diff --git a/examples/anyscale-v2-commonname/outputs.tf b/examples/anyscale-v2-commonname/outputs.tf index 4a5cc45..ffbbf66 100644 --- a/examples/anyscale-v2-commonname/outputs.tf +++ b/examples/anyscale-v2-commonname/outputs.tf @@ -63,3 +63,28 @@ output "anyscale_register_command" { --functional-verify workspace EOT } + +output "anyscale_cloud_resource_yaml" { + description = <<-EOF + Anyscale cloud resource YAML configuration for common name example. + This output can be saved to a file and used with `anyscale cloud resource add` command. + The name is auto-generated as vm-aws-$${var.aws_region} but can be updated in the YAML file if needed. + EOF + value = <<-EOT +name: vm-aws-${var.aws_region} +provider: AWS +compute_stack: VM +region: ${var.aws_region} +networking_mode: PUBLIC +object_storage: + bucket_name: s3://${module.aws_anyscale_v2_common_name.anyscale_s3_bucket_id} +aws_config: + vpc_id: ${module.aws_anyscale_v2_common_name.anyscale_vpc_id} + subnet_ids: + - ${join("\n - ", module.aws_anyscale_v2_common_name.anyscale_vpc_public_subnet_ids)} + security_group_ids: + - ${module.aws_anyscale_v2_common_name.anyscale_security_group_id} + anyscale_iam_role_id: ${module.aws_anyscale_v2_common_name.anyscale_iam_role_arn} + cluster_iam_role_id: ${module.aws_anyscale_v2_common_name.anyscale_iam_role_cluster_node_arn} +EOT +} diff --git a/examples/anyscale-v2-existing-s3/outputs.tf b/examples/anyscale-v2-existing-s3/outputs.tf index bb65c9e..ebc32da 100644 --- a/examples/anyscale-v2-existing-s3/outputs.tf +++ b/examples/anyscale-v2-existing-s3/outputs.tf @@ -68,3 +68,30 @@ output "anyscale_register_command" { --functional-verify workspace EOT } + +output "anyscale_cloud_resource_yaml" { + description = <<-EOF + Anyscale cloud resource YAML configuration for existing S3 example. + This output can be saved to a file and used with `anyscale cloud resource add` command. + The name is auto-generated as vm-aws-$${var.aws_region} but can be updated in the YAML file if needed. + EOF + value = <<-EOT +name: vm-aws-${var.aws_region} +provider: AWS +compute_stack: VM +region: ${var.aws_region} +networking_mode: PUBLIC +object_storage: + bucket_name: s3://${split(":", var.existing_s3_bucket_arn)[5]} +file_storage: + file_storage_id: ${module.aws_anyscale_v2_existing_s3.anyscale_efs_id} +aws_config: + vpc_id: ${module.aws_anyscale_v2_existing_s3.anyscale_vpc_id} + subnet_ids: + - ${join("\n - ", module.aws_anyscale_v2_existing_s3.anyscale_vpc_public_subnet_ids)} + security_group_ids: + - ${module.aws_anyscale_v2_existing_s3.anyscale_security_group_id} + anyscale_iam_role_id: ${module.aws_anyscale_v2_existing_s3.anyscale_iam_role_arn} + cluster_iam_role_id: ${module.aws_anyscale_v2_existing_s3.anyscale_iam_role_cluster_node_arn} +EOT +} diff --git a/examples/anyscale-v2-existing-vpc/outputs.tf b/examples/anyscale-v2-existing-vpc/outputs.tf index 465ea62..d2b0e90 100644 --- a/examples/anyscale-v2-existing-vpc/outputs.tf +++ b/examples/anyscale-v2-existing-vpc/outputs.tf @@ -46,3 +46,30 @@ output "anyscale_register_command" { --functional-verify workspace EOT } + +output "anyscale_cloud_resource_yaml" { + description = <<-EOF + Anyscale cloud resource YAML configuration for existing VPC example. + This output can be saved to a file and used with `anyscale cloud resource add` command. + The name is auto-generated as vm-aws-$${var.aws_region} but can be updated in the YAML file if needed. + EOF + value = <<-EOT +name: vm-aws-${var.aws_region} +provider: AWS +compute_stack: VM +region: ${var.aws_region} +networking_mode: PUBLIC +object_storage: + bucket_name: s3://${module.aws_anyscale_v2_existing_vpc.anyscale_s3_bucket_id} +file_storage: + file_storage_id: ${module.aws_anyscale_v2_existing_vpc.anyscale_efs_id} +aws_config: + vpc_id: ${var.existing_vpc_id} + subnet_ids: + - ${join("\n - ", var.existing_subnet_ids)} + security_group_ids: + - ${module.aws_anyscale_v2_existing_vpc.anyscale_security_group_id} + anyscale_iam_role_id: ${module.aws_anyscale_v2_existing_vpc.anyscale_iam_role_arn} + cluster_iam_role_id: ${module.aws_anyscale_v2_existing_vpc.anyscale_iam_role_cluster_node_arn} +EOT +} diff --git a/examples/anyscale-v2-kitchensink/outputs.tf b/examples/anyscale-v2-kitchensink/outputs.tf index e34ff8c..9a82a90 100644 --- a/examples/anyscale-v2-kitchensink/outputs.tf +++ b/examples/anyscale-v2-kitchensink/outputs.tf @@ -24,3 +24,31 @@ output "anyscale_register_command" { --functional-verify workspace EOT } + +output "anyscale_cloud_resource_yaml" { + description = <<-EOF + Anyscale cloud resource YAML configuration for kitchen sink example. + This output can be saved to a file and used with `anyscale cloud resource add` command. + The name is auto-generated as vm-aws-$${var.aws_region} but can be updated in the YAML file if needed. + EOF + value = <<-EOT +name: vm-aws-${var.aws_region} +provider: AWS +compute_stack: VM +region: ${var.aws_region} +networking_mode: PRIVATE +object_storage: + bucket_name: s3://${module.aws_anyscale_v2_kitchen_sink.anyscale_s3_bucket_id} +file_storage: + file_storage_id: ${module.aws_anyscale_v2_kitchen_sink.anyscale_efs_id} +aws_config: + vpc_id: ${module.aws_anyscale_v2_kitchen_sink.anyscale_vpc_id} + subnet_ids: + - ${join("\n - ", module.aws_anyscale_v2_kitchen_sink.anyscale_vpc_private_subnet_ids)} + security_group_ids: + - ${module.aws_anyscale_v2_kitchen_sink.anyscale_security_group_id} + anyscale_iam_role_id: ${module.aws_anyscale_v2_kitchen_sink.anyscale_iam_role_arn} + cluster_iam_role_id: ${module.aws_anyscale_v2_kitchen_sink.anyscale_iam_role_cluster_node_arn} + memorydb_cluster_name: ${module.aws_anyscale_v2_kitchen_sink.anyscale_memorydb_cluster_id} +EOT +} diff --git a/examples/anyscale-v2-kms/outputs.tf b/examples/anyscale-v2-kms/outputs.tf index d5d7e83..d6bdab0 100644 --- a/examples/anyscale-v2-kms/outputs.tf +++ b/examples/anyscale-v2-kms/outputs.tf @@ -21,3 +21,30 @@ output "anyscale_register_command" { --functional-verify workspace EOT } + +output "anyscale_cloud_resource_yaml" { + description = <<-EOF + Anyscale cloud resource YAML configuration for KMS example. + This output can be saved to a file and used with `anyscale cloud resource add` command. + The name is auto-generated as vm-aws-$${var.aws_region} but can be updated in the YAML file if needed. + EOF + value = <<-EOT +name: vm-aws-${var.aws_region} +provider: AWS +compute_stack: VM +region: ${var.aws_region} +networking_mode: PUBLIC +object_storage: + bucket_name: s3://${module.aws_anyscale_v2_kms.anyscale_s3_bucket_id} +file_storage: + file_storage_id: ${module.aws_anyscale_v2_kms.anyscale_efs_id} +aws_config: + vpc_id: ${module.aws_anyscale_v2_kms.anyscale_vpc_id} + subnet_ids: + - ${join("\n - ", module.aws_anyscale_v2_kms.anyscale_vpc_public_subnet_ids)} + security_group_ids: + - ${module.aws_anyscale_v2_kms.anyscale_security_group_id} + anyscale_iam_role_id: ${module.aws_anyscale_v2_kms.anyscale_iam_role_arn} + cluster_iam_role_id: ${module.aws_anyscale_v2_kms.anyscale_iam_role_cluster_node_arn} +EOT +} diff --git a/examples/anyscale-v2-privatesubnets/outputs.tf b/examples/anyscale-v2-privatesubnets/outputs.tf index 132f586..abdf4e6 100644 --- a/examples/anyscale-v2-privatesubnets/outputs.tf +++ b/examples/anyscale-v2-privatesubnets/outputs.tf @@ -64,3 +64,31 @@ output "anyscale_register_command" { --functional-verify workspace EOT } + +output "anyscale_cloud_resource_yaml" { + description = <<-EOF + Anyscale cloud resource YAML configuration for private subnets. + This output can be saved to a file and used with `anyscale cloud resource add` command. + The name is auto-generated as vm-aws-$${var.aws_region} but can be updated in the YAML file if needed. + EOF + value = <<-EOT +name: vm-aws-${var.aws_region} +provider: AWS +compute_stack: VM +region: ${var.aws_region} +networking_mode: PRIVATE +object_storage: + bucket_name: s3://${module.aws_anyscale_v2_private_vpc.anyscale_s3_bucket_id} +file_storage: + file_storage_id: ${module.aws_anyscale_v2_private_vpc.anyscale_efs_id} +aws_config: + vpc_id: ${module.aws_anyscale_v2_private_vpc.anyscale_vpc_id} + subnet_ids: + - ${join("\n - ", module.aws_anyscale_v2_private_vpc.anyscale_vpc_private_subnet_ids)} + security_group_ids: + - ${module.aws_anyscale_v2_private_vpc.anyscale_security_group_id} + anyscale_iam_role_id: ${module.aws_anyscale_v2_private_vpc.anyscale_iam_role_arn} + cluster_iam_role_id: ${module.aws_anyscale_v2_private_vpc.anyscale_iam_role_cluster_node_arn} + memorydb_cluster_name: ${module.aws_anyscale_v2_private_vpc.anyscale_memorydb_cluster_id} +EOT +} diff --git a/examples/anyscale-v2/outputs.tf b/examples/anyscale-v2/outputs.tf index d36ac69..5fa9fee 100644 --- a/examples/anyscale-v2/outputs.tf +++ b/examples/anyscale-v2/outputs.tf @@ -60,3 +60,30 @@ output "anyscale_register_command" { --efs-id ${module.aws_anyscale_v2.anyscale_efs_id} EOT } + +output "anyscale_cloud_resource_yaml" { + description = <<-EOF + Anyscale cloud resource YAML configuration. + This output can be saved to a file and used with `anyscale cloud resource add` command. + The name is auto-generated as vm-aws-$${var.aws_region} but can be updated in the YAML file if needed. + EOF + value = <<-EOT +name: vm-aws-${var.aws_region} +provider: AWS +compute_stack: VM +region: ${var.aws_region} +networking_mode: PUBLIC +object_storage: + bucket_name: s3://${module.aws_anyscale_v2.anyscale_s3_bucket_id} +file_storage: + file_storage_id: ${module.aws_anyscale_v2.anyscale_efs_id} +aws_config: + vpc_id: ${module.aws_anyscale_v2.anyscale_vpc_id} + subnet_ids: + - ${join("\n - ", module.aws_anyscale_v2.anyscale_vpc_public_subnet_ids)} + security_group_ids: + - ${module.aws_anyscale_v2.anyscale_security_group_id} + anyscale_iam_role_id: ${module.aws_anyscale_v2.anyscale_iam_role_arn} + cluster_iam_role_id: ${module.aws_anyscale_v2.anyscale_iam_role_cluster_node_arn} +EOT +} diff --git a/modules/aws-anyscale-iam/anyscale-control_plane-services-v2.tmpl b/modules/aws-anyscale-iam/anyscale-control_plane-services-v2.tmpl index 0b671ad..f1857c4 100644 --- a/modules/aws-anyscale-iam/anyscale-control_plane-services-v2.tmpl +++ b/modules/aws-anyscale-iam/anyscale-control_plane-services-v2.tmpl @@ -132,7 +132,7 @@ "Sid": "ACMModifyTags", "Effect": "Allow", "Action": [ - "acm:AddTagsToCertificate", + "acm:AddTagsToCertificate" ], "Resource": ["arn:aws:acm:*:${account_id}:certificate/*"], "Condition": { @@ -148,7 +148,7 @@ "Sid": "ACMWrite", "Effect": "Allow", "Action": [ - "acm:DeleteCertificate" + "acm:DeleteCertificate", "acm:RenewCertificate", "acm:GetCertificate", "acm:ListTagsForCertificate"