# Bifrost Terraform Modules Deploy Bifrost on AWS, GCP, Azure, or any Kubernetes cluster using a single Terraform module. ## Quick Start Reference the module directly from GitHub. Pin to a specific release tag using `?ref=`: ```hcl module "bifrost" { source = "github.com/maximhq/bifrost//terraform/modules/bifrost?ref=terraform/v0.1.0" cloud_provider = "aws" # "aws" | "gcp" | "azure" | "kubernetes" service = "ecs" # AWS: "ecs" | "eks", GCP: "gke" | "cloud-run", Azure: "aks" | "aci", K8s: "deployment" region = "us-east-1" image_tag = "v1.4.6" # Option A: Provide a config.json file config_json_file = "./config.json" # Option B: Build config from Terraform variables (overrides matching keys from file) providers_config = { openai = { keys = [{ value = var.openai_key, weight = 1 }] } } config_store = { enabled = true type = "postgres" config = { host = var.db_host, port = "5432", user = "bifrost", password = var.db_password, db_name = "bifrost" } } } ``` ## Supported Deployments | Cloud | Service | Description | |-------|---------|-------------| | AWS | `ecs` | ECS Fargate with ALB, Secrets Manager, auto-scaling | | AWS | `eks` | EKS with K8s Deployment, PVC for SQLite, HPA | | GCP | `gke` | GKE with K8s Deployment, persistent disk, HPA | | GCP | `cloud-run` | Cloud Run v2 with Secret Manager, auto-scaling | | Azure | `aks` | AKS with K8s Deployment, managed disk, HPA | | Azure | `aci` | Azure Container Instances (single instance, dev/test) | | Kubernetes | `deployment` | Any K8s cluster with Deployment, PVC, HPA, Ingress | ## Configuration Bifrost config can come from two sources simultaneously. Terraform variables override matching keys from the base file. 1. **File-based**: Set `config_json_file` to a path or `config_json` to a raw JSON string. 2. **Variable-based**: Set individual variables (`config_store`, `logs_store`, `providers_config`, `auth_config`, etc.) corresponding to top-level keys in [config.schema.json](../transports/config.schema.json). All 17 top-level config properties from the schema are supported as variables: `encryption_key`, `auth_config`, `client`, `framework`, `providers_config`, `governance`, `mcp`, `vector_store`, `config_store`, `logs_store`, `cluster_config`, `scim_config`, `load_balancer_config`, `guardrails_config`, `plugins`, `audit_logs`, `websocket`. For `scim_config` with `provider = "okta"`, include `config.issuerUrl`, `config.clientId`, `config.clientSecret`, and `config.apiToken`. ## Provider Configuration You only need to configure the Terraform providers for the cloud you are deploying to. For example, deploying to AWS ECS only requires the `aws` provider -- you do not need to configure `google`, `azurerm`, or `kubernetes`. See the [module README](modules/bifrost/README.md#provider-configuration) for provider configuration examples per cloud. ## Testing The module includes native Terraform tests (requires Terraform >= 1.7) that run with mocked providers -- no cloud credentials needed: ```bash cd modules/bifrost terraform init terraform test ``` Tests cover all 7 deployment targets across 10 test files. See the [module README](modules/bifrost/README.md#testing) for details. ## Directory Structure ```text terraform/ modules/bifrost/ # Top-level module (the only thing you call) aws/ # AWS platform (VPC, SG, IAM, Secrets Manager) services/ecs/ # ECS Fargate services/eks/ # EKS + K8s resources gcp/ # GCP platform (VPC, firewall, Secret Manager, SA) services/gke/ # GKE + K8s resources services/cloud-run/ # Cloud Run v2 azure/ # Azure platform (VNet, NSG, Key Vault, identity) services/aks/ # AKS + K8s resources services/aci/ # Azure Container Instances kubernetes/ # Generic K8s (any cluster, no cloud APIs) examples/ aws-ecs/ # Deploy on ECS Fargate gcp-gke/ # Deploy on GKE azure-aks/ # Deploy on AKS kubernetes/ # Deploy on any K8s cluster ``` ## Examples Each example directory contains `main.tf`, `variables.tf`, `outputs.tf`, `terraform.tfvars.example`, and a `README.md`. ```bash cd examples/aws-ecs cp terraform.tfvars.example terraform.tfvars # Edit terraform.tfvars with your values terraform init terraform plan terraform apply ``` ## Key Variables | Variable | Default | Description | |----------|---------|-------------| | `cloud_provider` | (required) | `"aws"`, `"gcp"`, `"azure"`, or `"kubernetes"` | | `service` | (required) | Service type (see table above) | | `region` | (required) | Cloud region | | `image_tag` | `"latest"` | Bifrost Docker image tag | | `desired_count` | `1` | Number of replicas | | `cpu` | `512` | CPU units (ECS) or millicores (K8s) | | `memory` | `1024` | Memory in MB | | `create_load_balancer` | `false` | Create a load balancer | | `enable_autoscaling` | `false` | Enable auto-scaling | | `create_cluster` | `true` | Create new cluster (set `false` to use existing) | | `storage_class_name` | `"standard"` | K8s StorageClass for PVC (generic K8s only) | | `ingress_class_name` | `"nginx"` | Ingress controller class (generic K8s only) | | `ingress_annotations` | `{}` | Ingress annotations (generic K8s only) | ## Outputs | Output | Description | |--------|-------------| | `service_url` | URL to access Bifrost | | `health_check_url` | Health endpoint URL |