From 0618d3a5544a7aec7f7cbe98e9a4e961ab06454f Mon Sep 17 00:00:00 2001 From: Mateusz Jenek Date: Mon, 18 Mar 2024 20:38:44 +0100 Subject: [PATCH] feat: add infrastructure and orchestrator diagrams --- examples/dns/README.md | 29 +++++++++++++++-- examples/dns/providers.tf | 3 +- examples/mysql/aurora/README.md | 31 +++++++++++++++---- examples/mysql/aurora/providers.tf | 3 -- .../mysql/aurora/terraform.tfvars.example | 9 ------ examples/mysql/aurora/variables.tf | 16 ---------- examples/mysql/basic/README.md | 30 +++++++++++++++--- examples/mysql/basic/providers.tf | 3 -- examples/mysql/basic/terraform.tfvars.example | 9 ------ examples/mysql/basic/variables.tf | 16 ---------- examples/postgres/aurora/README.md | 31 +++++++++++++++---- examples/postgres/aurora/providers.tf | 3 -- .../postgres/aurora/terraform.tfvars.example | 9 ------ examples/postgres/aurora/variables.tf | 16 ---------- examples/postgres/basic/README.md | 31 +++++++++++++++---- examples/postgres/basic/providers.tf | 3 -- .../postgres/basic/terraform.tfvars.example | 9 ------ examples/postgres/basic/variables.tf | 16 ---------- examples/redis/README.md | 29 +++++++++++++++-- examples/s3/README.md | 27 +++++++++++++++- examples/s3/providers.tf | 3 +- examples/sqs/README.md | 27 +++++++++++++++- examples/sqs/providers.tf | 3 +- 23 files changed, 210 insertions(+), 146 deletions(-) diff --git a/examples/dns/README.md b/examples/dns/README.md index 01fedae..ea93d94 100644 --- a/examples/dns/README.md +++ b/examples/dns/README.md @@ -1,8 +1,7 @@ # Example: dns resource based on AWS Route 53 -This example configures a [dns](https://developer.humanitec.com/platform-orchestrator/reference/resource-types/#dns) Resource Definition using AWS Route 53. - -The created Resource Definition can be used in your Score file using: +## Configuration +This example configures a [dns](https://developer.humanitec.com/platform-orchestrator/reference/resource-types/#dns) Resource Definition using AWS Route 53. A workload using the `dns` resource to create dns records looks like: ```yaml resources: @@ -11,6 +10,30 @@ resources: type: dns ``` +## Infrastructure setup + +```mermaid +graph TD; + subgraph AWS Hosted zone + record["record"] + end + + subgraph EKS Cluster + pod[workload pod] + end + record --> pod +``` + +## Orchestrator setup + +```mermaid +graph LR; + workload_1 --> dns_1["dns_1, resource_type: dns"] + workload_2 --> dns_2["dns_2, resource_type: dns"] + workload_2 --> shared.dns_1["shared.dns_1, resource_type: dns"] + workload_3 --> shared.dns_1["shared.dns_1, resource_type: dns"] +``` + ## Requirements diff --git a/examples/dns/providers.tf b/examples/dns/providers.tf index 3fd2e34..256300e 100644 --- a/examples/dns/providers.tf +++ b/examples/dns/providers.tf @@ -9,4 +9,5 @@ terraform { required_version = ">= 1.3.0" } -provider "humanitec" {} +provider "humanitec" { +} diff --git a/examples/mysql/aurora/README.md b/examples/mysql/aurora/README.md index 9aadecd..b955017 100644 --- a/examples/mysql/aurora/README.md +++ b/examples/mysql/aurora/README.md @@ -1,8 +1,7 @@ # Example: mysql resource based on AWS RDS Aurora -This example configures a [mysql](https://developer.humanitec.com/platform-orchestrator/reference/resource-types/#mysql) Resource Definition using AWS RDS Aurora. - -The created definition can be used in your Score file using: +## Configuration +This example configures a [mysql](https://developer.humanitec.com/platform-orchestrator/reference/resource-types/#mysql) Resource Definition using AWS RDS Aurora. A workload using the `mysql` resource to create database instance looks like: ```yaml resources: @@ -11,6 +10,29 @@ resources: type: mysql ``` +## Infrastructure setup + +```mermaid +graph TD; + subgraph VPC + database["MySQl AWS RDS Aurora instance"] + subgraph EKS Cluster + pod[workload pod] + end + database -- security group --> pod + end +``` + +## Orchestrator setup + +```mermaid +graph LR; + workload_1 --> db_1["db_1, resource_type: mysql"] + workload_2 --> db_2["db_2, resource_type: mysql"] + workload_2 --> shared.db_1["shared.db_1, resource_type: mysql"] + workload_3 --> shared.db_1["shared.db_1, resource_type: mysql"] +``` + ## Requirements @@ -44,14 +66,11 @@ resources: | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | access\_key | AWS Access Key | `string` | n/a | yes | -| humanitec\_org\_id | Humanitec organization where resource definitions will be applied | `string` | n/a | yes | -| humanitec\_token | Humanitec API token | `string` | n/a | yes | | k8s\_node\_security\_group\_id | AWS Security Group ID of the kubernetes nodes to allow access to the AWS RDS cluster | `string` | n/a | yes | | region | AWS Region to create resources | `string` | n/a | yes | | secret\_key | AWS Secret Key | `string` | n/a | yes | | subnet\_ids | AWS Subnet IDs to use for the AWS RDS cluster | `set(string)` | n/a | yes | | vpc\_id | AWS VPC ID | `string` | n/a | yes | -| humanitec\_host | Humanitec API host url | `string` | `"https://api.humanitec.io"` | no | | name | Name of the example application | `string` | `"hum-rp-mysql-example"` | no | | prefix | Prefix of the created resources | `string` | `"hum-rp-mysql-ex-"` | no | | resource\_packs\_aws\_rev | AWS Resource Pack git branch | `string` | `"refs/heads/main"` | no | diff --git a/examples/mysql/aurora/providers.tf b/examples/mysql/aurora/providers.tf index 35302db..7a7e63e 100644 --- a/examples/mysql/aurora/providers.tf +++ b/examples/mysql/aurora/providers.tf @@ -23,7 +23,4 @@ provider "aws" { } provider "humanitec" { - host = var.humanitec_host - org_id = var.humanitec_org_id - token = var.humanitec_token } diff --git a/examples/mysql/aurora/terraform.tfvars.example b/examples/mysql/aurora/terraform.tfvars.example index 51c8bc3..780f60a 100644 --- a/examples/mysql/aurora/terraform.tfvars.example +++ b/examples/mysql/aurora/terraform.tfvars.example @@ -2,15 +2,6 @@ # AWS Access Key access_key = "" -# Humanitec API host url -humanitec_host = "https://api.humanitec.io" - -# Humanitec organization where resource definitions will be applied -humanitec_org_id = "" - -# Humanitec API token -humanitec_token = "" - # AWS Security Group ID of the kubernetes nodes to allow access to the AWS RDS cluster k8s_node_security_group_id = "" diff --git a/examples/mysql/aurora/variables.tf b/examples/mysql/aurora/variables.tf index 720c284..34e8882 100644 --- a/examples/mysql/aurora/variables.tf +++ b/examples/mysql/aurora/variables.tf @@ -13,22 +13,6 @@ variable "region" { description = "AWS Region to create resources" } -variable "humanitec_org_id" { - type = string - description = "Humanitec organization where resource definitions will be applied" -} - -variable "humanitec_token" { - type = string - description = "Humanitec API token" -} - -variable "humanitec_host" { - type = string - default = "https://api.humanitec.io" - description = "Humanitec API host url" -} - variable "resource_packs_aws_url" { description = "AWS Resource Pack git url" type = string diff --git a/examples/mysql/basic/README.md b/examples/mysql/basic/README.md index 198151a..9cad22e 100644 --- a/examples/mysql/basic/README.md +++ b/examples/mysql/basic/README.md @@ -1,8 +1,8 @@ # Example: mysql resource based on AWS RDS -This example configures a [mysql](https://developer.humanitec.com/platform-orchestrator/reference/resource-types/#mysql) Resource Definition using AWS RDS. -The created Resource Definition can be used in your Score file using: +## Configuration +This example configures a [mysql](https://developer.humanitec.com/platform-orchestrator/reference/resource-types/#mysql) Resource Definition using AWS RDS. A workload using the `mysql` resource to create database instance looks like: ```yaml resources: @@ -11,6 +11,29 @@ resources: type: mysql ``` +## Infrastructure setup + +```mermaid +graph TD; + subgraph VPC + database["MySQl AWS RDS instance"] + subgraph EKS Cluster + pod[workload pod] + end + database -- security group --> pod + end +``` + +## Orchestrator setup + +```mermaid +graph LR; + workload_1 --> db_1["db_1, resource_type: mysql"] + workload_2 --> db_2["db_2, resource_type: mysql"] + workload_2 --> shared.db_1["shared.db_1, resource_type: mysql"] + workload_3 --> shared.db_1["shared.db_1, resource_type: mysql"] +``` + ## Requirements @@ -47,14 +70,11 @@ resources: | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | access\_key | AWS Access Key | `string` | n/a | yes | -| humanitec\_org\_id | Humanitec organization where resource definitions will be applied | `string` | n/a | yes | -| humanitec\_token | Humanitec API token | `string` | n/a | yes | | k8s\_node\_security\_group\_id | AWS Security Group ID of the kubernetes nodes to allow access to the AWS RDS cluster | `string` | n/a | yes | | region | AWS Region to create resources | `string` | n/a | yes | | secret\_key | AWS Secret Key | `string` | n/a | yes | | subnet\_ids | AWS Subnet IDs to use for the AWS RDS cluster | `set(string)` | n/a | yes | | vpc\_id | AWS VPC ID | `string` | n/a | yes | -| humanitec\_host | Humanitec API host url | `string` | `"https://api.humanitec.io"` | no | | name | Name of the example application | `string` | `"hum-rp-mysql-example"` | no | | prefix | Prefix of the created resources | `string` | `"hum-rp-mysql-ex-"` | no | | resource\_packs\_aws\_rev | AWS Resource Pack git branch | `string` | `"refs/heads/main"` | no | diff --git a/examples/mysql/basic/providers.tf b/examples/mysql/basic/providers.tf index 35302db..7a7e63e 100644 --- a/examples/mysql/basic/providers.tf +++ b/examples/mysql/basic/providers.tf @@ -23,7 +23,4 @@ provider "aws" { } provider "humanitec" { - host = var.humanitec_host - org_id = var.humanitec_org_id - token = var.humanitec_token } diff --git a/examples/mysql/basic/terraform.tfvars.example b/examples/mysql/basic/terraform.tfvars.example index 51c8bc3..780f60a 100644 --- a/examples/mysql/basic/terraform.tfvars.example +++ b/examples/mysql/basic/terraform.tfvars.example @@ -2,15 +2,6 @@ # AWS Access Key access_key = "" -# Humanitec API host url -humanitec_host = "https://api.humanitec.io" - -# Humanitec organization where resource definitions will be applied -humanitec_org_id = "" - -# Humanitec API token -humanitec_token = "" - # AWS Security Group ID of the kubernetes nodes to allow access to the AWS RDS cluster k8s_node_security_group_id = "" diff --git a/examples/mysql/basic/variables.tf b/examples/mysql/basic/variables.tf index 720c284..34e8882 100644 --- a/examples/mysql/basic/variables.tf +++ b/examples/mysql/basic/variables.tf @@ -13,22 +13,6 @@ variable "region" { description = "AWS Region to create resources" } -variable "humanitec_org_id" { - type = string - description = "Humanitec organization where resource definitions will be applied" -} - -variable "humanitec_token" { - type = string - description = "Humanitec API token" -} - -variable "humanitec_host" { - type = string - default = "https://api.humanitec.io" - description = "Humanitec API host url" -} - variable "resource_packs_aws_url" { description = "AWS Resource Pack git url" type = string diff --git a/examples/postgres/aurora/README.md b/examples/postgres/aurora/README.md index b7f76b7..c678ec5 100644 --- a/examples/postgres/aurora/README.md +++ b/examples/postgres/aurora/README.md @@ -1,8 +1,7 @@ # Example: postgres resource based on AWS RDS Aurora -This example configures a [postgres](https://developer.humanitec.com/platform-orchestrator/reference/resource-types/#postgres) Resource Definition using AWS RDS Aurora. - -The created Resource Definition can be used in your Score file using: +## Configuration +This example configures a [postgres](https://developer.humanitec.com/platform-orchestrator/reference/resource-types/#postgres) Resource Definition using AWS RDS Aurora. A workload using the `postgres` resource to create database instance looks like: ```yaml resources: @@ -11,6 +10,29 @@ resources: type: postgres ``` +## Infrastructure setup + +```mermaid +graph TD; + subgraph VPC + database["Postgres AWS RDS Aurora instance"] + subgraph EKS Cluster + pod[workload pod] + end + database -- security group --> pod + end +``` + +## Orchestrator setup + +```mermaid +graph LR; + workload_1 --> db_1["db_1, resource_type: postgres"] + workload_2 --> db_2["db_2, resource_type: postgres"] + workload_2 --> shared.db_1["shared.db_1, resource_type: postgres"] + workload_3 --> shared.db_1["shared.db_1, resource_type: postgres"] +``` + ## Requirements @@ -44,14 +66,11 @@ resources: | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | access\_key | AWS Access Key | `string` | n/a | yes | -| humanitec\_org\_id | Humanitec organization where resource definitions will be applied | `string` | n/a | yes | -| humanitec\_token | Humanitec API token | `string` | n/a | yes | | k8s\_node\_security\_group\_id | AWS Security Group ID of the kubernetes nodes to allow access to the AWS RDS cluster | `string` | n/a | yes | | region | AWS Region to create resources | `string` | n/a | yes | | secret\_key | AWS Secret Key | `string` | n/a | yes | | subnet\_ids | AWS Subnet IDs to use for the AWS RDS cluster | `set(string)` | n/a | yes | | vpc\_id | AWS VPC ID | `string` | n/a | yes | -| humanitec\_host | Humanitec API host url | `string` | `"https://api.humanitec.io"` | no | | name | Name of the example application | `string` | `"hum-rp-postgres-example"` | no | | prefix | Prefix of the created resources | `string` | `"hum-rp-postgres-ex-"` | no | | resource\_packs\_aws\_rev | AWS Resource Pack git branch | `string` | `"refs/heads/main"` | no | diff --git a/examples/postgres/aurora/providers.tf b/examples/postgres/aurora/providers.tf index 35302db..7a7e63e 100644 --- a/examples/postgres/aurora/providers.tf +++ b/examples/postgres/aurora/providers.tf @@ -23,7 +23,4 @@ provider "aws" { } provider "humanitec" { - host = var.humanitec_host - org_id = var.humanitec_org_id - token = var.humanitec_token } diff --git a/examples/postgres/aurora/terraform.tfvars.example b/examples/postgres/aurora/terraform.tfvars.example index eea5626..392b929 100644 --- a/examples/postgres/aurora/terraform.tfvars.example +++ b/examples/postgres/aurora/terraform.tfvars.example @@ -2,15 +2,6 @@ # AWS Access Key access_key = "" -# Humanitec API host url -humanitec_host = "https://api.humanitec.io" - -# Humanitec organization where resource definitions will be applied -humanitec_org_id = "" - -# Humanitec API token -humanitec_token = "" - # AWS Security Group ID of the kubernetes nodes to allow access to the AWS RDS cluster k8s_node_security_group_id = "" diff --git a/examples/postgres/aurora/variables.tf b/examples/postgres/aurora/variables.tf index 6693e80..15fb1be 100644 --- a/examples/postgres/aurora/variables.tf +++ b/examples/postgres/aurora/variables.tf @@ -13,22 +13,6 @@ variable "region" { description = "AWS Region to create resources" } -variable "humanitec_org_id" { - type = string - description = "Humanitec organization where resource definitions will be applied" -} - -variable "humanitec_token" { - type = string - description = "Humanitec API token" -} - -variable "humanitec_host" { - type = string - default = "https://api.humanitec.io" - description = "Humanitec API host url" -} - variable "resource_packs_aws_url" { description = "AWS Resource Pack git url" type = string diff --git a/examples/postgres/basic/README.md b/examples/postgres/basic/README.md index 595c4f8..afabce4 100644 --- a/examples/postgres/basic/README.md +++ b/examples/postgres/basic/README.md @@ -1,8 +1,7 @@ # Example: postgres resource based on AWS RDS -This example configures a [postgres](https://developer.humanitec.com/platform-orchestrator/reference/resource-types/#postgres) Resource Definition using AWS RDS. - -The created Resource Definition can be used in your Score file using: +## Configuration +This example configures a [postgres](https://developer.humanitec.com/platform-orchestrator/reference/resource-types/#postgres) Resource Definition using AWS RDS. A workload using the `postgres` resource to create database instance looks like: ```yaml resources: @@ -11,6 +10,29 @@ resources: type: postgres ``` +## Infrastructure setup + +```mermaid +graph TD; + subgraph VPC + database["Postgres AWS RDS instance"] + subgraph EKS Cluster + pod[workload pod] + end + database -- security group --> pod + end +``` + +## Orchestrator setup + +```mermaid +graph LR; + workload_1 --> db_1["db_1, resource_type: postgres"] + workload_2 --> db_2["db_2, resource_type: postgres"] + workload_2 --> shared.db_1["shared.db_1, resource_type: postgres"] + workload_3 --> shared.db_1["shared.db_1, resource_type: postgres"] +``` + ## Requirements @@ -47,14 +69,11 @@ resources: | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | access\_key | AWS Access Key | `string` | n/a | yes | -| humanitec\_org\_id | Humanitec organization where resource definitions will be applied | `string` | n/a | yes | -| humanitec\_token | Humanitec API token | `string` | n/a | yes | | k8s\_node\_security\_group\_id | AWS Security Group ID of the kubernetes nodes to allow access to the AWS RDS cluster | `string` | n/a | yes | | region | AWS Region to create resources | `string` | n/a | yes | | secret\_key | AWS Secret Key | `string` | n/a | yes | | subnet\_ids | AWS Subnet IDs to use for the AWS RDS cluster | `set(string)` | n/a | yes | | vpc\_id | AWS VPC ID | `string` | n/a | yes | -| humanitec\_host | Humanitec API host url | `string` | `"https://api.humanitec.io"` | no | | name | Name of the example application | `string` | `"hum-rp-postgres-example"` | no | | prefix | Prefix of the created resources | `string` | `"hum-rp-postgres-ex-"` | no | | resource\_packs\_aws\_rev | AWS Resource Pack git branch | `string` | `"refs/heads/main"` | no | diff --git a/examples/postgres/basic/providers.tf b/examples/postgres/basic/providers.tf index 35302db..7a7e63e 100644 --- a/examples/postgres/basic/providers.tf +++ b/examples/postgres/basic/providers.tf @@ -23,7 +23,4 @@ provider "aws" { } provider "humanitec" { - host = var.humanitec_host - org_id = var.humanitec_org_id - token = var.humanitec_token } diff --git a/examples/postgres/basic/terraform.tfvars.example b/examples/postgres/basic/terraform.tfvars.example index eea5626..392b929 100644 --- a/examples/postgres/basic/terraform.tfvars.example +++ b/examples/postgres/basic/terraform.tfvars.example @@ -2,15 +2,6 @@ # AWS Access Key access_key = "" -# Humanitec API host url -humanitec_host = "https://api.humanitec.io" - -# Humanitec organization where resource definitions will be applied -humanitec_org_id = "" - -# Humanitec API token -humanitec_token = "" - # AWS Security Group ID of the kubernetes nodes to allow access to the AWS RDS cluster k8s_node_security_group_id = "" diff --git a/examples/postgres/basic/variables.tf b/examples/postgres/basic/variables.tf index 6693e80..15fb1be 100644 --- a/examples/postgres/basic/variables.tf +++ b/examples/postgres/basic/variables.tf @@ -13,22 +13,6 @@ variable "region" { description = "AWS Region to create resources" } -variable "humanitec_org_id" { - type = string - description = "Humanitec organization where resource definitions will be applied" -} - -variable "humanitec_token" { - type = string - description = "Humanitec API token" -} - -variable "humanitec_host" { - type = string - default = "https://api.humanitec.io" - description = "Humanitec API host url" -} - variable "resource_packs_aws_url" { description = "AWS Resource Pack git url" type = string diff --git a/examples/redis/README.md b/examples/redis/README.md index 3fc2e9e..44c0fb6 100644 --- a/examples/redis/README.md +++ b/examples/redis/README.md @@ -1,8 +1,7 @@ # Example: redis resource based on AWS ElastiCache -This example configures a [redis](https://developer.humanitec.com/platform-orchestrator/reference/resource-types/#redis) Resource Definition using AWS ElastiCache. - -The created Resource Definition can be used in your Score file using: +## Configuration +This example configures a [redis](https://developer.humanitec.com/platform-orchestrator/reference/resource-types/#redis) Resource Definition using AWS ElastiCache. A workload using the `redis` resource to create redis cluster looks like: ```yaml resources: @@ -11,6 +10,30 @@ resources: type: redis ``` +## Infrastructure setup + +```mermaid +graph TD; + subgraph VPC + cache["AWS Elasticache"] + + subgraph EKS Cluster + pod[workload pod] + end + end + cache --> pod +``` + +## Orchestrator setup + +```mermaid +graph LR; + workload_1 --> cache_1["cache_1, resource_type: redis"] + workload_2 --> cache_2["cache_2, resource_type: redis"] + workload_2 --> shared.cache_1["shared.cache_1, resource_type: redis"] + workload_3 --> shared.cache_1["shared.cache_1, resource_type: redis"] +``` + ## Requirements diff --git a/examples/s3/README.md b/examples/s3/README.md index 205a3a1..d04bb96 100644 --- a/examples/s3/README.md +++ b/examples/s3/README.md @@ -1,5 +1,6 @@ # Example: s3 resource based on AWS S3 +## Configuration This example configures a [s3](https://developer.humanitec.com/platform-orchestrator/reference/resource-types/#s3) Resource Definition using AWS S3, with two different access policies: * `basic-admin` (full access) @@ -15,9 +16,33 @@ resources: class: basic-admin ``` +## Infrastructure setup +The workload service account will be automatically assigned to the necessary AWS IAM Role with the selected IAM Policy. + +```mermaid +graph TD; + s3["Amazon S3 bucket"] + policy["Amazon IAM Policy"] + role["Amazon IAM Role"] + subgraph EKS Cluster + pod[workload pod] + service[Service Account] + end + policy --> s3 + policy --> role --> service --> pod + s3 --> pod +``` + +## Orchestrator setup The Resource Graph is using [delegator resources](https://developer.humanitec.com/platform-orchestrator/examples/resource-graph-patterns/#delegator-resource) to expose shared resources with different access policies. -The workload service account will automatically be assigned the necessary AWS IAM Role with the selected IAM Policy. +```mermaid +graph LR; + workload_1 --> delegator_1["delegator_1, resource_type: s3", class: basic-read-only] --> shared.s3_1["shared.s3_1, resource_type: s3"] + workload_2 --> delegator_2["delegator_2, resource_type: s3, class: basic-admin"] --> shared.s3_1 + workload_2 --> shared.delegator_1["shared.delegator_1, resource_type: s3, class: basic-read-only"] + workload_3 --> shared.delegator_1 --> shared.s3_2["shared.s3_2, resource_type: s3"] +``` ## Requirements diff --git a/examples/s3/providers.tf b/examples/s3/providers.tf index ead6dab..4173d2a 100644 --- a/examples/s3/providers.tf +++ b/examples/s3/providers.tf @@ -10,4 +10,5 @@ terraform { } -provider "humanitec" {} +provider "humanitec" { +} diff --git a/examples/sqs/README.md b/examples/sqs/README.md index de76bc5..7a046d4 100644 --- a/examples/sqs/README.md +++ b/examples/sqs/README.md @@ -1,5 +1,6 @@ # Example: sqs resource based on AWS SQS +## Configuration This example configures a [sqs](https://developer.humanitec.com/platform-orchestrator/reference/resource-types/#sqs) Resource Definition using AWS SQS, with two different access policies: * `basic-publisher` (allowed to send messages) @@ -15,9 +16,33 @@ resources: class: basic-publisher ``` +## Infrastructure setup +The workload service account will be automatically assigned to the necessary AWS IAM Role with the selected IAM Policy. + +```mermaid +graph TD; + sqs["Amazon SQS queue"] + policy["Amazon IAM Policy"] + role["Amazon IAM Role"] + subgraph EKS Cluster + pod[workload pod] + service[Service Account] + end + policy --> sqs + policy --> role --> service --> pod + sqs --> pod +``` + +## Orchestrator setup The Resource Graph is using [delegator resources](https://developer.humanitec.com/platform-orchestrator/examples/resource-graph-patterns/#delegator-resource) to expose shared resources with different access policies. -The workload service account will automatically be assigned the necessary AWS IAM Role with the selected IAM Policy. +```mermaid +graph LR; + workload_1 --> delegator_1["delegator_1, resource_type: sqs", class: basic-publisher] --> shared.sqs_1["shared.sqs_1, resource_type: sqs"] + workload_2 --> delegator_2["delegator_2, resource_type: sqs, class: basic-consumer"] --> shared.sqs_1 + workload_2 --> shared.delegator_1["shared.delegator_1, resource_type: sqs, class: basic-consumer"] + workload_3 --> shared.delegator_1 --> shared.sqs_2["shared.sqs_2, resource_type: sqs"] +``` ## Requirements diff --git a/examples/sqs/providers.tf b/examples/sqs/providers.tf index ead6dab..4173d2a 100644 --- a/examples/sqs/providers.tf +++ b/examples/sqs/providers.tf @@ -10,4 +10,5 @@ terraform { } -provider "humanitec" {} +provider "humanitec" { +}