Terraform module which creates AWS MWAA resources and connects them together.
Use this code to create a basic MWAA environment (using all default parameters, see Inputs):
module "airflow" {
source = "idealo/mwaa/aws"
version = "x.x.x"
account_id = "12345679"
environment_name = "MyEnvironment"
internet_gateway_id = "ig-12345"
private_subnet_cidrs = ["10.0.1.0/24","10.0.2.0/24"] # depending on your vpc ip range
public_subnet_cidrs = ["10.0.3.0/24","10.0.4.0/24"] # depending on your vpc ip range
region = "us-west-1"
source_bucket_arn = "arn:aws:s3:::MyMwaaBucket"
vpc_id = "vpc-12345"
}To give additional permissions to your airflow executions role (e.g. elasticmapreduce:CreateJobFlow to start an EMR cluster), create a Policy document containing the permissions you need:
data aws_iam_policy_document "additional_execution_policy_doc" {
statement {
effect = "Allow"
actions = [
"<Your permissions>"
]
resources = [
"<YourResource>"]
}
}and pass the document json to the module:
module "airflow" {
...
additional_execution_role_policy_document_json = data.aws_iam_policy_document.additional_execution_policy_doc.json
...
}Simply upload the plugins.zip to s3 and pass the relative path inside the MWAA bucket to the plugins_s3_path parameter.
If you zip and upload it via terraform, this would look like this:
module "airflow" {
...
plugins_s3_path = aws_s3_bucket_object.your_plugin.key
...
}| Name | Version |
|---|---|
| terraform | ~>1.0.0 |
| aws | ~> 3.0 |
| Name | Version |
|---|---|
| aws | 3.60.0 |
No modules.
| Name | Type |
|---|---|
| aws_eip.this | resource |
| aws_iam_role.this | resource |
| aws_iam_role_policy.this | resource |
| aws_mwaa_environment.this | resource |
| aws_nat_gateway.this | resource |
| aws_route_table.private | resource |
| aws_route_table.public | resource |
| aws_route_table_association.private | resource |
| aws_route_table_association.public | resource |
| aws_security_group.this | resource |
| aws_subnet.private | resource |
| aws_subnet.public | resource |
| aws_iam_policy_document.assume | data source |
| aws_iam_policy_document.base | data source |
| aws_iam_policy_document.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| account_id | Account ID of the account in which MWAA will be started | string |
n/a | yes |
| additional_execution_role_policy_document_json | Additional permissions to attach to the base mwaa execution role | string |
"{}" |
no |
| airflow_configuration_options | additional configuration to overwrite airflows standard config | map(string) |
{} |
no |
| airflow_version | Airflow version to be used | string |
"2.0.2" |
no |
| dag_s3_path | Relative path of the dags folder within the source bucket | string |
"/dags" |
no |
| environment_class | n/a | string |
"mw1.small" |
no |
| environment_name | Name of the MWAA environment | string |
n/a | yes |
| internet_gateway_id | ID of the internet gateway to the VPC | any |
n/a | yes |
| max_workers | n/a | string |
"10" |
no |
| min_workers | n/a | string |
"1" |
no |
| plugins_s3_object_version | n/a | any |
null |
no |
| plugins_s3_path | relative path of the plugins.zip within the source bucket | string |
null |
no |
| private_subnet_cidrs | CIDR blocks for the private subnets MWAA uses. Must be at least 2 | list(string) |
n/a | yes |
| public_subnet_cidrs | CIDR blocks for the public subnets MWAA uses. Must be at least 2 | list(string) |
n/a | yes |
| region | AWS Region where the environment and its resources will be created | string |
n/a | yes |
| requirements_s3_object_version | n/a | any |
null |
no |
| requirements_s3_path | relative path of the requirements.txt (incl. filename) within the source bucket | string |
null |
no |
| source_bucket_arn | ARN of the bucket in which DAGs, Plugin and Requirements are put | string |
n/a | yes |
| tags | n/a | map(string) |
{} |
no |
| vpc_id | VPC id of the VPC in which the environments resources are created | any |
n/a | yes |
| webserver_access_mode | Default: PRIVATE_ONLY | string |
null |
no |
| Name | Description |
|---|---|
| mwaa_arn | n/a |