AWS¶
The AWS provider implements support for Amazon Web Services cloud provider.
Usage¶
The AWS provider is implemented as a plugin. To use it add the plugin to your init file.
It uses the format @plugin: gyro:gyro-aws-provider:<version>.
@repository: 'https://artifactory.psdops.com/gyro-releases'
@plugin: 'gyro:gyro-aws-provider:1.6.0'
This lets Gyro load the AWS provider plugin and lets you start managing AWS resources using Gyro.
Authentication¶
This provider expects credentials to be provided using the same mechanism that the AWS CLI uses.
First, define your credentials in $HOME/.aws/credentials under a profile name
of your choosing:
[my-project]
aws_secret_access_key = <access_key>
aws_access_key_id = <access_key_id>
Then define these credentials in .gyro/init.gyro in your Gyro project along with
the region you want to use these credentials in.
@credentials 'aws::credentials'
profile-name: 'my-project'
region: 'us-east-1'
@end
To use more than one region, provide a name for your credentials. When a name is not provided
then the credentials because the default.
@credentials 'aws::credentials' us-east-2
profile-name: 'my-project'
region: 'us-east-2'
@end
To use a non-default set of credentials you must explicitly use them in your resource definitions:
aws::instance web-server
instance-type: 't2.micro'
@uses-credentials: 'us-east-2'
end
State Locking¶
This provider uses DynamoDb for state locking. In order to use DynamoDb for locking, you must create a table
with a primary key titled LockKey. Then define the lock backend in .gyro/init.gyro with its
table-name in your Gyro project:
@lock-backend 'aws::dynamo-db'
table-name: 'gyro-lock-table'
@end
If you want to use this same DynamoDb table for multiple Gyro projects, specify the optional lock-key field.
This field must have a unique value per project as it is the ID that is used to ensure only one lock per project
exists at a time.
@lock-backend 'aws::dynamo-db'
table-name: 'gyro-lock-table'
lock-key: 'GyroProject1Key'
@end
You may also specify a credentials field if you would like to use named credentials other than the default
credentials:
@lock-backend 'aws::dynamo-db'
table-name: 'gyro-lock-table'
credentials: 'us-east-2'
@end
Remote State Storage¶
This provider uses S3 for remote state storage. In order to use S3 for remote state storage, either use an existing
bucket or create a new one. Next, add the state backend to your .gyro/init.gyro with its table-name, and
optional prefix (we recommend using .gyro/state as your prefix):
@state-backend 'aws::s3'
bucket: 'gyro-state-bucket'
prefix: '.gyro/state'
@end
Resources¶
- ACM
- ACM PCA
- Api Gateway V2
- Autoscaling Groups
- Backup
- Cloudfront
- Cloudtrail
- Cloudwatch
- CodeBuild
- Cognito Identity Provider
- Data Lifecycle Manager
- DAX
- Document Db
- DynamoDB
- EC2
- ECR
- ECS
- EFS
- EKS
- ElastiCache
- Elasticsearch
- EventBridge
- GlobalAccelerator
- Identity Access Management
- Kendra
- KMS
- Lambda
- Load Balancer
- Load Balancer - Classic
- Neptune
- Relational Database Service (RDS)
- Route53
- S3
- Simple Notification Service
- SQS
- WAF - Global
- WAF - Regional
- WAF-V2