Configuration Reference
All environment variables for Docker Compose and Helm chart values for Kubernetes deployments.
Environment Variables
These variables are set in the .env file for Docker Compose deployments. In Kubernetes, they are mapped from the Helm values automatically.
AWS
| Variable | Required | Description |
|---|
POWER_AWS_ACCESS_KEY_ID | Yes | Access key for the IAM user that calls sts:AssumeRole |
POWER_AWS_SECRET_ACCESS_KEY | Yes | Secret key for the IAM user |
POWER_AWS_REGION | Yes | Default AWS region (e.g., us-east-1) |
BASE_ROLE_ARN | Yes | ARN of the IAM role the backend assumes via STS |
COLLECTOR_REGIONS | No | Comma-separated region list to limit collection. Empty = all 30 regions |
SMTP
| Variable | Required | Description |
|---|
SMTP_HOST | Yes | SMTP server hostname |
SMTP_PORT | Yes | SMTP port (typically 587 for STARTTLS) |
SMTP_USER | Yes | SMTP authentication username |
SMTP_PASSWORD | Yes | SMTP authentication password |
SMTP_FROM | Yes | Sender email address for OTP and notifications |
Database (PostgreSQL)
| Variable | Required | Default | Description |
|---|
POSTGRES_HOST | Yes | postgres | PostgreSQL hostname |
POSTGRES_PORT | No | 5432 | PostgreSQL port |
POSTGRES_DB | No | awsdashboard | Database name |
POSTGRES_USER | No | awsdashboard | Database username |
POSTGRES_PASSWORD | Yes | — | Database password |
Cache (Valkey)
| Variable | Required | Description |
|---|
VALKEY_PASSWORD | Yes | Password for the Valkey instance |
VALKEY_URL | Yes | Full connection URL, e.g. redis://:pass@valkey:6379 |
Application
| Variable | Required | Default | Description |
|---|
ADMIN_EMAIL | Yes | — | Email for the initial admin account |
COOKIE_SECURE | No | false | Set to true for HTTPS deployments |
CORS_ORIGINS | No | http://localhost:4000 | Allowed CORS origins (comma-separated) |
OTP_EXPIRY_MINUTES | No | 10 | OTP code validity in minutes |
OTP_MAX_ATTEMPTS | No | 5 | Max incorrect OTP attempts before lockout |
ALLOWED_DOMAINS | No | — | Comma-separated email domains for auto-registration |
Collector Scheduling
These control how frequently the Celery workers collect data from AWS.
| Variable | Default | Description |
|---|
COLLECT_RESOURCE_ALL_SECS | 21600 (6h) | Full resource scan interval |
COLLECT_METRICS_EVERY_SECS | 300 (5m) | CloudWatch metrics collection interval |
METRICS_RETENTION_SECS | 3600 (1h) | How often to purge old metric data |
COLLECT_ALARMS_EVERY_SECS | 300 (5m) | CloudWatch alarms collection interval |
COLLECT_HEALTH_EVENTS_EVERY_SECS | 900 (15m) | AWS Health events collection interval |
Helm Chart Values
When deploying with Helm, configuration is set through values.yaml instead of environment variables. The chart maps these to the correct env vars automatically.
Core Settings
| Key | Default | Description |
|---|
aws.powerAccessKeyId | "" | AWS access key ID |
aws.powerSecretAccessKey | "" | AWS secret access key |
aws.region | us-east-1 | Default AWS region |
aws.baseRoleArn | "" | IAM role ARN for STS |
aws.existingSecret | "" | Use existing K8s secret for AWS creds |
app.adminEmail | "" | Admin account email |
app.cookieSecure | true | Secure cookie flag |
app.corsOrigins | "" | Allowed CORS origins |
app.otpExpiryMinutes | 10 | OTP validity |
app.otpMaxAttempts | 5 | Max OTP attempts |
app.allowedDomains | "" | Auto-registration domains |
app.collectorRegions | "" | Limit collector regions |
SMTP
| Key | Default | Description |
|---|
smtp.host | "" | SMTP server |
smtp.port | 587 | SMTP port |
smtp.user | "" | SMTP username |
smtp.password | "" | SMTP password |
smtp.from | "" | Sender address |
PostgreSQL
| Key | Default | Description |
|---|
services.postgresql.enabled | true | Deploy in-cluster PostgreSQL |
services.postgresql.image.tag | 16-alpine | PostgreSQL image tag |
services.postgresql.auth.database | awsdashboard | Database name |
services.postgresql.auth.username | awsdashboard | Username |
services.postgresql.auth.password | "" | Password (required) |
services.postgresql.persistence.enabled | true | Enable persistent volume |
services.postgresql.persistence.size | 5Gi | Volume size |
externalServices.postgresql.host | "" | External PG host (when services.postgresql.enabled=false) |
externalServices.postgresql.port | 5432 | External PG port |
externalServices.postgresql.password | "" | External PG password |
Valkey
| Key | Default | Description |
|---|
services.valkey.enabled | true | Deploy in-cluster Valkey |
services.valkey.password | "" | Valkey password (required) |
services.valkey.persistence.enabled | false | Enable persistent volume |
externalServices.valkey.url | "" | External Redis URL (when services.valkey.enabled=false) |
Workloads
| Key | Default | Description |
|---|
services.backend.replicas | 1 | Backend pod replicas |
services.backend.image.repository | mguptahub/infrawatch-backend | Backend image |
services.backend.image.tag | latest | Backend image tag |
services.frontend.replicas | 1 | Frontend pod replicas |
services.frontend.image.repository | mguptahub/infrawatch-frontend | Frontend image |
services.frontend.image.tag | latest | Frontend image tag |
services.celeryWorker.replicas | 1 | Celery worker replicas |
Ingress & Service
| Key | Default | Description |
|---|
ingress.enabled | false | Create Ingress resource |
ingress.className | nginx | Ingress class name |
ingress.annotations | {} | Ingress annotations |
ingress.hosts | — | Host and path rules |
ingress.tls | [] | TLS configuration |
service.type | ClusterIP | Service type |
ingress.certManager.enabled | false | Enable cert-manager TLS automation |
ingress.certManager.issuerType | ClusterIssuer | ClusterIssuer or Issuer |
ingress.certManager.issuerName | letsencrypt-prod | Issuer resource name |