-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
100 lines (87 loc) · 2.65 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
variable "role_name" {
description = "The role within your AWS account that cloudtruth will assume to perform its actions"
}
variable "external_id" {
description = "The external id used for limiting access"
}
variable "account_ids" {
description = "The AWS account IDs (for the cloudtruth account) that will be assuming the role"
type = list(string)
default = ["609878994716"]
}
variable "services_enabled" {
description = <<-EOD
The AWS services to grant cloudtruth access to, allowed values are s3, ssm, secretsmanager
EOD
type = list(string)
}
variable "services_write_enabled" {
description = <<-EOD
The AWS services to grant cloudtruth write access to, allowed values are s3, ssm, secretsmanager
EOD
type = list(string)
default = []
}
variable "s3_resources" {
description = <<-EOD
The s3 resources to explicitly grant access to, defaults to all, and listing
all buckets is always allowed (for bucket chooser in UI) even if access
isn't granted here
EOD
type = list(string)
default = ["*"]
}
variable "s3_policy" {
description = <<-EOD
A custom policy to use for s3 instead of the one this module would define
EOD
default = ""
}
variable "ssm_resources" {
description = <<-EOD
The ssm resources to explicitly grant access to, defaults to all
EOD
type = list(string)
default = ["*"]
}
variable "ssm_policy" {
description = <<-EOD
A custom policy to use for ssm instead of the one this module would define
EOD
default = ""
}
variable "secretsmanager_resources" {
description = <<-EOD
The secrets manager resources to explicitly grant access to, defaults to all, and listing
is always allowed (for chooser in UI) even if access isn't granted here
EOD
type = list(string)
default = ["*"]
}
variable "secretsmanager_policy" {
description = <<-EOD
A custom policy to use for secrets manager instead of the one this module would define
EOD
default = ""
}
variable "kms_decrypt_enabled" {
description = <<-EOD
Enable kms decryption using the specified kms keys; required only if ssm parameters or secretsmanager secrets use custom kms keys
EOD
type = bool
default = false
}
variable "kms_encrypt_enabled" {
description = <<-EOD
Enable kms decryption/encryption using the specified kms keys; required only if ssm parameters or secretsmanager secrets use custom kms keys
EOD
type = bool
default = false
}
variable "kms_keys" {
description = <<-EOD
The kms keys to explicitly grant access to, defaults to none
EOD
type = list(string)
default = []
}