module "connection" {
source = "depot/connection/aws"
version = "x.x.x"
connection-id = "xxxxxx"
controller-role-arn = "arn:${data.aws_partition.current.partition}:iam::123456789012:role/depot-controller-example"
cidr-block = "10.0.0.0/16"
subnets = [
{ availability-zone = "us-east-1a", cidr-block = "10.0.1.0/18" },
{ availability-zone = "us-east-1b", cidr-block = "10.0.64.0/18" },
{ availability-zone = "us-east-1c", cidr-block = "10.0.128.0/18" },
]
}module "connection" {
source = "depot/connection/aws"
connection-id = "xxxxxx"
controller-role-arn = module.controller.controller-role-arn
vpc-id = "vpc-123"
existing-subnets = [
{ id = "subnet-123", availability-zone = "us-gov-west-1a", cidr-block = "10.10.1.0/24" },
{ id = "subnet-456", availability-zone = "us-gov-west-1b", cidr-block = "10.10.2.0/24" },
]
security-groups = {
buildkit = "sg-123"
default = "sg-456"
}
associate-public-ip-address = false
connection-parameter-kms-key-id = "arn:aws-us-gov:kms:us-gov-west-1:123456789012:key/..."
volume-kms-key-id = "arn:aws-us-gov:kms:us-gov-west-1:123456789012:key/..."
launch-template-id = "lt-123"
}The connection metadata includes volumeKMSKeyID and launchTemplateID when volume-kms-key-id and launch-template-id are provided, so Depot can use those values when launching instances and creating EBS volumes.
module "connection" {
source = "depot/connection/aws"
connection-id = "xxxxxx"
controller-role-arn = module.controller.controller-role-arn
cidr-block = "10.0.0.0/16"
subnets = [
{ availability-zone = "us-east-1a", cidr-block = "10.0.1.0/18" },
{ availability-zone = "us-east-1b", cidr-block = "10.0.64.0/18" },
{ availability-zone = "us-east-1c", cidr-block = "10.0.128.0/18" },
]
depot-builder-ami-id-x86 = "ami-123"
depot-builder-ami-id-arm = "ami-456"
}Provide one AMI ID per architecture that the connection should run.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| connection-id | ID for the Depot connection (provided in the Depot console) | string |
n/a | yes |
| controller-role-arn | ARN of the Depot realm controller role that can assume this connection role | string |
n/a | yes |
| allow-ssm-access | Controls if SSM access should be allowed for the EC2 instances | bool |
false |
no |
| associate-public-ip-address | Whether Depot should associate public IPs when launching instances | bool |
true |
no |
| cidr-block | VPC CIDR block | string |
"10.0.0.0/16" |
no |
| connection-parameter-kms-key-id | KMS key ID or ARN for the SSM SecureString connection metadata parameter | string |
null |
no |
| create-internet-gateway | Whether to create public internet routing for module-managed subnets | bool |
true |
no |
| depot-builder-ami-id-arm | AMI ID Depot should use for ARM builders | string |
null |
no |
| depot-builder-ami-id-x86 | AMI ID Depot should use for x86 builders | string |
null |
no |
| existing-subnets | Existing subnets to use instead of creating subnets | list(object({ id = string, availability-zone = string, cidr-block = string })) |
[] |
no |
| launch-template-id | Launch template ID Depot should use when launching instances | string |
null |
no |
| security-groups | Existing security groups for Depot instances | object({ buildkit = string, default = string }) |
null |
no |
| subnets | Subnets to create in the module-managed VPC | list(object({ availability-zone = string, cidr-block = string })) |
[] |
no |
| tags | A map of tags to apply to all resources | map(string) |
{} |
no |
| volume-kms-key-id | KMS key ID or ARN Depot should use for launched instance root and cache/data EBS volumes | string |
null |
no |
| vpc-id | Existing VPC ID to use instead of creating a VPC | string |
null |
no |
| Name | Description | Value | Sensitive |
|---|---|---|---|
| connection-metadata | Connection metadata written for Depot | "METADATA" |
yes |
| connection-controller-role-arn | ARN of the connection controller role | "ROLE-ARN" |
no |
| instance-role-arn | ARN of the instance role | "ROLE-ARN" |
no |
| instance-role-id | ID of the instance role | "ROLE-ID" |
no |
| route-table-id | VPC route table ID | "null" |
no |
| security-groups | Security groups used by Depot instances | "SECURITY-GROUPS" |
no |
| subnets | Subnets used by Depot instances | "SUBNETS" |
no |
| vpc-id | VPC ID | "VPC-ID" |
no |