AWS Components
Reference for every AWS offer in the Fractal Cloud catalogue. Parameters and their required flags are sourced from the agent param contract (FRA-2955); each offer includes a fully-parameterized JSON example.
APIManagement
APIManagement.CaaS.Ambassador
Ambassador is an open-source API gateway built on Envoy that provides advanced traffic management, authentication, and routing capabilities for containerized workloads on Kubernetes.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| host | The hostname for the Ambassador service | ambassador.example.com | No |
| hostOwnerEmail | Email address of the host owner for certificate renewal notifications | admin@example.com | Yes |
| acmeProviderAuthority | ACME certificate authority endpoint for TLS certificate provisioning | https://acme-v02.api.letsencrypt.org/directory | Yes |
| tlsSecretName | Kubernetes secret name containing TLS certificate data | ambassador-tls-secret | Yes |
| licenseKey | Optional Ambassador license key for commercial features | license-key-string | No |
| namespace | Kubernetes namespace where Ambassador will be deployed | ambassador | Yes |
Example (fully parameterized):
{
"type": "APIManagement.CaaS.Ambassador",
"parameters": {
"host": "ambassador.example.com",
"hostOwnerEmail": "admin@example.com",
"acmeProviderAuthority": "https://acme-v02.api.letsencrypt.org/directory",
"tlsSecretName": "ambassador-tls-secret",
"licenseKey": "",
"namespace": "ambassador"
}
}
APIManagement.CaaS.Traefik
Traefik is a modern reverse proxy and load balancer that automatically discovers services and provides dynamic routing, SSL/TLS termination, and advanced security features for cloud-native applications.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| entryPoints | List of network entry points (ports/protocols) where Traefik listens for incoming traffic | ["http:8080", "https:8443"] | Yes |
| hostname | Hostname for Traefik dashboard and routing configuration | traefik.example.com | No |
| loadbalancerIp | Static IP address to assign to the Traefik load balancer service | 10.0.1.100 | No |
| oidcIssuerUrl | OpenID Connect issuer URL for authentication | https://auth.example.com | Conditional — part of the all-or-nothing OIDC config group |
| oidcClientId | OIDC client identifier | traefik-client-id | Conditional — part of the all-or-nothing OIDC config group |
| oidcClientSecretId | Secret identifier for OIDC client credentials | oidc-secret-id | Conditional — part of the all-or-nothing OIDC config group |
| forwardAuthSecretId | Secret identifier for forward authentication configuration | forward-auth-secret-id | Conditional — part of the all-or-nothing OIDC config group |
| securityHeadersSettings | Map of HTTP security headers to apply to all responses | {} | No |
| tlsCertificates | List of TLS certificate configurations | [] | No |
| tlsSettings | TLS/SSL settings such as minimum version and cipher suites | {} | No |
| tracing | Distributed tracing configuration for monitoring request flows | {} | No |
| namespace | Kubernetes namespace where Traefik will be deployed | traefik | Yes |
Example (fully parameterized):
{
"type": "APIManagement.CaaS.Traefik",
"parameters": {
"entryPoints": ["http:8080", "https:8443"],
"hostname": "",
"loadbalancerIp": "",
"oidcIssuerUrl": "",
"oidcClientId": "",
"oidcClientSecretId": "",
"forwardAuthSecretId": "",
"securityHeadersSettings": {},
"tlsCertificates": [],
"tlsSettings": {},
"tracing": {},
"namespace": "traefik"
}
}
APIManagement.PaaS.CloudFront
Amazon CloudFront is a content delivery network (CDN) service that caches and serves content from edge locations around the world, providing low-latency access and DDoS protection.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| originDomain | The domain name or IP address of the origin server where content is stored | example.com or api.example.com | No |
| comment | Human-readable description of the CloudFront distribution | Managed by Fractal Cloud | No |
Example (fully parameterized):
{
"type": "APIManagement.PaaS.CloudFront",
"parameters": {
"originDomain": "",
"comment": "Managed by Fractal Cloud"
}
}
APIManagement.SaaS.Unmanaged
A placeholder for external or pre-existing API management solutions not directly provisioned by Fractal Cloud. Stores connection details and credentials in a secret.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| secretName | Name or identifier of the secret storing credentials | api-mgmt-secret | No |
| secretValue | The secret value (credentials, connection string, etc.) | secret-content | Yes |
Example (fully parameterized):
{
"type": "APIManagement.SaaS.Unmanaged",
"parameters": {
"secretName": "",
"secretValue": "secret-content"
}
}
BigData
BigData.CaaS.MinioTenant
MinIO is a high-performance, S3-compatible object storage system deployable on Kubernetes. Provides distributed object storage with strong consistency and security.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| minioVersion | MinIO release version | RELEASE.2025-03-12T18-04-18Z | No |
| servers | Number of MinIO servers in the distributed cluster | 4 | No |
| volumesPerServer | Number of storage volumes per server | 4 | No |
| volumeSize | Storage volume size per server (Kubernetes resource quantity) | 100Gi | No |
| storageClass | Kubernetes storage class for persistent volumes | empty string (cluster default) | No |
| cpuRequest | Requested CPU per MinIO pod | 500m | No |
| cpuLimit | Maximum CPU per MinIO pod | 2 | No |
| memoryRequest | Requested memory per MinIO pod | 1Gi | No |
| memoryLimit | Maximum memory per MinIO pod | 4Gi | No |
| requestAutoCert | Automatically generate self-signed TLS certificates | true | No |
| namespace | Kubernetes namespace for MinIO deployment | minio | Yes |
Example (fully parameterized):
{
"type": "BigData.CaaS.MinioTenant",
"parameters": {
"minioVersion": "RELEASE.2025-03-12T18-04-18Z",
"servers": 4,
"volumesPerServer": 4,
"volumeSize": "100Gi",
"storageClass": "",
"cpuRequest": "500m",
"cpuLimit": "2",
"memoryRequest": "1Gi",
"memoryLimit": "4Gi",
"requestAutoCert": true,
"namespace": "minio"
}
}
BigData.CaaS.SparkCluster
Apache Spark cluster for distributed data processing and analytics on Kubernetes. Provides driver and executor pods for parallel computation.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| sparkVersion | Apache Spark version | 3.5.3 | No |
| image | Container image URI for Spark pods | apache/spark:3.5.3 | No |
| driverCores | Number of CPU cores for the Spark driver pod | 1 | No |
| driverMemory | Memory allocated to the Spark driver pod | 1g | No |
| executorCores | Number of CPU cores per executor pod | 2 | No |
| executorMemory | Memory allocated to each executor pod | 2g | No |
| executorInstances | Number of executor pods to launch | 2 | No |
| sparkOperatorName | Name of the Spark Operator deployment managing this cluster | spark-operator | Yes |
| namespace | Kubernetes namespace for Spark cluster | spark | Yes |
Example (fully parameterized):
{
"type": "BigData.CaaS.SparkCluster",
"parameters": {
"sparkVersion": "3.5.3",
"image": "apache/spark:3.5.3",
"driverCores": "1",
"driverMemory": "1g",
"executorCores": "2",
"executorMemory": "2g",
"executorInstances": 2,
"sparkOperatorName": "spark-operator",
"namespace": "spark"
}
}
BigData.CaaS.SparkJob
A Spark job submission to a Spark cluster or standalone Spark operator, supporting batch processing, scheduled execution, and multiple application types.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| type | Spark application type | Java, Python, Scala | No |
| mode | Spark deployment mode | cluster or client | No |
| image | Container image URI for the Spark job | apache/spark:3.5.3 | No |
| mainClass | Fully qualified class name for Java/Scala applications | com.example.MyApp | No |
| mainApplicationFile | Path or URI to the application JAR, Python script, or other artifact | s3://bucket/app.jar | No |
| arguments | List of command-line arguments passed to the application | ["arg1", "arg2"] | No |
| sparkVersion | Apache Spark version | 3.5.3 | No |
| sparkConf | Spark configuration properties as key-value pairs | {} | No |
| driverCores | Number of CPU cores for the driver | 1 | No |
| driverMemory | Memory for the driver | 1g | No |
| executorCores | Number of CPU cores per executor | 2 | No |
| executorMemory | Memory per executor | 2g | No |
| executorInstances | Number of executors | 2 | No |
| restartPolicy | Pod restart policy on failure | Never, OnFailure | No |
| maxRetries | Maximum number of retries on failure | 3 | No |
| schedule | Cron schedule for periodic execution (blank = one-time) | 0 0 * * * | No |
| concurrencyPolicy | How to handle concurrent executions | Allow, Forbid, Replace | No |
| sparkOperatorName | Name of the Spark Operator deployment | spark-operator | Yes |
| namespace | Kubernetes namespace | spark | Yes |
Example (fully parameterized):
{
"type": "BigData.CaaS.SparkJob",
"parameters": {
"type": "Java",
"mode": "cluster",
"image": "apache/spark:3.5.3",
"mainClass": "com.example.MyApp",
"mainApplicationFile": "s3://bucket/app.jar",
"arguments": [],
"sparkVersion": "3.5.3",
"sparkConf": {},
"driverCores": "1",
"driverMemory": "1g",
"executorCores": "2",
"executorMemory": "2g",
"executorInstances": 2,
"restartPolicy": "Never",
"maxRetries": 3,
"schedule": "",
"concurrencyPolicy": "Forbid",
"sparkOperatorName": "spark-operator",
"namespace": "spark"
}
}
BigData.CaaS.SparkMlExperiment
MLflow experiment tracking service for machine learning workflows on Kubernetes. Provides artifact storage and metrics logging for ML experiments.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| mlflowVersion | MLflow server version | 2.21.3 | No |
| backendStoreUri | Backend store URI for MLflow metadata (SQLite, PostgreSQL, etc.) | sqlite:///mlflow/mlflow.db | No |
| artifactRoot | Root directory for storing artifacts | /mlflow/artifacts | No |
| replicas | Number of MLflow server replicas | 2 | No |
| cpuRequest | Requested CPU per MLflow pod | 250m | No |
| cpuLimit | Maximum CPU per MLflow pod | 1 | No |
| memoryRequest | Requested memory per MLflow pod | 512Mi | No |
| memoryLimit | Maximum memory per MLflow pod | 1Gi | No |
| servicePort | Port number for MLflow UI and API | 5000 | No |
| namespace | Kubernetes namespace | mlflow | Yes |
Example (fully parameterized):
{
"type": "BigData.CaaS.SparkMlExperiment",
"parameters": {
"mlflowVersion": "2.21.3",
"backendStoreUri": "sqlite:///mlflow/mlflow.db",
"artifactRoot": "/mlflow/artifacts",
"replicas": 2,
"cpuRequest": "250m",
"cpuLimit": "1",
"memoryRequest": "512Mi",
"memoryLimit": "1Gi",
"servicePort": 5000,
"namespace": "mlflow"
}
}
BigData.CaaS.SparkOperator
Spark Operator manages Spark applications as Kubernetes custom resources. Provides cluster-wide Spark job orchestration and monitoring.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| operatorVersion | Spark Operator version | 2.5.0 | No |
| sparkVersion | Default Spark version used by the operator | 3.5.3 | No |
| enableWebhook | Enable Kubernetes webhook for Spark application validation | true | No |
| enableMetrics | Enable Prometheus metrics collection from Spark jobs | true | No |
| namespace | Kubernetes namespace for operator deployment | spark-operator | Yes |
Example (fully parameterized):
{
"type": "BigData.CaaS.SparkOperator",
"parameters": {
"operatorVersion": "2.5.0",
"sparkVersion": "3.5.3",
"enableWebhook": true,
"enableMetrics": true,
"namespace": "spark-operator"
}
}
BigData.CaaS.SparkUnityCatalog
Unity Catalog metadata layer for Apache Spark, providing centralized governance, data discovery, and access control across data lakes and warehouses.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| unityCatalogVersion | Unity Catalog version | 0.3.0 | No |
| replicas | Number of Unity Catalog service replicas | 2 | No |
| cpuRequest | Requested CPU per pod | 250m | No |
| cpuLimit | Maximum CPU per pod | 1 | No |
| memoryRequest | Requested memory per pod | 512Mi | No |
| memoryLimit | Maximum memory per pod | 1Gi | No |
| namespace | Kubernetes namespace | unity-catalog | Yes |
Example (fully parameterized):
{
"type": "BigData.CaaS.SparkUnityCatalog",
"parameters": {
"unityCatalogVersion": "0.3.0",
"replicas": 2,
"cpuRequest": "250m",
"cpuLimit": "1",
"memoryRequest": "512Mi",
"memoryLimit": "1Gi",
"namespace": "unity-catalog"
}
}
BigData.PaaS.Databricks
Managed Databricks workspace on AWS. Provides a unified analytics platform for data engineering, data science, and BI workloads.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| accountId | Databricks account ID (Cross-account metadata store) | 123456789012 | Conditional — required on first reconcile unless already published to the accountId output field |
| pricingTier | Databricks pricing tier | premium or standard | No |
| credentialsId | AWS credentials configuration identifier | databricks-creds-id | Yes |
| storageConfigurationId | AWS storage configuration (S3 bucket) identifier | storage-config-id | Yes |
| networkId | VPC network configuration identifier for private networks | `` | No |
Example (fully parameterized):
{
"type": "BigData.PaaS.Databricks",
"parameters": {
"accountId": "",
"pricingTier": "premium",
"credentialsId": "databricks-creds-id",
"storageConfigurationId": "storage-config-id",
"networkId": ""
}
}
BigData.PaaS.DatabricksCluster
A Databricks compute cluster for running Spark workloads. Supports autoscaling, data security modes, and custom configurations.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| clusterName | Friendly name for the cluster | prod-cluster | No |
| sparkVersion | Databricks Runtime version (Spark + extensions) | 13.3.x-scala2.12 | No |
| nodeTypeId | AWS instance type for cluster nodes | i3.xlarge | No |
| numWorkers | Initial number of worker nodes | 2 | No |
| minWorkers | Minimum workers for autoscaling | 1 | No |
| maxWorkers | Maximum workers for autoscaling | 8 | No |
| sparkConf | Spark configuration properties | {} | No |
| pypiLibraries | List of PyPI package specifications | [] | No |
| mavenLibraries | List of Maven coordinates for JVM libraries | [] | No |
| autoTerminationMinutes | Minutes of inactivity before auto-shutdown | 60 | No |
| dataSecurityMode | Data security mode for cluster | SINGLE_USER, USER_ISOLATION, NONE | No |
Example (fully parameterized):
{
"type": "BigData.PaaS.DatabricksCluster",
"parameters": {
"clusterName": "",
"sparkVersion": "",
"nodeTypeId": "",
"numWorkers": 2,
"minWorkers": 1,
"maxWorkers": 8,
"sparkConf": {},
"pypiLibraries": [],
"mavenLibraries": [],
"autoTerminationMinutes": 60,
"dataSecurityMode": "SINGLE_USER"
}
}
BigData.PaaS.DatabricksJob
A job configured in Databricks for scheduled or triggered task execution. Supports multiple task types: notebook, Python, SQL, JAR, and wheel.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| jobName | Display name for the job | daily-etl | No |
| taskType | Type of task to execute | NOTEBOOK, PYTHON, SQL, SPARK_JAR, python_wheel | No |
| notebookPath | Path to notebook for NOTEBOOK task type | /Users/user@example.com/etl_notebook | Conditional — required for the NOTEBOOK task type |
| pythonFile | Path to Python file for PYTHON task type | s3://bucket/script.py | Conditional — required for the PYTHON task type |
| mainClassName | Main class for SPARK_JAR task type | com.example.Main | Conditional — required for the SPARK_JAR task type |
| jarUri | S3 URI to JAR file | s3://bucket/app.jar | No |
| parameters | Command-line parameters for the task | [] | No |
| cronSchedule | Cron expression for scheduled execution | 0 0 * * * | No |
| maxRetries | Maximum number of automatic retries | 0 | No |
| existingCluster | Use existing cluster ID instead of provisioning | false | No |
| artifactType | Type of artifact (wheel, jar, etc.) | wheel or jar | No |
| artifactUri | S3 URI to artifact | s3://bucket/artifact.whl | No |
| packageName | Package name for wheel artifacts | my_package | No |
| entryPoint | Entry point function for python_wheel | my_module:main | Conditional — required for the python_wheel task |
| entryPointArgs | Arguments for the entry point | [] | No |
| sparkVersion | Spark version for job cluster | 14.3.x-scala2.12 | No |
| nodeTypeId | Instance type for job cluster | i3.xlarge | No |
Example (fully parameterized):
{
"type": "BigData.PaaS.DatabricksJob",
"parameters": {
"jobName": "",
"taskType": "",
"notebookPath": "",
"pythonFile": "",
"mainClassName": "",
"jarUri": "",
"parameters": [],
"cronSchedule": "",
"maxRetries": 0,
"existingCluster": false,
"artifactType": "",
"artifactUri": "",
"packageName": "",
"entryPoint": "",
"entryPointArgs": [],
"sparkVersion": "14.3.x-scala2.12",
"nodeTypeId": "i3.xlarge"
}
}
BigData.PaaS.DatabricksMlflowExperiment
An MLflow experiment within Databricks for tracking machine learning runs, metrics, and artifacts.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| experimentName | Fully qualified experiment name in Databricks | /Shared/my-experiment | Yes |
| artifactLocation | DBFS or S3 path for storing experiment artifacts | /mnt/artifacts or s3://bucket/artifacts | No |
Example (fully parameterized):
{
"type": "BigData.PaaS.DatabricksMlflowExperiment",
"parameters": {
"experimentName": "/Shared/my-experiment",
"artifactLocation": ""
}
}
BigData.PaaS.S3
Amazon S3 object storage bucket for data storage and archival. Supports versioning and lifecycle policies.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| bucket | S3 bucket name (globally unique) | my-data-bucket-12345 | Yes |
| versioning | Enable S3 object versioning | false | No |
| forceDestroy | Allow deletion of non-empty bucket | false | No |
Example (fully parameterized):
{
"type": "BigData.PaaS.S3",
"parameters": {
"bucket": "my-data-bucket-12345",
"versioning": false,
"forceDestroy": false
}
}
BigData.SaaS.Unmanaged
A placeholder for external or pre-existing big data platforms not directly provisioned by Fractal Cloud.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| secretName | Name of the secret storing credentials | bigdata-secret | No |
| secretValue | The secret value (connection string, credentials, etc.) | secret-content | Yes |
Example (fully parameterized):
{
"type": "BigData.SaaS.Unmanaged",
"parameters": {
"secretName": "",
"secretValue": "secret-content"
}
}
CustomWorkloads
CustomWorkloads.CaaS.KubernetesWorkload
A Kubernetes workload (Deployment, StatefulSet, DaemonSet, etc.) deployed via GitOps from a Git repository. Supports environment-specific configuration and secret injection.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| sshRepositoryURI | SSH URI to the Git repository | git@github.com:org/repo.git | Yes |
| repoId | Repository identifier for organization/filtering | repo-name | Yes |
| branchName | Git branch to deploy from | main or production | Yes |
| privateSSHKeySecretId | Secret ID for Git SSH private key | git-ssh-key-id | No |
| privateSSHKeyEnvironmentSecretShortName | Environment variable name for SSH key path | SSH_KEY_PATH | No |
| privateSSHKeyPassphraseSecretId | Secret ID for SSH key passphrase | ssh-passphrase-id | No |
| privateSSHKeyPassphraseEnvironmentSecretShortName | Environment variable name for SSH passphrase | SSH_PASSPHRASE | No |
| ciCdProfileShortName | CI/CD profile identifier for build/deploy configuration | default-profile | No |
| environmentSecretShortNames | List of environment secret identifiers to inject | ["db-secret", "api-secret"] | No |
| roles | List of RBAC roles to assign to the workload | [] | No |
| workloadSecretIdKey | Secret key name for workload ID | WORKLOAD_ID | No |
| workloadSecretPasswordKey | Secret key name for workload password | WORKLOAD_PASSWORD | No |
| workloadIdentityEnabled | Enable Kubernetes workload identity for cloud authentication | true | No |
| namespace | Kubernetes namespace for deployment | default | Yes |
Example (fully parameterized):
{
"type": "CustomWorkloads.CaaS.KubernetesWorkload",
"parameters": {
"sshRepositoryURI": "git@github.com:org/repo.git",
"repoId": "repo-name",
"branchName": "main",
"privateSSHKeySecretId": "",
"privateSSHKeyEnvironmentSecretShortName": "",
"privateSSHKeyPassphraseSecretId": "",
"privateSSHKeyPassphraseEnvironmentSecretShortName": "",
"ciCdProfileShortName": "",
"environmentSecretShortNames": [],
"roles": [],
"workloadSecretIdKey": "",
"workloadSecretPasswordKey": "",
"workloadIdentityEnabled": true,
"namespace": "default"
}
}
CustomWorkloads.FaaS.AwsLambda
AWS Lambda serverless function for event-driven compute. Supports container images and ZIP packages with configurable runtime, memory, and timeout.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| functionName | Name of the Lambda function | my-function | No |
| runtime | Execution runtime | java21, python3.11, nodejs20.x | No |
| handler | Handler function for ZIP packages | index.handler or com.example.Handler::handleRequest | Conditional — required for the zip-packaged path |
| roleArn | IAM role ARN for Lambda execution | arn:aws:iam::123456789012:role/lambda-role | Conditional — required unless the environment supplies a Lambda execution role |
| sourceArtifact | OCI artifact reference (image URI or S3 location) | 123456789012.dkr.ecr.us-east-1.amazonaws.com/my-func:latest | Conditional — required unless the legacy codeBase64 inline zip is supplied |
| packageType | Package type classification | image or zip | No |
| codeBase64 | Base64-encoded ZIP file (deprecated) | UEsDBAoAA... | Conditional — deprecated legacy inline zip source; required unless sourceArtifact is supplied |
| environment | Environment variables passed to the function | {"DB_HOST": "localhost"} | No |
| memoryMb | Memory allocation for function | 128 to 10240 | No |
| timeoutSeconds | Maximum execution time | 3 to 900 | No |
Example (fully parameterized):
{
"type": "CustomWorkloads.FaaS.AwsLambda",
"parameters": {
"functionName": "",
"runtime": "java21",
"handler": "",
"roleArn": "",
"sourceArtifact": "",
"packageType": "",
"codeBase64": "",
"environment": {},
"memoryMb": 128,
"timeoutSeconds": 3
}
}
CustomWorkloads.SaaS.Unmanaged
A placeholder for external or pre-existing serverless/workload platforms not directly provisioned by Fractal Cloud.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| secretName | Name of the secret storing credentials | workload-secret | No |
| secretValue | The secret value (credentials, API key, etc.) | secret-content | Yes |
Example (fully parameterized):
{
"type": "CustomWorkloads.SaaS.Unmanaged",
"parameters": {
"secretName": "",
"secretValue": "secret-content"
}
}
Messaging
Messaging.CaaS.Kafka
Apache Kafka message broker on Kubernetes for high-throughput, durable publish-subscribe messaging. Includes storage, replication, and consumer group management.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| replicas | Number of Kafka broker replicas in the cluster | 5 | No |
| kafkaVersion | Kafka version | 4.2.0 | No |
| memoryRequest | Requested memory per Kafka broker pod | 16Gi | No |
| memoryLimit | Maximum memory per Kafka broker pod | 32Gi | No |
| cpuRequest | Requested CPU per Kafka broker pod | 4 | No |
| cpuLimit | Maximum CPU per Kafka broker pod | 8 | No |
| storageSize | Size of persistent storage per broker | 1Ti | No |
| namespace | Kubernetes namespace | kafka | Yes |
Example (fully parameterized):
{
"type": "Messaging.CaaS.Kafka",
"parameters": {
"replicas": 5,
"kafkaVersion": "4.2.0",
"memoryRequest": "16Gi",
"memoryLimit": "32Gi",
"cpuRequest": "4",
"cpuLimit": "8",
"storageSize": "1Ti",
"namespace": "kafka"
}
}
Messaging.CaaS.KafkaTopic
A Kafka topic for organizing messages by subject or stream. Configurable partitions, replication factor, and retention policies.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| partitions | Number of partitions for parallel processing | 50 | No |
| replicas | Replication factor for durability | 2 | No |
| retentionMs | Message retention period in milliseconds | 172800000 (2 days) | No |
| clusterName | Name of the Kafka cluster this topic belongs to | kafka-cluster | Yes |
| namespace | Kubernetes namespace | kafka | Yes |
Example (fully parameterized):
{
"type": "Messaging.CaaS.KafkaTopic",
"parameters": {
"partitions": 50,
"replicas": 2,
"retentionMs": 172800000,
"clusterName": "kafka-cluster",
"namespace": "kafka"
}
}
Messaging.CaaS.KafkaUser
A Kafka user account with ACL (Access Control List) permissions. Configures authentication and authorization for client access.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| acls | List of ACL rules defining topic/group access | [] | No |
| clusterName | Name of the Kafka cluster | kafka-cluster | Yes |
| namespace | Kubernetes namespace | kafka | Yes |
Example (fully parameterized):
{
"type": "Messaging.CaaS.KafkaUser",
"parameters": {
"acls": [],
"clusterName": "kafka-cluster",
"namespace": "kafka"
}
}
Messaging.SaaS.Unmanaged
A placeholder for external or pre-existing messaging platforms not directly provisioned by Fractal Cloud.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| secretName | Name of the secret storing credentials | messaging-secret | No |
| secretValue | The secret value (connection string, credentials, etc.) | secret-content | Yes |
Example (fully parameterized):
{
"type": "Messaging.SaaS.Unmanaged",
"parameters": {
"secretName": "",
"secretValue": "secret-content"
}
}
NetworkAndCompute
NetworkAndCompute.CaaS.ECSService
AWS ECS (Elastic Container Service) service that manages containerized workload replicas across an ECS cluster. Handles task placement and scaling.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| desiredCount | Number of task replicas to maintain | 1 | No |
| launchType | Compute launch type | FARGATE, EC2 | No |
| assignPublicIp | Assign public IP addresses to tasks | false | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.CaaS.ECSService",
"parameters": {
"desiredCount": 1,
"launchType": "FARGATE",
"assignPublicIp": false
}
}
NetworkAndCompute.CaaS.ECSTaskDefinition
ECS task definition that specifies container images, resource allocation, logging, and environment configuration for containerized tasks.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| cpu | CPU units allocated per task | 256, 512, 1024, 2048 | No |
| memory | Memory in MB allocated per task | 512, 1024, 2048 | No |
| networkMode | Docker network mode | bridge, host, awsvpc | No |
| containerName | Name of the container within the task | app-container | No |
| containerImage | Container image URI | 123456789012.dkr.ecr.us-east-1.amazonaws.com/myapp:latest | No |
| containerPort | Port number exposed by the container | 8080 | No |
| executionRoleArn | IAM role ARN for ECS task execution | arn:aws:iam::123456789012:role/ecsTaskExecutionRole | No |
| taskRoleArn | IAM role ARN for application inside container | arn:aws:iam::123456789012:role/ecsTaskRole | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.CaaS.ECSTaskDefinition",
"parameters": {
"cpu": "256",
"memory": "512",
"networkMode": "awsvpc",
"containerName": "",
"containerImage": "",
"containerPort": 8080,
"executionRoleArn": "",
"taskRoleArn": ""
}
}
NetworkAndCompute.IaaS.AwsLoadBalancer
AWS Elastic Load Balancer (ALB/NLB) for distributing traffic across targets. Supports multiple availability zones and health checking.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| lbType | Load balancer type | application (ALB), network (NLB), classic (ELB) | No |
| lbScheme | Load balancer scheme | internet-facing, internal | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.AwsLoadBalancer",
"parameters": {
"lbType": "",
"lbScheme": ""
}
}
NetworkAndCompute.IaaS.AwsSecurityGroup
AWS security group for controlling inbound and outbound network traffic. Framework-managed; custom rules are derived from component links.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| description | Human-readable description of the security group | Web tier access | No |
| ingressRules | Pre-defined ingress rules (custom rules via links) | [] | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.AwsSecurityGroup",
"parameters": {
"description": "",
"ingressRules": []
}
}
NetworkAndCompute.IaaS.AwsSubnet
AWS VPC subnet for logical network segmentation. Configurable CIDR block and availability zone.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| cidrBlock | CIDR block for the subnet | 10.0.1.0/24 | No |
| availabilityZone | AWS availability zone | us-east-1a | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.AwsSubnet",
"parameters": {
"cidrBlock": "",
"availabilityZone": ""
}
}
NetworkAndCompute.IaaS.AwsVpc
AWS Virtual Private Cloud for network isolation and control. Provides the foundation for all VPC-based resources.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| cidrBlock | CIDR block for the VPC | 10.0.0.0/16 | No |
| enableDnsSupport | Enable DNS resolution within the VPC | true | No |
| enableDnsHostnames | Enable DNS hostnames for EC2 instances | true | No |
| instanceTenancy | VPC tenancy mode | default, dedicated, host | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.AwsVpc",
"parameters": {
"cidrBlock": "",
"enableDnsSupport": true,
"enableDnsHostnames": true,
"instanceTenancy": ""
}
}
NetworkAndCompute.IaaS.EC2
AWS EC2 virtual machine instance. Configurable instance type, AMI, and network settings.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| amiId | Amazon Machine Image ID | ami-0a123456789abcdef | Yes |
| instanceType | EC2 instance type | t3.medium, m5.large, c5.xlarge | Yes |
| keyName | EC2 key pair name for SSH access | my-keypair | No |
| userData | User data script (base64 or plain text) | #!/bin/bash\necho "Hello" | No |
| iamInstanceProfile | IAM instance profile name/ARN | ec2-app-profile | No |
| associatePublicIp | Assign public IP address to instance | false | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.IaaS.EC2",
"parameters": {
"amiId": "ami-0a123456789abcdef",
"instanceType": "t3.medium",
"keyName": "",
"userData": "",
"iamInstanceProfile": "",
"associatePublicIp": false
}
}
NetworkAndCompute.PaaS.ECS
AWS ECS cluster providing the orchestration platform for containerized workloads. Manages compute capacity and task scheduling.
No configurable parameters.
Example (fully parameterized):
{
"type": "NetworkAndCompute.PaaS.ECS",
"parameters": {}
}
NetworkAndCompute.PaaS.EKS
AWS Elastic Kubernetes Service (EKS) for managed Kubernetes orchestration. Handles control plane operations and node provisioning.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| kubernetesVersion | Kubernetes version | 1.28, 1.29, 1.30 | No |
| networkPolicyProvider | Network policy enforcement | calico, cilium, aws-vpc-cni | No |
| nodePools | List of node pool configurations | [] | No |
| workloadIdentityEnabled | Enable IRSA (IAM Roles for Service Accounts) | true | No |
| privateClusterDisabled | Disable private endpoint access to control plane | false | No |
| serviceIpRange | CIDR range for Kubernetes services | 10.100.0.0/16 | No |
| addons | List of EKS add-ons to install | ["vpc-cni", "kube-proxy", "coredns"] | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.PaaS.EKS",
"parameters": {
"kubernetesVersion": "",
"networkPolicyProvider": "",
"nodePools": [],
"workloadIdentityEnabled": true,
"privateClusterDisabled": false,
"serviceIpRange": "",
"addons": []
}
}
NetworkAndCompute.PaaS.Kubernetes
Generic Kubernetes cluster specification. Supports EKS and other managed Kubernetes services with consistent configuration.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| kubernetesVersion | Kubernetes version | 1.28, 1.29, 1.30 | No |
| networkPolicyProvider | Network policy enforcement | calico, cilium, aws-vpc-cni | No |
| nodePools | List of node pool configurations | [] | No |
| workloadIdentityEnabled | Enable workload identity for pod authentication | true | No |
| privateClusterDisabled | Disable private endpoint access to control plane | false | No |
| serviceIpRange | CIDR range for Kubernetes services | 10.100.0.0/16 | No |
| addons | List of add-ons to install | [] | No |
Example (fully parameterized):
{
"type": "NetworkAndCompute.PaaS.Kubernetes",
"parameters": {
"kubernetesVersion": "",
"networkPolicyProvider": "",
"nodePools": [],
"workloadIdentityEnabled": true,
"privateClusterDisabled": false,
"serviceIpRange": "",
"addons": []
}
}
NetworkAndCompute.SaaS.Unmanaged
A placeholder for external or pre-existing compute/network solutions not directly provisioned by Fractal Cloud.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| secretName | Name of the secret storing credentials | network-secret | No |
| secretValue | The secret value (credentials, connection string, etc.) | secret-content | Yes |
Example (fully parameterized):
{
"type": "NetworkAndCompute.SaaS.Unmanaged",
"parameters": {
"secretName": "",
"secretValue": "secret-content"
}
}
Observability
Observability.CaaS.Elastic
Elasticsearch cluster on Kubernetes for indexing and searching large volumes of log and event data.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| elasticVersion | Elasticsearch version | 8.10.0 | Yes |
| elasticInstances | Number of Elasticsearch nodes | 3 | Yes |
| storage | Storage size per node | 100Gi | Yes |
| storageClassName | Kubernetes storage class for persistent volumes | cluster default | No |
| memory | Memory in GB per Elasticsearch pod | 8 | No |
| cpu | CPU cores per Elasticsearch pod | 8 | No |
| isApmRequired | Deploy APM (Application Performance Monitoring) server | false | No |
| isKibanaRequired | Deploy Kibana for visualization | true | No |
| secrets | Secrets configuration map | {} | No |
| namespace | Kubernetes namespace | elastic | Yes |
Example (fully parameterized):
{
"type": "Observability.CaaS.Elastic",
"parameters": {
"elasticVersion": "8.10.0",
"elasticInstances": 3,
"storage": "100Gi",
"storageClassName": "",
"memory": 8,
"cpu": 8,
"isApmRequired": false,
"isKibanaRequired": true,
"secrets": {},
"namespace": "elastic"
}
}
Observability.CaaS.Jaeger
Jaeger distributed tracing system on Kubernetes for monitoring microservice interactions and latency analysis.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| storageClassName | Kubernetes storage class for backend storage | cluster default | No |
| storageSettings | Backend storage configuration (elasticsearch, cassandra) | {} | No |
| namespace | Kubernetes namespace | jaeger | Yes |
Example (fully parameterized):
{
"type": "Observability.CaaS.Jaeger",
"parameters": {
"storageClassName": "",
"storageSettings": {},
"namespace": "jaeger"
}
}
Observability.CaaS.Prometheus
Prometheus monitoring server on Kubernetes for scraping metrics and triggering alerts based on time-series data.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| grafanaConfigSecretId | Secret ID containing Grafana configuration | grafana-config-secret | No |
| namespace | Kubernetes namespace | prometheus | Yes |
Example (fully parameterized):
{
"type": "Observability.CaaS.Prometheus",
"parameters": {
"grafanaConfigSecretId": "",
"namespace": "prometheus"
}
}
Observability.SaaS.Elastic
Managed Elasticsearch service (e.g., Elastic Cloud) for log storage and analysis without self-hosting.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| kibanaUri | URI to the Kibana dashboard | https://kibana.example.com | Yes |
| version | Elasticsearch version running on the service | 8.10.0 | Yes |
| operatorVersion | Operator version managing the deployment | 2.8.0 | Yes |
Example (fully parameterized):
{
"type": "Observability.SaaS.Elastic",
"parameters": {
"kibanaUri": "https://kibana.example.com",
"version": "8.10.0",
"operatorVersion": "2.8.0"
}
}
Observability.SaaS.Jaeger
Managed Jaeger service (e.g., Jaeger Cloud) for distributed tracing as a managed service.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| frontendUri | URI to the Jaeger UI | https://jaeger.example.com | Yes |
| version | Jaeger version | 1.48.0 | Yes |
Example (fully parameterized):
{
"type": "Observability.SaaS.Jaeger",
"parameters": {
"frontendUri": "https://jaeger.example.com",
"version": "1.48.0"
}
}
Observability.SaaS.Prometheus
Managed Prometheus service (e.g., AWS AMP - Amazon Managed Prometheus) for metrics collection and querying.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| apiGatewayUrl | API endpoint for metrics ingestion and queries | https://aps.us-east-1.amazonaws.com/ | Yes |
| grafanaConfigSecretId | Secret ID containing Grafana datasource configuration | grafana-amp-config | Yes |
Example (fully parameterized):
{
"type": "Observability.SaaS.Prometheus",
"parameters": {
"apiGatewayUrl": "https://aps.us-east-1.amazonaws.com/",
"grafanaConfigSecretId": "grafana-amp-config"
}
}
Security
Security.CaaS.Ocelot
Ocelot API gateway on Kubernetes providing routing, authentication, rate limiting, and request/response transformation.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| host | Hostname for the Ocelot gateway | api.example.com | Yes |
| corsOrigins | List of allowed CORS origins | ["https://example.com", "https://app.example.com"] | No |
| cookieMaxAgeSec | Session cookie max age in seconds | 900 | No |
| pathPrefix | URL path prefix for routing | /* or /api/* | No |
| roles | List of authorization roles | [] | No |
| namespace | Kubernetes namespace | ocelot | Yes |
Example (fully parameterized):
{
"type": "Security.CaaS.Ocelot",
"parameters": {
"host": "api.example.com",
"corsOrigins": [],
"cookieMaxAgeSec": 900,
"pathPrefix": "/*",
"roles": [],
"namespace": "ocelot"
}
}
Security.SaaS.Unmanaged
A placeholder for external or pre-existing security solutions not directly provisioned by Fractal Cloud.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| secretName | Name of the secret storing credentials | security-secret | No |
| secretValue | The secret value (credentials, API key, etc.) | secret-content | Yes |
Example (fully parameterized):
{
"type": "Security.SaaS.Unmanaged",
"parameters": {
"secretName": "",
"secretValue": "secret-content"
}
}
Storage
Storage.CaaS.CnpgCluster
CloudNativePG (CNPG) PostgreSQL cluster on Kubernetes. Provides HA PostgreSQL with automated backup, recovery, and failover.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| instances | Number of PostgreSQL replicas | 3 | No |
| postgresqlVersion | PostgreSQL version | 17.2 | No |
| storageSize | Persistent volume size per instance | 10Gi | No |
| storageClass | Kubernetes storage class | cluster default | No |
| cpuRequest | Requested CPU per PostgreSQL pod | 500m | No |
| cpuLimit | Maximum CPU per PostgreSQL pod | 1 | No |
| memoryRequest | Requested memory per PostgreSQL pod | 512Mi | No |
| memoryLimit | Maximum memory per PostgreSQL pod | 1Gi | No |
| database | Default database name | app | No |
| databaseOwner | Default database owner user | app | No |
| enableSuperuserAccess | Enable superuser access for the database owner | false | No |
| namespace | Kubernetes namespace | cnpg | Yes |
Example (fully parameterized):
{
"type": "Storage.CaaS.CnpgCluster",
"parameters": {
"instances": 3,
"postgresqlVersion": "17.2",
"storageSize": "10Gi",
"storageClass": "",
"cpuRequest": "500m",
"cpuLimit": "1",
"memoryRequest": "512Mi",
"memoryLimit": "1Gi",
"database": "app",
"databaseOwner": "app",
"enableSuperuserAccess": false,
"namespace": "cnpg"
}
}
Storage.CaaS.CnpgDatabase
A database within a CNPG PostgreSQL cluster. Configurable name, owner, and locale settings.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| databaseName | Name of the database | app or myapp_prod | No |
| databaseOwner | Database owner user name | app_user | No |
| encoding | Character encoding | UTF8, LATIN1 | No |
| localeCollate | Collation locale | en_US.UTF-8 | No |
| localeCType | Character type locale | en_US.UTF-8 | No |
| cnpgClusterName | Name of the parent CNPG cluster | postgres-cluster | Yes |
| namespace | Kubernetes namespace | cnpg | Yes |
Example (fully parameterized):
{
"type": "Storage.CaaS.CnpgDatabase",
"parameters": {
"databaseName": "app",
"databaseOwner": "app",
"encoding": "UTF8",
"localeCollate": "",
"localeCType": "",
"cnpgClusterName": "postgres-cluster",
"namespace": "cnpg"
}
}
Storage.CaaS.Elastic
Elasticsearch cluster on Kubernetes for storage and indexing of documents and logs.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| elasticVersion | Elasticsearch version | 8.10.0 | Yes |
| elasticInstances | Number of Elasticsearch nodes | 3 | Yes |
| storage | Storage size per node | 100Gi | Yes |
| storageClassName | Kubernetes storage class | cluster default | No |
| memory | Memory in GB per Elasticsearch pod | 8 | No |
| cpu | CPU cores per Elasticsearch pod | 8 | No |
| isApmRequired | Include APM Server component | false | No |
| isKibanaRequired | Include Kibana UI component | true | No |
| secrets | Additional secrets for configuration | {} | No |
| namespace | Kubernetes namespace | elastic | Yes |
Example (fully parameterized):
{
"type": "Storage.CaaS.Elastic",
"parameters": {
"elasticVersion": "8.10.0",
"elasticInstances": 3,
"storage": "100Gi",
"storageClassName": "",
"memory": 8,
"cpu": 8,
"isApmRequired": false,
"isKibanaRequired": true,
"secrets": {},
"namespace": "elastic"
}
}
Storage.CaaS.MinioTenant
MinIO object storage tenant on Kubernetes for S3-compatible distributed storage.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| minioVersion | MinIO release version | RELEASE.2025-03-12T18-04-18Z | No |
| servers | Number of MinIO servers | 4 | No |
| volumesPerServer | Number of volumes per server | 4 | No |
| volumeSize | Storage volume size | 100Gi | No |
| storageClass | Kubernetes storage class | cluster default | No |
| cpuRequest | Requested CPU per server | 500m | No |
| cpuLimit | Maximum CPU per server | 2 | No |
| memoryRequest | Requested memory per server | 1Gi | No |
| memoryLimit | Maximum memory per server | 4Gi | No |
| requestAutoCert | Auto-generate TLS certificates | true | No |
| namespace | Kubernetes namespace | minio | Yes |
Example (fully parameterized):
{
"type": "Storage.CaaS.MinioTenant",
"parameters": {
"minioVersion": "RELEASE.2025-03-12T18-04-18Z",
"servers": 4,
"volumesPerServer": 4,
"volumeSize": "100Gi",
"storageClass": "",
"cpuRequest": "500m",
"cpuLimit": "2",
"memoryRequest": "1Gi",
"memoryLimit": "4Gi",
"requestAutoCert": true,
"namespace": "minio"
}
}
Storage.PaaS.PostgreSqlDatabase
An RDS-managed PostgreSQL database within a DBMS instance. Configurable at the database level.
No configurable parameters.
Example (fully parameterized):
{
"type": "Storage.PaaS.PostgreSqlDatabase",
"parameters": {}
}
Storage.PaaS.PostgreSqlDbms
AWS RDS PostgreSQL database management system instance. Provides the managed database server with HA and backups.
No configurable parameters.
Example (fully parameterized):
{
"type": "Storage.PaaS.PostgreSqlDbms",
"parameters": {}
}
Storage.PaaS.S3
Amazon S3 object storage bucket for data persistence and archival.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| bucket | S3 bucket name (globally unique identifier) | my-data-bucket-12345 | Yes |
| versioning | Enable object versioning | false | No |
| forceDestroy | Allow deletion of bucket with contents | false | No |
Example (fully parameterized):
{
"type": "Storage.PaaS.S3",
"parameters": {
"bucket": "my-data-bucket-12345",
"versioning": false,
"forceDestroy": false
}
}
Storage.SaaS.Unmanaged
A placeholder for external or pre-existing storage systems not directly provisioned by Fractal Cloud.
| Parameter | Description | Example / possible values | Required |
|---|---|---|---|
| secretName | Name of the secret storing credentials | storage-secret | No |
| secretValue | The secret value (credentials, connection string, etc.) | secret-content | Yes |
Example (fully parameterized):
{
"type": "Storage.SaaS.Unmanaged",
"parameters": {
"secretName": "",
"secretValue": "secret-content"
}
}