diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7246f21a..93a88355 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,12 @@
# Changelog
+## [5.3.0](https://github.com/nullplatform/tofu-modules/compare/v5.2.0...v5.3.0) (2026-06-26)
+
+
+### Features
+
+* **iam:** add Pod Identity support to cert-manager and external-dns modules ([#409](https://github.com/nullplatform/tofu-modules/issues/409)) ([1f4e5ff](https://github.com/nullplatform/tofu-modules/commit/1f4e5ff1a37dea78c396dcf176a1c1db308f503b))
+
## [5.2.0](https://github.com/nullplatform/tofu-modules/compare/v5.1.0...v5.2.0) (2026-06-25)
diff --git a/infrastructure/aws/acm/README.md b/infrastructure/aws/acm/README.md
index 9909caab..0942079b 100644
--- a/infrastructure/aws/acm/README.md
+++ b/infrastructure/aws/acm/README.md
@@ -18,7 +18,7 @@ The module creates an aws_acm_certificate resource with DNS validation, which is
```hcl
module "acm" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/acm?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/acm?ref=v5.3.0"
domain_name = "your-domain-name"
zone_id = "your-zone-id"
diff --git a/infrastructure/aws/aws_load_balancer_controller/README.md b/infrastructure/aws/aws_load_balancer_controller/README.md
index 49914480..2174e6d6 100644
--- a/infrastructure/aws/aws_load_balancer_controller/README.md
+++ b/infrastructure/aws/aws_load_balancer_controller/README.md
@@ -18,7 +18,7 @@ This module creates a helm_release resource to deploy the AWS Load Balancer Cont
```hcl
module "aws_load_balancer_controller" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/aws_load_balancer_controller?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/aws_load_balancer_controller?ref=v5.3.0"
cluster_name = "your-cluster-name"
vpc_id = "your-vpc-id"
diff --git a/infrastructure/aws/backend/README.md b/infrastructure/aws/backend/README.md
index d38fc410..8e67ddfd 100644
--- a/infrastructure/aws/backend/README.md
+++ b/infrastructure/aws/backend/README.md
@@ -20,7 +20,7 @@ This module creates an S3 bucket with versioning and server-side encryption enab
```hcl
module "backend" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/backend?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/backend?ref=v5.3.0"
}
```
diff --git a/infrastructure/aws/dns/README.md b/infrastructure/aws/dns/README.md
index e119e017..2904c3b2 100644
--- a/infrastructure/aws/dns/README.md
+++ b/infrastructure/aws/dns/README.md
@@ -21,7 +21,7 @@ The module conditionally creates an aws_route53_zone resource for a public hoste
```hcl
module "dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/dns?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/dns?ref=v5.3.0"
domain_name = "your-domain-name"
vpc_id = "your-vpc-id"
diff --git a/infrastructure/aws/eks/README.md b/infrastructure/aws/eks/README.md
index 6af2a14f..7ad4caf5 100644
--- a/infrastructure/aws/eks/README.md
+++ b/infrastructure/aws/eks/README.md
@@ -22,7 +22,7 @@ The module wraps terraform-aws-modules/eks to create the EKS cluster (aws_eks_cl
```hcl
module "eks" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/eks?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/eks?ref=v5.3.0"
aws_subnets_private_ids = "your-aws-subnets-private-ids"
aws_vpc_vpc_id = "your-aws-vpc-vpc-id"
diff --git a/infrastructure/aws/iam/agent/README.md b/infrastructure/aws/iam/agent/README.md
index 18252f40..d59f8978 100644
--- a/infrastructure/aws/iam/agent/README.md
+++ b/infrastructure/aws/iam/agent/README.md
@@ -21,7 +21,7 @@ The module uses the terraform-aws-modules/iam//modules/iam-role-for-service-acco
```hcl
module "agent" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/agent?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/agent?ref=v5.3.0"
agent_namespace = "your-agent-namespace"
aws_iam_openid_connect_provider_arn = "your-aws-iam-openid-connect-provider-arn"
diff --git a/infrastructure/aws/iam/aws_load_balancer_controller_iam/README.md b/infrastructure/aws/iam/aws_load_balancer_controller_iam/README.md
index 442a3032..e1eba85a 100644
--- a/infrastructure/aws/iam/aws_load_balancer_controller_iam/README.md
+++ b/infrastructure/aws/iam/aws_load_balancer_controller_iam/README.md
@@ -19,7 +19,7 @@ This module creates an IAM role for the AWS Load Balancer Controller using the t
```hcl
module "aws_load_balancer_controller_iam" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/aws_load_balancer_controller_iam?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/aws_load_balancer_controller_iam?ref=v5.3.0"
aws_iam_openid_connect_provider_arn = "your-aws-iam-openid-connect-provider-arn"
cluster_name = "your-cluster-name"
diff --git a/infrastructure/aws/iam/cert_manager/README.md b/infrastructure/aws/iam/cert_manager/README.md
index cb5b2dc6..90ee249f 100644
--- a/infrastructure/aws/iam/cert_manager/README.md
+++ b/infrastructure/aws/iam/cert_manager/README.md
@@ -2,42 +2,27 @@
## Description
-Creates an IAM role and policy for cert-manager on EKS, enabling DNS01 ACME challenge validation via Route53. Supports both IRSA (OIDC federation) and EKS Pod Identity as the identity mechanism.
+Provisions IAM roles and policies for cert-manager on EKS, supporting both IRSA (OIDC federation) and Pod Identity authentication modes with Route53 DNS01 challenge permissions
## Architecture
-An aws_iam_policy is created granting Route53 permissions (GetChange, ChangeResourceRecordSets, ListResourceRecordSets, ListHostedZonesByName) scoped to the provided public and/or private hosted zone ARNs. The `identity_mode` variable selects the authentication mechanism: in `irsa` mode the terraform-aws-modules/iam community module creates an aws_iam_role with an OIDC trust policy; in `pod_identity` mode a native aws_iam_role is created with a trust policy for `pods.eks.amazonaws.com` and an `aws_eks_pod_identity_association` binds it to the cert-manager service account. The role ARN is exposed as an output in both modes.
+An aws_iam_policy resource is always created granting route53:GetChange, route53:ChangeResourceRecordSets, route53:ListResourceRecordSets, and route53:ListHostedZonesByName permissions scoped to the provided hosted zone ARNs. In IRSA mode, the community terraform-aws-modules/iam module creates an aws_iam_role with an OIDC trust policy and attaches the policy via the module's internal aws_iam_role_policy_attachment. In Pod Identity mode, a standalone aws_iam_role is created with a trust policy for pods.eks.amazonaws.com, an aws_iam_role_policy_attachment links the cert-manager policy, and an aws_eks_pod_identity_association binds the role to the cert-manager Kubernetes service account in the cert-manager namespace. The resulting role ARN is surfaced via an output that conditionally selects between the IRSA module output and the Pod Identity resource.
## Features
-- Supports IRSA (OIDC) and EKS Pod Identity via `identity_mode` variable (default: `irsa`)
-- Creates an IAM policy granting Route53 permissions required for DNS01 ACME challenge validation
-- Supports both public and private Route53 hosted zones with dynamic ARN construction
-- Enforces that at least one of public or private hosted zone IDs is provided via input validation
-- Scopes Route53 ChangeResourceRecordSets and ListResourceRecordSets permissions to only the specified hosted zones
-- Outputs the cert-manager IAM role ARN in both identity modes
+- Creates aws_iam_policy granting Route53 DNS01 challenge permissions scoped to specified public and/or private hosted zones
+- Configures IRSA mode using the community iam-role-for-service-accounts module with OIDC provider trust for the cert-manager service account
+- Creates native aws_iam_role trusted by pods.eks.amazonaws.com and aws_eks_pod_identity_association for EKS Pod Identity mode
+- Supports both public and private Route53 hosted zones simultaneously via hosted_zone_public_id and hosted_zone_private_id inputs
+- Includes a moved block for backward-compatible state migration when upgrading from pre-v4.6.0 deployments using IRSA mode
## Basic Usage
-### IRSA (default)
-
-```hcl
-module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/cert_manager?ref=v5.2.0"
-
- aws_iam_openid_connect_provider_arn = "your-aws-iam-openid-connect-provider-arn"
- cluster_name = "your-cluster-name"
-}
-```
-
-### EKS Pod Identity
-
```hcl
module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/cert_manager?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/cert_manager?ref=v5.3.0"
- cluster_name = "your-cluster-name"
- identity_mode = "pod_identity"
+ cluster_name = "your-cluster-name"
}
```
@@ -56,19 +41,19 @@ resource "example_resource" "this" {
## Providers
| Name | Version |
-| ---- | ------- |
+|------|---------|
| [aws](#provider\_aws) | 6.52.0 |
## Modules
| Name | Source | Version |
-| ---- | ------ | ------- |
+|------|--------|---------|
| [nullplatform\_cert\_manager\_role](#module\_nullplatform\_cert\_manager\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts | n/a |
## Resources
| Name | Type |
-| ---- | ---- |
+|------|------|
| [aws_eks_pod_identity_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_pod_identity_association) | resource |
| [aws_iam_policy.nullplatform_cert_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_role.pod_identity](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
@@ -77,7 +62,7 @@ resource "example_resource" "this" {
## Inputs
| Name | Description | Type | Default | Required |
-| ---- | ----------- | ---- | ------- | :------: |
+|------|-------------|------|---------|:--------:|
| [aws\_iam\_openid\_connect\_provider\_arn](#input\_aws\_iam\_openid\_connect\_provider\_arn) | ARN of the AWS IAM OIDC provider. Required when identity\_mode is 'irsa'; ignored when identity\_mode is 'pod\_identity'. | `string` | `null` | no |
| [cluster\_name](#input\_cluster\_name) | Name of the cluster where the policy runs | `string` | n/a | yes |
| [hosted\_zone\_private\_id](#input\_hosted\_zone\_private\_id) | ID of the private Route53 hosted zone for DNS validation. Set to null or an empty string to omit it from the IAM policy. At least one of hosted\_zone\_public\_id or hosted\_zone\_private\_id must be provided. | `string` | `null` | no |
@@ -87,22 +72,21 @@ resource "example_resource" "this" {
## Outputs
| Name | Description |
-| ---- | ----------- |
+|------|-------------|
| [nullplatform\_cert\_manager\_role\_arn](#output\_nullplatform\_cert\_manager\_role\_arn) | ARN of the cert-manager role |
diff --git a/infrastructure/aws/iam/ci-build-workflow-user/README.md b/infrastructure/aws/iam/ci-build-workflow-user/README.md
index 44e5b2c9..05b63df3 100644
--- a/infrastructure/aws/iam/ci-build-workflow-user/README.md
+++ b/infrastructure/aws/iam/ci-build-workflow-user/README.md
@@ -21,7 +21,7 @@ The module creates an aws_iam_user named with the cluster_name prefix and genera
```hcl
module "ci-build-workflow-user" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/ci-build-workflow-user?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/ci-build-workflow-user?ref=v5.3.0"
cluster_name = "your-cluster-name"
}
diff --git a/infrastructure/aws/iam/ecr/README.md b/infrastructure/aws/iam/ecr/README.md
index b7f62bfb..57dcc67c 100644
--- a/infrastructure/aws/iam/ecr/README.md
+++ b/infrastructure/aws/iam/ecr/README.md
@@ -20,7 +20,7 @@ The module creates an aws_iam_role named nullplatform-{cluster_name}-application
```hcl
module "ecr" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/ecr?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/ecr?ref=v5.3.0"
build_workflow_group_name = "your-build-workflow-group-name"
cluster_name = "your-cluster-name"
diff --git a/infrastructure/aws/iam/external_dns/README.md b/infrastructure/aws/iam/external_dns/README.md
index 1d0cba98..f4358fe4 100644
--- a/infrastructure/aws/iam/external_dns/README.md
+++ b/infrastructure/aws/iam/external_dns/README.md
@@ -2,42 +2,27 @@
## Description
-Creates an IAM role and policy for ExternalDNS on EKS, enabling Kubernetes service accounts to manage Route53 DNS records. Supports both IRSA (OIDC federation) and EKS Pod Identity as the identity mechanism.
+Deploys IAM resources to enable ExternalDNS on EKS to manage Route53 hosted zone records, supporting both IRSA (OIDC federation) and EKS Pod Identity authentication modes
## Architecture
-The module creates an aws_iam_policy granting Route53 permissions scoped to the provided hosted zone ARNs, dynamically built from optional public and private zone IDs. The `identity_mode` variable selects the authentication mechanism: in `irsa` mode a community iam-role-for-service-accounts module creates an aws_iam_role with OIDC trust; in `pod_identity` mode a native aws_iam_role is created with trust for `pods.eks.amazonaws.com` and two `aws_eks_pod_identity_association` resources bind it to the `external-dns-private` and `external-dns-public` service accounts. The role ARN is exposed as an output in both modes.
+An aws_iam_policy resource named nullplatform_external_dns_policy is always created, granting route53:ChangeResourceRecordSets and related permissions scoped to the provided hosted zone ARNs. In 'irsa' mode, the community iam-role-for-service-accounts module creates an aws_iam_role with an OIDC trust policy for the external-dns-private and external-dns-public service accounts, attaching the policy via the module's policies map. In 'pod_identity' mode, an aws_iam_role with a pods.eks.amazonaws.com trust principal is created alongside an aws_iam_role_policy_attachment and aws_eks_pod_identity_association resources for each of the two service accounts. The module outputs the resulting IAM role ARN regardless of which identity mode is active.
## Features
-- Supports IRSA (OIDC) and EKS Pod Identity via `identity_mode` variable (default: `irsa`)
-- Creates an IAM policy scoped to specific Route53 hosted zone ARNs for least-privilege DNS management
-- Supports both public and private Route53 hosted zones with dynamic ARN construction
-- Binds IAM role to both external-dns-private and external-dns-public Kubernetes service accounts
-- Grants route53:ChangeResourceRecordSets and listing permissions for automated DNS record management
-- Outputs the IAM role ARN in both identity modes
+- Creates aws_iam_policy granting Route53 record management permissions scoped to provided public and/or private hosted zone ARNs
+- Configures IRSA identity mode using the community iam-role-for-service-accounts module with OIDC provider trust for external-dns Kubernetes service accounts
+- Configures Pod Identity mode by creating an aws_iam_role trusted by pods.eks.amazonaws.com and aws_eks_pod_identity_association resources for each external-dns service account
+- Supports both public and private Route53 hosted zones simultaneously via optional hosted_zone_public_id and hosted_zone_private_id inputs
+- Includes a moved block for backward-compatible state migration when upgrading from pre-v4.6.0 IRSA deployments
## Basic Usage
-### IRSA (default)
-
-```hcl
-module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/external_dns?ref=v5.2.0"
-
- aws_iam_openid_connect_provider_arn = "your-aws-iam-openid-connect-provider-arn"
- cluster_name = "your-cluster-name"
-}
-```
-
-### EKS Pod Identity
-
```hcl
module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/external_dns?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/external_dns?ref=v5.3.0"
- cluster_name = "your-cluster-name"
- identity_mode = "pod_identity"
+ cluster_name = "your-cluster-name"
}
```
@@ -56,19 +41,19 @@ resource "example_resource" "this" {
## Providers
| Name | Version |
-| ---- | ------- |
+|------|---------|
| [aws](#provider\_aws) | 6.52.0 |
## Modules
| Name | Source | Version |
-| ---- | ------ | ------- |
+|------|--------|---------|
| [nullplatform\_external\_dns\_role](#module\_nullplatform\_external\_dns\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts | n/a |
## Resources
| Name | Type |
-| ---- | ---- |
+|------|------|
| [aws_eks_pod_identity_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_pod_identity_association) | resource |
| [aws_iam_policy.nullplatform_external_dns_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_role.pod_identity](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
@@ -77,7 +62,7 @@ resource "example_resource" "this" {
## Inputs
| Name | Description | Type | Default | Required |
-| ---- | ----------- | ---- | ------- | :------: |
+|------|-------------|------|---------|:--------:|
| [aws\_iam\_openid\_connect\_provider\_arn](#input\_aws\_iam\_openid\_connect\_provider\_arn) | ARN of the AWS IAM OIDC provider. Required when identity\_mode is 'irsa'; ignored when identity\_mode is 'pod\_identity'. | `string` | `null` | no |
| [cluster\_name](#input\_cluster\_name) | Name of the cluster where the policy runs | `string` | n/a | yes |
| [hosted\_zone\_private\_id](#input\_hosted\_zone\_private\_id) | ID of the private Route53 hosted zone for DNS management. Set to null or an empty string to omit it from the IAM policy. At least one of hosted\_zone\_public\_id or hosted\_zone\_private\_id must be provided. | `string` | `null` | no |
@@ -87,22 +72,21 @@ resource "example_resource" "this" {
## Outputs
| Name | Description |
-| ---- | ----------- |
+|------|-------------|
| [nullplatform\_external\_dns\_role\_arn](#output\_nullplatform\_external\_dns\_role\_arn) | ARN of the external-dns role |
diff --git a/infrastructure/aws/iam/s3-assets/README.md b/infrastructure/aws/iam/s3-assets/README.md
index 9803688a..cfcaa0e0 100644
--- a/infrastructure/aws/iam/s3-assets/README.md
+++ b/infrastructure/aws/iam/s3-assets/README.md
@@ -19,7 +19,7 @@ This module creates an aws_iam_policy resource named with the cluster_name prefi
```hcl
module "s3-assets" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/s3-assets?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/s3-assets?ref=v5.3.0"
assets_bucket = "your-assets-bucket"
build_workflow_group_name = "your-build-workflow-group-name"
diff --git a/infrastructure/aws/iam/s3/README.md b/infrastructure/aws/iam/s3/README.md
index a6063d03..672911c7 100644
--- a/infrastructure/aws/iam/s3/README.md
+++ b/infrastructure/aws/iam/s3/README.md
@@ -19,7 +19,7 @@ The module creates an aws_s3_bucket_policy resource attached to an existing S3 b
```hcl
module "s3" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/s3?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/iam/s3?ref=v5.3.0"
bucket_arn = "your-bucket-arn"
bucket_id = "your-bucket-id"
diff --git a/infrastructure/aws/ingress/README.md b/infrastructure/aws/ingress/README.md
index bd89a047..8d3f59f2 100644
--- a/infrastructure/aws/ingress/README.md
+++ b/infrastructure/aws/ingress/README.md
@@ -22,7 +22,7 @@ The module creates up to two kubernetes_ingress_v1 resources — one for an inte
```hcl
module "ingress" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/ingress?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/ingress?ref=v5.3.0"
certificate_arn = "your-certificate-arn"
}
diff --git a/infrastructure/aws/security/README.md b/infrastructure/aws/security/README.md
index 8025f9d3..966fe400 100644
--- a/infrastructure/aws/security/README.md
+++ b/infrastructure/aws/security/README.md
@@ -22,7 +22,7 @@ The module uses data sources (aws_eks_cluster, aws_vpc) to derive VPC ID and CID
```hcl
module "security" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/security?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/security?ref=v5.3.0"
cluster_name = "your-cluster-name"
}
diff --git a/infrastructure/aws/vpc/README.md b/infrastructure/aws/vpc/README.md
index e55ebcc1..5e7d1801 100644
--- a/infrastructure/aws/vpc/README.md
+++ b/infrastructure/aws/vpc/README.md
@@ -22,7 +22,7 @@ This module creates a terraform-aws-modules/vpc/aws module resource with DNS hos
```hcl
module "vpc" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/vpc?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/aws/vpc?ref=v5.3.0"
account = "your-account"
organization = "your-organization"
diff --git a/infrastructure/azure/acr/README.md b/infrastructure/azure/acr/README.md
index cd9ef08f..51e968c0 100644
--- a/infrastructure/azure/acr/README.md
+++ b/infrastructure/azure/acr/README.md
@@ -18,7 +18,7 @@ The module uses the azurerm_container_registry resource to create the container
```hcl
module "acr" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/acr?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/acr?ref=v5.3.0"
containerregistry_name = "your-containerregistry-name"
location = "your-location"
diff --git a/infrastructure/azure/aks/README.md b/infrastructure/azure/aks/README.md
index 43571e7f..d0af6aaf 100644
--- a/infrastructure/azure/aks/README.md
+++ b/infrastructure/azure/aks/README.md
@@ -22,7 +22,7 @@ The module wraps the Azure/aks/azurerm community module (version 11.0.0) and use
```hcl
module "aks" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/aks?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/aks?ref=v5.3.0"
cluster_name = "your-cluster-name"
location = "your-location"
diff --git a/infrastructure/azure/aks_route_table/README.md b/infrastructure/azure/aks_route_table/README.md
index 5132dc0d..a304c421 100644
--- a/infrastructure/azure/aks_route_table/README.md
+++ b/infrastructure/azure/aks_route_table/README.md
@@ -19,7 +19,7 @@ The module uses an azurerm_resources data source to discover the route table cre
```hcl
module "aks_route_table" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/aks_route_table?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/aks_route_table?ref=v5.3.0"
node_resource_group = "your-node-resource-group"
subnet_id = "your-subnet-id"
diff --git a/infrastructure/azure/dns/README.md b/infrastructure/azure/dns/README.md
index f1146ebf..f07f2534 100644
--- a/infrastructure/azure/dns/README.md
+++ b/infrastructure/azure/dns/README.md
@@ -18,7 +18,7 @@ This module creates an azurerm_dns_zone resource and configures it with the prov
```hcl
module "dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/dns?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/dns?ref=v5.3.0"
domain_name = "your-domain-name"
resource_group_name = "your-resource-group-name"
diff --git a/infrastructure/azure/iam/README.md b/infrastructure/azure/iam/README.md
index 1d0e346a..f1717897 100644
--- a/infrastructure/azure/iam/README.md
+++ b/infrastructure/azure/iam/README.md
@@ -21,7 +21,7 @@ The module creates an azurerm_user_assigned_identity resource in the specified r
```hcl
module "iam" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/iam?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/iam?ref=v5.3.0"
location = "your-location"
name = "your-name"
diff --git a/infrastructure/azure/private_dns/README.md b/infrastructure/azure/private_dns/README.md
index e5502206..5f5e6ccb 100644
--- a/infrastructure/azure/private_dns/README.md
+++ b/infrastructure/azure/private_dns/README.md
@@ -18,7 +18,7 @@ This module creates an azurerm_private_dns_zone resource and optionally multiple
```hcl
module "private_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/private_dns?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/private_dns?ref=v5.3.0"
domain_name = "your-domain-name"
resource_group_name = "your-resource-group-name"
diff --git a/infrastructure/azure/resource_group/README.md b/infrastructure/azure/resource_group/README.md
index eb790a3c..8b44e6f6 100644
--- a/infrastructure/azure/resource_group/README.md
+++ b/infrastructure/azure/resource_group/README.md
@@ -18,7 +18,7 @@ This module creates an azurerm_resource_group resource and outputs its name and
```hcl
module "resource_group" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/resource_group?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/resource_group?ref=v5.3.0"
location = "your-location"
resource_group_name = "your-resource-group-name"
diff --git a/infrastructure/azure/security/README.md b/infrastructure/azure/security/README.md
index 1a932a91..58366d76 100644
--- a/infrastructure/azure/security/README.md
+++ b/infrastructure/azure/security/README.md
@@ -21,7 +21,7 @@ The module uses azurerm_kubernetes_cluster and azurerm_virtual_network data sour
```hcl
module "security" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/security?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/security?ref=v5.3.0"
cluster_name = "your-cluster-name"
resource_group_name = "your-resource-group-name"
diff --git a/infrastructure/azure/vnet/README.md b/infrastructure/azure/vnet/README.md
index adc2c9fa..ed042d90 100644
--- a/infrastructure/azure/vnet/README.md
+++ b/infrastructure/azure/vnet/README.md
@@ -18,7 +18,7 @@ This module creates an Azure virtual network using the azurerm provider and conf
```hcl
module "vnet" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/vnet?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/azure/vnet?ref=v5.3.0"
address_space = "your-address-space"
location = "your-location"
diff --git a/infrastructure/commons/cert_manager/README.md b/infrastructure/commons/cert_manager/README.md
index a214b4c1..5b6578c1 100644
--- a/infrastructure/commons/cert_manager/README.md
+++ b/infrastructure/commons/cert_manager/README.md
@@ -2,26 +2,27 @@
## Description
-Deploys cert-manager and its cloud-provider-specific configuration onto a Kubernetes cluster using Helm, supporting DNS01 challenge solvers for GCP, Azure, AWS, Cloudflare, and OCI
+Deploys cert-manager and its configuration Helm charts on Kubernetes with multi-cloud DNS01 solver support for GCP, Azure, AWS, Cloudflare, and OCI
## Architecture
-The module creates two core helm_release resources: cert-manager from the Jetstack chart repository and nullplatform-cert-manager-config from the nullplatform Helm chart repository, with the config release depending on the cert-manager release. A third conditional helm_release resource for cert-manager-webhook-oci is created only when cloud_provider is set to 'oci'. Provider-specific service account annotations are merged into the cert-manager serviceAccount resource via locals (GKE Workload Identity email, EKS IRSA role ARN when `aws_identity_mode=irsa`, Azure Workload Identity client ID, OCI workload identity OCID). When `aws_identity_mode=pod_identity` the IRSA annotation is omitted and EKS Pod Identity injects credentials via the agent. Provider-specific solver values are rendered from per-provider template files and passed as Helm values to the config chart.
+Two primary helm_release resources are created: cert-manager from the Jetstack chart repository and nullplatform-cert-manager-config from the nullplatform chart repository, with the config chart depending on the base cert-manager release. A third conditional helm_release for cert-manager-webhook-oci is created only when cloud_provider is 'oci'. The cert_manager_values local constructs the Helm values dynamically, merging base service account annotations with provider-specific annotations (GCP Workload Identity, AWS IRSA role ARN, Azure Workload Identity client ID, or OCI workload identity principal) based on cloud_provider and aws_identity_mode. Template files cert_manager_default_values and cert_manager_provider_values are rendered via templatefile() using common_context and provider_context locals and passed as values to the config chart.
## Features
-- Deploys cert-manager Helm chart with CRDs enabled and DNS01 recursive nameservers configured
-- Renders provider-specific cert-manager-config Helm values from templatefiles for each supported cloud provider
-- Configures cert-manager Kubernetes ServiceAccount annotations with cloud-provider IAM identity bindings (GKE Workload Identity, EKS IRSA or Pod Identity via `aws_identity_mode`, Azure Workload Identity, OCI Workload Identity)
-- Deploys cert-manager-webhook-oci Helm chart conditionally when OCI is the selected cloud provider
-- Supports Azure Service Principal authentication as fallback when Workload Identity is disabled
-- Merges base Helm chart version annotations with provider-specific pod and service account annotations using locals
+- Deploys cert-manager Helm chart with CRDs enabled and DNS01 recursive nameserver configuration
+- Deploys nullplatform-cert-manager-config Helm chart with provider-specific DNS01 solver templates rendered via templatefile()
+- Configures cert-manager Kubernetes service account annotations for GCP Workload Identity, AWS IRSA, Azure Workload Identity, and OCI workload identity
+- Deploys cert-manager-webhook-oci Helm chart conditionally when cloud_provider is set to oci
+- Supports AWS Pod Identity mode that omits IRSA role annotation for EKS Pod Identity agent-based credential injection
+- Supports Azure Service Principal authentication when workload identity is disabled via azure_workload_identity_enabled
+- Merges provider-specific pod labels for Azure Workload Identity use annotation on cert-manager pods
## Basic Usage
```hcl
module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v5.3.0"
account_slug = "your-account-slug"
cloud_provider = "your-cloud-provider"
@@ -30,11 +31,11 @@ module "cert_manager" {
}
```
-### Usage with GCP
+### Usage with GCP Provider
```hcl
module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v5.3.0"
account_slug = "your-account-slug"
cloud_provider = "gcp"
@@ -45,11 +46,11 @@ module "cert_manager" {
}
```
-### Usage with Azure
+### Usage with Azure Provider
```hcl
module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v5.3.0"
account_slug = "your-account-slug"
azure_client_id = "your-azure-client-id" # Required when cloud_provider = "azure"
@@ -63,11 +64,11 @@ module "cert_manager" {
}
```
-### Usage with Cloudflare
+### Usage with Cloudflare Provider
```hcl
module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v5.3.0"
account_slug = "your-account-slug"
cloud_provider = "cloudflare"
@@ -78,13 +79,14 @@ module "cert_manager" {
}
```
-### Usage with AWS
+### Usage with AWS Provider
```hcl
module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v5.3.0"
account_slug = "your-account-slug"
+ aws_identity_mode = "your-aws-identity-mode" # Required when cloud_provider = "aws"
aws_region = "your-aws-region" # Required when cloud_provider = "aws"
aws_sa_arn = "your-aws-sa-arn" # Required when cloud_provider = "aws"
cloud_provider = "aws"
@@ -93,19 +95,21 @@ module "cert_manager" {
}
```
-### Usage with OCI
+### Usage with OCI Provider
```hcl
module "cert_manager" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v5.2.0"
-
- account_slug = "your-account-slug"
- cloud_provider = "oci"
- hosted_zone_name = "your-hosted-zone-name"
- oci_compartment_ocid = "your-oci-compartment-ocid" # Required when cloud_provider = "oci"
- oci_region = "your-oci-region" # Required when cloud_provider = "oci"
- oci_sa_ocid = "your-oci-sa-ocid" # Required when cloud_provider = "oci"
- private_domain_name = "your-private-domain-name"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/cert_manager?ref=v5.3.0"
+
+ account_slug = "your-account-slug"
+ cert_manager_webhook_oci_namespace = "your-cert-manager-webhook-oci-namespace" # Required when cloud_provider = "oci"
+ cert_manager_webhook_oci_version = "your-cert-manager-webhook-oci-version" # Required when cloud_provider = "oci"
+ cloud_provider = "oci"
+ hosted_zone_name = "your-hosted-zone-name"
+ oci_compartment_ocid = "your-oci-compartment-ocid" # Required when cloud_provider = "oci"
+ oci_region = "your-oci-region" # Required when cloud_provider = "oci"
+ oci_sa_ocid = "your-oci-sa-ocid" # Required when cloud_provider = "oci"
+ private_domain_name = "your-private-domain-name"
}
```
@@ -122,20 +126,20 @@ resource "example_resource" "this" {
## Requirements
| Name | Version |
-| ---- | ------- |
+|------|---------|
| [helm](#requirement\_helm) | ~> 3.0 |
## Providers
| Name | Version |
-| ---- | ------- |
+|------|---------|
| [helm](#provider\_helm) | 3.1.1 |
| [terraform](#provider\_terraform) | n/a |
## Resources
| Name | Type |
-| ---- | ---- |
+|------|------|
| [helm_release.cert_manager](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.cert_manager_config](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.cert_manager_webhook_oci](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
@@ -144,7 +148,7 @@ resource "example_resource" "this" {
## Inputs
| Name | Description | Type | Default | Required |
-| ---- | ----------- | ---- | ------- | :------: |
+|------|-------------|------|---------|:--------:|
| [account\_slug](#input\_account\_slug) | The nullplatform account slug. | `string` | n/a | yes |
| [aws\_identity\_mode](#input\_aws\_identity\_mode) | AWS identity mechanism for the cert-manager service account: "irsa" sets the eks.amazonaws.com/role-arn annotation; "pod\_identity" omits it (EKS Pod Identity injects credentials via the Pod Identity agent). | `string` | `"irsa"` | no |
| [aws\_region](#input\_aws\_region) | The AWS region. | `string` | `""` | no |
@@ -177,15 +181,16 @@ resource "example_resource" "this" {
diff --git a/infrastructure/commons/external_dns/README.md b/infrastructure/commons/external_dns/README.md
index b86537ad..a935587c 100644
--- a/infrastructure/commons/external_dns/README.md
+++ b/infrastructure/commons/external_dns/README.md
@@ -2,27 +2,27 @@
## Description
-Deploys ExternalDNS on Kubernetes via Helm with support for Cloudflare, AWS Route53, OCI, Azure Public DNS, and Azure Private DNS providers
+Deploys ExternalDNS via Helm onto Kubernetes with support for multiple DNS providers including Cloudflare, AWS Route53, OCI, Azure Public DNS, and Azure Private DNS
## Architecture
-The module creates an optional kubernetes_namespace_v1 resource and a helm_release resource that deploys the external-dns Helm chart. Provider-specific configuration is assembled in locals.tf by merging a base_config with a provider-specific config block (cloudflare_config, route53_config, oci_config, or azure_config) selected via var.dns_provider_name. Provider secrets are injected as kubernetes_secret_v1 resources (Cloudflare API token, OCI config file, Azure config file) and mounted into the ExternalDNS pod via extraVolumes and extraVolumeMounts. For AWS, the `aws_identity_mode` variable controls whether the `eks.amazonaws.com/role-arn` SA annotation is set (`irsa`, default) or omitted (`pod_identity`, where EKS Pod Identity injects credentials via the agent). For Azure, pod labels and service account annotations are conditionally set based on `azure_workload_identity_enabled`.
+The module creates an optional kubernetes_namespace_v1 resource and a helm_release resource that deploys the ExternalDNS chart from the kubernetes-sigs registry. Provider-specific configuration objects are assembled in locals.tf and merged into a single values map passed to the helm_release via yamlencode. Provider secrets (kubernetes_secret_v1 for Cloudflare, OCI, and Azure) are created as dependencies of the helm_release to ensure credentials exist before ExternalDNS starts. The helm release name is suffixed with the deployment type (public/private) to support multiple concurrent instances in the same cluster.
## Features
-- Deploys ExternalDNS via helm_release with atomic, self-healing install options and configurable chart version
-- Creates kubernetes_namespace_v1 optionally to support multi-instance deployments in existing namespaces
-- Configures Cloudflare provider by injecting CF_API_TOKEN from a kubernetes_secret_v1 environment variable reference
-- Configures AWS Route53 provider with IRSA or Pod Identity support via `aws_identity_mode`, RBAC for DNSEndpoints and Gateway API resources, and zone/label filters
-- Configures OCI provider with Workload Identity service account, compartment OCID, zone scope, and a mounted OCI config secret
-- Configures Azure Public and Private DNS providers with Workload Identity or Service Principal auth via a mounted azure-config secret
-- Supports public and private deployment types with label-based resource filtering for multi-instance scenarios
+- Deploys ExternalDNS Helm chart with per-provider value injection for Cloudflare, AWS Route53, OCI, Azure Public DNS, and Azure Private DNS
+- Creates kubernetes_namespace_v1 conditionally to support multi-instance deployments sharing an existing namespace
+- Configures AWS Route53 integration with either IRSA annotation on the ServiceAccount or EKS Pod Identity credential injection
+- Configures OCI DNS with Workload Identity, compartment OCID, zone scope, and volume-mounted config secret
+- Configures Azure DNS (public and private zones) with Workload Identity annotations and pod labels or Service Principal secret mount
+- Applies label-filter and zone-type extraArgs to scope ExternalDNS to specific Route53 hosted zone types and Kubernetes resource labels
+- Supports public and private deployment modes with distinct Helm release names for parallel public/private ExternalDNS instances
## Basic Usage
```hcl
module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v5.3.0"
dns_provider_name = "your-dns-provider-name"
domain_filters = "your-domain-filters"
@@ -33,7 +33,7 @@ module "external_dns" {
```hcl
module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v5.3.0"
cloudflare_token = "your-cloudflare-token" # Required when dns_provider_name = "cloudflare"
dns_provider_name = "cloudflare"
@@ -45,9 +45,10 @@ module "external_dns" {
```hcl
module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v5.3.0"
aws_iam_role_arn = "your-aws-iam-role-arn" # Required when dns_provider_name = "aws"
+ aws_identity_mode = "your-aws-identity-mode" # Required when dns_provider_name = "aws"
aws_region = "your-aws-region" # Required when dns_provider_name = "aws"
dns_provider_name = "aws"
domain_filters = "your-domain-filters"
@@ -60,13 +61,15 @@ module "external_dns" {
```hcl
module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v5.2.0"
-
- dns_provider_name = "oci"
- domain_filters = "your-domain-filters"
- oci_compartment_ocid = "your-oci-compartment-ocid" # Required when dns_provider_name = "oci"
- oci_region = "your-oci-region" # Required when dns_provider_name = "oci"
- oci_zone_scope = "your-oci-zone-scope" # Required when dns_provider_name = "oci"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v5.3.0"
+
+ dns_provider_name = "oci"
+ domain_filters = "your-domain-filters"
+ oci_compartment_ocid = "your-oci-compartment-ocid" # Required when dns_provider_name = "oci"
+ oci_region = "your-oci-region" # Required when dns_provider_name = "oci"
+ oci_service_account_name = "your-oci-service-account-name" # Required when dns_provider_name = "oci"
+ oci_zone_scope = "your-oci-zone-scope" # Required when dns_provider_name = "oci"
+ oci_zones_cache_duration = "your-oci-zones-cache-duration" # Required when dns_provider_name = "oci"
}
```
@@ -74,9 +77,11 @@ module "external_dns" {
```hcl
module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v5.3.0"
azure_client_id = "your-azure-client-id" # Required when dns_provider_name = "azure"
+ azure_client_secret = "your-azure-client-secret" # Required when dns_provider_name = "azure"
+ azure_federated_credential_id = "your-azure-federated-credential-id" # Required when dns_provider_name = "azure"
azure_resource_group = "your-azure-resource-group" # Required when dns_provider_name = "azure"
azure_subscription_id = "your-azure-subscription-id" # Required when dns_provider_name = "azure"
azure_tenant_id = "your-azure-tenant-id" # Required when dns_provider_name = "azure"
@@ -90,9 +95,11 @@ module "external_dns" {
```hcl
module "external_dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/external_dns?ref=v5.3.0"
azure_client_id = "your-azure-client-id" # Required when dns_provider_name = "azure-private-dns"
+ azure_client_secret = "your-azure-client-secret" # Required when dns_provider_name = "azure-private-dns"
+ azure_federated_credential_id = "your-azure-federated-credential-id" # Required when dns_provider_name = "azure-private-dns"
azure_resource_group = "your-azure-resource-group" # Required when dns_provider_name = "azure-private-dns"
azure_subscription_id = "your-azure-subscription-id" # Required when dns_provider_name = "azure-private-dns"
azure_tenant_id = "your-azure-tenant-id" # Required when dns_provider_name = "azure-private-dns"
@@ -115,13 +122,13 @@ resource "example_resource" "this" {
## Requirements
| Name | Version |
-| ---- | ------- |
+|------|---------|
| [helm](#requirement\_helm) | ~> 3.0 |
## Providers
| Name | Version |
-| ---- | ------- |
+|------|---------|
| [helm](#provider\_helm) | 3.1.1 |
| [kubernetes](#provider\_kubernetes) | 3.0.1 |
| [terraform](#provider\_terraform) | n/a |
@@ -129,7 +136,7 @@ resource "example_resource" "this" {
## Resources
| Name | Type |
-| ---- | ---- |
+|------|------|
| [helm_release.external_dns](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [kubernetes_namespace_v1.external_dns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
| [kubernetes_secret_v1.external_dns_azure_config](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
@@ -140,7 +147,7 @@ resource "example_resource" "this" {
## Inputs
| Name | Description | Type | Default | Required |
-| ---- | ----------- | ---- | ------- | :------: |
+|------|-------------|------|---------|:--------:|
| [aws\_iam\_role\_arn](#input\_aws\_iam\_role\_arn) | The IAM role ARN for ExternalDNS to assume for Route53 access (required when dns\_provider\_name is 'aws') | `string` | `""` | no |
| [aws\_identity\_mode](#input\_aws\_identity\_mode) | AWS identity mechanism for the external-dns service account: "irsa" sets the eks.amazonaws.com/role-arn annotation; "pod\_identity" omits it (EKS Pod Identity injects credentials via the Pod Identity agent). | `string` | `"irsa"` | no |
| [aws\_region](#input\_aws\_region) | The AWS region where the Route53 hosted zones are located | `string` | `""` | no |
@@ -174,16 +181,16 @@ resource "example_resource" "this" {
diff --git a/infrastructure/commons/istio/README.md b/infrastructure/commons/istio/README.md
index a3f37e6b..87937ccf 100644
--- a/infrastructure/commons/istio/README.md
+++ b/infrastructure/commons/istio/README.md
@@ -21,7 +21,7 @@ Three helm_release resources are created in a strict dependency chain: istio-bas
```hcl
module "istio" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/istio?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/istio?ref=v5.3.0"
}
```
diff --git a/infrastructure/commons/prometheus/README.md b/infrastructure/commons/prometheus/README.md
index 317b2692..cb54f9e3 100644
--- a/infrastructure/commons/prometheus/README.md
+++ b/infrastructure/commons/prometheus/README.md
@@ -18,7 +18,7 @@ This module creates a helm_release resource to deploy the Prometheus chart from
```hcl
module "prometheus" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/prometheus?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/commons/prometheus?ref=v5.3.0"
}
```
diff --git a/infrastructure/gcp/artifact-registry/README.md b/infrastructure/gcp/artifact-registry/README.md
index bbf5368b..3d5e0ffb 100644
--- a/infrastructure/gcp/artifact-registry/README.md
+++ b/infrastructure/gcp/artifact-registry/README.md
@@ -21,7 +21,7 @@ The module provisions a google_artifact_registry_repository resource in the spec
```hcl
module "artifact-registry" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/artifact-registry?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/artifact-registry?ref=v5.3.0"
location = "your-location"
project_id = "your-project-id"
diff --git a/infrastructure/gcp/cloud-dns/README.md b/infrastructure/gcp/cloud-dns/README.md
index de2d8c44..90d6ab36 100644
--- a/infrastructure/gcp/cloud-dns/README.md
+++ b/infrastructure/gcp/cloud-dns/README.md
@@ -21,7 +21,7 @@ The module creates a single google_dns_managed_zone resource in the specified GC
```hcl
module "cloud-dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/cloud-dns?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/cloud-dns?ref=v5.3.0"
domain_name = "your-domain-name"
project_id = "your-project-id"
diff --git a/infrastructure/gcp/cloud-nat/README.md b/infrastructure/gcp/cloud-nat/README.md
index 3ffc48da..f8b180b2 100644
--- a/infrastructure/gcp/cloud-nat/README.md
+++ b/infrastructure/gcp/cloud-nat/README.md
@@ -19,7 +19,7 @@ This module creates a google_compute_router resource in a specified region and n
```hcl
module "cloud-nat" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/cloud-nat?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/cloud-nat?ref=v5.3.0"
nat_name = "your-nat-name"
network_id = "your-network-id"
diff --git a/infrastructure/gcp/gke/README.md b/infrastructure/gcp/gke/README.md
index 9cfe996d..147d2f60 100644
--- a/infrastructure/gcp/gke/README.md
+++ b/infrastructure/gcp/gke/README.md
@@ -20,7 +20,7 @@ The module uses the google-modules/kubernetes-engine/google//modules/private-clu
```hcl
module "gke" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/gke?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/gke?ref=v5.3.0"
cluster_name = "your-cluster-name"
ip_range_pods = "your-ip-range-pods"
diff --git a/infrastructure/gcp/iam/README.md b/infrastructure/gcp/iam/README.md
index 2d663882..e9a82315 100644
--- a/infrastructure/gcp/iam/README.md
+++ b/infrastructure/gcp/iam/README.md
@@ -19,7 +19,7 @@ The module creates google_service_account resources for each service account spe
```hcl
module "iam" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/iam?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/iam?ref=v5.3.0"
project_id = "your-project-id"
}
diff --git a/infrastructure/gcp/security/README.md b/infrastructure/gcp/security/README.md
index e515f841..c54eb3fa 100644
--- a/infrastructure/gcp/security/README.md
+++ b/infrastructure/gcp/security/README.md
@@ -19,7 +19,7 @@ This module uses Terraform to create GCP firewall rules for public and private I
```hcl
module "security" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/security?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/security?ref=v5.3.0"
cluster_name = "your-cluster-name"
gcp_project_id = "your-gcp-project-id"
diff --git a/infrastructure/gcp/vpc/README.md b/infrastructure/gcp/vpc/README.md
index 54713aaf..27bc5f97 100644
--- a/infrastructure/gcp/vpc/README.md
+++ b/infrastructure/gcp/vpc/README.md
@@ -20,7 +20,7 @@ The module invokes the terraform-google-modules/network/google module to create
```hcl
module "vpc" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/vpc?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/gcp/vpc?ref=v5.3.0"
network_name = "your-network-name"
project_id = "your-project-id"
diff --git a/infrastructure/oci/backend/README.md b/infrastructure/oci/backend/README.md
index 186d4d89..e3548df8 100644
--- a/infrastructure/oci/backend/README.md
+++ b/infrastructure/oci/backend/README.md
@@ -18,7 +18,7 @@ The module creates an oci_objectstorage_bucket resource, which is configured wit
```hcl
module "backend" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/backend?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/backend?ref=v5.3.0"
compartment_id = "your-compartment-id"
namespace = "your-namespace"
diff --git a/infrastructure/oci/dns/README.md b/infrastructure/oci/dns/README.md
index 258eac94..445a0c8e 100644
--- a/infrastructure/oci/dns/README.md
+++ b/infrastructure/oci/dns/README.md
@@ -18,7 +18,7 @@ This module creates oci_dns_zone resources for each DNS zone defined in the dns_
```hcl
module "dns" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/dns?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/dns?ref=v5.3.0"
compartment_id = "your-compartment-id"
}
diff --git a/infrastructure/oci/dynamic_groups/README.md b/infrastructure/oci/dynamic_groups/README.md
index 8e136911..3c783768 100644
--- a/infrastructure/oci/dynamic_groups/README.md
+++ b/infrastructure/oci/dynamic_groups/README.md
@@ -19,7 +19,7 @@ This module creates an OCI dynamic group and an OCI identity policy, connecting
```hcl
module "dynamic_groups" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/dynamic_groups?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/dynamic_groups?ref=v5.3.0"
cluster_id = "your-cluster-id"
compartment_id = "your-compartment-id"
diff --git a/infrastructure/oci/oke/README.md b/infrastructure/oci/oke/README.md
index 5d452161..a4dc0f27 100644
--- a/infrastructure/oci/oke/README.md
+++ b/infrastructure/oci/oke/README.md
@@ -21,7 +21,7 @@ The module instantiates the oracle-terraform-modules/oke/oci module to create an
```hcl
module "oke" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/oke?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/oke?ref=v5.3.0"
api_endpoint_subnet_id = "your-api-endpoint-subnet-id"
cluster_name = "your-cluster-name"
diff --git a/infrastructure/oci/vcn/README.md b/infrastructure/oci/vcn/README.md
index d12adcd6..4a6f08b2 100644
--- a/infrastructure/oci/vcn/README.md
+++ b/infrastructure/oci/vcn/README.md
@@ -19,7 +19,7 @@ The module instantiates oci_core_subnet resources for public and private subnets
```hcl
module "vcn" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/vcn?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//infrastructure/oci/vcn?ref=v5.3.0"
}
```
diff --git a/nullplatform/account/README.md b/nullplatform/account/README.md
index 4fd49d14..5506442f 100644
--- a/nullplatform/account/README.md
+++ b/nullplatform/account/README.md
@@ -19,7 +19,7 @@ The module iterates over the `nullplatform_accounts` input map using `for_each`
```hcl
module "account" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/account?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/account?ref=v5.3.0"
nullplatform_accounts = "your-nullplatform-accounts"
}
diff --git a/nullplatform/agent/README.md b/nullplatform/agent/README.md
index 74ebb676..9b11502c 100644
--- a/nullplatform/agent/README.md
+++ b/nullplatform/agent/README.md
@@ -22,7 +22,7 @@ The module renders a Helm values file using a templatefile() call that merges de
```hcl
module "agent" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v5.3.0"
api_key = "your-api-key"
cloud_provider = "your-cloud-provider"
@@ -37,7 +37,7 @@ module "agent" {
```hcl
module "agent" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v5.3.0"
api_key = "your-api-key"
aws_iam_role_arn = "your-aws-iam-role-arn" # Required when cloud_provider = "aws"
@@ -53,7 +53,7 @@ module "agent" {
```hcl
module "agent" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v5.3.0"
api_key = "your-api-key"
cloud_provider = "gcp"
@@ -68,7 +68,7 @@ module "agent" {
```hcl
module "agent" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v5.3.0"
api_key = "your-api-key"
azure_client_id = "your-azure-client-id" # Required when cloud_provider = "azure"
@@ -91,7 +91,7 @@ module "agent" {
```hcl
module "agent" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/agent?ref=v5.3.0"
api_key = "your-api-key"
cloud_provider = "oci"
diff --git a/nullplatform/api_key/README.md b/nullplatform/api_key/README.md
index 3917a982..a9078dc9 100644
--- a/nullplatform/api_key/README.md
+++ b/nullplatform/api_key/README.md
@@ -21,7 +21,7 @@ The module creates a single nullplatform_api_key resource whose name, grants, an
```hcl
module "api_key" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v5.3.0"
type = "your-type"
}
@@ -31,7 +31,7 @@ module "api_key" {
```hcl
module "api_key" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v5.3.0"
nrn = "your-nrn" # Required when type = "agent"
type = "agent"
@@ -42,7 +42,7 @@ module "api_key" {
```hcl
module "api_key" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v5.3.0"
nrn = "your-nrn" # Required when type = "scope_notification"
specification_slug = "your-specification-slug" # Required when type = "scope_notification"
@@ -54,7 +54,7 @@ module "api_key" {
```hcl
module "api_key" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v5.3.0"
nrn = "your-nrn" # Required when type = "service_notification"
specification_slug = "your-specification-slug" # Required when type = "service_notification"
@@ -66,7 +66,7 @@ module "api_key" {
```hcl
module "api_key" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/api_key?ref=v5.3.0"
custom_grants = "your-custom-grants" # Required when type = "custom"
custom_name = "your-custom-name" # Required when type = "custom"
diff --git a/nullplatform/asset/docker_server/README.md b/nullplatform/asset/docker_server/README.md
index 572bdb16..e44b3006 100644
--- a/nullplatform/asset/docker_server/README.md
+++ b/nullplatform/asset/docker_server/README.md
@@ -21,7 +21,7 @@ Creates a nullplatform_provider_config resource of type 'docker-server' with enc
```hcl
module "docker_server" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/asset/docker_server?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/asset/docker_server?ref=v5.3.0"
login_server = "your-login-server"
nrn = "your-nrn"
diff --git a/nullplatform/asset/ecr/README.md b/nullplatform/asset/ecr/README.md
index 12ee6eb9..acd4f7f9 100644
--- a/nullplatform/asset/ecr/README.md
+++ b/nullplatform/asset/ecr/README.md
@@ -21,7 +21,7 @@ The module reads the current AWS region via the aws_region data source and combi
```hcl
module "ecr" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/asset/ecr?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/asset/ecr?ref=v5.3.0"
application_role_arn = "your-application-role-arn"
build_workflow_access_key_id = "your-build-workflow-access-key-id"
diff --git a/nullplatform/asset/s3/README.md b/nullplatform/asset/s3/README.md
index 0240ec1b..2a7295a1 100644
--- a/nullplatform/asset/s3/README.md
+++ b/nullplatform/asset/s3/README.md
@@ -19,7 +19,7 @@ The module creates a single nullplatform_provider_config resource of type s3-con
```hcl
module "s3" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/asset/s3?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/asset/s3?ref=v5.3.0"
bucket_name = "your-bucket-name"
nrn = "your-nrn"
diff --git a/nullplatform/base/README.md b/nullplatform/base/README.md
index 8d035ebf..d6c11aa9 100644
--- a/nullplatform/base/README.md
+++ b/nullplatform/base/README.md
@@ -22,7 +22,7 @@ The module creates two kubernetes_namespace_v1 resources (nullplatform-tools and
```hcl
module "base" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v5.3.0"
k8s_provider = "your-k8s-provider"
np_api_key = "your-np-api-key"
@@ -33,7 +33,7 @@ module "base" {
```hcl
module "base" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v5.3.0"
k8s_provider = "eks"
np_api_key = "your-np-api-key"
@@ -44,7 +44,7 @@ module "base" {
```hcl
module "base" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v5.3.0"
k8s_provider = "gke"
np_api_key = "your-np-api-key"
@@ -55,7 +55,7 @@ module "base" {
```hcl
module "base" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v5.3.0"
k8s_provider = "aks"
np_api_key = "your-np-api-key"
@@ -66,7 +66,7 @@ module "base" {
```hcl
module "base" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v5.3.0"
k8s_provider = "oke"
np_api_key = "your-np-api-key"
@@ -77,7 +77,7 @@ module "base" {
```hcl
module "base" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/base?ref=v5.3.0"
k8s_provider = "aro"
np_api_key = "your-np-api-key"
diff --git a/nullplatform/cloud/aws/cloud/README.md b/nullplatform/cloud/aws/cloud/README.md
index 1f755a69..131a0ad7 100644
--- a/nullplatform/cloud/aws/cloud/README.md
+++ b/nullplatform/cloud/aws/cloud/README.md
@@ -21,7 +21,7 @@ The module uses data sources aws_caller_identity and aws_region to dynamically r
```hcl
module "cloud" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/aws/cloud?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/aws/cloud?ref=v5.3.0"
domain_name = "your-domain-name"
hosted_private_zone_id = "your-hosted-private-zone-id"
diff --git a/nullplatform/cloud/aws/vpc/README.md b/nullplatform/cloud/aws/vpc/README.md
index 95737715..3f77a2c9 100644
--- a/nullplatform/cloud/aws/vpc/README.md
+++ b/nullplatform/cloud/aws/vpc/README.md
@@ -20,7 +20,7 @@ Creates a nullplatform_provider_config resource of type 'aws-networking-configur
```hcl
module "vpc" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/aws/vpc?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/aws/vpc?ref=v5.3.0"
nrn = "your-nrn"
vpc_id = "your-vpc-id"
diff --git a/nullplatform/cloud/azure/cloud/README.md b/nullplatform/cloud/azure/cloud/README.md
index 263f8099..fd8b7f1b 100644
--- a/nullplatform/cloud/azure/cloud/README.md
+++ b/nullplatform/cloud/azure/cloud/README.md
@@ -22,7 +22,7 @@ The module creates a single nullplatform_provider_config resource of type 'azure
```hcl
module "cloud" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/azure/cloud?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/azure/cloud?ref=v5.3.0"
azure_resource_group_name = "your-azure-resource-group-name"
nrn = "your-nrn"
diff --git a/nullplatform/cloud/gcp/cloud/README.md b/nullplatform/cloud/gcp/cloud/README.md
index bdd9d30a..23b82ce1 100644
--- a/nullplatform/cloud/gcp/cloud/README.md
+++ b/nullplatform/cloud/gcp/cloud/README.md
@@ -19,7 +19,7 @@ The module creates a single nullplatform_provider_config resource of type 'googl
```hcl
module "cloud" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/gcp/cloud?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/gcp/cloud?ref=v5.3.0"
domain_name = "your-domain-name"
location = "your-location"
diff --git a/nullplatform/cloud/oci/cloud/README.md b/nullplatform/cloud/oci/cloud/README.md
index 58bafd35..d499e04c 100644
--- a/nullplatform/cloud/oci/cloud/README.md
+++ b/nullplatform/cloud/oci/cloud/README.md
@@ -19,7 +19,7 @@ The module creates a single nullplatform_provider_config resource of type 'oci-c
```hcl
module "cloud" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/oci/cloud?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/cloud/oci/cloud?ref=v5.3.0"
account_id = "your-account-id"
account_name = "your-account-name"
diff --git a/nullplatform/code_repository/README.md b/nullplatform/code_repository/README.md
index d92fd35b..94c78234 100644
--- a/nullplatform/code_repository/README.md
+++ b/nullplatform/code_repository/README.md
@@ -20,7 +20,7 @@ The module uses local values to evaluate which git provider is selected and cond
```hcl
module "code_repository" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/code_repository?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/code_repository?ref=v5.3.0"
git_provider = "your-git-provider"
nrn = "your-nrn"
@@ -31,7 +31,7 @@ module "code_repository" {
```hcl
module "code_repository" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/code_repository?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/code_repository?ref=v5.3.0"
git_provider = "github"
github_installation_id = "your-github-installation-id" # Required when git_provider = "github"
@@ -44,7 +44,7 @@ module "code_repository" {
```hcl
module "code_repository" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/code_repository?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/code_repository?ref=v5.3.0"
git_provider = "gitlab"
gitlab_access_token = "your-gitlab-access-token" # Required when git_provider = "gitlab"
diff --git a/nullplatform/container_orchestration/aks/README.md b/nullplatform/container_orchestration/aks/README.md
index c69a2aef..36f78829 100644
--- a/nullplatform/container_orchestration/aks/README.md
+++ b/nullplatform/container_orchestration/aks/README.md
@@ -21,7 +21,7 @@ The module builds a local.attributes map that aggregates cluster metadata, gatew
```hcl
module "aks" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/aks?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/aks?ref=v5.3.0"
cluster_name = "your-cluster-name"
nrn = "your-nrn"
diff --git a/nullplatform/container_orchestration/eks/README.md b/nullplatform/container_orchestration/eks/README.md
index f00104a6..373a0da2 100644
--- a/nullplatform/container_orchestration/eks/README.md
+++ b/nullplatform/container_orchestration/eks/README.md
@@ -21,7 +21,7 @@ Creates a nullplatform_provider_config resource with type 'eks-configuration' th
```hcl
module "eks" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/eks?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/eks?ref=v5.3.0"
cluster_name = "your-cluster-name"
nrn = "your-nrn"
diff --git a/nullplatform/container_orchestration/gke/README.md b/nullplatform/container_orchestration/gke/README.md
index e4d6538b..411cb103 100644
--- a/nullplatform/container_orchestration/gke/README.md
+++ b/nullplatform/container_orchestration/gke/README.md
@@ -22,7 +22,7 @@ The module constructs a structured attributes object using locals that merge clu
```hcl
module "gke" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/gke?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/gke?ref=v5.3.0"
cluster_name = "your-cluster-name"
location = "your-location"
diff --git a/nullplatform/container_orchestration/oke/README.md b/nullplatform/container_orchestration/oke/README.md
index 8a38c8b7..e121a5f0 100644
--- a/nullplatform/container_orchestration/oke/README.md
+++ b/nullplatform/container_orchestration/oke/README.md
@@ -19,7 +19,7 @@ Creates a single nullplatform_provider_config resource of type 'oke' that stores
```hcl
module "oke" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/oke?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/container_orchestration/oke?ref=v5.3.0"
cluster_name = "your-cluster-name"
nrn = "your-nrn"
diff --git a/nullplatform/dimension/README.md b/nullplatform/dimension/README.md
index 08f80713..2026af30 100644
--- a/nullplatform/dimension/README.md
+++ b/nullplatform/dimension/README.md
@@ -19,7 +19,7 @@ The module creates a nullplatform_dimension resource using the provided name, or
```hcl
module "dimension" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/dimension?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/dimension?ref=v5.3.0"
name = "your-name"
nrn = "your-nrn"
diff --git a/nullplatform/dimension_value/README.md b/nullplatform/dimension_value/README.md
index 8a1b4102..748b3c68 100644
--- a/nullplatform/dimension_value/README.md
+++ b/nullplatform/dimension_value/README.md
@@ -19,7 +19,7 @@ The module uses a terraform_data resource to enforce mutual-exclusivity and pres
```hcl
module "dimension_value" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/dimension_value?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/dimension_value?ref=v5.3.0"
dimension_id = "your-dimension-id"
name = "your-name"
diff --git a/nullplatform/identity-access-control/README.md b/nullplatform/identity-access-control/README.md
index 4838e165..001b03e7 100644
--- a/nullplatform/identity-access-control/README.md
+++ b/nullplatform/identity-access-control/README.md
@@ -20,7 +20,7 @@ The module creates a single nullplatform_provider_config resource named identity
```hcl
module "identity-access-control" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/identity-access-control?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/identity-access-control?ref=v5.3.0"
attributes = "your-attributes"
nrn = "your-nrn"
diff --git a/nullplatform/metrics/README.md b/nullplatform/metrics/README.md
index ac1de391..984f381f 100644
--- a/nullplatform/metrics/README.md
+++ b/nullplatform/metrics/README.md
@@ -21,7 +21,7 @@ The module creates a single nullplatform_provider_config resource of type 'prome
```hcl
module "metrics" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/metrics?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/metrics?ref=v5.3.0"
nrn = "your-nrn"
}
diff --git a/nullplatform/scope_configuration/README.md b/nullplatform/scope_configuration/README.md
index 7de16c95..fbe421c0 100644
--- a/nullplatform/scope_configuration/README.md
+++ b/nullplatform/scope_configuration/README.md
@@ -20,7 +20,7 @@ The module creates a single nullplatform_provider_config resource that binds a N
```hcl
module "scope_configuration" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/scope_configuration?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/scope_configuration?ref=v5.3.0"
attributes = "your-attributes"
np_api_key = "your-np-api-key"
diff --git a/nullplatform/scope_definition/README.md b/nullplatform/scope_definition/README.md
index 6575ac49..97da5efe 100644
--- a/nullplatform/scope_definition/README.md
+++ b/nullplatform/scope_definition/README.md
@@ -22,7 +22,7 @@ The module fetches JSON templates via `data.http` resources and processes them t
```hcl
module "scope_definition" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/scope_definition?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/scope_definition?ref=v5.3.0"
np_api_key = "your-np-api-key"
nrn = "your-nrn"
diff --git a/nullplatform/scope_definition_agent_association/README.md b/nullplatform/scope_definition_agent_association/README.md
index 880f9066..8e94b760 100644
--- a/nullplatform/scope_definition_agent_association/README.md
+++ b/nullplatform/scope_definition_agent_association/README.md
@@ -22,7 +22,7 @@ The module fetches a notification channel template via the `data.http` data sour
```hcl
module "scope_definition_agent_association" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/scope_definition_agent_association?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/scope_definition_agent_association?ref=v5.3.0"
api_key = "your-api-key"
nrn = "your-nrn"
diff --git a/nullplatform/service_definition/README.md b/nullplatform/service_definition/README.md
index d0107ae7..153b62b9 100644
--- a/nullplatform/service_definition/README.md
+++ b/nullplatform/service_definition/README.md
@@ -22,7 +22,7 @@ The module fetches service, action, and link spec templates via the `http` data
```hcl
module "service_definition" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/service_definition?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/service_definition?ref=v5.3.0"
nrn = "your-nrn"
service_name = "your-service-name"
diff --git a/nullplatform/service_definition_agent_association/README.md b/nullplatform/service_definition_agent_association/README.md
index 67624c0d..20d295f3 100644
--- a/nullplatform/service_definition_agent_association/README.md
+++ b/nullplatform/service_definition_agent_association/README.md
@@ -21,7 +21,7 @@ The module creates a terraform_data resource to track API key changes as a lifec
```hcl
module "service_definition_agent_association" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/service_definition_agent_association?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/service_definition_agent_association?ref=v5.3.0"
api_key = "your-api-key"
repository_service_spec_repo = "your-repository-service-spec-repo"
diff --git a/nullplatform/users/README.md b/nullplatform/users/README.md
index dadb4bfd..1f7cdb6b 100644
--- a/nullplatform/users/README.md
+++ b/nullplatform/users/README.md
@@ -21,7 +21,7 @@ The module iterates over a map of user definitions using `nullplatform_user` res
```hcl
module "users" {
- source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/users?ref=v5.2.0"
+ source = "git::https://github.com/nullplatform/tofu-modules.git//nullplatform/users?ref=v5.3.0"
nullplatform_users = "your-nullplatform-users"
}