Notes: • Dependencies on
modules/infra/secretsandmodules/infra/storageare optional — use them only if managing secrets or storage via Terraform. • If secrets or buckets are created manually or managed elsewhere, these modules are not required.
| Module | Dependencies | Description | |
|---|---|---|---|
modules/infra/secrets |
None | Manages and provisions all secrets (tokens, passwords, etc) | |
modules/infra/storage |
None | Provides short-lived S3 bucket for CloudFormation templates and other temporary uploads | |
modules/infra/opt_in_regions |
None | Specifies AWS regions enabled for deployment | |
modules/infra/service_linked_roles |
None | Enables AWS service-linked roles required for Spot Instances and similar features | |
modules/infra/eks |
Secrets: /tf/app/splunk_access_ingest_token, /tf/app/splunk_cloud_hec_token_eks Modules (Required): modules/infra/opt_in_regions, modules/infra/service_linked_roles Modules (Optional): modules/infra/secrets |
Deploys EKS cluster with Splunk integration, Calico networking, and Karpenter autoscaling | |
modules/integrations/splunk_o11y_aws_integration |
Secrets: /tf/app/splunk_access_ingest_token, /tf/app/splunk_o11y_username, /tf/app/splunk_o11y_password Modules (Required): modules/integrations/splunk_o11y_aws_integration_common, modules/infra/cloud_formation Modules (Optional): modules/infra/secrets |
Integrates AWS with Splunk observability platform; depends on common integration module | |
modules/integrations/splunk_o11y_aws_integration_common |
Secrets: /tf/app/splunk_o11y_username, /tf/app/splunk_o11y_password Modules (Required): modules/infra/cloud_formation Modules (Optional): modules/infra/secrets |
Common base module for Splunk AWS observability integration | |
modules/integrations/splunk_cloud_data_manager |
Secrets: /tf/app/splunk_cloud_username, /tf/app/splunk_cloud_password Modules (Required): modules/integrations/splunk_cloud_data_manager_common, modules/infra/cloud_formation Modules (Optional): modules/infra/secrets, modules/infra/storage |
Manages Splunk Cloud data ingestion; requires common data manager module and optional storage/secrets | |
modules/integrations/splunk_cloud_data_manager_common |
Secrets: /tf/app/splunk_cloud_username, /tf/app/splunk_cloud_password Modules (Required): modules/infra/cloud_formation Modules (Optional): modules/infra/secrets, modules/infra/storage |
Common base module for Splunk Cloud data manager integration | |
modules/infra/ami_policy |
None | Manages AMI policies specifically for Forge runner AMIs (e.g., lifecycle) | |
modules/infra/ami_sharing |
None | Shares base AMIs with tenant AWS accounts so tenants can build custom AMIs from the shared base | |
modules/infra/cloud_formation |
None | Provides CloudFormation templates and support for other modules that rely on CF stacks | |
modules/platform/forge_runners |
Modules (Required): modules/infra/billing Modules (Optional): modules/infra/service_linked_roles |
Manages tenant-specific GitHub runner infrastructure and configuration | |
modules/platform/arc_deployment |
Depends is handled internally | Wrapper that injects tenant-specific configs and sets the Helm chart version (passed to version-agnostic modules/core/arc) for deploying actions-runner-controller (ARC) |
Depends is handled internally |
modules/platform/ec2_deployment |
Depends is handled internally | Deploys EC2 GitHub runners via terraform-aws-github-runner |
|
modules/core/arc |
Depends is handled internally | Terraform wrapper for deploying actions-runner-controller (ARC) via Helm with added built-in features like logging, hooks, and tenant-specific logic; version-agnostic and reusable | |
modules/integration/teleport |
Modules (Optional): modules/infra/eks, modules/infra/secrets |
Enables Teleport deployment and integration in Kubernetes clusters for secure access and auditing | |
modules/integration/splunk_cloud_conf_shared |
Required Secrets: /tf/app/splunk_cloud_api_token Optional Modules: modules/infra/secrets, modules/integrations/splunk_cloud_data_manager |
Creates and manages shared Splunk Cloud configuration and dashboards | |
modules/platform/forge_subscription |
None | Manages tenant self-registration for Forge to enable automated workflows like AMI building with Packer, ECR image pulls, and role assumption. Useful if the Forge team wants to use Forge as a tenant too. | |
modules/infra/budgets |
Modules (Required): modules/infra/billing |
Manages AWS Budgets with overall and per-service monthly cost budgets, sends alerts via SNS topic when thresholds are forecasted to be exceeded. | |
modules/infra/billing |
None | Creates an SNS topic for AWS Budgets alerts, subscribes the specified email for notifications, and enforces a strict topic policy allowing only AWS Budgets to publish messages. |