tfmodsearch 0.4.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (64) hide show
  1. config.yaml +30 -0
  2. model/tfmod_bge_base_index.pkl +0 -0
  3. modules/terraform-aws-modules/acm.md +312 -0
  4. modules/terraform-aws-modules/alb.md +755 -0
  5. modules/terraform-aws-modules/apigateway-v2.md +450 -0
  6. modules/terraform-aws-modules/app-runner.md +403 -0
  7. modules/terraform-aws-modules/appconfig.md +411 -0
  8. modules/terraform-aws-modules/appsync.md +373 -0
  9. modules/terraform-aws-modules/atlantis.md +489 -0
  10. modules/terraform-aws-modules/autoscaling.md +420 -0
  11. modules/terraform-aws-modules/batch.md +456 -0
  12. modules/terraform-aws-modules/cloudfront.md +765 -0
  13. modules/terraform-aws-modules/cloudwatch.md +1011 -0
  14. modules/terraform-aws-modules/customer-gateway.md +273 -0
  15. modules/terraform-aws-modules/datadog-forwarders.md +643 -0
  16. modules/terraform-aws-modules/dms.md +567 -0
  17. modules/terraform-aws-modules/dynamodb-table.md +565 -0
  18. modules/terraform-aws-modules/ebs-optimized.md +122 -0
  19. modules/terraform-aws-modules/ec2-instance.md +515 -0
  20. modules/terraform-aws-modules/ecr.md +442 -0
  21. modules/terraform-aws-modules/ecs.md +808 -0
  22. modules/terraform-aws-modules/efs.md +433 -0
  23. modules/terraform-aws-modules/eks-pod-identity.md +486 -0
  24. modules/terraform-aws-modules/eks.md +1048 -0
  25. modules/terraform-aws-modules/elasticache.md +661 -0
  26. modules/terraform-aws-modules/elb.md +389 -0
  27. modules/terraform-aws-modules/emr.md +567 -0
  28. modules/terraform-aws-modules/eventbridge.md +479 -0
  29. modules/terraform-aws-modules/fsx.md +538 -0
  30. modules/terraform-aws-modules/global-accelerator.md +482 -0
  31. modules/terraform-aws-modules/iam.md +894 -0
  32. modules/terraform-aws-modules/key-pair.md +248 -0
  33. modules/terraform-aws-modules/kms.md +379 -0
  34. modules/terraform-aws-modules/lambda.md +825 -0
  35. modules/terraform-aws-modules/managed-service-grafana.md +370 -0
  36. modules/terraform-aws-modules/managed-service-prometheus.md +392 -0
  37. modules/terraform-aws-modules/memory-db.md +427 -0
  38. modules/terraform-aws-modules/msk-kafka-cluster.md +783 -0
  39. modules/terraform-aws-modules/network-firewall.md +525 -0
  40. modules/terraform-aws-modules/notify-slack.md +335 -0
  41. modules/terraform-aws-modules/opensearch.md +594 -0
  42. modules/terraform-aws-modules/rds-aurora.md +584 -0
  43. modules/terraform-aws-modules/rds-proxy.md +336 -0
  44. modules/terraform-aws-modules/rds.md +460 -0
  45. modules/terraform-aws-modules/redshift.md +575 -0
  46. modules/terraform-aws-modules/route53.md +581 -0
  47. modules/terraform-aws-modules/s3-bucket.md +759 -0
  48. modules/terraform-aws-modules/secrets-manager.md +347 -0
  49. modules/terraform-aws-modules/security-group.md +512 -0
  50. modules/terraform-aws-modules/sns.md +323 -0
  51. modules/terraform-aws-modules/sqs.md +381 -0
  52. modules/terraform-aws-modules/ssm-parameter.md +285 -0
  53. modules/terraform-aws-modules/step-functions.md +415 -0
  54. modules/terraform-aws-modules/transit-gateway.md +405 -0
  55. modules/terraform-aws-modules/vpc.md +645 -0
  56. modules/terraform-aws-modules/vpn-gateway.md +374 -0
  57. tfmod_mcp_server.py +1131 -0
  58. tfmod_search_cli.py +220 -0
  59. tfmod_search_lib.py +1083 -0
  60. tfmodsearch-0.4.0.dist-info/METADATA +826 -0
  61. tfmodsearch-0.4.0.dist-info/RECORD +64 -0
  62. tfmodsearch-0.4.0.dist-info/WHEEL +4 -0
  63. tfmodsearch-0.4.0.dist-info/entry_points.txt +5 -0
  64. tfmodsearch-0.4.0.dist-info/licenses/LICENSE +21 -0
config.yaml ADDED
@@ -0,0 +1,30 @@
1
+ # TFModSearch MCP Server Configuration
2
+ #
3
+ # Default embedding model: BAAI/bge-base-en-v1.5
4
+ # Model is configured at index build time via CLI --model argument
5
+
6
+ # Logging level for application loggers
7
+ # Third-party loggers (fakeredis, docket, asyncio) are always set to WARNING
8
+ # Valid values: DEBUG, INFO, WARNING, ERROR, CRITICAL
9
+ log_level: INFO
10
+
11
+ # Optional query instruction for BGE models
12
+ # BGE v1.5 works well without instruction, but this can improve short query retrieval
13
+ # Set to null/empty to disable (default), or use the BGE instruction:
14
+ # query_instruction: "Represent this sentence for searching relevant passages: "
15
+ query_instruction: null
16
+
17
+ # Search scoring weights (default values)
18
+ # These control how different search components are weighted
19
+ search_weights:
20
+ # Weight for keyword overlap with IDF weighting
21
+ w_kw: 1.0
22
+
23
+ # Weight for exact module name match boost
24
+ w_exact: 3.0
25
+
26
+ # Weight for BM25 text relevance
27
+ w_bm25: 2.0
28
+
29
+ # Weight for semantic similarity (cosine similarity of embeddings)
30
+ w_sem: 3.0
Binary file
@@ -0,0 +1,312 @@
1
+ # Terraform AWS ACM Module
2
+
3
+ ## Module Information
4
+
5
+ - **Module Name**: `acm`
6
+ - **Source**: `terraform-aws-modules/acm/aws`
7
+ - **GitHub Repository**: https://github.com/terraform-aws-modules/terraform-aws-acm
8
+ - **Terraform Registry**: https://registry.terraform.io/modules/terraform-aws-modules/acm/aws/latest
9
+ - **Latest Version**: 6.3.0
10
+ - **Purpose**: Creates and validates AWS Certificate Manager (ACM) certificates using DNS or email validation
11
+ - **Service**: AWS ACM (AWS Certificate Manager)
12
+ - **Category**: Security, Networking
13
+ - **Keywords**: acm, certificate, ssl, tls, https, dns-validation, route53, cloudfront, wildcard-certificate, alb, nlb, api-gateway, private-ca, certificate-renewal
14
+ - **Use For**: securing web applications with HTTPS, protecting API Gateway custom domains, enabling SSL/TLS for CloudFront distributions, securing ALB/NLB load balancers, implementing wildcard certificates, cross-account certificate/DNS provisioning, automating certificate lifecycle management
15
+
16
+ ## Description
17
+
18
+ This Terraform module creates and manages AWS Certificate Manager (ACM) certificates for securing AWS resources with SSL/TLS encryption. ACM handles the complexity of issuing, storing, and automatically renewing public and private X.509 certificates, eliminating manual certificate management. The module supports both DNS validation (recommended, via Route53) and email validation, and issues either public certificates or private certificates through AWS Private Certificate Authority.
19
+
20
+ The module provides flexible certificate topologies: single domain names, multiple domains via Subject Alternative Names (SANs), and wildcard certificates. It integrates natively with Route53 to auto-create DNS validation records, or supports external DNS providers (Cloudflare, etc.) by disabling internal record creation and supplying validation FQDNs manually. For cross-account setups, the module can be invoked twice with `create_certificate = false` on one instance and `create_route53_records_only = true` on the other, splitting certificate issuance and DNS validation across separate AWS providers/accounts without hand-written `aws_route53_record` resources. For CloudFront distributions, the module supports the mandatory US East (N. Virginia) region via provider aliases or the `region` argument.
21
+
22
+ Additional capabilities include configurable validation timeouts (the underlying AWS provider defaults to a 45-minute wait), certificate transparency logging control, exportable certificates (subject to additional AWS charges), key algorithm selection (RSA/ECDSA), and conditional resource creation via feature flags — a workaround for Terraform's lack of `count` support on module blocks. The module outputs certificate ARNs and validation details for direct consumption by ALB, NLB, CloudFront, and API Gateway resources.
23
+
24
+ ## Key Features
25
+
26
+ - **DNS Validation**: Automatic certificate validation using Route53 DNS records
27
+ - **Email Validation**: Certificate validation via email, including validation domain override
28
+ - **Route53 Integration**: Automated DNS record creation and cleanup for validation
29
+ - **External DNS Support**: Works with external DNS providers (Cloudflare, etc.) via manually supplied FQDNs
30
+ - **Subject Alternative Names (SANs)**: Multiple domains and wildcards in a single certificate
31
+ - **Wildcard Certificates**: Secure all subdomains under a domain with one certificate
32
+ - **CloudFront Compatibility**: US East (N. Virginia) region support via provider alias or `region` argument
33
+ - **Private CA Support**: Issue private certificates via AWS Private Certificate Authority
34
+ - **Cross-Account Splitting**: `create_route53_records_only` mode lets a second module instance create only the validation records under a separate provider/account
35
+ - **Exportable Certificates**: Optional certificate/key export (`export = "ENABLED"`), subject to extra AWS charges
36
+ - **Conditional Creation**: Feature flags (`create_certificate`, `validate_certificate`) to control resource creation, working around module `count` limitations
37
+ - **Validation Timeout Control**: Configurable timeout for validation completion (AWS default is 45 minutes)
38
+ - **Certificate Transparency Logging**: Toggle certificate transparency log inclusion
39
+ - **Key Algorithm Selection**: Choose RSA or ECDSA key algorithms
40
+
41
+ ## Main Use Cases
42
+
43
+ 1. **Web Application Security**: Secure web applications with HTTPS/TLS certificates
44
+ 2. **API Gateway Protection**: SSL/TLS for API Gateway custom domain names
45
+ 3. **CloudFront Distribution Security**: HTTPS certificates for CloudFront CDN
46
+ 4. **Load Balancer Encryption**: TLS termination for ALB and NLB
47
+ 5. **Multi-Domain Certificates**: Single certificate covering multiple domains with SANs
48
+ 6. **Wildcard Domain Coverage**: Secure all subdomains with wildcard certificates
49
+ 7. **Automated Certificate Lifecycle**: Infrastructure as Code for certificate provisioning and renewal
50
+ 8. **Cross-Account Deployments**: Split certificate issuance and DNS validation across AWS accounts
51
+ 9. **Private/Internal PKI**: Issue private certificates via AWS Private CA for internal services
52
+
53
+ ## Submodules
54
+
55
+ This module does not contain submodules. All functionality is provided by the root module (the "cross-account" pattern reuses the same root module twice with different input flags, not a dedicated submodule).
56
+
57
+ ## Main Input Variables
58
+
59
+ | Variable | Type | Default | Description |
60
+ |----------|------|---------|-------------|
61
+ | `create_certificate` | `bool` | `true` | Whether to create the ACM certificate |
62
+ | `domain_name` | `string` | `""` | Domain name for which the certificate should be issued |
63
+ | `subject_alternative_names` | `list(string)` | `[]` | List of domains that should be SANs in the certificate |
64
+ | `validation_method` | `string` | `null` | Validation method: `DNS` or `EMAIL` |
65
+ | `zone_id` | `string` | `""` | Route53 hosted zone ID for DNS validation |
66
+ | `zones` | `map(string)` | `{}` | Map of Route53 zone IDs for additional/SAN domains |
67
+ | `validate_certificate` | `bool` | `true` | Whether to validate the certificate by creating Route53 record(s) |
68
+ | `create_route53_records` | `bool` | `true` | Create DNS validation records internally via Route53; set `false` for external DNS |
69
+ | `create_route53_records_only` | `bool` | `false` | Create only the Route53 validation records (second instance in cross-account pattern) |
70
+ | `distinct_domain_names` | `list(string)` | `[]` | Distinct domains/SANs to validate (used with `create_route53_records_only`) |
71
+ | `acm_certificate_domain_validation_options` | `any` | `{}` | Domain validation options from the ACM certificate (used with `create_route53_records_only`) |
72
+ | `validation_record_fqdns` | `list(string)` | `[]` | External DNS validation record FQDNs (when `create_route53_records = false`) |
73
+ | `wait_for_validation` | `bool` | `true` | Whether to wait for validation to complete before returning |
74
+ | `validation_timeout` | `string` | `null` | Maximum timeout for validation completion (AWS default: 45m) |
75
+ | `validation_allow_overwrite_records` | `bool` | `true` | Allow overwrite of existing Route53 validation records |
76
+ | `dns_ttl` | `number` | `60` | TTL for DNS validation records |
77
+ | `certificate_transparency_logging_preference` | `bool` | `true` | Add certificate to the certificate transparency log |
78
+ | `key_algorithm` | `string` | `null` | Key algorithm (e.g. `RSA_2048`, `EC_secp384r1`) |
79
+ | `export` | `string` | `null` | Whether the certificate can be exported: `ENABLED` or `DISABLED`; incurs additional AWS charges |
80
+ | `private_authority_arn` | `string` | `null` | Private CA ARN for issuing private certificates |
81
+ | `region` | `string` | `null` | AWS region override for created resources (alternative to provider alias) |
82
+ | `tags` | `map(string)` | `{}` | Tags to assign to the certificate |
83
+
84
+ ## Main Outputs
85
+
86
+ | Output | Description |
87
+ |--------|-------------|
88
+ | `acm_certificate_arn` | The ARN of the certificate |
89
+ | `acm_certificate_status` | Status of the certificate |
90
+ | `acm_certificate_domain_validation_options` | Attributes for completing certificate validation (feed into downstream/cross-account instances) |
91
+ | `validation_route53_record_fqdns` | List of FQDNs for validation records |
92
+ | `distinct_domain_names` | List of distinct domain names used for validation |
93
+ | `validation_domains` | List of domain validation options (useful for wildcard SANs) |
94
+ | `acm_certificate_validation_emails` | Addresses that received validation email (EMAIL validation only) |
95
+
96
+ ## Usage Examples
97
+
98
+ ### Example 1: DNS Validation with Route53
99
+
100
+ ```hcl
101
+ module "acm" {
102
+ source = "terraform-aws-modules/acm/aws"
103
+ version = "~> 6.0"
104
+
105
+ domain_name = "example.com"
106
+ zone_id = "Z2ES7B9AZ6SHAE"
107
+
108
+ subject_alternative_names = [
109
+ "*.example.com",
110
+ "app.example.com"
111
+ ]
112
+
113
+ validation_method = "DNS"
114
+ wait_for_validation = true
115
+
116
+ tags = {
117
+ Name = "example.com"
118
+ Environment = "production"
119
+ }
120
+ }
121
+
122
+ # Use certificate with ALB
123
+ resource "aws_lb_listener" "https" {
124
+ load_balancer_arn = aws_lb.main.arn
125
+ port = 443
126
+ protocol = "HTTPS"
127
+ ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06"
128
+ certificate_arn = module.acm.acm_certificate_arn
129
+
130
+ default_action {
131
+ type = "forward"
132
+ target_group_arn = aws_lb_target_group.main.arn
133
+ }
134
+ }
135
+ ```
136
+
137
+ ### Example 2: CloudFront Certificate (US East Region)
138
+
139
+ ```hcl
140
+ provider "aws" {
141
+ alias = "us-east-1"
142
+ region = "us-east-1"
143
+ }
144
+
145
+ module "acm_cloudfront" {
146
+ source = "terraform-aws-modules/acm/aws"
147
+ version = "~> 6.0"
148
+
149
+ providers = {
150
+ aws = aws.us-east-1
151
+ }
152
+
153
+ domain_name = "cdn.example.com"
154
+ zone_id = "Z2ES7B9AZ6SHAE"
155
+
156
+ subject_alternative_names = ["*.cdn.example.com"]
157
+ validation_method = "DNS"
158
+
159
+ tags = {
160
+ Name = "CloudFront Certificate"
161
+ Service = "CDN"
162
+ }
163
+ }
164
+
165
+ resource "aws_cloudfront_distribution" "main" {
166
+ # ... other configuration ...
167
+
168
+ viewer_certificate {
169
+ acm_certificate_arn = module.acm_cloudfront.acm_certificate_arn
170
+ ssl_support_method = "sni-only"
171
+ minimum_protocol_version = "TLSv1.2_2021"
172
+ }
173
+ }
174
+ ```
175
+
176
+ ### Example 3: External DNS (Cloudflare, etc.)
177
+
178
+ ```hcl
179
+ module "acm" {
180
+ source = "terraform-aws-modules/acm/aws"
181
+ version = "~> 6.0"
182
+
183
+ domain_name = "example.com"
184
+ subject_alternative_names = ["*.example.com"]
185
+
186
+ validation_method = "DNS"
187
+ create_route53_records = false
188
+ wait_for_validation = false
189
+
190
+ tags = {
191
+ Name = "External DNS Certificate"
192
+ }
193
+ }
194
+
195
+ # Output validation records to create in external DNS
196
+ output "validation_records" {
197
+ description = "DNS records to create for certificate validation"
198
+ value = module.acm.acm_certificate_domain_validation_options
199
+ }
200
+ ```
201
+
202
+ ### Example 4: Cross-Account (Separate ACM and Route53 Providers)
203
+
204
+ ```hcl
205
+ provider "aws" {
206
+ alias = "acm"
207
+ # ACM account credentials
208
+ }
209
+
210
+ provider "aws" {
211
+ alias = "route53"
212
+ # Route53 account credentials
213
+ }
214
+
215
+ # Issue the certificate in the ACM account; do not create Route53 records here
216
+ module "acm" {
217
+ source = "terraform-aws-modules/acm/aws"
218
+ version = "~> 6.0"
219
+
220
+ providers = {
221
+ aws = aws.acm
222
+ }
223
+
224
+ domain_name = "example.com"
225
+ subject_alternative_names = [
226
+ "*.example.com",
227
+ ]
228
+
229
+ validation_method = "DNS"
230
+
231
+ create_route53_records = false
232
+ validation_record_fqdns = module.route53_records.validation_route53_record_fqdns
233
+ }
234
+
235
+ # Create only the validation records, in the Route53 account
236
+ module "route53_records" {
237
+ source = "terraform-aws-modules/acm/aws"
238
+ version = "~> 6.0"
239
+
240
+ providers = {
241
+ aws = aws.route53
242
+ }
243
+
244
+ create_certificate = false
245
+ create_route53_records_only = true
246
+
247
+ validation_method = "DNS"
248
+
249
+ zone_id = "Z2ES7B9AZ6SHAE"
250
+ distinct_domain_names = module.acm.distinct_domain_names
251
+
252
+ acm_certificate_domain_validation_options = module.acm.acm_certificate_domain_validation_options
253
+ }
254
+ ```
255
+
256
+ ## Best Practices
257
+
258
+ ### Certificate Design
259
+
260
+ 1. **Use DNS Validation**: Prefer DNS validation for automated certificate lifecycle and renewal
261
+ 2. **Plan SANs Upfront**: Include all required domains when creating the certificate; they cannot be added after creation without replacing the certificate
262
+ 3. **CloudFront Region**: Always create CloudFront certificates in the US East (N. Virginia) region (via provider alias or `region` argument)
263
+ 4. **Wildcard Strategy**: Use wildcard certificates for subdomains to reduce certificate count
264
+ 5. **Private CA for Internal Services**: Use `private_authority_arn` with AWS Private CA for internal/service-mesh TLS instead of public certificates
265
+
266
+ ### Security
267
+
268
+ 1. **Certificate Transparency**: Keep `certificate_transparency_logging_preference = true` for public trust requirements
269
+ 2. **Modern TLS Policies**: Use TLS 1.2+ policies on load balancers (e.g., `ELBSecurityPolicy-TLS13-1-2-2021-06`)
270
+ 3. **Avoid Certificate Pinning**: Don't pin ACM certificates due to automatic renewal; pin to Amazon root CAs if needed
271
+ 4. **Restrict Exportability**: Leave `export = null` (disabled) unless the certificate/key genuinely needs to leave ACM; exportable certificates cost more and widen the exposure surface
272
+ 5. **CloudTrail Monitoring**: Enable CloudTrail to audit certificate lifecycle events
273
+
274
+ ### Operations
275
+
276
+ 1. **Keep Validation Records**: Maintain DNS validation records permanently — ACM re-validates them for automatic renewal
277
+ 2. **Wait for Validation**: Use `wait_for_validation = true` in production to ensure certificates are valid before dependent resources are created
278
+ 3. **CI/CD Pipelines**: Set `wait_for_validation = false` to avoid blocking pipelines on the default 45-minute AWS validation timeout
279
+ 4. **Validation Timeout**: Set `validation_timeout` explicitly if DNS propagation is slow or the default 45-minute wait is too short/long for your workflow
280
+ 5. **Infrastructure as Code**: Manage certificates through Terraform for reproducibility and audit trails
281
+
282
+ ### Cost
283
+
284
+ 1. **Free Certificates**: ACM public certificates are free; you pay only for the resources that use them
285
+ 2. **Use SNI**: Always use SNI for CloudFront to avoid dedicated IP charges ($600/month)
286
+ 3. **Consolidate with Wildcards**: Use wildcard certificates to cover multiple subdomains efficiently
287
+ 4. **Exportable Certificates Cost Extra**: Avoid `export = "ENABLED"` unless required — it incurs additional AWS charges
288
+
289
+ ## Additional Resources
290
+
291
+ - **Module Repository**: https://github.com/terraform-aws-modules/terraform-aws-acm
292
+ - **Terraform Registry**: https://registry.terraform.io/modules/terraform-aws-modules/acm/aws/latest
293
+ - **Module Examples**: https://github.com/terraform-aws-modules/terraform-aws-acm/tree/master/examples
294
+ - **AWS ACM Documentation**: https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html
295
+ - **ACM Best Practices**: https://docs.aws.amazon.com/acm/latest/userguide/acm-bestpractices.html
296
+ - **DNS Validation**: https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html
297
+ - **CloudFront and ACM**: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.html
298
+ - **AWS Private CA**: https://docs.aws.amazon.com/privateca/latest/userguide/PcaWelcome.html
299
+
300
+ ## Notes for AI Agents
301
+
302
+ When using this module in automated workflows:
303
+
304
+ 1. **DNS Validation Preferred**: Always use DNS validation with Route53 for fully automated certificate management
305
+ 2. **Wait for Validation**: Set `wait_for_validation = true` to ensure certificates are valid before dependent resources; set it `false` in CI/CD to avoid the 45-minute default timeout blocking pipelines
306
+ 3. **CloudFront Region**: Use a US East (N. Virginia) provider alias or the `region` argument for CloudFront certificates
307
+ 4. **Keep Validation Records**: DNS validation records must remain in place for automatic renewal to work
308
+ 5. **Plan SANs**: Include all domains upfront; certificates cannot be modified in place after creation
309
+ 6. **External DNS**: Set `create_route53_records = false` and supply `validation_record_fqdns` for external DNS providers (e.g. Cloudflare)
310
+ 7. **Certificate ARN**: Always surface `acm_certificate_arn` as a module output for use in ALB, CloudFront, and API Gateway resources
311
+ 8. **Cross-Account**: Use two module instances — one with `create_route53_records = false` (issues the certificate) and one with `create_route53_records_only = true` (creates only the validation records) — each under a distinct provider alias, rather than hand-writing `aws_route53_record` resources
312
+ 9. **Exportable Certificates**: Only set `export = "ENABLED"` when the certificate/key must leave ACM; it adds cost and security exposure