deployment_template |
Deployment Pattern to use for Cloud resources and CDP |
string |
n/a |
yes |
env_prefix |
Shorthand name for the environment. Used in resource descriptions |
string |
n/a |
yes |
agent_source_tag |
Tag to identify deployment source |
map(any) |
{ "agent_source": "tf-cdp-module" } |
no |
azure_region |
Region which Cloud resources will be created |
string |
null |
no |
backup_storage |
Optional Backup location for CDP environment. If not provided follow the data_storage variable |
object({ backup_storage_bucket = string backup_storage_object = string }) |
null |
no |
cdp_delegated_subnet_names |
List of subnet names delegated for Flexible Servers. Required if create_vnet is false. |
list(any) |
null |
no |
cdp_gw_subnet_names |
List of subnet names for CDP Gateway. Required if create_vnet is false. |
list(any) |
null |
no |
cdp_resourcegroup_name |
Pre-existing Resource Group for CDP environment. Required if create_vnet is false. |
string |
null |
no |
cdp_subnet_names |
List of subnet names for CDP Resources. Required if create_vnet is false. |
list(any) |
null |
no |
cdp_subnet_range |
Size of each (internal) cluster subnet. Required if create_vpc is true. |
number |
19 |
no |
cdp_subnets_private_endpoint_network_policies |
Enable or Disable network policies for the private endpoint on the CDP subnets |
string |
"Enabled" |
no |
cdp_vnet_name |
Pre-existing VNet Name for CDP environment. Required if create_vnet is false. |
string |
null |
no |
create_azure_cml_nfs |
Whether to create NFS for CML |
bool |
false |
no |
create_azure_storage_network_rules |
Enable creation of network rules for the Azure Storage Accounts. |
bool |
false |
no |
create_azure_storage_private_endpoints |
Flag to specify if Private Endpoints are created for each storage account. |
bool |
true |
no |
create_private_flexible_server_resources |
Flag to specify if resources to support a Private Postgres flexible server should be created. |
bool |
null |
no |
create_vm_mounting_nfs |
Whether to create a VM which mounts this NFS |
bool |
true |
no |
create_vnet |
Flag to specify if the VNet should be created |
bool |
true |
no |
data_storage |
Data storage locations for CDP environment |
object({ data_storage_bucket = string data_storage_object = string }) |
null |
no |
datalake_admin_backup_container_role_assignments |
List of Role Assignments for the Datalake Admin Managed Identity assigned to the Backup Storage Container. |
list(object({ role = string description = string }) ) |
[ { "description": "Assign Storage Blob Data Owner Role to Data Lake Admin Identity at Backup Container Level", "role": "Storage Blob Data Owner" } ] |
no |
datalake_admin_data_container_role_assignments |
List of Role Assignments for the Datalake Admin Managed Identity assigned to the Data Storage Container. |
list(object({ role = string description = string }) ) |
[ { "description": "Assign Storage Blob Data Owner Role to Data Lake Admin Identity at Data Container Level", "role": "Storage Blob Data Owner" } ] |
no |
datalake_admin_log_container_role_assignments |
List of Role Assignments for the Datalake Admin Managed Identity assigned to the Logs Storage Container. |
list(object({ role = string description = string }) ) |
[ { "description": "Assign Storage Blob Data Owner Role to Data Lake Admin Identity at Logs Container Level", "role": "Storage Blob Data Owner" } ] |
no |
datalake_admin_managed_identity_name |
Datalake Admin Managed Identity name |
string |
null |
no |
delegated_subnet_range |
Size of each Postgres Flexible Server delegated subnet. Required if create_vpc is true. |
number |
26 |
no |
enable_raz |
Flag to enable Ranger Authorization Service (RAZ) |
bool |
true |
no |
env_tags |
Tags applied to provisioned resources |
map(any) |
null |
no |
gateway_subnet_range |
Size of each gateway subnet. Required if create_vpc is true. |
number |
24 |
no |
gateway_subnets_private_endpoint_network_policies |
Enable or Disable network policies for the private endpoint on the Gateway subnets |
string |
"Enabled" |
no |
idbroker_managed_identity_name |
IDBroker Managed Identity name |
string |
null |
no |
idbroker_role_assignments |
List of Role Assignments for the IDBroker Managed Identity |
list(object({ role = string description = string }) ) |
[ { "description": "Assign VM Contributor Role to IDBroker Identity at Subscription Level", "role": "Virtual Machine Contributor" }, { "description": "Assign Managed Identity Operator Role to IDBroker Identity at Subscription Level", "role": "Managed Identity Operator" } ] |
no |
ingress_extra_cidrs_and_ports |
List of extra CIDR blocks and ports to include in Security Group Ingress rules |
object({ cidrs = list(string) ports = list(number) }) |
{ "cidrs": [], "ports": [] } |
no |
log_data_access_managed_identity_name |
Log Data Access Managed Identity name |
string |
null |
no |
log_data_access_role_assignments |
List of Role Assignments for the Log Data Access Managed Identity. |
list(object({ role = string description = string }) ) |
[ { "description": "Assign Storage Blob Data Contributor Role to Log Role at Logs and Backup Container level", "role": "Storage Blob Data Contributor" } ] |
no |
log_storage |
Optional log locations for CDP environment. If not provided follow the data_storage variable |
object({ log_storage_bucket = string log_storage_object = string }) |
null |
no |
nfs_file_share_name |
nfs file share name |
string |
null |
no |
nfs_file_share_size |
NFS File Share size |
number |
100 |
no |
nfs_storage_account_name |
NFS Storage account name |
string |
null |
no |
public_key_text |
SSH Public key string for the nodes of the CDP environment |
string |
null |
no |
random_id_for_bucket |
Create a random suffix for the Storage Account names |
bool |
true |
no |
ranger_audit_backup_container_role_assignments |
List of Role Assignments for the Ranger Audit Managed Identity assigned to the Backup Storage Container. |
list(object({ role = string description = string }) ) |
[ { "description": "Assign Storage Blob Data Contributor Role to Ranger Audit Role at Backup Container level", "role": "Storage Blob Data Contributor" } ] |
no |
ranger_audit_data_access_managed_identity_name |
Ranger Audit Managed Identity name |
string |
null |
no |
ranger_audit_data_container_role_assignments |
List of Role Assignments for the Ranger Audit Managed Identity assigned to the Data Storage Container. |
list(object({ role = string description = string }) ) |
[ { "description": "Assign Storage Blob Data Contributor Role to Ranger Audit Role at Data Container level", "role": "Storage Blob Data Contributor" } ] |
no |
ranger_audit_log_container_role_assignments |
List of Role Assignments for the Ranger Audit Managed Identity assigned to the Log Storage Container. |
list(object({ role = string description = string }) ) |
[ { "description": "Assign Storage Blob Data Contributor Role to Ranger Audit Role at Logs Container level", "role": "Storage Blob Data Contributor" } ] |
no |
raz_managed_identity_name |
RAZ Managed Identity name |
string |
null |
no |
raz_storage_role_assignments |
List of Role Assignments for the Ranger Audit Managed Identity assigned to the Log Storage Container. |
list(object({ role = string description = string }) ) |
[ { "description": "Assign Storage Blob Delegator Role to RAZ Identity at Storage Account level", "role": "Storage Blob Delegator" }, { "description": "Assign Storage Blob Data Owner Role to RAZ Identity at Storage Account level", "role": "Storage Blob Data Owner" } ] |
no |
resourcegroup_name |
Resource Group name |
string |
null |
no |
security_group_default_name |
Default Security Group for CDP environment |
string |
null |
no |
security_group_knox_name |
Knox Security Group for CDP environment |
string |
null |
no |
storage_public_network_access_enabled |
Enable public_network_access_enabled for storage accounts. |
bool |
true |
no |
subnet_count |
Number of CDP Subnets Required |
string |
"3" |
no |
vnet_cidr |
VNet CIDR Block. Required if create_vpc is true. |
string |
"10.10.0.0/16" |
no |
vnet_name |
VNet name |
string |
null |
no |
xaccount_app_name |
Cross account application name within Azure Active Directory |
string |
null |
no |