AWS Modules

The AWS Terraform modules provision AWS-specific infrastructure for the MATIH platform: EKS clusters, RDS databases, S3 storage, Bedrock AI services, and networking resources.

Source: infrastructure/terraform/modules/aws/

Module Inventory

Module	Path	Description
Kubernetes Control Plane	`aws/kubernetes/control-plane/`	EKS cluster with managed nodegroups
RDS	`aws/rds/`	Amazon RDS for PostgreSQL
S3	`aws/s3/`	S3 buckets for data lake and artifacts
Bedrock	`aws/bedrock/`	Amazon Bedrock model access configuration
Networking	`aws/networking/`	VPC, subnets, security groups
Governance	`aws/governance/`	IAM policies and compliance

EKS Cluster Module

Key Resources

Resource	Purpose
`aws_eks_cluster`	EKS cluster with OIDC provider
`aws_eks_node_group`	Managed nodegroups for workloads
`aws_ecr_repository`	Elastic Container Registry
`aws_iam_role`	IRSA roles for pod identity

Nodegroup Configuration

Nodegroup	Instance Type	Purpose
system	m5.xlarge	System components
application	m5.2xlarge	Application workloads
gpu	p3.2xlarge	ML/AI GPU workloads

RDS Module

Resource	Purpose
`aws_db_instance`	RDS PostgreSQL instance
`aws_db_subnet_group`	Database subnet group
`aws_secretsmanager_secret`	Database credentials

S3 Module

Bucket	Purpose
Data lake	Iceberg table storage
Artifacts	MLflow artifacts, pipeline outputs
Backups	Database backup storage

Bedrock Module

Provisions access to Amazon Bedrock foundation models:

Resource	Purpose
`aws_bedrock_model_invocation_logging_configuration`	Enable model invocation logging
IAM policy	Grant model access to service accounts

Networking Module

Resource	Purpose
`aws_vpc`	Platform VPC
`aws_subnet`	Public, private, and database subnets
`aws_security_group`	Network security rules
`aws_nat_gateway`	Outbound internet for private subnets

Azure Modules -- Azure equivalents
GCP Modules -- GCP equivalents
Tenant Modules -- Per-tenant provisioning

Azure Modules GCP Modules