-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
207 lines (173 loc) · 6.45 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
variable "namespace" {
type = string
default = ""
description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'"
}
variable "environment" {
type = string
default = ""
description = "Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT'"
}
variable "stage" {
type = string
default = null
description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'"
}
variable "name" {
type = string
default = ""
description = "Solution name, e.g. 'app' or 'jenkins'"
}
variable "attributes" {
type = list(string)
default = []
description = "Additional attributes (e.g. `1`)"
}
variable "tags" {
type = map(string)
default = {}
description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`"
}
variable "bucket_enabled" {
type = bool
description = "Set to `false` to prevent the module from creating s3 bucket"
default = false
}
variable "bucket_force_destroy" {
type = bool
description = "(Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable"
default = false
}
variable "bucket_acl" {
type = string
description = "The canned ACL to apply. We recommend log-delivery-write for compatibility with AWS services"
default = "log-delivery-write"
}
variable "bucket_lifecycle_rule_enabled" {
type = bool
description = "Enable lifecycle events on this bucket"
default = false
}
variable "bucket_lifecycle_configuration_rules" {
type = list(object({
enabled = bool
id = string
abort_incomplete_multipart_upload_days = number
filter_and = any
expiration = any
transition = list(any)
noncurrent_version_expiration = any
noncurrent_version_transition = list(any)
}))
description = "A list of S3 bucket v2 lifecycle rules"
default = []
}
variable "bucket_sse_algorithm" {
type = string
description = "The server-side encryption algorithm to use. Valid values are AES256 and aws:kms"
default = "AES256"
}
variable "bucket_kms_master_key_arn" {
type = string
description = "The AWS KMS master key ARN used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms"
default = ""
}
variable "bucket_allow_ssl_requests_only" {
type = bool
default = false
description = "Set to `true` to require requests to use Secure Socket Layer (HTTPS/SSL). This will explicitly deny access to HTTP requests"
}
variable "bucket_versioning_enabled" {
type = bool
description = "Enable object versioning, keeping multiple variants of an object in the same bucket"
default = false
}
variable "trail_enabled" {
type = bool
description = "Set to false to prevent the module from creating the Organization trail"
default = true
}
variable "trail_bucket" {
type = string
description = "Set bucket name for the Organization trail, meaningful only if bucket_enabled is set to false"
default = ""
}
variable "trail_is_organization_trail" {
type = bool
default = false
description = "The trail is an AWS Organizations trail"
}
variable "trail_is_multi_region_trail" {
type = bool
default = false
description = "Specifies whether the trail is created in the current region or in all regions"
}
variable "trail_include_global_service_events" {
type = bool
default = false
description = "Specifies whether the trail is publishing events from global services such as IAM to the log files"
}
variable "trail_enable_logging" {
type = bool
default = false
description = "Enable logging for the trail"
}
variable "trail_enable_log_file_validation" {
type = bool
default = false
description = "Specifies whether log file integrity validation is enabled. Creates signed digest for validated contents of logs"
}
variable "trail_cloud_watch_logs_role_arn" {
type = string
description = "Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group"
default = ""
}
variable "trail_cloud_watch_logs_group_arn" {
type = string
description = "Specifies a log group name using an Amazon Resource Name (ARN), that represents the log group to which CloudTrail logs will be delivered"
default = ""
}
variable "trail_kms_key_arn" {
type = string
description = "Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail, meaningful only if trail_kms_enabled is set to false"
default = ""
}
variable "trail_kms_enabled" {
type = bool
default = false
description = "Set to false to prevent the module from automatic KMS key creation"
}
variable "trail_kms_account_ids" {
type = list(any)
description = "Specifies all account ids where organization trail will resides"
}
variable "trail_kms_description" {
type = string
default = "KMS key to encrypt the logs delivered by CloudTrail"
description = "The description of the key as viewed in AWS console"
}
variable "trail_kms_alias" {
type = string
default = ""
description = "The display name of the alias. The name must start with the word `alias` followed by a forward slash, leave default for auto generated alias"
}
variable "trail_kms_enable_key_rotation" {
type = bool
default = false
description = "Specifies whether key rotation is enabled"
}
variable "trail_kms_key_usage" {
type = string
default = "ENCRYPT_DECRYPT"
description = "Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT` or `SIGN_VERIFY`."
}
variable "trail_kms_customer_master_key_spec" {
type = string
default = "SYMMETRIC_DEFAULT"
description = "Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`."
}
variable "trail_kms_multi_region" {
type = bool
default = false
description = "Indicates whether the KMS key is a multi-Region (true) or regional (false) key."
}