diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1dd7e3e6..9035dd14 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,12 @@
# Changelog
+## [4.3.0](https://github.com/nullplatform/tofu-modules/compare/v4.2.0...v4.3.0) (2026-06-11)
+
+
+### Features
+
+* **agent:** IAM assume-role support + multi-instance parametrization ([#386](https://github.com/nullplatform/tofu-modules/issues/386)) ([b82df52](https://github.com/nullplatform/tofu-modules/commit/b82df529244fbf85aab52a23d748ea59c31fb11e))
+
## [4.2.0](https://github.com/nullplatform/tofu-modules/compare/v4.1.0...v4.2.0) (2026-06-10)
diff --git a/infrastructure/aws/acm/README.md b/infrastructure/aws/acm/README.md
index 82d96c5b..944e9d66 100644
--- a/infrastructure/aws/acm/README.md
+++ b/infrastructure/aws/acm/README.md
@@ -18,7 +18,7 @@ The module creates an aws_acm_certificate resource with DNS validation, which is
```hcl
module "acm" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/acm?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/acm?ref=v4.3.0"
domain_name = "your-domain-name"
zone_id = "your-zone-id"
diff --git a/infrastructure/aws/aws_load_balancer_controller/README.md b/infrastructure/aws/aws_load_balancer_controller/README.md
index c92ce519..714e29a5 100644
--- a/infrastructure/aws/aws_load_balancer_controller/README.md
+++ b/infrastructure/aws/aws_load_balancer_controller/README.md
@@ -18,7 +18,7 @@ This module creates a helm_release resource to deploy the AWS Load Balancer Cont
```hcl
module "aws_load_balancer_controller" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/aws_load_balancer_controller?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/aws_load_balancer_controller?ref=v4.3.0"
cluster_name = "your-cluster-name"
vpc_id = "your-vpc-id"
diff --git a/infrastructure/aws/backend/README.md b/infrastructure/aws/backend/README.md
index 053c70b9..7d716d35 100644
--- a/infrastructure/aws/backend/README.md
+++ b/infrastructure/aws/backend/README.md
@@ -20,7 +20,7 @@ This module creates an S3 bucket with versioning and server-side encryption enab
```hcl
module "backend" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/backend?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/backend?ref=v4.3.0"
}
```
diff --git a/infrastructure/aws/dns/README.md b/infrastructure/aws/dns/README.md
index 0ffb1b15..3a781934 100644
--- a/infrastructure/aws/dns/README.md
+++ b/infrastructure/aws/dns/README.md
@@ -20,7 +20,7 @@ The module conditionally creates an aws_route53_zone resource for a public hoste
```hcl
module "dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/dns?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/dns?ref=v4.3.0"
domain_name = "your-domain-name"
vpc_id = "your-vpc-id"
diff --git a/infrastructure/aws/eks/README.md b/infrastructure/aws/eks/README.md
index 8bf88ded..b588f069 100644
--- a/infrastructure/aws/eks/README.md
+++ b/infrastructure/aws/eks/README.md
@@ -22,7 +22,7 @@ The module wraps terraform-aws-modules/eks to create the EKS cluster (aws_eks_cl
```hcl
module "eks" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/eks?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/eks?ref=v4.3.0"
aws_subnets_private_ids = "your-aws-subnets-private-ids"
aws_vpc_vpc_id = "your-aws-vpc-vpc-id"
diff --git a/infrastructure/aws/iam/agent/README.md b/infrastructure/aws/iam/agent/README.md
index a1ef2c62..8954033d 100644
--- a/infrastructure/aws/iam/agent/README.md
+++ b/infrastructure/aws/iam/agent/README.md
@@ -2,24 +2,27 @@
## Description
-Creates and configures IAM roles and policies for a Kubernetes cluster
+Creates an IRSA-enabled IAM role with scoped policies for the nullplatform agent Kubernetes service account on EKS
## Architecture
-This module creates an IAM role for a Kubernetes service account using the terraform-aws-modules/iam/aws module, and attaches policies for managing Route 53 DNS records, Elastic Load Balancing resources, EKS cluster resources, and AVP resources. The policies are created using the aws_iam_policy resource and are attached to the IAM role using the policies attribute of the iam-role-for-service-accounts module. The module also outputs the ARN of the created IAM role.
+The module uses the terraform-aws-modules/iam//modules/iam-role-for-service-accounts submodule to create an aws_iam_role with an OIDC trust policy bound to a specific Kubernetes namespace and service account. Four aws_iam_policy resources are created for Route53, ELB, EKS, and Amazon Verified Permissions, and conditionally a fifth for sts:AssumeRole when assume_role_arns is non-empty. All policies are attached to the IAM role via the submodule's policies map, and the resulting role ARN is exposed as an output.
## Features
-- Creates IAM role with OIDC provider trust for Kubernetes service account
-- Configures policies for managing Route 53 DNS records and Elastic Load Balancing resources
-- Supports EKS cluster resource management and AVP resource management
-- Attaches additional policies to the IAM role using the additional_policies variable
+- Creates an IRSA IAM role scoped to a specific Kubernetes namespace and service account via OIDC provider trust
+- Attaches a Route53 policy granting DNS record management permissions for hosted zones
+- Attaches an ELB policy granting describe permissions for load balancers and target groups
+- Attaches an EKS policy granting read access to clusters, node groups, and addons
+- Attaches an Amazon Verified Permissions (AVP) policy granting full verifiedpermissions access
+- Conditionally creates and attaches an sts:AssumeRole policy when assume_role_arns is provided
+- Supports attaching additional custom IAM policies via the additional_policies map
## Basic Usage
```hcl
module "agent" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/agent?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/agent?ref=v4.3.0"
agent_namespace = "your-agent-namespace"
aws_iam_openid_connect_provider_arn = "your-aws-iam-openid-connect-provider-arn"
@@ -43,7 +46,7 @@ resource "example_resource" "this" {
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | n/a |
+| [aws](#provider\_aws) | 6.47.0 |
## Modules
@@ -55,6 +58,7 @@ resource "example_resource" "this" {
| Name | Type |
|------|------|
+| [aws_iam_policy.nullplatform_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.nullplatform_avp_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.nullplatform_eks_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.nullplatform_elb_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
@@ -66,8 +70,12 @@ resource "example_resource" "this" {
|------|-------------|------|---------|:--------:|
| [additional\_policies](#input\_additional\_policies) | Additional policy ARNs to attach to the agent role | `map(string)` | `{}` | no |
| [agent\_namespace](#input\_agent\_namespace) | Namespace where the agent runs | `string` | n/a | yes |
+| [assume\_role\_arns](#input\_assume\_role\_arns) | List of IAM role ARNs the agent is allowed to assume via sts:AssumeRole | `list(string)` | `[]` | no |
| [aws\_iam\_openid\_connect\_provider\_arn](#input\_aws\_iam\_openid\_connect\_provider\_arn) | ARN of the AWS IAM OIDC provider for EKS service account authentication | `string` | n/a | yes |
| [cluster\_name](#input\_cluster\_name) | Name of the cluster where the policy runs | `string` | n/a | yes |
+| [policies\_name\_prefix](#input\_policies\_name\_prefix) | Override for IAM policy name prefix. Defaults to nullplatform\_{cluster\_name} | `string` | `""` | no |
+| [role\_name](#input\_role\_name) | Override for the IAM role name. Defaults to nullplatform-{cluster\_name}-agent-role | `string` | `""` | no |
+| [service\_account\_name](#input\_service\_account\_name) | Kubernetes service account name trusted by the IRSA role | `string` | `"nullplatform-agent"` | no |
## Outputs
@@ -79,13 +87,16 @@ resource "example_resource" "this" {
diff --git a/infrastructure/aws/iam/aws_load_balancer_controller_iam/README.md b/infrastructure/aws/iam/aws_load_balancer_controller_iam/README.md
index c2c8bd04..9b8b5661 100644
--- a/infrastructure/aws/iam/aws_load_balancer_controller_iam/README.md
+++ b/infrastructure/aws/iam/aws_load_balancer_controller_iam/README.md
@@ -19,7 +19,7 @@ This module creates an IAM role for the AWS Load Balancer Controller using the t
```hcl
module "aws_load_balancer_controller_iam" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/aws_load_balancer_controller_iam?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/aws_load_balancer_controller_iam?ref=v4.3.0"
aws_iam_openid_connect_provider_arn = "your-aws-iam-openid-connect-provider-arn"
cluster_name = "your-cluster-name"
diff --git a/infrastructure/aws/iam/cert_manager/README.md b/infrastructure/aws/iam/cert_manager/README.md
index 5cf6cac3..862c2446 100644
--- a/infrastructure/aws/iam/cert_manager/README.md
+++ b/infrastructure/aws/iam/cert_manager/README.md
@@ -21,7 +21,7 @@ An aws_iam_policy is created granting Route53 permissions (GetChange, ChangeReso
```hcl
module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/cert_manager?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/cert_manager?ref=v4.3.0"
aws_iam_openid_connect_provider_arn = "your-aws-iam-openid-connect-provider-arn"
cluster_name = "your-cluster-name"
diff --git a/infrastructure/aws/iam/ecr/README.md b/infrastructure/aws/iam/ecr/README.md
index 93991c91..80964193 100644
--- a/infrastructure/aws/iam/ecr/README.md
+++ b/infrastructure/aws/iam/ecr/README.md
@@ -21,7 +21,7 @@ The module creates two aws_iam_role resources (an application role with a config
```hcl
module "ecr" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/ecr?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/ecr?ref=v4.3.0"
cluster_name = "your-cluster-name"
}
@@ -53,11 +53,8 @@ resource "example_resource" "this" {
| [aws_iam_access_key.nullplatform_build_workflow_user_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource |
| [aws_iam_group.nullplatform_ecr_managers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group) | resource |
| [aws_iam_group_policy_attachment.ecr_manager_policy_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_policy_attachment) | resource |
-| [aws_iam_policy.ecr_cross_account_pull](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.nullplatform_ecr_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_role.ecr_cross_account_pull](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role.nullplatform_application_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy_attachment.ecr_cross_account_pull](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.ecr_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_user.nullplatform_build_workflow_user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource |
| [aws_iam_user_group_membership.build_workflow_ecr_managers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_group_membership) | resource |
@@ -79,7 +76,6 @@ resource "example_resource" "this" {
| [application\_role\_arn](#output\_application\_role\_arn) | ARN of the IAM role used by applications to pull ECR images |
| [build\_workflow\_access\_key\_id](#output\_build\_workflow\_access\_key\_id) | Access key ID for the CI/CD build workflow IAM user |
| [build\_workflow\_access\_key\_secret](#output\_build\_workflow\_access\_key\_secret) | Secret access key for the CI/CD build workflow IAM user |
-| [cross\_account\_pull\_role\_arn](#output\_cross\_account\_pull\_role\_arn) | ARN of the IAM role that cross-account principals can assume to pull ECR images. Empty string when enable\_cross\_account\_pull is false. |
| [ecr\_repository\_policy](#output\_ecr\_repository\_policy) | ECR repository policy JSON granting pull access to the configured cross-account IDs. Empty string when enable\_cross\_account\_pull is false. |
diff --git a/infrastructure/aws/iam/external_dns/README.md b/infrastructure/aws/iam/external_dns/README.md
index 341c7e67..b6537631 100644
--- a/infrastructure/aws/iam/external_dns/README.md
+++ b/infrastructure/aws/iam/external_dns/README.md
@@ -21,7 +21,7 @@ The module creates an aws_iam_policy granting Route53 permissions scoped to the
```hcl
module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/external_dns?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/external_dns?ref=v4.3.0"
aws_iam_openid_connect_provider_arn = "your-aws-iam-openid-connect-provider-arn"
cluster_name = "your-cluster-name"
diff --git a/infrastructure/aws/iam/s3/README.md b/infrastructure/aws/iam/s3/README.md
index e92f1849..2f00bcc9 100644
--- a/infrastructure/aws/iam/s3/README.md
+++ b/infrastructure/aws/iam/s3/README.md
@@ -19,7 +19,7 @@ The module creates an aws_s3_bucket_policy resource attached to an existing S3 b
```hcl
module "s3" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/s3?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/s3?ref=v4.3.0"
bucket_arn = "your-bucket-arn"
bucket_id = "your-bucket-id"
diff --git a/infrastructure/aws/ingress/README.md b/infrastructure/aws/ingress/README.md
index bfdf0ab3..6b797371 100644
--- a/infrastructure/aws/ingress/README.md
+++ b/infrastructure/aws/ingress/README.md
@@ -22,7 +22,7 @@ The module creates up to two kubernetes_ingress_v1 resources — one for an inte
```hcl
module "ingress" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/ingress?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/ingress?ref=v4.3.0"
certificate_arn = "your-certificate-arn"
}
diff --git a/infrastructure/aws/security/README.md b/infrastructure/aws/security/README.md
index 1d37de87..83418130 100644
--- a/infrastructure/aws/security/README.md
+++ b/infrastructure/aws/security/README.md
@@ -22,7 +22,7 @@ The module uses data sources (aws_eks_cluster, aws_vpc) to derive VPC ID and CID
```hcl
module "security" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/security?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/security?ref=v4.3.0"
cluster_name = "your-cluster-name"
}
@@ -48,7 +48,7 @@ resource "example_resource" "this" {
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | ~> 6.0 |
+| [aws](#provider\_aws) | 6.46.0 |
## Resources
diff --git a/infrastructure/aws/vpc/README.md b/infrastructure/aws/vpc/README.md
index 5553b716..fb384771 100644
--- a/infrastructure/aws/vpc/README.md
+++ b/infrastructure/aws/vpc/README.md
@@ -22,7 +22,7 @@ This module creates a terraform-aws-modules/vpc/aws module resource with DNS hos
```hcl
module "vpc" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/vpc?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/vpc?ref=v4.3.0"
account = "your-account"
organization = "your-organization"
diff --git a/infrastructure/azure/acr/README.md b/infrastructure/azure/acr/README.md
index b15416f0..d2d2d828 100644
--- a/infrastructure/azure/acr/README.md
+++ b/infrastructure/azure/acr/README.md
@@ -18,7 +18,7 @@ The module uses the azurerm_container_registry resource to create the container
```hcl
module "acr" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/acr?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/acr?ref=v4.3.0"
containerregistry_name = "your-containerregistry-name"
location = "your-location"
diff --git a/infrastructure/azure/aks/README.md b/infrastructure/azure/aks/README.md
index e31f1357..af4796bb 100644
--- a/infrastructure/azure/aks/README.md
+++ b/infrastructure/azure/aks/README.md
@@ -22,7 +22,7 @@ The module wraps the Azure/aks/azurerm community module (version 11.0.0) and use
```hcl
module "aks" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/aks?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/aks?ref=v4.3.0"
cluster_name = "your-cluster-name"
location = "your-location"
diff --git a/infrastructure/azure/aks_route_table/README.md b/infrastructure/azure/aks_route_table/README.md
index ab6b0d92..18e749e1 100644
--- a/infrastructure/azure/aks_route_table/README.md
+++ b/infrastructure/azure/aks_route_table/README.md
@@ -19,7 +19,7 @@ The module uses an azurerm_resources data source to discover the route table cre
```hcl
module "aks_route_table" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/aks_route_table?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/aks_route_table?ref=v4.3.0"
node_resource_group = "your-node-resource-group"
subnet_id = "your-subnet-id"
diff --git a/infrastructure/azure/dns/README.md b/infrastructure/azure/dns/README.md
index 049e0a79..a36ac99b 100644
--- a/infrastructure/azure/dns/README.md
+++ b/infrastructure/azure/dns/README.md
@@ -18,7 +18,7 @@ This module creates an azurerm_dns_zone resource and configures it with the prov
```hcl
module "dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/dns?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/dns?ref=v4.3.0"
domain_name = "your-domain-name"
resource_group_name = "your-resource-group-name"
diff --git a/infrastructure/azure/iam/README.md b/infrastructure/azure/iam/README.md
index f723135b..718073fc 100644
--- a/infrastructure/azure/iam/README.md
+++ b/infrastructure/azure/iam/README.md
@@ -21,7 +21,7 @@ The module creates an azurerm_user_assigned_identity resource in the specified r
```hcl
module "iam" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/iam?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/iam?ref=v4.3.0"
location = "your-location"
name = "your-name"
diff --git a/infrastructure/azure/private_dns/README.md b/infrastructure/azure/private_dns/README.md
index 5e86907f..4e3fad31 100644
--- a/infrastructure/azure/private_dns/README.md
+++ b/infrastructure/azure/private_dns/README.md
@@ -18,7 +18,7 @@ This module creates an azurerm_private_dns_zone resource and optionally multiple
```hcl
module "private_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/private_dns?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/private_dns?ref=v4.3.0"
domain_name = "your-domain-name"
resource_group_name = "your-resource-group-name"
diff --git a/infrastructure/azure/resource_group/README.md b/infrastructure/azure/resource_group/README.md
index 0d43320f..7906ea2a 100644
--- a/infrastructure/azure/resource_group/README.md
+++ b/infrastructure/azure/resource_group/README.md
@@ -18,7 +18,7 @@ This module creates an azurerm_resource_group resource and outputs its name and
```hcl
module "resource_group" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/resource_group?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/resource_group?ref=v4.3.0"
location = "your-location"
resource_group_name = "your-resource-group-name"
diff --git a/infrastructure/azure/security/README.md b/infrastructure/azure/security/README.md
index ecd1df13..9c82a6dc 100644
--- a/infrastructure/azure/security/README.md
+++ b/infrastructure/azure/security/README.md
@@ -21,7 +21,7 @@ The module uses azurerm_kubernetes_cluster and azurerm_virtual_network data sour
```hcl
module "security" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/security?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/security?ref=v4.3.0"
cluster_name = "your-cluster-name"
resource_group_name = "your-resource-group-name"
diff --git a/infrastructure/azure/vnet/README.md b/infrastructure/azure/vnet/README.md
index 40f80ec0..00d9b214 100644
--- a/infrastructure/azure/vnet/README.md
+++ b/infrastructure/azure/vnet/README.md
@@ -18,7 +18,7 @@ This module creates an Azure virtual network using the azurerm provider and conf
```hcl
module "vnet" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/vnet?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/vnet?ref=v4.3.0"
address_space = "your-address-space"
location = "your-location"
diff --git a/infrastructure/commons/cert_manager/README.md b/infrastructure/commons/cert_manager/README.md
index b72d700d..78cf682b 100644
--- a/infrastructure/commons/cert_manager/README.md
+++ b/infrastructure/commons/cert_manager/README.md
@@ -21,7 +21,7 @@ The module creates two core helm_release resources: cert-manager from the Jetsta
```hcl
module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.3.0"
account_slug = "your-account-slug"
cloud_provider = "your-cloud-provider"
@@ -34,7 +34,7 @@ module "cert_manager" {
```hcl
module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.3.0"
account_slug = "your-account-slug"
cloud_provider = "gcp"
@@ -49,7 +49,7 @@ module "cert_manager" {
```hcl
module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.3.0"
account_slug = "your-account-slug"
azure_client_id = "your-azure-client-id" # Required when cloud_provider = "azure"
@@ -67,7 +67,7 @@ module "cert_manager" {
```hcl
module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.3.0"
account_slug = "your-account-slug"
cloud_provider = "cloudflare"
@@ -82,7 +82,7 @@ module "cert_manager" {
```hcl
module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.3.0"
account_slug = "your-account-slug"
aws_region = "your-aws-region" # Required when cloud_provider = "aws"
@@ -97,7 +97,7 @@ module "cert_manager" {
```hcl
module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v4.3.0"
account_slug = "your-account-slug"
cloud_provider = "oci"
diff --git a/infrastructure/commons/external_dns/README.md b/infrastructure/commons/external_dns/README.md
index c52e0a31..398ef997 100644
--- a/infrastructure/commons/external_dns/README.md
+++ b/infrastructure/commons/external_dns/README.md
@@ -22,7 +22,7 @@ The module creates an optional kubernetes_namespace_v1 resource and a helm_relea
```hcl
module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.3.0"
dns_provider_name = "your-dns-provider-name"
domain_filters = "your-domain-filters"
@@ -33,7 +33,7 @@ module "external_dns" {
```hcl
module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.3.0"
cloudflare_token = "your-cloudflare-token" # Required when dns_provider_name = "cloudflare"
dns_provider_name = "cloudflare"
@@ -45,7 +45,7 @@ module "external_dns" {
```hcl
module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.3.0"
aws_iam_role_arn = "your-aws-iam-role-arn" # Required when dns_provider_name = "aws"
aws_region = "your-aws-region" # Required when dns_provider_name = "aws"
@@ -60,7 +60,7 @@ module "external_dns" {
```hcl
module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.3.0"
dns_provider_name = "oci"
domain_filters = "your-domain-filters"
@@ -74,7 +74,7 @@ module "external_dns" {
```hcl
module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.3.0"
azure_client_id = "your-azure-client-id" # Required when dns_provider_name = "azure"
azure_resource_group = "your-azure-resource-group" # Required when dns_provider_name = "azure"
@@ -90,7 +90,7 @@ module "external_dns" {
```hcl
module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v4.3.0"
azure_client_id = "your-azure-client-id" # Required when dns_provider_name = "azure-private-dns"
azure_resource_group = "your-azure-resource-group" # Required when dns_provider_name = "azure-private-dns"
diff --git a/infrastructure/commons/istio/README.md b/infrastructure/commons/istio/README.md
index 3f5e4236..7b58d362 100644
--- a/infrastructure/commons/istio/README.md
+++ b/infrastructure/commons/istio/README.md
@@ -21,7 +21,7 @@ Three helm_release resources are created in a strict dependency chain: istio-bas
```hcl
module "istio" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/istio?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/istio?ref=v4.3.0"
}
```
diff --git a/infrastructure/commons/prometheus/README.md b/infrastructure/commons/prometheus/README.md
index e9d82517..26495fa6 100644
--- a/infrastructure/commons/prometheus/README.md
+++ b/infrastructure/commons/prometheus/README.md
@@ -18,7 +18,7 @@ This module creates a helm_release resource to deploy the Prometheus chart from
```hcl
module "prometheus" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/prometheus?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/prometheus?ref=v4.3.0"
}
```
diff --git a/infrastructure/gcp/artifact-registry/README.md b/infrastructure/gcp/artifact-registry/README.md
index e3cd529f..baafae1b 100644
--- a/infrastructure/gcp/artifact-registry/README.md
+++ b/infrastructure/gcp/artifact-registry/README.md
@@ -21,7 +21,7 @@ The module provisions a google_artifact_registry_repository resource in the spec
```hcl
module "artifact-registry" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/artifact-registry?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/artifact-registry?ref=v4.3.0"
location = "your-location"
project_id = "your-project-id"
diff --git a/infrastructure/gcp/cloud-dns/README.md b/infrastructure/gcp/cloud-dns/README.md
index 466c8f1a..5dc4c9d1 100644
--- a/infrastructure/gcp/cloud-dns/README.md
+++ b/infrastructure/gcp/cloud-dns/README.md
@@ -21,7 +21,7 @@ The module creates a single google_dns_managed_zone resource in the specified GC
```hcl
module "cloud-dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/cloud-dns?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/cloud-dns?ref=v4.3.0"
domain_name = "your-domain-name"
project_id = "your-project-id"
diff --git a/infrastructure/gcp/cloud-nat/README.md b/infrastructure/gcp/cloud-nat/README.md
index 6815229e..9d53836e 100644
--- a/infrastructure/gcp/cloud-nat/README.md
+++ b/infrastructure/gcp/cloud-nat/README.md
@@ -19,7 +19,7 @@ This module creates a google_compute_router resource in a specified region and n
```hcl
module "cloud-nat" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/cloud-nat?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/cloud-nat?ref=v4.3.0"
nat_name = "your-nat-name"
network_id = "your-network-id"
diff --git a/infrastructure/gcp/gke/README.md b/infrastructure/gcp/gke/README.md
index 64af6e0e..70c814f7 100644
--- a/infrastructure/gcp/gke/README.md
+++ b/infrastructure/gcp/gke/README.md
@@ -20,7 +20,7 @@ The module uses the google-modules/kubernetes-engine/google//modules/private-clu
```hcl
module "gke" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/gke?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/gke?ref=v4.3.0"
cluster_name = "your-cluster-name"
ip_range_pods = "your-ip-range-pods"
diff --git a/infrastructure/gcp/iam/README.md b/infrastructure/gcp/iam/README.md
index 92c58f63..063dad9d 100644
--- a/infrastructure/gcp/iam/README.md
+++ b/infrastructure/gcp/iam/README.md
@@ -19,7 +19,7 @@ The module creates google_service_account resources for each service account spe
```hcl
module "iam" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/iam?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/iam?ref=v4.3.0"
project_id = "your-project-id"
}
diff --git a/infrastructure/gcp/security/README.md b/infrastructure/gcp/security/README.md
index 6318dca7..9a679c0f 100644
--- a/infrastructure/gcp/security/README.md
+++ b/infrastructure/gcp/security/README.md
@@ -19,7 +19,7 @@ This module uses Terraform to create GCP firewall rules for public and private I
```hcl
module "security" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/security?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/security?ref=v4.3.0"
cluster_name = "your-cluster-name"
gcp_project_id = "your-gcp-project-id"
diff --git a/infrastructure/gcp/vpc/README.md b/infrastructure/gcp/vpc/README.md
index 97ba1864..5c3a908f 100644
--- a/infrastructure/gcp/vpc/README.md
+++ b/infrastructure/gcp/vpc/README.md
@@ -20,7 +20,7 @@ The module invokes the terraform-google-modules/network/google module to create
```hcl
module "vpc" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/vpc?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/vpc?ref=v4.3.0"
network_name = "your-network-name"
project_id = "your-project-id"
diff --git a/infrastructure/oci/backend/README.md b/infrastructure/oci/backend/README.md
index d1d74a01..90b04922 100644
--- a/infrastructure/oci/backend/README.md
+++ b/infrastructure/oci/backend/README.md
@@ -18,7 +18,7 @@ The module creates an oci_objectstorage_bucket resource, which is configured wit
```hcl
module "backend" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/backend?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/backend?ref=v4.3.0"
compartment_id = "your-compartment-id"
namespace = "your-namespace"
diff --git a/infrastructure/oci/dns/README.md b/infrastructure/oci/dns/README.md
index ba5731d3..7aa8f025 100644
--- a/infrastructure/oci/dns/README.md
+++ b/infrastructure/oci/dns/README.md
@@ -18,7 +18,7 @@ This module creates oci_dns_zone resources for each DNS zone defined in the dns_
```hcl
module "dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/dns?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/dns?ref=v4.3.0"
compartment_id = "your-compartment-id"
}
diff --git a/infrastructure/oci/dynamic_groups/README.md b/infrastructure/oci/dynamic_groups/README.md
index f2cc9bfb..ce842307 100644
--- a/infrastructure/oci/dynamic_groups/README.md
+++ b/infrastructure/oci/dynamic_groups/README.md
@@ -19,7 +19,7 @@ This module creates an OCI dynamic group and an OCI identity policy, connecting
```hcl
module "dynamic_groups" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/dynamic_groups?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/dynamic_groups?ref=v4.3.0"
cluster_id = "your-cluster-id"
compartment_id = "your-compartment-id"
diff --git a/infrastructure/oci/oke/README.md b/infrastructure/oci/oke/README.md
index c5619131..5beed5f3 100644
--- a/infrastructure/oci/oke/README.md
+++ b/infrastructure/oci/oke/README.md
@@ -21,7 +21,7 @@ The module instantiates the oracle-terraform-modules/oke/oci module to create an
```hcl
module "oke" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/oke?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/oke?ref=v4.3.0"
api_endpoint_subnet_id = "your-api-endpoint-subnet-id"
cluster_name = "your-cluster-name"
diff --git a/infrastructure/oci/vcn/README.md b/infrastructure/oci/vcn/README.md
index f42d2e8b..9a71f479 100644
--- a/infrastructure/oci/vcn/README.md
+++ b/infrastructure/oci/vcn/README.md
@@ -19,7 +19,7 @@ The module instantiates oci_core_subnet resources for public and private subnets
```hcl
module "vcn" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/vcn?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/vcn?ref=v4.3.0"
}
```
diff --git a/nullplatform/account/README.md b/nullplatform/account/README.md
index e427dda9..d4a6260a 100644
--- a/nullplatform/account/README.md
+++ b/nullplatform/account/README.md
@@ -20,7 +20,7 @@ This module creates nullplatform_account resources using a for_each loop over th
```hcl
module "account" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/account?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/account?ref=v4.3.0"
nullplatform_accounts = "your-nullplatform-accounts"
}
diff --git a/nullplatform/agent/README.md b/nullplatform/agent/README.md
index 803f3101..1ab5e87b 100644
--- a/nullplatform/agent/README.md
+++ b/nullplatform/agent/README.md
@@ -2,27 +2,27 @@
## Description
-Deploys the Nullplatform agent to a Kubernetes cluster via Helm chart with cloud provider-specific configurations for AWS, GCP, Azure, or OCI
+Deploys the Nullplatform agent to a Kubernetes cluster via a Helm release with multi-cloud provider support
## Architecture
-Creates a helm_release resource that deploys the nullplatform-agent chart to a Kubernetes namespace. A terraform_data resource tracks API key changes to trigger helm_release replacement. Local values compute cloud-specific environment variables and command arguments that are templated into Helm chart values. The module merges default configuration (NRN tags, agent repositories, cluster name) with cloud provider-specific settings (AWS IAM role ARN, Azure credentials and networking, GCP/OCI gateway names) before passing them to the Helm chart. The agent container receives these values as environment variables and command-line arguments for runtime configuration.
+The module renders a Helm values file using a templatefile() call that merges default configuration, cloud-specific environment variables, and extra envs into a single locals map. A helm_release resource named 'agent' deploys the 'nullplatform-agent' chart from the official Nullplatform Helm repository into the specified Kubernetes namespace, consuming the rendered values. A terraform_data resource tracks the api_key as a replace trigger, forcing pod recreation when the API key changes. Cross-provider variable validation is enforced via terraform_data preconditions that gate cloud-specific required inputs like aws_iam_role_arn and azure_* credentials before the Helm release proceeds.
## Features
-- Deploys Nullplatform agent as a Helm release with configurable version and namespace
-- Configures cloud provider-specific authentication using AWS IAM roles, Azure service principal credentials, or GCP/OCI gateway settings
-- Parses NRN (Nullplatform Resource Name) into organization, account, and namespace tags for resource identification
-- Merges multiple Git repositories for agent scope configurations with deduplication
-- Supports custom initialization scripts executed during agent startup
-- Automatically replaces Helm release when API key changes via terraform_data trigger
-- Configures DNS and domain settings for Azure, AWS Route53, or external DNS providers
+- Deploys nullplatform-agent Helm chart with atomic install and automatic cleanup on failure
+- Configures multi-cloud provider support for AWS, GCP, Azure, and OCI with provider-specific environment variable injection
+- Creates Kubernetes namespace automatically if it does not already exist
+- Injects NRN-parsed organization, account, and namespace tags into the agent configuration
+- Merges scope repository, extra Git repositories, and deduplicates the final agent repo list
+- Forces pod recreation via terraform_data trigger when the API key is rotated
+- Supports custom init scripts, image pull secrets, and additional environment variables for agent customization
## Basic Usage
```hcl
module "agent" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.3.0"
api_key = "your-api-key"
cloud_provider = "your-cloud-provider"
@@ -33,11 +33,11 @@ module "agent" {
}
```
-### Usage with AWS Configuration
+### Usage with AWS Cloud Provider
```hcl
module "agent" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.3.0"
api_key = "your-api-key"
aws_iam_role_arn = "your-aws-iam-role-arn" # Required when cloud_provider = "aws"
@@ -49,11 +49,11 @@ module "agent" {
}
```
-### Usage with GCP Configuration
+### Usage with GCP Cloud Provider
```hcl
module "agent" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.3.0"
api_key = "your-api-key"
cloud_provider = "gcp"
@@ -64,11 +64,11 @@ module "agent" {
}
```
-### Usage with Azure Configuration
+### Usage with Azure Cloud Provider
```hcl
module "agent" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.3.0"
api_key = "your-api-key"
azure_client_id = "your-azure-client-id" # Required when cloud_provider = "azure"
@@ -87,11 +87,11 @@ module "agent" {
}
```
-### Usage with OCI Configuration
+### Usage with OCI Cloud Provider
```hcl
module "agent" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v4.3.0"
api_key = "your-api-key"
cloud_provider = "oci"
@@ -154,6 +154,7 @@ resource "example_resource" "this" {
| [domain](#input\_domain) | Base domain name used across resources | `string` | `""` | no |
| [extra\_envs](#input\_extra\_envs) | Additional environment variables to pass to the agent | `map(string)` | `{}` | no |
| [image\_pull\_secrets](#input\_image\_pull\_secrets) | Image pull secrets configuration | `string` | `""` | no |
+| [image\_repository](#input\_image\_repository) | Container image repository for the agent. Defaults to the official nullplatform image. | `string` | `""` | no |
| [image\_tag](#input\_image\_tag) | Image tag for the agent container image | `string` | n/a | yes |
| [init\_scripts](#input\_init\_scripts) | List of initialization scripts to execute during agent startup | `list(string)` | `[]` | no |
| [initial\_ingress\_path](#input\_initial\_ingress\_path) | Defines the initial ingress path used when deploying the application for the first time. | `string` | `""` | no |
@@ -164,6 +165,8 @@ resource "example_resource" "this" {
| [private\_gateway\_name](#input\_private\_gateway\_name) | Private gateway name for Azure networking | `string` | `null` | no |
| [private\_hosted\_zone\_rg](#input\_private\_hosted\_zone\_rg) | Resource group for private hosted zone | `string` | `null` | no |
| [public\_gateway\_name](#input\_public\_gateway\_name) | Public gateway name for Azure networking | `string` | `null` | no |
+| [release\_name](#input\_release\_name) | Override for the Helm release name. Defaults to nullplatform-agent | `string` | `"nullplatform-agent"` | no |
+| [service\_account\_name](#input\_service\_account\_name) | Override for the Kubernetes ServiceAccount name created by the Helm chart | `string` | `""` | no |
| [service\_template](#input\_service\_template) | Specifies the name or reference of the scope service template to be used for deployment. | `string` | `""` | no |
| [tags\_selectors](#input\_tags\_selectors) | Map of tags used to select and filter channels and agents | `map(string)` | n/a | yes |
| [use\_account\_slug](#input\_use\_account\_slug) | Flag to determine whether to use account slug in resource naming | `string` | `""` | no |
@@ -172,16 +175,16 @@ resource "example_resource" "this" {
diff --git a/nullplatform/api_key/README.md b/nullplatform/api_key/README.md
index 082e9a6f..3726663b 100644
--- a/nullplatform/api_key/README.md
+++ b/nullplatform/api_key/README.md
@@ -21,7 +21,7 @@ The module creates a single nullplatform_api_key resource whose name, grants, an
```hcl
module "api_key" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.3.0"
type = "your-type"
}
@@ -31,7 +31,7 @@ module "api_key" {
```hcl
module "api_key" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.3.0"
nrn = "your-nrn" # Required when type = "agent"
type = "agent"
@@ -42,7 +42,7 @@ module "api_key" {
```hcl
module "api_key" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.3.0"
nrn = "your-nrn" # Required when type = "scope_notification"
specification_slug = "your-specification-slug" # Required when type = "scope_notification"
@@ -54,7 +54,7 @@ module "api_key" {
```hcl
module "api_key" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.3.0"
nrn = "your-nrn" # Required when type = "service_notification"
specification_slug = "your-specification-slug" # Required when type = "service_notification"
@@ -66,7 +66,7 @@ module "api_key" {
```hcl
module "api_key" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v4.3.0"
custom_grants = "your-custom-grants" # Required when type = "custom"
custom_name = "your-custom-name" # Required when type = "custom"
diff --git a/nullplatform/asset/docker_server/README.md b/nullplatform/asset/docker_server/README.md
index 3ca66896..60d9c651 100644
--- a/nullplatform/asset/docker_server/README.md
+++ b/nullplatform/asset/docker_server/README.md
@@ -21,7 +21,7 @@ Creates a nullplatform_provider_config resource of type 'docker-server' with enc
```hcl
module "docker_server" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/asset/docker_server?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/asset/docker_server?ref=v4.3.0"
login_server = "your-login-server"
nrn = "your-nrn"
diff --git a/nullplatform/asset/ecr/README.md b/nullplatform/asset/ecr/README.md
index 4d396a18..a96d808c 100644
--- a/nullplatform/asset/ecr/README.md
+++ b/nullplatform/asset/ecr/README.md
@@ -21,7 +21,7 @@ The module reads the current AWS region via the aws_region data source and uses
```hcl
module "ecr" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/asset/ecr?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/asset/ecr?ref=v4.3.0"
application_role_arn = "your-application-role-arn"
build_workflow_access_key_id = "your-build-workflow-access-key-id"
@@ -68,7 +68,6 @@ resource "example_resource" "this" {
| [application\_role\_arn](#input\_application\_role\_arn) | ARN of the IAM role used by applications to pull ECR images | `string` | n/a | yes |
| [build\_workflow\_access\_key\_id](#input\_build\_workflow\_access\_key\_id) | Access key ID for the CI/CD build workflow IAM user | `string` | n/a | yes |
| [build\_workflow\_access\_key\_secret](#input\_build\_workflow\_access\_key\_secret) | Secret access key for the CI/CD build workflow IAM user | `string` | n/a | yes |
-| [cross\_account\_pull\_role\_arn](#input\_cross\_account\_pull\_role\_arn) | ARN of the IAM role for cross-account ECR pull access (maps to 'read.role\_arn' in provider config). Leave empty to omit the read section. | `string` | `""` | no |
| [dimensions](#input\_dimensions) | Dimensions to segment the nullplatform provider config (e.g. by region, environment) | `map(string)` | `{}` | no |
| [naming\_rule](#input\_naming\_rule) | jq expression for ECR repository naming convention. Defaults to the Nullplatform platform default. | `string` | `"\"\\(.namespace.slug)/\\(.application.slug)\""` | no |
| [nrn](#input\_nrn) | The nullplatform resource name (NRN) | `string` | n/a | yes |
diff --git a/nullplatform/base/README.md b/nullplatform/base/README.md
index 0c4d09be..140af3de 100644
--- a/nullplatform/base/README.md
+++ b/nullplatform/base/README.md
@@ -22,7 +22,7 @@ The module creates two kubernetes_namespace_v1 resources ('nullplatform-tools' a
```hcl
module "base" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.3.0"
k8s_provider = "your-k8s-provider"
np_api_key = "your-np-api-key"
@@ -33,7 +33,7 @@ module "base" {
```hcl
module "base" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.3.0"
k8s_provider = "eks"
np_api_key = "your-np-api-key"
@@ -44,7 +44,7 @@ module "base" {
```hcl
module "base" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.3.0"
k8s_provider = "gke"
np_api_key = "your-np-api-key"
@@ -55,7 +55,7 @@ module "base" {
```hcl
module "base" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.3.0"
k8s_provider = "aks"
np_api_key = "your-np-api-key"
@@ -66,7 +66,7 @@ module "base" {
```hcl
module "base" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.3.0"
k8s_provider = "oke"
np_api_key = "your-np-api-key"
@@ -77,7 +77,7 @@ module "base" {
```hcl
module "base" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v4.3.0"
k8s_provider = "aro"
np_api_key = "your-np-api-key"
diff --git a/nullplatform/cloud/aws/cloud/README.md b/nullplatform/cloud/aws/cloud/README.md
index e79417cf..bde08320 100644
--- a/nullplatform/cloud/aws/cloud/README.md
+++ b/nullplatform/cloud/aws/cloud/README.md
@@ -20,7 +20,7 @@ The module uses data sources aws_caller_identity and aws_region to dynamically r
```hcl
module "cloud" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/aws/cloud?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/aws/cloud?ref=v4.3.0"
domain_name = "your-domain-name"
hosted_private_zone_id = "your-hosted-private-zone-id"
diff --git a/nullplatform/cloud/aws/vpc/README.md b/nullplatform/cloud/aws/vpc/README.md
index 0fe0abb4..1fae1741 100644
--- a/nullplatform/cloud/aws/vpc/README.md
+++ b/nullplatform/cloud/aws/vpc/README.md
@@ -20,7 +20,7 @@ Creates a nullplatform_provider_config resource of type 'aws-networking-configur
```hcl
module "vpc" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/aws/vpc?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/aws/vpc?ref=v4.3.0"
nrn = "your-nrn"
vpc_id = "your-vpc-id"
diff --git a/nullplatform/cloud/azure/cloud/README.md b/nullplatform/cloud/azure/cloud/README.md
index 3f60ad7f..a2b67d78 100644
--- a/nullplatform/cloud/azure/cloud/README.md
+++ b/nullplatform/cloud/azure/cloud/README.md
@@ -19,7 +19,7 @@ Creates a nullplatform_provider_config resource of type azure-configuration that
```hcl
module "cloud" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/azure/cloud?ref=v4.1.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/azure/cloud?ref=v4.3.0"
azure_resource_group_name = "your-azure-resource-group-name"
nrn = "your-nrn"
@@ -61,11 +61,15 @@ resource "example_resource" "this" {
|------|-------------|------|---------|:--------:|
| [application\_domain](#input\_application\_domain) | Apply application domain or not | `bool` | `false` | no |
| [azure\_resource\_group\_name](#input\_azure\_resource\_group\_name) | Your Azure resource group name | `string` | n/a | yes |
+| [client\_id](#input\_client\_id) | Azure Service Principal client ID. If omitted, inherits from a parent cloud provider. | `string` | `null` | no |
+| [client\_secret](#input\_client\_secret) | Azure Service Principal client secret. If omitted, inherits from a parent cloud provider. | `string` | `null` | no |
| [dimensions](#input\_dimensions) | Define dimensions. For more information, see https://docs.nullplatform.com/docs/dimensions | `map(any)` | `{}` | no |
| [domain\_name](#input\_domain\_name) | The domain name to be used | `string` | `""` | no |
| [nrn](#input\_nrn) | The NRN of your nullplatform account | `string` | n/a | yes |
| [private\_dns\_resource\_group\_name](#input\_private\_dns\_resource\_group\_name) | Azure resource group name for the DNS private | `string` | n/a | yes |
| [private\_domain\_name](#input\_private\_domain\_name) | The private domain name to be used | `string` | `""` | no |
+| [subscription\_id](#input\_subscription\_id) | Azure subscription ID. If omitted, inherits from a parent cloud provider. | `string` | `null` | no |
+| [tenant\_id](#input\_tenant\_id) | Azure Active Directory tenant ID. If omitted, inherits from a parent cloud provider. | `string` | `null` | no |