AWS AutoMQ BYOC Environment Terrafrom module

This module is designed for deploying the AutoMQ BYOC (Bring Your Own Cloud) environment using the AWS Provider within an AWS cloud environment.

Upon completion of the installation, the module will output the endpoint of the AutoMQ BYOC environment along with the initial username and password. Users can manage the resources within the environment through the following two methods:

• Using the Web UI to manage resources: This method allows users to manage instances, topics, ACLs, and other resources through a web-ui.
• Using Terraform to manage resources: This method requires users to access the AutoMQ BYOC environment via a web browser for the first time to create a Service Account. Subsequently, users can manage resources within the environment using the Service Account's Access Key and the AutoMQ Terraform Provider.

For managing instances, topics, and other resources within the AutoMQ BYOC environment using the AutoMQ Terraform Provider, please refer to the documentation.

Prerequisites: Subscribe to AutoMQ Service on AWS Marketplace

Before setting up the environment, you need to subscribe to the AutoMQ service on AWS Marketplace. This subscription is necessary for subsequent Terraform calls. You can find the AutoMQ product page by clicking this link.

Once you access the product page, click "Continue to Subscribe."

Agree to the terms and conditions to complete the service subscription.

Module Usage

Use this module to install the AutoMQ BYOC environment, supporting two modes:

• Create a new VPC: Recommended only for POC or other testing scenarios. In this mode, the user only needs to specify the region, and resources including VPC, Endpoint, Security Group, S3 Bucket, etc., will be created. After testing, all resources can be destroyed with one click.
• Using an existing VPC: Recommended for production environments. In this mode, the user needs to provide a VPC, subnet, and S3 Bucket that meet the requirements. AutoMQ will deploy the BYOC environment console to the user-specified subnet.

Create a new VPC

module "automq_byoc" {
  source = "AutoMQ/automq-byoc-environment/aws"

  # Set the identifier for the environment to be installed. This ID will be used for naming internal resources. The environment ID supports only uppercase and lowercase English letters, numbers, and hyphens (-). It must start with a letter and is limited to a length of 32 characters.
  automq_byoc_env_id                       = "example" 

  # Set the target regionId of aws
  cloud_provider_region                    = "ap-southeast-1"  
}

# Necessary outputs
output "automq_byoc_env_id" {
  description = "This parameter is used to create resources within the environment."
  value = module.automq-byoc.automq_byoc_env_id
}

output "automq_byoc_endpoint" {
  description = "Address accessed by AutoMQ BYOC service"
  value = module.automq-byoc.automq_byoc_endpoint
}

output "automq_byoc_initial_username" {
  description = "The initial username for the AutoMQ environment console. It has the `EnvironmentAdmin` role permissions. This account is used to log in to the environment, create ServiceAccounts, and manage other resources. For detailed information about environment members, please refer to the [documentation](https://docs.automq.com/automq-cloud/manage-identities-and-access/member-accounts)."
  value = "admin"
}

output "automq_byoc_initial_password" {
  description = "The initial password for the AutoMQ environment console. This account is used to log in to the environment, create ServiceAccounts, and manage other resources. For detailed information about environment members, please refer to the [documentation](https://docs.automq.com/automq-cloud/manage-identities-and-access/member-accounts)."
  value = module.automq-byoc.automq_byoc_initial_password
}

output "automq_byoc_vpc_id" {
  description = "The VPC ID for the AutoMQ environment deployment."
  value = module.automq-byoc.automq_byoc_vpc_id
}

output "automq_byoc_instance_id" {
  description = "AutoMQ BYOC Console instance ID."
  value = module.automq-byoc.automq_byoc_instance_id
}

Using an existing VPC

To install the AutoMQ BYOC environment using an existing VPC, ensure your existing VPC meets the necessary requirements. You can find the detailed requirements in the Prepare VPC Documents.

module "automq_byoc" {
  source = "AutoMQ/automq-byoc-environment/aws"
  
  # Set the identifier for the environment to be installed. This ID will be used for naming internal resources. The environment ID supports only uppercase and lowercase English letters, numbers, and hyphens (-). It must start with a letter and is limited to a length of 32 characters.  
  automq_byoc_env_id                       = "example"

  # Set the target regionId of aws    
  cloud_provider_region                    = "ap-southeast-1" 

  # Set this switch to false, use existed vpc  
  create_new_vpc                           = false   

  # Set this existed vpc
  automq_byoc_vpc_id                       = "vpc-022xxxx54103b"  

  # Set the subnet for deploying the AutoMQ environment console. This subnet must support internet access, and EC2 instances created within this subnet must be able to access the internet.
  automq_byoc_env_console_public_subnet_id = "subnet-09500xxxxxb6fd28"  
  
}

# Necessary outputs
output "automq_byoc_env_id" {
  description = "This parameter is used to create resources within the environment."
  value = module.automq-byoc.automq_byoc_env_id
}

output "automq_byoc_endpoint" {
  description = "Address accessed by AutoMQ BYOC service"
  value = module.automq-byoc.automq_byoc_endpoint
}

output "automq_byoc_initial_username" {
  description = "The initial username for the AutoMQ environment console. It has the `EnvironmentAdmin` role permissions. This account is used to log in to the environment, create ServiceAccounts, and manage other resources. For detailed information about environment members, please refer to the [documentation](https://docs.automq.com/automq-cloud/manage-identities-and-access/member-accounts)."
  value = "admin"
}

output "automq_byoc_initial_password" {
  description = "The initial password for the AutoMQ environment console. This account is used to log in to the environment, create ServiceAccounts, and manage other resources. For detailed information about environment members, please refer to the [documentation](https://docs.automq.com/automq-cloud/manage-identities-and-access/member-accounts)."
  value = module.automq-byoc.automq_byoc_initial_password
}

output "automq_byoc_vpc_id" {
  description = "The VPC ID for the AutoMQ environment deployment."
  value = module.automq-byoc.automq_byoc_vpc_id
}

output "automq_byoc_instance_id" {
  description = "AutoMQ BYOC Console instance ID."
  value = module.automq-byoc.automq_byoc_instance_id
}

After deployment is complete, you can refer to the output to obtain information such as the AutoMQ environment console endpoint, initial username, and initial password.

Helpful Links/Information

• Report Bugs

• AutoMQ Cloud Documents

• Request Features

Requirements

Name	Version
terraform	>= 1.0
aws	>= 5.30

Providers

Name	Version
aws	>= 5.30

Modules

Name	Source	Version
automq_byoc_data_bucket_name	terraform-aws-modules/s3-bucket/aws	4.1.2
automq_byoc_ops_bucket_name	terraform-aws-modules/s3-bucket/aws	4.1.2
automq_byoc_vpc	terraform-aws-modules/vpc/aws	5.0.0

Resources

Name	Type
aws_ebs_volume.data_volume	resource
aws_iam_instance_profile.automq_byoc_instance_profile	resource
aws_iam_policy.automq_byoc_policy	resource
aws_iam_role.automq_byoc_role	resource
aws_iam_role_policy_attachment.automq_byoc_role_attachment	resource
aws_instance.automq_byoc_console	resource
aws_route53_zone.private_r53	resource
aws_security_group.automq_byoc_console_sg	resource
aws_security_group.vpc_endpoint_sg	resource
aws_volume_attachment.data_volume_attachment	resource
aws_vpc_endpoint.ec2_endpoint	resource
aws_vpc_endpoint.s3_endpoint	resource
aws_ami.marketplace_ami_details	data source
aws_availability_zones.available_azs	data source
aws_ssm_parameter.marketplace_ami	data source
aws_subnet.public_subnet_info	data source
aws_vpc.vpc_id	data source

Inputs

Name	Description	Type	Default	Required
automq_byoc_env_id	The unique identifier of the AutoMQ environment. This parameter is used to create resources within the environment. Additionally, all cloud resource names will incorporate this parameter as part of their names. This parameter supports only numbers, uppercase and lowercase English letters, and hyphens. It must start with a letter and is limited to a length of 32 characters.	string	n/a	yes
cloud_provider_region	Set the cloud provider's region. AutoMQ will deploy to this region.	string	n/a	yes
create_new_vpc	This setting determines whether to create a new VPC. If set to true, a new VPC spanning three availability zones will be automatically created, which is recommended only for POC scenarios. For production scenario using AutoMQ, you should provide the VPC where the current Kafka application resides and check the current VPC against the requirements specified in the Prepare VPC Documents.	bool	true	no
automq_byoc_vpc_id	When the create_new_vpc parameter is set to false, this parameter needs to be set. Specify an existing VPC where AutoMQ will be deployed. When providing an existing VPC, ensure that the VPC meets AutoMQ's requirements.	string	""	no
automq_byoc_env_console_public_subnet_id	When the create_new_vpc parameter is set to false, this parameter needs to be set. Select a subnet for deploying the AutoMQ BYOC environment console. Ensure that the chosen subnet supports public access.	string	""	no
automq_byoc_env_console_cidr	Set CIDR block to restrict the source IP address range for accessing the AutoMQ environment console. If not set, the default is 0.0.0.0/0.	string	"0.0.0.0/0"	no
automq_byoc_data_bucket_name	Set the existed S3 bucket used to store message data generated by applications. If this parameter is not set, a new S3 bucket will be automatically created. The message data Bucket must be separate from the Ops Bucket.	string	""	no
automq_byoc_ops_bucket_name	Set the existed S3 bucket used to store AutoMQ system logs and metrics data for system monitoring and alerts. If this parameter is not set, a new S3 bucket will be automatically created. This Bucket does not contain any application business data. The Ops Bucket must be separate from the message data Bucket.	string	""	no
automq_byoc_ec2_instance_type	Set the EC2 instance type; this parameter is used only for deploying the AutoMQ environment console. You need to provide an EC2 instance type with at least 2 cores and 8 GB of memory.	string	"t3.large"	no
automq_byoc_env_version	Set the version for the AutoMQ BYOC environment console. It is recommended to keep the default value, which is the latest version. Historical release note reference document.	string	"latest"	no
specified_ami_by_marketplace	The parameter defaults to true, which means the AMI will be obtained from AWS Marketplace. If you wish to use a custom AMI, set this parameter to false and specify the automq_byoc_env_console_ami parameter with your custom AMI ID.	bool	true	no
automq_byoc_env_console_ami	When parameter specified_ami_by_marketplace set to false, this parameter must set a custom AMI to deploy automq console.	string	""	no

Outputs

Name	Description
automq_byoc_env_id	This parameter is used to create resources within the environment. Additionally, all cloud resource names will incorporate this parameter as part of their names. This parameter supports only numbers, uppercase and lowercase English letters, and hyphens. It must start with a letter and is limited to a length of 32 characters.
automq_byoc_endpoint	The endpoint for the AutoMQ environment console. Users can set this endpoint to the AutoMQ Terraform Provider to manage resources through Terraform. Additionally, users can access this endpoint via web browser, log in, and manage resources within the environment using the WebUI.
automq_byoc_initial_username	The initial username for the AutoMQ environment console. It has the EnvironmentAdmin role permissions. This account is used to log in to the environment, create ServiceAccounts, and manage other resources. For detailed information about environment members, please refer to the documentation.
automq_byoc_initial_password	The initial password for the AutoMQ environment console. This account is used to log in to the environment, create ServiceAccounts, and manage other resources. For detailed information about environment members, please refer to the documentation.
automq_byoc_vpc_id	The VPC ID for the AutoMQ environment deployment.
automq_byoc_instance_id	The EC2 instance id for AutoMQ Console.