Note:
Dependencies onmodules/infra/secretsandmodules/infra/storageare optional — use them only if managing secrets or storage via Terraform.
If secrets or buckets are created manually or managed elsewhere, these modules are not required.
| Module | Dependencies | Description |
|---|---|---|
modules/infra/storage |
None | Provides S3 buckets for temporary uploads, CloudFormation templates, and other ephemeral assets. |
modules/infra/opt_in_regions |
None | Enables specific AWS regions for deployment. |
modules/infra/service_linked_roles |
None | Enables EC2 Spot and other AWS service-linked roles. |
modules/infra/eks |
Optional: infra/secrets Required: opt_in_regions, service_linked_roles |
Deploys EKS cluster with Calico and Karpenter. Integrates with Splunk. |
modules/infra/cloud_formation |
None | Manages CloudFormation stacks used by integrations. |
modules/infra/ami_policy |
None | Manages lifecycle policies for Forge AMIs. |
modules/infra/ami_sharing |
None | Shares base AMIs with tenant accounts for reuse. |
modules/infra/billing |
None | Creates SNS topic for AWS Budgets alerts with strict publish policy. |
modules/infra/budgets |
Required: infra/billing |
Adds AWS Budgets with per-service thresholds and alerts. |
modules/infra/forge_subscription |
None | Enables tenants to self-register, build AMIs, pull ECR images, and assume roles. Useful for Forge-as-tenant. |
| Module | Dependencies | Description |
|---|---|---|
modules/platform/forge_runners |
Required: infra/billing Optional: infra/service_linked_roles |
Orchestrates EC2/EKS runners and tenant modules. Entry point for provisioning runners. |
modules/platform/ec2_deployment |
Internal (uses terraform-aws-github-runner) |
Deploys EC2-based ephemeral GitHub Actions runners. |
modules/platform/arc_deployment |
Internal (wraps core/arc) |
Deploys EKS-based GitHub runners via ARC. |
| Module | Dependencies | Description |
|---|---|---|
modules/core/arc |
Used by arc_deployment |
Version-agnostic Helm wrapper for ARC. Includes logging, pre-hooks, and tenant-aware configuration logic. |
| Module | Dependencies | Description |
|---|---|---|
modules/integrations/splunk_secrets |
None | Manages Splunk-specific secrets like ingest tokens and credentials. |
modules/integrations/splunk_eks_otel |
Required: infra/eks Secrets: /cicd/common/splunk_o11y_ingest_token_eks, /cicd/common/splunk_cloud_hec_token_eks |
Installs and configures Splunk OpenTelemetry agent in EKS. |
modules/integrations/splunk_o11y_aws_integration |
Required: splunk_o11y_aws_integration_common, infra/cloud_formation Optional: splunk_secrets Secrets: username/password, ingest token |
Connects AWS account to Splunk Observability. |
modules/integrations/splunk_o11y_aws_integration_common |
Required: infra/cloud_formation Optional: splunk_secrets Secrets: username/password |
Common module used across Splunk Observability integrations. |
modules/integrations/splunk_cloud_data_manager |
Required: splunk_cloud_data_manager_common, infra/cloud_formation Optional: splunk_secrets, infra/storage Secrets: Cloud username/password |
Provisions and manages Splunk Cloud data ingestion. |
modules/integrations/splunk_cloud_data_manager_common |
Required: infra/cloud_formation Optional: splunk_secrets, infra/storage Secrets: Cloud username/password |
Common base for data manager integrations. |
modules/integrations/splunk_cloud_conf_shared |
Optional: splunk_secrets, splunk_cloud_data_manager Secrets: /cicd/common/splunk_cloud_api_token |
Creates shared Splunk Cloud dashboards and global configuration. |
| Module | Dependencies | Description |
|---|---|---|
modules/integrations/teleport |
Optional: modules/infra/eks, infra/secrets |
Deploys Teleport agents for secure access and session auditing in Kubernetes clusters. |