diff --git a/examples/mpc-network-consumer/main.tf b/examples/mpc-network-consumer/main.tf
index 4befa36..dd60fcf 100644
--- a/examples/mpc-network-consumer/main.tf
+++ b/examples/mpc-network-consumer/main.tf
@@ -4,10 +4,6 @@
module "vpc_endpoint_consumer" {
source = "git::https://github.com/zama-ai/terraform-mpc-modules.git//modules/vpc-endpoint-consumer?ref=v0.1.7"
- # Network environment configuration
- network_environment = var.network_environment
- enable_region_validation = var.enable_region_validation
-
# Partner services configuration
party_services = var.party_services
@@ -18,7 +14,6 @@ module "vpc_endpoint_consumer" {
security_group_ids = var.security_group_ids
# VPC Interface Endpoint configuration
- endpoint_policy = null
private_dns_enabled = var.private_dns_enabled
route_table_ids = []
diff --git a/examples/mpc-network-consumer/terraform.tfvars.example b/examples/mpc-network-consumer/terraform.tfvars.example
index 4f317ec..0b5fa81 100644
--- a/examples/mpc-network-consumer/terraform.tfvars.example
+++ b/examples/mpc-network-consumer/terraform.tfvars.example
@@ -1,9 +1,5 @@
# AWS Configuration
-aws_region = "eu-west-1"
-enable_region_validation = false
-
-# Network Environment Configuration
-network_environment = "testnet"
+aws_region = "eu-west-1"
# Cluster Configuration
cluster_name = "zws-dev"
diff --git a/examples/mpc-network-consumer/variables.tf b/examples/mpc-network-consumer/variables.tf
index 4f4780c..8304aab 100644
--- a/examples/mpc-network-consumer/variables.tf
+++ b/examples/mpc-network-consumer/variables.tf
@@ -1,15 +1,3 @@
-# Network Environment Configuration
-variable "network_environment" {
- description = "MPC network environment that determines region constraints"
- type = string
- default = "testnet"
-
- validation {
- condition = contains(["testnet", "mainnet"], var.network_environment)
- error_message = "Network environment must be either 'testnet' or 'mainnet'."
- }
-}
-
variable "aws_region" {
description = "AWS region where resources will be created"
type = string
@@ -22,12 +10,6 @@ variable "aws_profile" {
default = "token-zws-dev"
}
-variable "enable_region_validation" {
- type = bool
- description = "Whether to enable region validation"
- default = true
-}
-
# MPC Cluster Configuration
variable "cluster_name" {
description = "Name of the MPC cluster"
@@ -38,7 +20,7 @@ variable "cluster_name" {
variable "namespace" {
description = "Kubernetes namespace for partner services"
type = string
- default = "mpc-partners"
+ default = "kms-decentralized"
}
diff --git a/examples/mpc-party/main.tf b/examples/mpc-party/main.tf
index aed045b..f18d2c4 100644
--- a/examples/mpc-party/main.tf
+++ b/examples/mpc-party/main.tf
@@ -7,8 +7,7 @@ module "mpc_party" {
source = "git::https://github.com/zama-ai/terraform-mpc-modules.git//modules/mpc-party?ref=v0.1.7"
# Network environment configuration
- network_environment = var.network_environment
- enable_region_validation = var.enable_region_validation
+ network_environment = var.network_environment
# Party configuration
party_id = var.party_id
@@ -77,33 +76,24 @@ module "mpc_party" {
nitro_enclaves_override_memory_mib = var.nitro_enclaves_override_memory_mib
# RDS Configuration
- enable_rds = var.enable_rds
- rds_db_name = var.rds_db_name
- rds_create_monitoring_role = var.rds_create_monitoring_role
- rds_manage_master_user_password = var.rds_manage_master_user_password
- rds_username = var.rds_username
- rds_engine = var.rds_engine
- rds_engine_version = var.rds_engine_version
- rds_instance_class = var.rds_instance_class
- rds_allocated_storage = var.rds_allocated_storage
- rds_max_allocated_storage = var.rds_max_allocated_storage
- rds_multi_az = var.rds_multi_az
- rds_backup_retention_period = var.rds_backup_retention_period
- rds_maintenance_window = var.rds_maintenance_window
- rds_monitoring_interval = var.rds_monitoring_interval
- rds_monitoring_role_arn = var.rds_monitoring_role_arn
- rds_performance_insights_enabled = var.rds_performance_insights_enabled
- rds_performance_insights_kms_key_id = var.rds_performance_insights_kms_key_id
- rds_performance_insights_retention_period = var.rds_performance_insights_retention_period
- rds_blue_green_update_enabled = var.rds_blue_green_update_enabled
- rds_parameters = var.rds_parameters
- rds_snapshot_identifier = var.rds_snapshot_identifier
- rds_final_snapshot_enabled = var.rds_final_snapshot_enabled
- rds_k8s_secret_name = var.rds_k8s_secret_name
- rds_k8s_secret_namespace = var.rds_k8s_secret_namespace
- rds_allowed_cidr_blocks = var.rds_allowed_cidr_blocks
- rds_vpc_id = var.rds_vpc_id
- rds_deletion_protection = var.rds_deletion_protection
+ enable_rds = var.enable_rds
+ rds_db_name = var.rds_db_name
+ rds_create_monitoring_role = var.rds_create_monitoring_role
+ rds_username = var.rds_username
+ rds_engine = var.rds_engine
+ rds_engine_version = var.rds_engine_version
+ rds_instance_class = var.rds_instance_class
+ rds_allocated_storage = var.rds_allocated_storage
+ rds_max_allocated_storage = var.rds_max_allocated_storage
+ rds_multi_az = var.rds_multi_az
+ rds_backup_retention_period = var.rds_backup_retention_period
+ rds_maintenance_window = var.rds_maintenance_window
+ rds_monitoring_interval = var.rds_monitoring_interval
+ rds_monitoring_role_arn = var.rds_monitoring_role_arn
+ rds_parameters = var.rds_parameters
+ rds_allowed_cidr_blocks = var.rds_allowed_cidr_blocks
+ rds_vpc_id = var.rds_vpc_id
+ rds_deletion_protection = var.rds_deletion_protection
# Tagging
common_tags = merge(var.additional_tags, {
diff --git a/examples/mpc-party/terraform.tfvars.example b/examples/mpc-party/terraform.tfvars.example
index d8b6bd3..08726e5 100644
--- a/examples/mpc-party/terraform.tfvars.example
+++ b/examples/mpc-party/terraform.tfvars.example
@@ -2,8 +2,7 @@
network_environment = "testnet"
# AWS Configuration
-aws_region = "eu-west-1"
-enable_region_validation = false
+aws_region = "eu-west-1"
# MPC Party Configuration
party_id = 1
@@ -37,10 +36,8 @@ additional_tags = {
# RDS Configuration
enable_rds = true
-rds_prefix = "zama" # Use your organization prefix here
rds_db_name = "kmsconnector"
rds_username = "kmsconnector"
-rds_enable_master_password_rotation = true # To change to 'false' on second apply only (there is a bug when initializing the value to 'false')
rds_deletion_protection = false # Allow deletion of RDS instance
# Node Group Configuration
diff --git a/examples/mpc-party/variables.tf b/examples/mpc-party/variables.tf
index fa19e2f..a8efe03 100644
--- a/examples/mpc-party/variables.tf
+++ b/examples/mpc-party/variables.tf
@@ -22,12 +22,6 @@ variable "aws_profile" {
default = "token-zws-dev"
}
-variable "enable_region_validation" {
- type = bool
- description = "Whether to enable region validation"
- default = true
-}
-
# MPC Party Configuration
variable "party_id" {
description = "Party ID for the MPC service"
@@ -82,7 +76,7 @@ variable "cluster_name" {
variable "namespace" {
description = "Kubernetes namespace for MPC party resources"
type = string
- default = "mpc-party"
+ default = "kms-decentralized"
}
variable "service_account_name" {
@@ -286,12 +280,6 @@ variable "rds_username" {
default = "kmsconnector"
}
-variable "rds_manage_master_user_password" {
- description = "Whether to manage the master user password"
- type = bool
- default = false
-}
-
variable "rds_engine" {
description = "Engine for the RDS database"
type = string
@@ -358,30 +346,6 @@ variable "rds_monitoring_role_arn" {
default = null
}
-variable "rds_performance_insights_enabled" {
- description = "Whether to enable performance insights for the RDS database"
- type = bool
- default = false
-}
-
-variable "rds_performance_insights_kms_key_id" {
- description = "KMS key ID for performance insights"
- type = string
- default = null
-}
-
-variable "rds_performance_insights_retention_period" {
- description = "Retention period for performance insights"
- type = number
- default = 7
-}
-
-variable "rds_blue_green_update_enabled" {
- description = "Whether to enable blue-green update for the RDS database"
- type = bool
- default = false
-}
-
variable "use_eks_cluster_authentication" {
description = "Whether to use EKS cluster authentication"
type = bool
@@ -394,30 +358,6 @@ variable "rds_parameters" {
default = []
}
-variable "rds_snapshot_identifier" {
- description = "Snapshot identifier for the RDS database"
- type = string
- default = null
-}
-
-variable "rds_final_snapshot_enabled" {
- description = "Whether to enable final snapshot for the RDS database"
- type = bool
- default = false
-}
-
-variable "rds_k8s_secret_name" {
- description = "Name of the Kubernetes secret for the RDS database"
- type = string
- default = "rds-credentials"
-}
-
-variable "rds_k8s_secret_namespace" {
- description = "Namespace of the Kubernetes secret for the RDS database"
- type = string
- default = "mpc-party"
-}
-
variable "rds_allowed_cidr_blocks" {
description = "Allowed CIDR blocks for the RDS database"
type = list(string)
diff --git a/modules/mpc-party/README.md b/modules/mpc-party/README.md
index 76e51c9..022f131 100644
--- a/modules/mpc-party/README.md
+++ b/modules/mpc-party/README.md
@@ -352,7 +352,7 @@ The module can optionally create:
| [create\_nodegroup](#input\_create\_nodegroup) | Whether to create an EKS managed node group | `bool` | `false` | no |
| [create\_service\_account](#input\_create\_service\_account) | Whether to create the Kubernetes service account (should be false when using IRSA as IRSA creates it) | `bool` | `true` | no |
| [enable\_rds](#input\_enable\_rds) | Whether to create the RDS instance | `bool` | `true` | no |
-| [k8s\_namespace](#input\_k8s\_namespace) | The Kubernetes namespace for MPC party resources | `string` | n/a | yes |
+| [k8s\_namespace](#input\_k8s\_namespace) | The Kubernetes namespace for MPC party resources | `string` | `"kms-decentralized"` | no |
| [k8s\_service\_account\_name](#input\_k8s\_service\_account\_name) | The name of the Kubernetes service account for MPC party | `string` | n/a | yes |
| [kms\_backup\_external\_role\_arn](#input\_kms\_backup\_external\_role\_arn) | ARN of the backup vault for the KMS key | `string` | `null` | no |
| [kms\_backup\_vault\_customer\_master\_key\_spec](#input\_kms\_backup\_vault\_customer\_master\_key\_spec) | Key spec for the backup vault | `string` | `"ASYMMETRIC_DEFAULT"` | no |
diff --git a/modules/mpc-party/variables.tf b/modules/mpc-party/variables.tf
index 03d3fbf..40fc801 100644
--- a/modules/mpc-party/variables.tf
+++ b/modules/mpc-party/variables.tf
@@ -44,6 +44,7 @@ variable "cluster_name" {
variable "k8s_namespace" {
type = string
description = "The Kubernetes namespace for MPC party resources"
+ default = "kms-decentralized"
}
variable "create_namespace" {
diff --git a/modules/vpc-endpoint-consumer/README.md b/modules/vpc-endpoint-consumer/README.md
index 2044000..9caf2b7 100644
--- a/modules/vpc-endpoint-consumer/README.md
+++ b/modules/vpc-endpoint-consumer/README.md
@@ -44,7 +44,7 @@ No modules.
| [endpoint\_create\_timeout](#input\_endpoint\_create\_timeout) | Timeout for creating VPC interface endpoints | `string` | `"10m"` | no |
| [endpoint\_delete\_timeout](#input\_endpoint\_delete\_timeout) | Timeout for deleting VPC interface endpoints | `string` | `"10m"` | no |
| [name\_prefix](#input\_name\_prefix) | Prefix for naming VPC interface endpoint resources | `string` | `"mpc-partner"` | no |
-| [namespace](#input\_namespace) | Kubernetes namespace where partner services will be created | `string` | `"mpc-partners"` | no |
+| [namespace](#input\_namespace) | Kubernetes namespace where partner services will be created | `string` | `"kms-decentralized"` | no |
| [party\_services](#input\_party\_services) | List of partner MPC services to connect to via VPC interface endpoints | list(object({
name = string
region = string
party_id = string
account_id = optional(string, null)
partner_name = optional(string, null)
vpc_endpoint_service_name = string
ports = optional(list(object({
name = string
port = number
target_port = number
protocol = string
})), null)
availability_zones = optional(list(string), null)
create_kube_service = optional(bool, true)
kube_service_config = optional(object({
additional_annotations = optional(map(string), {})
labels = optional(map(string), {})
session_affinity = optional(string, "None")
}), {})
})) | n/a | yes |
| [private\_dns\_enabled](#input\_private\_dns\_enabled) | Whether to enable private DNS for the VPC interface endpoints | `bool` | `false` | no |
| [private\_zone\_id](#input\_private\_zone\_id) | Route53 private hosted zone ID for custom DNS records | `string` | `""` | no |
diff --git a/modules/vpc-endpoint-consumer/variables.tf b/modules/vpc-endpoint-consumer/variables.tf
index 9242715..4754f0f 100644
--- a/modules/vpc-endpoint-consumer/variables.tf
+++ b/modules/vpc-endpoint-consumer/variables.tf
@@ -102,7 +102,7 @@ variable "endpoint_delete_timeout" {
variable "namespace" {
description = "Kubernetes namespace where partner services will be created"
type = string
- default = "mpc-partners"
+ default = "kms-decentralized"
}
variable "create_namespace" {
diff --git a/modules/vpc-endpoint-provider/README.md b/modules/vpc-endpoint-provider/README.md
index b2caad5..4c64995 100644
--- a/modules/vpc-endpoint-provider/README.md
+++ b/modules/vpc-endpoint-provider/README.md
@@ -46,7 +46,7 @@ No modules.
| [enable\_region\_validation](#input\_enable\_region\_validation) | Whether to enable region validation | `bool` | `true` | no |
| [kubernetes\_nlb\_extra\_labels](#input\_kubernetes\_nlb\_extra\_labels) | Extra labels to add to the Kubernetes NLB | `map(string)` | `{}` | no |
| [mainnet\_supported\_regions](#input\_mainnet\_supported\_regions) | AWS regions supported by the VPC endpoint service for mainnet | `list(string)` | [
"eu-west-1"
]
| no |
-| [namespace](#input\_namespace) | Kubernetes namespace where MPC services will be deployed | `string` | `"mpc-cluster"` | no |
+| [namespace](#input\_namespace) | Kubernetes namespace where MPC services will be deployed | `string` | `"kms-decentralized"` | no |
| [network\_environment](#input\_network\_environment) | MPC network environment that determines region constraints | `string` | `"testnet"` | no |
| [partner\_name](#input\_partner\_name) | Partner name for the MPC service | `string` | n/a | yes |
| [party\_id](#input\_party\_id) | Party ID for the MPC service | `string` | n/a | yes |
diff --git a/modules/vpc-endpoint-provider/variables.tf b/modules/vpc-endpoint-provider/variables.tf
index c720276..a35fa4f 100644
--- a/modules/vpc-endpoint-provider/variables.tf
+++ b/modules/vpc-endpoint-provider/variables.tf
@@ -54,7 +54,7 @@ variable "tags" {
variable "namespace" {
description = "Kubernetes namespace where MPC services will be deployed"
type = string
- default = "mpc-cluster"
+ default = "kms-decentralized"
}
variable "create_namespace" {