Terraform Modules — AWS
This repository contains the OpenTofu (Terraform-compatible) modules used to provision and manage AWS infrastructure for Cogrion workspaces.
What It Does
When a tenant creates an AWS-backed workspace, the platform provisions real cloud infrastructure: a VPC, an EKS cluster, IAM roles, and optionally an RDS database. These are not Helm charts or Kubernetes resources — they are AWS resources managed through the AWS API. The modules in this repository are what makes that happen.
Each module is self-contained and addresses one layer of the infrastructure stack. Modules higher up the stack declare dependencies on outputs from lower-level modules — for example, the EKS module takes the VPC ID as an input, and the IRSA module takes the EKS cluster's OIDC provider ARN.
Where These Modules Are Used
Workspace Provisioning (Cogrion side). When the infrastructure resources that define a workspace (VPC, EKS cluster) are applied, the Temporal worker runs OpenTofu directly against the AWS API. The Temporal worker clones this repo at execution time and runs the relevant module.
In-Cluster Infrastructure (Agent side). Some stack resources — such as IRSA roles scoped to a specific application namespace — are provisioned by the Cluster Agent rather than the Temporal worker. The agent clones this repo and runs the module inside the tenant cluster, with state stored in an S3 bucket configured on the agent.
Implementation
Repo:
terraform-workspace-infra-aws
Go Deeper
- Core Platform → Temporal
- Core Platform → BYOC Model
- Terraform Modules — AliCloud