Skip to content

Resource: awsMwaaEnvironment

Creates a MWAA Environment resource.

Example Usage

A MWAA Environment requires an IAM role (awsIamRole), two subnets in the private zone (awsSubnet) and a versioned S3 bucket (awsS3Bucket).

Basic Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.mwaaEnvironment.MwaaEnvironment(this, "example", {
  dagS3Path: "dags/",
  executionRoleArn: "${aws_iam_role.example.arn}",
  name: "example",
  networkConfiguration: {
    securityGroupIds: ["${aws_security_group.example.id}"],
    subnetIds: "${aws_subnet.private[*].id}",
  },
  sourceBucketArn: "${aws_s3_bucket.example.arn}",
});

Example with Airflow configuration options

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.mwaaEnvironment.MwaaEnvironment(this, "example", {
  airflowConfigurationOptions: {
    "core.default_task_retries": 16,
    "core.parallelism": 1,
  },
  dagS3Path: "dags/",
  executionRoleArn: "${aws_iam_role.example.arn}",
  name: "example",
  networkConfiguration: {
    securityGroupIds: ["${aws_security_group.example.id}"],
    subnetIds: "${aws_subnet.private[*].id}",
  },
  sourceBucketArn: "${aws_s3_bucket.example.arn}",
});

Example with logging configurations

Note that Airflow task logs are enabled by default with the info log level.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.mwaaEnvironment.MwaaEnvironment(this, "example", {
  dagS3Path: "dags/",
  executionRoleArn: "${aws_iam_role.example.arn}",
  loggingConfiguration: {
    dagProcessingLogs: {
      enabled: true,
      logLevel: "DEBUG",
    },
    schedulerLogs: {
      enabled: true,
      logLevel: "INFO",
    },
    taskLogs: {
      enabled: true,
      logLevel: "WARNING",
    },
    webserverLogs: {
      enabled: true,
      logLevel: "ERROR",
    },
    workerLogs: {
      enabled: true,
      logLevel: "CRITICAL",
    },
  },
  name: "example",
  networkConfiguration: {
    securityGroupIds: ["${aws_security_group.example.id}"],
    subnetIds: "${aws_subnet.private[*].id}",
  },
  sourceBucketArn: "${aws_s3_bucket.example.arn}",
});

Example with tags

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.mwaaEnvironment.MwaaEnvironment(this, "example", {
  dagS3Path: "dags/",
  executionRoleArn: "${aws_iam_role.example.arn}",
  name: "example",
  networkConfiguration: {
    securityGroupIds: ["${aws_security_group.example.id}"],
    subnetIds: "${aws_subnet.private[*].id}",
  },
  sourceBucketArn: "${aws_s3_bucket.example.arn}",
  tags: {
    Environment: "production",
    Name: "example",
  },
});

Argument Reference

The following arguments are supported:

  • airflowConfigurationOptions - (Optional) The airflowConfigurationOptions parameter specifies airflow override options. Check the Official documentation for all possible configuration options.
  • airflowVersion - (Optional) Airflow version of your environment, will be set by default to the latest version that MWAA supports.
  • dagS3Path - (Required) The relative path to the DAG folder on your Amazon S3 storage bucket. For example, dags. For more information, see Importing DAGs on Amazon MWAA.
  • environmentClass - (Optional) Environment class for the cluster. Possible options are mw1Small, mw1Medium, mw1Large. Will be set by default to mw1Small. Please check the AWS Pricing for more information about the environment classes.
  • executionRoleArn - (Required) The Amazon Resource Name (ARN) of the task execution role that the Amazon MWAA and its environment can assume. Check the official AWS documentation for the detailed role specification.
  • kmsKey - (Optional) The Amazon Resource Name (ARN) of your KMS key that you want to use for encryption. Will be set to the ARN of the managed KMS key aws/airflow by default. Please check the Official Documentation for more information.
  • loggingConfiguration - (Optional) The Apache Airflow logs you want to send to Amazon CloudWatch Logs.
  • maxWorkers - (Optional) The maximum number of workers that can be automatically scaled up. Value need to be between 1 and 25. Will be 10 by default.
  • minWorkers - (Optional) The minimum number of workers that you want to run in your environment. Will be 1 by default.
  • name - (Required) The name of the Apache Airflow Environment
  • networkConfiguration - (Required) Specifies the network configuration for your Apache Airflow Environment. This includes two private subnets as well as security groups for the Airflow environment. Each subnet requires internet connection, otherwise the deployment will fail. See Network configuration below for details.
  • pluginsS3ObjectVersion - (Optional) The plugins.zip file version you want to use.
  • pluginsS3Path - (Optional) The relative path to the plugins.zip file on your Amazon S3 storage bucket. For example, plugins.zip. If a relative path is provided in the request, then plugins_s3_object_version is required. For more information, see Importing DAGs on Amazon MWAA.
  • requirementsS3ObjectVersion - (Optional) The requirements.txt file version you want to use.
  • requirementsS3Path - (Optional) The relative path to the requirements.txt file on your Amazon S3 storage bucket. For example, requirements.txt. If a relative path is provided in the request, then requirements_s3_object_version is required. For more information, see Importing DAGs on Amazon MWAA.
  • schedulers - (Optional) The number of schedulers that you want to run in your environment. v2.0.2 and above accepts 2 - 5, default 2. v1.10.12 accepts 1.
  • sourceBucketArn - (Required) The Amazon Resource Name (ARN) of your Amazon S3 storage bucket. For example, arn:aws:s3:::airflow-mybucketname.
  • webserverAccessMode - (Optional) Specifies whether the webserver should be accessible over the internet or via your specified VPC. Possible options: PRIVATE_ONLY (default) and PUBLIC_ONLY.
  • weeklyMaintenanceWindowStart - (Optional) Specifies the start date for the weekly maintenance window.
  • tags - (Optional) A map of resource tags to associate with the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Logging configurations

The loggingConfiguration block supports the following arguments.

  • dagProcessingLogs - (Optional) (Optional) Log configuration options for processing DAGs. See Module logging configuration for more information. Disabled by default.
  • schedulerLogs - (Optional) Log configuration options for the schedulers. See Module logging configuration for more information. Disabled by default.
  • taskLogs - (Optional) Log configuration options for DAG tasks. See Module logging configuration for more information. Enabled by default with info log level.
  • webserverLogs - (Optional) Log configuration options for the webservers. See Module logging configuration for more information. Disabled by default.
  • workerLogs - (Optional) Log configuration options for the workers. See Module logging configuration for more information. Disabled by default.

Module logging configuration

A configuration block to use for logging with respect to the various Apache Airflow services: DagProcessingLogs, SchedulerLogs, TaskLogs, WebserverLogs, and WorkerLogs. It supports the following arguments.

  • enabled - (Required) Enabling or disabling the collection of logs
  • logLevel - (Optional) Logging level. Valid values: critical, error, warning, info, debug. Will be info by default.

Network configuration

The networkConfiguration block supports the following arguments. More information about the required subnet and security group settings can be found in the official AWS documentation.

  • securityGroupIds - (Required) Security groups IDs for the environment. At least one of the security group needs to allow MWAA resources to talk to each other, otherwise MWAA cannot be provisioned.
  • subnetIds - (Required) The private subnet IDs in which the environment should be created. MWAA requires two subnets.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - The ARN of the MWAA Environment
  • createdAt - The Created At date of the MWAA Environment
  • loggingConfiguration[0].<logConfigurationType>[0]CloudWatchLogGroupArn - Provides the ARN for the CloudWatch group where the logs will be published
  • serviceRoleArn - The Service Role ARN of the Amazon MWAA Environment
  • status - The status of the Amazon MWAA Environment
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.
  • webserverUrl - The webserver URL of the MWAA Environment

Timeouts

Configuration options:

  • create - (Default 120M)
  • update - (Default 90M)
  • delete - (Default 90M)

Import

MWAA Environment can be imported using name e.g.,

$ terraform import aws_mwaa_environment.example MyAirflowEnvironment