an IAM role for a Kubernetes service account using the terra
```hcl
module "agent" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/agent?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/agent?ref=v4.0.1"
agent_namespace = "your-agent-namespace"
aws_iam_openid_connect_provider_arn = "your-aws-iam-openid-connect-provider-arn"
diff --git a/infrastructure/aws/iam/aws_load_balancer_controller_iam/README.md b/infrastructure/aws/iam/aws_load_balancer_controller_iam/README.md
index 13a0c775..9d4fdc70 100644
--- a/infrastructure/aws/iam/aws_load_balancer_controller_iam/README.md
+++ b/infrastructure/aws/iam/aws_load_balancer_controller_iam/README.md
@@ -19,7 +19,7 @@ This module creates an IAM role for the AWS Load Balancer Controller using the t
```hcl
module "aws_load_balancer_controller_iam" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/aws_load_balancer_controller_iam?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/aws_load_balancer_controller_iam?ref=v4.0.1"
aws_iam_openid_connect_provider_arn = "your-aws-iam-openid-connect-provider-arn"
cluster_name = "your-cluster-name"
diff --git a/infrastructure/aws/iam/cert_manager/README.md b/infrastructure/aws/iam/cert_manager/README.md
index fb71d82e..786c5aa9 100644
--- a/infrastructure/aws/iam/cert_manager/README.md
+++ b/infrastructure/aws/iam/cert_manager/README.md
@@ -21,7 +21,7 @@ An aws_iam_policy is created granting Route53 permissions (GetChange, ChangeReso
```hcl
module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/cert_manager?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/cert_manager?ref=v4.0.1"
aws_iam_openid_connect_provider_arn = "your-aws-iam-openid-connect-provider-arn"
cluster_name = "your-cluster-name"
diff --git a/infrastructure/aws/iam/ecr/README.md b/infrastructure/aws/iam/ecr/README.md
index df1e4ad4..acc87fd3 100644
--- a/infrastructure/aws/iam/ecr/README.md
+++ b/infrastructure/aws/iam/ecr/README.md
@@ -2,25 +2,26 @@
## Description
-Creates IAM resources for managing ECR repositories and CI/CD build workflows within a named cluster namespace, with optional cross-account pull access
+Provisions IAM resources for ECR image management and optional cross-account ECR pull access within a named cluster namespace
## Architecture
-The module creates an aws_iam_role (application role) with a configurable assume-role principal, an aws_iam_policy granting ECR management permissions, and an aws_iam_user with an aws_iam_access_key for CI/CD build workflows. The ECR policy is attached to the application role via aws_iam_role_policy_attachment and to an aws_iam_group via aws_iam_group_policy_attachment, with the build user added to that group through aws_iam_user_group_membership. When enable_cross_account_pull is true, a second aws_iam_role and aws_iam_policy are conditionally created and attached, allowing specified external AWS account IDs to assume the role for read-only ECR pulls.
+The module creates two aws_iam_role resources (an application role with a configurable assume-role principal and an optional cross-account pull role), an aws_iam_policy for ECR management actions, and an aws_iam_user with an aws_iam_access_key for CI/CD build workflows. The ECR manager policy is attached to both the application role via aws_iam_role_policy_attachment and to an aws_iam_group via aws_iam_group_policy_attachment, with the build workflow user added to that group through aws_iam_user_group_membership. When enable_cross_account_pull is true, a separate aws_iam_role and aws_iam_policy scoped to read-only ECR actions are created and linked, with pull_account_ids driving the Principal trust statements.
## Features
-- Creates an aws_iam_role for application workloads with a configurable assume-role principal ARN
-- Creates an aws_iam_policy granting full ECR repository lifecycle management permissions
-- Creates an aws_iam_user and aws_iam_access_key for CI/CD build workflows with ECR push access
-- Organizes ECR access via an aws_iam_group with policy attachment and user membership
-- Optionally creates a cross-account aws_iam_role and read-only ECR policy for external AWS accounts to pull images
+- Creates a namespaced aws_iam_role for application image pulling with a configurable assume-role principal
+- Creates an aws_iam_policy granting full ECR repository lifecycle permissions including push, pull, and repository management
+- Creates an aws_iam_user and aws_iam_access_key for CI/CD build workflow authentication to ECR
+- Creates an aws_iam_group and attaches the ECR manager policy for group-based permission management
+- Optionally creates a cross-account aws_iam_role and read-only ECR pull policy for external AWS accounts
+- Outputs a ready-to-use ECR repository policy JSON for cross-account pull access configuration
## Basic Usage
```hcl
module "ecr" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/ecr?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/ecr?ref=v4.0.1"
cluster_name = "your-cluster-name"
}
@@ -79,19 +80,21 @@ resource "example_resource" "this" {
| [build\_workflow\_access\_key\_id](#output\_build\_workflow\_access\_key\_id) | Access key ID for the CI/CD build workflow IAM user |
| [build\_workflow\_access\_key\_secret](#output\_build\_workflow\_access\_key\_secret) | Secret access key for the CI/CD build workflow IAM user |
| [cross\_account\_pull\_role\_arn](#output\_cross\_account\_pull\_role\_arn) | ARN of the IAM role that cross-account principals can assume to pull ECR images. Empty string when enable\_cross\_account\_pull is false. |
+| [ecr\_repository\_policy](#output\_ecr\_repository\_policy) | ECR repository policy JSON granting pull access to the configured cross-account IDs. Empty string when enable\_cross\_account\_pull is false. |
diff --git a/infrastructure/aws/iam/external_dns/README.md b/infrastructure/aws/iam/external_dns/README.md
index 55291139..1039a3d8 100644
--- a/infrastructure/aws/iam/external_dns/README.md
+++ b/infrastructure/aws/iam/external_dns/README.md
@@ -21,7 +21,7 @@ The module creates an aws_iam_policy granting Route53 permissions scoped to the
```hcl
module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/external_dns?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/external_dns?ref=v4.0.1"
aws_iam_openid_connect_provider_arn = "your-aws-iam-openid-connect-provider-arn"
cluster_name = "your-cluster-name"
diff --git a/infrastructure/aws/iam/s3/README.md b/infrastructure/aws/iam/s3/README.md
index d11ae92a..dc778e78 100644
--- a/infrastructure/aws/iam/s3/README.md
+++ b/infrastructure/aws/iam/s3/README.md
@@ -19,7 +19,7 @@ The module creates an aws_s3_bucket_policy resource attached to an existing S3 b
```hcl
module "s3" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/s3?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/s3?ref=v4.0.1"
bucket_arn = "your-bucket-arn"
bucket_id = "your-bucket-id"
diff --git a/infrastructure/aws/ingress/README.md b/infrastructure/aws/ingress/README.md
index 5395625b..c93881c1 100644
--- a/infrastructure/aws/ingress/README.md
+++ b/infrastructure/aws/ingress/README.md
@@ -22,7 +22,7 @@ The module creates up to two kubernetes_ingress_v1 resources — one for an inte
```hcl
module "ingress" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/ingress?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/ingress?ref=v4.0.1"
certificate_arn = "your-certificate-arn"
}
diff --git a/infrastructure/aws/security/README.md b/infrastructure/aws/security/README.md
index e760070e..bb86ee85 100644
--- a/infrastructure/aws/security/README.md
+++ b/infrastructure/aws/security/README.md
@@ -22,7 +22,7 @@ The module uses data sources (aws_eks_cluster, aws_vpc) to derive VPC ID and CID
```hcl
module "security" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/security?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/security?ref=v4.0.1"
cluster_name = "your-cluster-name"
}
diff --git a/infrastructure/aws/vpc/README.md b/infrastructure/aws/vpc/README.md
index 2caa7536..134b7937 100644
--- a/infrastructure/aws/vpc/README.md
+++ b/infrastructure/aws/vpc/README.md
@@ -22,7 +22,7 @@ This module creates a terraform-aws-modules/vpc/aws module resource with DNS hos
```hcl
module "vpc" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/vpc?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/vpc?ref=v4.0.1"
account = "your-account"
organization = "your-organization"
diff --git a/infrastructure/azure/acr/README.md b/infrastructure/azure/acr/README.md
index 995c12c0..b88b5c9a 100644
--- a/infrastructure/azure/acr/README.md
+++ b/infrastructure/azure/acr/README.md
@@ -18,7 +18,7 @@ The module uses the azurerm_container_registry resource to create the container
```hcl
module "acr" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/acr?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/acr?ref=v4.0.1"
containerregistry_name = "your-containerregistry-name"
location = "your-location"
diff --git a/infrastructure/azure/aks/README.md b/infrastructure/azure/aks/README.md
index 58826d02..5c3db2a4 100644
--- a/infrastructure/azure/aks/README.md
+++ b/infrastructure/azure/aks/README.md
@@ -22,7 +22,7 @@ The module wraps the Azure/aks/azurerm community module (version 11.0.0) and use
```hcl
module "aks" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/aks?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/aks?ref=v4.0.1"
cluster_name = "your-cluster-name"
location = "your-location"
diff --git a/infrastructure/azure/aks_route_table/README.md b/infrastructure/azure/aks_route_table/README.md
index ec602748..a9b3dd4c 100644
--- a/infrastructure/azure/aks_route_table/README.md
+++ b/infrastructure/azure/aks_route_table/README.md
@@ -19,7 +19,7 @@ The module uses an azurerm_resources data source to discover the route table cre
```hcl
module "aks_route_table" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/aks_route_table?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/aks_route_table?ref=v4.0.1"
node_resource_group = "your-node-resource-group"
subnet_id = "your-subnet-id"
diff --git a/infrastructure/azure/dns/README.md b/infrastructure/azure/dns/README.md
index fbfc369a..0b145591 100644
--- a/infrastructure/azure/dns/README.md
+++ b/infrastructure/azure/dns/README.md
@@ -18,7 +18,7 @@ This module creates an azurerm_dns_zone resource and configures it with the prov
```hcl
module "dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/dns?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/dns?ref=v4.0.1"
domain_name = "your-domain-name"
resource_group_name = "your-resource-group-name"
diff --git a/infrastructure/azure/iam/README.md b/infrastructure/azure/iam/README.md
index 28233a1e..117c25e0 100644
--- a/infrastructure/azure/iam/README.md
+++ b/infrastructure/azure/iam/README.md
@@ -21,7 +21,7 @@ The module creates an azurerm_user_assigned_identity resource in the specified r
```hcl
module "iam" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/iam?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/iam?ref=v4.0.1"
location = "your-location"
name = "your-name"
diff --git a/infrastructure/azure/private_dns/README.md b/infrastructure/azure/private_dns/README.md
index d09ac678..2e6fabd9 100644
--- a/infrastructure/azure/private_dns/README.md
+++ b/infrastructure/azure/private_dns/README.md
@@ -18,7 +18,7 @@ This module creates an azurerm_private_dns_zone resource and optionally multiple
```hcl
module "private_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/private_dns?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/private_dns?ref=v4.0.1"
domain_name = "your-domain-name"
resource_group_name = "your-resource-group-name"
diff --git a/infrastructure/azure/resource_group/README.md b/infrastructure/azure/resource_group/README.md
index a34d18d7..47b67306 100644
--- a/infrastructure/azure/resource_group/README.md
+++ b/infrastructure/azure/resource_group/README.md
@@ -18,7 +18,7 @@ This module creates an azurerm_resource_group resource and outputs its name and
```hcl
module "resource_group" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/resource_group?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/resource_group?ref=v4.0.1"
location = "your-location"
resource_group_name = "your-resource-group-name"
diff --git a/infrastructure/azure/security/README.md b/infrastructure/azure/security/README.md
index 09a84e45..1ddd502a 100644
--- a/infrastructure/azure/security/README.md
+++ b/infrastructure/azure/security/README.md
@@ -21,7 +21,7 @@ The module uses azurerm_kubernetes_cluster and azurerm_virtual_network data sour
```hcl
module "security" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/security?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/security?ref=v4.0.1"
cluster_name = "your-cluster-name"
resource_group_name = "your-resource-group-name"
diff --git a/infrastructure/azure/vnet/README.md b/infrastructure/azure/vnet/README.md
index b55f2a53..4307ebc1 100644
--- a/infrastructure/azure/vnet/README.md
+++ b/infrastructure/azure/vnet/README.md
@@ -18,7 +18,7 @@ This module creates an Azure virtual network using the azurerm provider and conf
```hcl
module "vnet" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/vnet?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/vnet?ref=v4.0.1"
address_space = "your-address-space"
location = "your-location"
diff --git a/infrastructure/commons/cert_manager/README.md b/infrastructure/commons/cert_manager/README.md
index cd8efc73..a5173489 100644
--- a/infrastructure/commons/cert_manager/README.md
+++ b/infrastructure/commons/cert_manager/README.md
@@ -21,7 +21,7 @@ The module creates two core helm_release resources: cert-manager from the Jetsta
```hcl
module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.0.1"
account_slug = "your-account-slug"
cloud_provider = "your-cloud-provider"
@@ -34,7 +34,7 @@ module "cert_manager" {
```hcl
module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.0.1"
account_slug = "your-account-slug"
cloud_provider = "gcp"
@@ -49,7 +49,7 @@ module "cert_manager" {
```hcl
module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.0.1"
account_slug = "your-account-slug"
azure_client_id = "your-azure-client-id" # Required when cloud_provider = "azure"
@@ -67,7 +67,7 @@ module "cert_manager" {
```hcl
module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.0.1"
account_slug = "your-account-slug"
cloud_provider = "cloudflare"
@@ -82,7 +82,7 @@ module "cert_manager" {
```hcl
module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.0.1"
account_slug = "your-account-slug"
aws_region = "your-aws-region" # Required when cloud_provider = "aws"
@@ -97,7 +97,7 @@ module "cert_manager" {
```hcl
module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.0.1"
account_slug = "your-account-slug"
cloud_provider = "oci"
diff --git a/infrastructure/commons/external_dns/README.md b/infrastructure/commons/external_dns/README.md
index e2986168..6776a252 100644
--- a/infrastructure/commons/external_dns/README.md
+++ b/infrastructure/commons/external_dns/README.md
@@ -22,7 +22,7 @@ The module creates an optional kubernetes_namespace_v1 resource and a helm_relea
```hcl
module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.0.1"
dns_provider_name = "your-dns-provider-name"
domain_filters = "your-domain-filters"
@@ -33,7 +33,7 @@ module "external_dns" {
```hcl
module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.0.1"
cloudflare_token = "your-cloudflare-token" # Required when dns_provider_name = "cloudflare"
dns_provider_name = "cloudflare"
@@ -45,7 +45,7 @@ module "external_dns" {
```hcl
module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.0.1"
aws_iam_role_arn = "your-aws-iam-role-arn" # Required when dns_provider_name = "aws"
aws_region = "your-aws-region" # Required when dns_provider_name = "aws"
@@ -60,7 +60,7 @@ module "external_dns" {
```hcl
module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.0.1"
dns_provider_name = "oci"
domain_filters = "your-domain-filters"
@@ -74,7 +74,7 @@ module "external_dns" {
```hcl
module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.0.1"
azure_client_id = "your-azure-client-id" # Required when dns_provider_name = "azure"
azure_resource_group = "your-azure-resource-group" # Required when dns_provider_name = "azure"
@@ -90,7 +90,7 @@ module "external_dns" {
```hcl
module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.0.1"
azure_client_id = "your-azure-client-id" # Required when dns_provider_name = "azure-private-dns"
azure_resource_group = "your-azure-resource-group" # Required when dns_provider_name = "azure-private-dns"
diff --git a/infrastructure/commons/istio/README.md b/infrastructure/commons/istio/README.md
index c149fda1..d3f75a39 100644
--- a/infrastructure/commons/istio/README.md
+++ b/infrastructure/commons/istio/README.md
@@ -21,7 +21,7 @@ Three helm_release resources are created in a strict dependency chain: istio-bas
```hcl
module "istio" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/istio?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/istio?ref=v4.0.1"
}
```
diff --git a/infrastructure/commons/prometheus/README.md b/infrastructure/commons/prometheus/README.md
index 6dfca7f1..5a2a6c85 100644
--- a/infrastructure/commons/prometheus/README.md
+++ b/infrastructure/commons/prometheus/README.md
@@ -18,7 +18,7 @@ This module creates a helm_release resource to deploy the Prometheus chart from
```hcl
module "prometheus" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/prometheus?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/prometheus?ref=v4.0.1"
}
```
diff --git a/infrastructure/gcp/artifact-registry/README.md b/infrastructure/gcp/artifact-registry/README.md
index 4a3159a3..5fd1e515 100644
--- a/infrastructure/gcp/artifact-registry/README.md
+++ b/infrastructure/gcp/artifact-registry/README.md
@@ -21,7 +21,7 @@ The module provisions a google_artifact_registry_repository resource in the spec
```hcl
module "artifact-registry" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/artifact-registry?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/artifact-registry?ref=v4.0.1"
location = "your-location"
project_id = "your-project-id"
diff --git a/infrastructure/gcp/cloud-dns/README.md b/infrastructure/gcp/cloud-dns/README.md
index 48fdf8cb..909208ae 100644
--- a/infrastructure/gcp/cloud-dns/README.md
+++ b/infrastructure/gcp/cloud-dns/README.md
@@ -21,7 +21,7 @@ The module creates a single google_dns_managed_zone resource in the specified GC
```hcl
module "cloud-dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/cloud-dns?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/cloud-dns?ref=v4.0.1"
domain_name = "your-domain-name"
project_id = "your-project-id"
diff --git a/infrastructure/gcp/cloud-nat/README.md b/infrastructure/gcp/cloud-nat/README.md
index 4b6aefcf..d2d9c185 100644
--- a/infrastructure/gcp/cloud-nat/README.md
+++ b/infrastructure/gcp/cloud-nat/README.md
@@ -19,7 +19,7 @@ This module creates a google_compute_router resource in a specified region and n
```hcl
module "cloud-nat" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/cloud-nat?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/cloud-nat?ref=v4.0.1"
nat_name = "your-nat-name"
network_id = "your-network-id"
diff --git a/infrastructure/gcp/gke/README.md b/infrastructure/gcp/gke/README.md
index fbe3a32b..99ee3940 100644
--- a/infrastructure/gcp/gke/README.md
+++ b/infrastructure/gcp/gke/README.md
@@ -20,7 +20,7 @@ The module uses the google-modules/kubernetes-engine/google//modules/private-clu
```hcl
module "gke" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/gke?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/gke?ref=v4.0.1"
cluster_name = "your-cluster-name"
ip_range_pods = "your-ip-range-pods"
diff --git a/infrastructure/gcp/iam/README.md b/infrastructure/gcp/iam/README.md
index e6d5c9c3..8a7c3e7d 100644
--- a/infrastructure/gcp/iam/README.md
+++ b/infrastructure/gcp/iam/README.md
@@ -19,7 +19,7 @@ The module creates google_service_account resources for each service account spe
```hcl
module "iam" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/iam?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/iam?ref=v4.0.1"
project_id = "your-project-id"
}
diff --git a/infrastructure/gcp/security/README.md b/infrastructure/gcp/security/README.md
index 92221144..2ba058ba 100644
--- a/infrastructure/gcp/security/README.md
+++ b/infrastructure/gcp/security/README.md
@@ -19,7 +19,7 @@ This module uses Terraform to create GCP firewall rules for public and private I
```hcl
module "security" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/security?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/security?ref=v4.0.1"
cluster_name = "your-cluster-name"
gcp_project_id = "your-gcp-project-id"
diff --git a/infrastructure/gcp/vpc/README.md b/infrastructure/gcp/vpc/README.md
index 73f015a8..26c7c1fb 100644
--- a/infrastructure/gcp/vpc/README.md
+++ b/infrastructure/gcp/vpc/README.md
@@ -20,7 +20,7 @@ The module invokes the terraform-google-modules/network/google module to create
```hcl
module "vpc" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/vpc?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/vpc?ref=v4.0.1"
network_name = "your-network-name"
project_id = "your-project-id"
diff --git a/infrastructure/oci/backend/README.md b/infrastructure/oci/backend/README.md
index aa5c6400..66a924b4 100644
--- a/infrastructure/oci/backend/README.md
+++ b/infrastructure/oci/backend/README.md
@@ -18,7 +18,7 @@ The module creates an oci_objectstorage_bucket resource, which is configured wit
```hcl
module "backend" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/backend?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/backend?ref=v4.0.1"
compartment_id = "your-compartment-id"
namespace = "your-namespace"
diff --git a/infrastructure/oci/dns/README.md b/infrastructure/oci/dns/README.md
index 989e25a6..911b624b 100644
--- a/infrastructure/oci/dns/README.md
+++ b/infrastructure/oci/dns/README.md
@@ -18,7 +18,7 @@ This module creates oci_dns_zone resources for each DNS zone defined in the dns_
```hcl
module "dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/dns?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/dns?ref=v4.0.1"
compartment_id = "your-compartment-id"
}
diff --git a/infrastructure/oci/dynamic_groups/README.md b/infrastructure/oci/dynamic_groups/README.md
index d165e1a7..d433e496 100644
--- a/infrastructure/oci/dynamic_groups/README.md
+++ b/infrastructure/oci/dynamic_groups/README.md
@@ -19,7 +19,7 @@ This module creates an OCI dynamic group and an OCI identity policy, connecting
```hcl
module "dynamic_groups" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/dynamic_groups?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/dynamic_groups?ref=v4.0.1"
cluster_id = "your-cluster-id"
compartment_id = "your-compartment-id"
diff --git a/infrastructure/oci/oke/README.md b/infrastructure/oci/oke/README.md
index b62de7bd..13d754f2 100644
--- a/infrastructure/oci/oke/README.md
+++ b/infrastructure/oci/oke/README.md
@@ -21,7 +21,7 @@ The module instantiates the oracle-terraform-modules/oke/oci module to create an
```hcl
module "oke" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/oke?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/oke?ref=v4.0.1"
api_endpoint_subnet_id = "your-api-endpoint-subnet-id"
cluster_name = "your-cluster-name"
diff --git a/infrastructure/oci/vcn/README.md b/infrastructure/oci/vcn/README.md
index 4b0a2735..8a4647a6 100644
--- a/infrastructure/oci/vcn/README.md
+++ b/infrastructure/oci/vcn/README.md
@@ -19,7 +19,7 @@ The module instantiates oci_core_subnet resources for public and private subnets
```hcl
module "vcn" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/vcn?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/vcn?ref=v4.0.1"
}
```
diff --git a/nullplatform/account/README.md b/nullplatform/account/README.md
index 0471124a..147c527f 100644
--- a/nullplatform/account/README.md
+++ b/nullplatform/account/README.md
@@ -20,7 +20,7 @@ This module creates nullplatform_account resources using a for_each loop over th
```hcl
module "account" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/account?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/account?ref=v4.0.1"
nullplatform_accounts = "your-nullplatform-accounts"
}
diff --git a/nullplatform/agent/README.md b/nullplatform/agent/README.md
index a956ebcf..4097714f 100644
--- a/nullplatform/agent/README.md
+++ b/nullplatform/agent/README.md
@@ -22,7 +22,7 @@ Creates a helm_release resource that deploys the nullplatform-agent chart to a K
```hcl
module "agent" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.0.1"
api_key = "your-api-key"
cloud_provider = "your-cloud-provider"
@@ -37,7 +37,7 @@ module "agent" {
```hcl
module "agent" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.0.1"
api_key = "your-api-key"
aws_iam_role_arn = "your-aws-iam-role-arn" # Required when cloud_provider = "aws"
@@ -53,7 +53,7 @@ module "agent" {
```hcl
module "agent" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.0.1"
api_key = "your-api-key"
cloud_provider = "gcp"
@@ -68,7 +68,7 @@ module "agent" {
```hcl
module "agent" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.0.1"
api_key = "your-api-key"
azure_client_id = "your-azure-client-id" # Required when cloud_provider = "azure"
@@ -91,7 +91,7 @@ module "agent" {
```hcl
module "agent" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.0.1"
api_key = "your-api-key"
cloud_provider = "oci"
diff --git a/nullplatform/api_key/README.md b/nullplatform/api_key/README.md
index 1e19cbcd..8d3932b3 100644
--- a/nullplatform/api_key/README.md
+++ b/nullplatform/api_key/README.md
@@ -21,7 +21,7 @@ The module creates a single nullplatform_api_key resource whose name, grants, an
```hcl
module "api_key" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.0.1"
type = "your-type"
}
@@ -31,7 +31,7 @@ module "api_key" {
```hcl
module "api_key" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.0.1"
nrn = "your-nrn" # Required when type = "agent"
type = "agent"
@@ -42,7 +42,7 @@ module "api_key" {
```hcl
module "api_key" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.0.1"
nrn = "your-nrn" # Required when type = "scope_notification"
specification_slug = "your-specification-slug" # Required when type = "scope_notification"
@@ -54,7 +54,7 @@ module "api_key" {
```hcl
module "api_key" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.0.1"
nrn = "your-nrn" # Required when type = "service_notification"
specification_slug = "your-specification-slug" # Required when type = "service_notification"
@@ -66,7 +66,7 @@ module "api_key" {
```hcl
module "api_key" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.0.1"
custom_grants = "your-custom-grants" # Required when type = "custom"
custom_name = "your-custom-name" # Required when type = "custom"
diff --git a/nullplatform/asset/docker_server/README.md b/nullplatform/asset/docker_server/README.md
index 7ef95cf5..6012feb1 100644
--- a/nullplatform/asset/docker_server/README.md
+++ b/nullplatform/asset/docker_server/README.md
@@ -21,7 +21,7 @@ Creates a nullplatform_provider_config resource of type 'docker-server' with enc
```hcl
module "docker_server" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/asset/docker_server?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/asset/docker_server?ref=v4.0.1"
login_server = "your-login-server"
nrn = "your-nrn"
diff --git a/nullplatform/asset/ecr/README.md b/nullplatform/asset/ecr/README.md
index da3aa646..1a9f7280 100644
--- a/nullplatform/asset/ecr/README.md
+++ b/nullplatform/asset/ecr/README.md
@@ -2,26 +2,26 @@
## Description
-Configures a nullplatform ECR provider config resource that wires AWS region, CI/CD build credentials, and an application IAM role into a nullplatform registry integration
+Configures a nullplatform ECR provider config resource with CI/CD credentials, application role, and optional cross-account pull access
## Architecture
-The module retrieves the current AWS region via the aws_region data source and passes it into a nullplatform_provider_config resource of type 'ecr'. The resource encodes two attribute blocks as JSON: a 'ci' block containing the region and build workflow IAM access key credentials, and a 'setup' block containing the region and the application IAM role ARN. The lifecycle ignore_changes directive on attributes prevents drift detection from overwriting provider-managed attribute updates after initial creation.
+The module reads the current AWS region via the aws_region data source and uses it alongside input variables to construct a nullplatform_provider_config resource of type 'ecr'. The provider config encodes a JSON attributes blob containing a 'ci' section with build workflow IAM credentials, a 'setup' section with the application role ARN and repository naming rule, and conditionally a 'setup.policy' field when a repository policy is supplied. When a cross-account pull role ARN is provided, an additional 'read' section is merged into the attributes to enable cross-account ECR image pulling.
## Features
-- Creates a nullplatform ECR provider config resource scoped to a specific NRN
-- Configures CI/CD build workflow credentials with AWS access key ID and secret for ECR image publishing
-- Configures application-level ECR access using an IAM role ARN for image pulling
-- Automatically resolves and injects the current AWS region into both CI and setup attribute blocks
-- Supports optional dimension segmentation for multi-region or multi-environment provider config scoping
-- Marks build workflow secret access key as sensitive to prevent exposure in Terraform output
+- Creates a nullplatform ECR provider config resource with structured CI and setup attribute sections
+- Configures CI/CD build workflow credentials using an IAM access key ID and secret for ECR push access
+- Configures application IAM role ARN for ECR image pull in the setup section
+- Supports optional cross-account ECR pull access by conditionally including a read section with a separate IAM role ARN
+- Supports optional ECR repository policy JSON applied to all repositories created by nullplatform
+- Allows customizable ECR repository naming conventions via a configurable jq expression
## Basic Usage
```hcl
module "ecr" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/asset/ecr?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/asset/ecr?ref=v4.0.1"
application_role_arn = "your-application-role-arn"
build_workflow_access_key_id = "your-build-workflow-access-key-id"
@@ -68,22 +68,25 @@ resource "example_resource" "this" {
| [application\_role\_arn](#input\_application\_role\_arn) | ARN of the IAM role used by applications to pull ECR images | `string` | n/a | yes |
| [build\_workflow\_access\_key\_id](#input\_build\_workflow\_access\_key\_id) | Access key ID for the CI/CD build workflow IAM user | `string` | n/a | yes |
| [build\_workflow\_access\_key\_secret](#input\_build\_workflow\_access\_key\_secret) | Secret access key for the CI/CD build workflow IAM user | `string` | n/a | yes |
+| [cross\_account\_pull\_role\_arn](#input\_cross\_account\_pull\_role\_arn) | ARN of the IAM role for cross-account ECR pull access (maps to 'read.role\_arn' in provider config). Leave empty to omit the read section. | `string` | `""` | no |
| [dimensions](#input\_dimensions) | Dimensions to segment the nullplatform provider config (e.g. by region, environment) | `map(string)` | `{}` | no |
+| [naming\_rule](#input\_naming\_rule) | jq expression for ECR repository naming convention. Defaults to the Nullplatform platform default. | `string` | `"\"\\(.namespace.slug)/\\(.application.slug)\""` | no |
| [nrn](#input\_nrn) | The nullplatform resource name (NRN) | `string` | n/a | yes |
+| [repository\_policy](#input\_repository\_policy) | ECR repository policy JSON applied to every new repository Nullplatform creates (maps to 'setup.policy'). Leave empty to omit. | `string` | `""` | no |
diff --git a/nullplatform/base/README.md b/nullplatform/base/README.md
index a7dd7edc..15aa483a 100644
--- a/nullplatform/base/README.md
+++ b/nullplatform/base/README.md
@@ -22,7 +22,7 @@ The module creates two kubernetes_namespace_v1 resources ('nullplatform-tools' a
```hcl
module "base" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.0.1"
k8s_provider = "your-k8s-provider"
np_api_key = "your-np-api-key"
@@ -33,7 +33,7 @@ module "base" {
```hcl
module "base" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.0.1"
k8s_provider = "eks"
np_api_key = "your-np-api-key"
@@ -44,7 +44,7 @@ module "base" {
```hcl
module "base" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.0.1"
k8s_provider = "gke"
np_api_key = "your-np-api-key"
@@ -55,7 +55,7 @@ module "base" {
```hcl
module "base" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.0.1"
k8s_provider = "aks"
np_api_key = "your-np-api-key"
@@ -66,7 +66,7 @@ module "base" {
```hcl
module "base" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.0.1"
k8s_provider = "oke"
np_api_key = "your-np-api-key"
@@ -77,7 +77,7 @@ module "base" {
```hcl
module "base" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.0.1"
k8s_provider = "aro"
np_api_key = "your-np-api-key"
diff --git a/nullplatform/cloud/aws/cloud/README.md b/nullplatform/cloud/aws/cloud/README.md
index c44de4bb..25ec5749 100644
--- a/nullplatform/cloud/aws/cloud/README.md
+++ b/nullplatform/cloud/aws/cloud/README.md
@@ -20,7 +20,7 @@ The module uses data sources aws_caller_identity and aws_region to dynamically r
```hcl
module "cloud" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/aws/cloud?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/aws/cloud?ref=v4.0.1"
domain_name = "your-domain-name"
hosted_private_zone_id = "your-hosted-private-zone-id"
diff --git a/nullplatform/cloud/aws/vpc/README.md b/nullplatform/cloud/aws/vpc/README.md
index c657f536..929f0065 100644
--- a/nullplatform/cloud/aws/vpc/README.md
+++ b/nullplatform/cloud/aws/vpc/README.md
@@ -20,7 +20,7 @@ Creates a nullplatform_provider_config resource of type 'aws-networking-configur
```hcl
module "vpc" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/aws/vpc?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/aws/vpc?ref=v4.0.1"
nrn = "your-nrn"
vpc_id = "your-vpc-id"
diff --git a/nullplatform/cloud/azure/cloud/README.md b/nullplatform/cloud/azure/cloud/README.md
index 3f113ac5..a5aaddfa 100644
--- a/nullplatform/cloud/azure/cloud/README.md
+++ b/nullplatform/cloud/azure/cloud/README.md
@@ -19,7 +19,7 @@ Creates a nullplatform_provider_config resource of type azure-configuration that
```hcl
module "cloud" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/azure/cloud?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/azure/cloud?ref=v4.0.1"
azure_resource_group_name = "your-azure-resource-group-name"
nrn = "your-nrn"
diff --git a/nullplatform/cloud/gcp/cloud/README.md b/nullplatform/cloud/gcp/cloud/README.md
index 699ee192..58243e4d 100644
--- a/nullplatform/cloud/gcp/cloud/README.md
+++ b/nullplatform/cloud/gcp/cloud/README.md
@@ -19,7 +19,7 @@ The module creates a single nullplatform_provider_config resource of type 'googl
```hcl
module "cloud" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/gcp/cloud?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/gcp/cloud?ref=v4.0.1"
domain_name = "your-domain-name"
location = "your-location"
diff --git a/nullplatform/cloud/oci/cloud/README.md b/nullplatform/cloud/oci/cloud/README.md
index 6ac451a7..84fda214 100644
--- a/nullplatform/cloud/oci/cloud/README.md
+++ b/nullplatform/cloud/oci/cloud/README.md
@@ -19,7 +19,7 @@ The module creates a single nullplatform_provider_config resource of type 'oci-c
```hcl
module "cloud" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/oci/cloud?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/oci/cloud?ref=v4.0.1"
account_id = "your-account-id"
account_name = "your-account-name"
diff --git a/nullplatform/code_repository/README.md b/nullplatform/code_repository/README.md
index 0d7fd06f..65730b27 100644
--- a/nullplatform/code_repository/README.md
+++ b/nullplatform/code_repository/README.md
@@ -21,7 +21,7 @@ The module creates a nullplatform_provider_config resource conditionally based o
```hcl
module "code_repository" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/code_repository?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/code_repository?ref=v4.0.1"
git_provider = "your-git-provider"
nrn = "your-nrn"
@@ -32,7 +32,7 @@ module "code_repository" {
```hcl
module "code_repository" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/code_repository?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/code_repository?ref=v4.0.1"
git_provider = "github"
github_installation_id = "your-github-installation-id" # Required when git_provider = "github"
@@ -45,7 +45,7 @@ module "code_repository" {
```hcl
module "code_repository" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/code_repository?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/code_repository?ref=v4.0.1"
git_provider = "gitlab"
gitlab_access_token = "your-gitlab-access-token" # Required when git_provider = "gitlab"
diff --git a/nullplatform/container_orchestration/aks/README.md b/nullplatform/container_orchestration/aks/README.md
index 25950be9..a7d3ef33 100644
--- a/nullplatform/container_orchestration/aks/README.md
+++ b/nullplatform/container_orchestration/aks/README.md
@@ -21,7 +21,7 @@ The module builds a local.attributes map that aggregates cluster metadata, gatew
```hcl
module "aks" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/aks?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/aks?ref=v4.0.1"
cluster_name = "your-cluster-name"
nrn = "your-nrn"
diff --git a/nullplatform/container_orchestration/eks/README.md b/nullplatform/container_orchestration/eks/README.md
index de6ce775..01ef2692 100644
--- a/nullplatform/container_orchestration/eks/README.md
+++ b/nullplatform/container_orchestration/eks/README.md
@@ -21,7 +21,7 @@ Creates a nullplatform_provider_config resource with type 'eks-configuration' th
```hcl
module "eks" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/eks?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/eks?ref=v4.0.1"
cluster_name = "your-cluster-name"
nrn = "your-nrn"
diff --git a/nullplatform/container_orchestration/gke/README.md b/nullplatform/container_orchestration/gke/README.md
index 86fc16e3..d48d2943 100644
--- a/nullplatform/container_orchestration/gke/README.md
+++ b/nullplatform/container_orchestration/gke/README.md
@@ -22,7 +22,7 @@ The module constructs a structured attributes object using locals that merge clu
```hcl
module "gke" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/gke?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/gke?ref=v4.0.1"
cluster_name = "your-cluster-name"
location = "your-location"
diff --git a/nullplatform/container_orchestration/oke/README.md b/nullplatform/container_orchestration/oke/README.md
index 0e07a183..020f8acb 100644
--- a/nullplatform/container_orchestration/oke/README.md
+++ b/nullplatform/container_orchestration/oke/README.md
@@ -19,7 +19,7 @@ Creates a single nullplatform_provider_config resource of type 'oke' that stores
```hcl
module "oke" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/oke?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/oke?ref=v4.0.1"
cluster_name = "your-cluster-name"
nrn = "your-nrn"
diff --git a/nullplatform/dimension/README.md b/nullplatform/dimension/README.md
index d3bca35e..7a71e810 100644
--- a/nullplatform/dimension/README.md
+++ b/nullplatform/dimension/README.md
@@ -19,7 +19,7 @@ The module creates a nullplatform_dimension resource using the provided name, or
```hcl
module "dimension" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/dimension?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/dimension?ref=v4.0.1"
name = "your-name"
nrn = "your-nrn"
diff --git a/nullplatform/dimension_value/README.md b/nullplatform/dimension_value/README.md
index 5a85bab9..0c47eb04 100644
--- a/nullplatform/dimension_value/README.md
+++ b/nullplatform/dimension_value/README.md
@@ -19,7 +19,7 @@ The module uses a terraform_data resource to enforce mutual-exclusivity and pres
```hcl
module "dimension_value" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/dimension_value?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/dimension_value?ref=v4.0.1"
dimension_id = "your-dimension-id"
name = "your-name"
diff --git a/nullplatform/metrics/README.md b/nullplatform/metrics/README.md
index 5837a6c3..764deccd 100644
--- a/nullplatform/metrics/README.md
+++ b/nullplatform/metrics/README.md
@@ -21,7 +21,7 @@ The module creates a nullplatform_provider_config resource of type prometheus th
```hcl
module "metrics" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/metrics?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/metrics?ref=v4.0.1"
nrn = "your-nrn"
}
diff --git a/nullplatform/scope_configuration/README.md b/nullplatform/scope_configuration/README.md
index e747d30b..7f921ce5 100644
--- a/nullplatform/scope_configuration/README.md
+++ b/nullplatform/scope_configuration/README.md
@@ -20,7 +20,7 @@ The module creates a single nullplatform_provider_config resource that associate
```hcl
module "scope_configuration" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/scope_configuration?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/scope_configuration?ref=v4.0.1"
attributes = "your-attributes"
np_api_key = "your-np-api-key"
diff --git a/nullplatform/scope_definition/README.md b/nullplatform/scope_definition/README.md
index 7fbbe48f..0f804ed8 100644
--- a/nullplatform/scope_definition/README.md
+++ b/nullplatform/scope_definition/README.md
@@ -22,7 +22,7 @@ The module fetches JSON templates via `data.http` resources and processes them t
```hcl
module "scope_definition" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/scope_definition?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/scope_definition?ref=v4.0.1"
np_api_key = "your-np-api-key"
nrn = "your-nrn"
diff --git a/nullplatform/scope_definition_agent_association/README.md b/nullplatform/scope_definition_agent_association/README.md
index ff899a6d..4ecfc344 100644
--- a/nullplatform/scope_definition_agent_association/README.md
+++ b/nullplatform/scope_definition_agent_association/README.md
@@ -22,7 +22,7 @@ The module fetches a notification channel template via the `http` data source fr
```hcl
module "scope_definition_agent_association" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/scope_definition_agent_association?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/scope_definition_agent_association?ref=v4.0.1"
api_key = "your-api-key"
nrn = "your-nrn"
diff --git a/nullplatform/service_definition/README.md b/nullplatform/service_definition/README.md
index d9710953..f72afa1e 100644
--- a/nullplatform/service_definition/README.md
+++ b/nullplatform/service_definition/README.md
@@ -22,7 +22,7 @@ The module creates a nullplatform_service_specification resource as the primary
```hcl
module "service_definition" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/service_definition?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/service_definition?ref=v4.0.1"
nrn = "your-nrn"
service_name = "your-service-name"
diff --git a/nullplatform/service_definition_agent_association/README.md b/nullplatform/service_definition_agent_association/README.md
index f53ed760..6a3735d7 100644
--- a/nullplatform/service_definition_agent_association/README.md
+++ b/nullplatform/service_definition_agent_association/README.md
@@ -21,7 +21,7 @@ The module creates a terraform_data resource to track API key changes as a repla
```hcl
module "service_definition_agent_association" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/service_definition_agent_association?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/service_definition_agent_association?ref=v4.0.1"
api_key = "your-api-key"
repository_service_spec_repo = "your-repository-service-spec-repo"
diff --git a/nullplatform/users/README.md b/nullplatform/users/README.md
index 6a6035a1..0ee9f5f8 100644
--- a/nullplatform/users/README.md
+++ b/nullplatform/users/README.md
@@ -20,7 +20,7 @@ The module creates nullplatform_user resources from a map of user configurations
```hcl
module "users" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/users?ref=v4.0.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/users?ref=v4.0.1"
nullplatform_users = "your-nullplatform-users"
}