generated from dxw/terraform-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
192 lines (160 loc) · 5.39 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
variable "project_name" {
description = "Project name to be used as a prefix for all resources"
type = string
}
variable "aws_region" {
description = "AWS region in which to launch resources"
type = string
}
variable "enable_s3_tfvars" {
description = "enable_s3_tfvars"
type = bool
}
variable "tfvars_s3_enable_s3_bucket_logging" {
description = "Enable S3 bucket logging on the tfvars S3 bucket"
type = bool
default = true
}
variable "tfvars_s3_logging_bucket_retention" {
description = "tfvars S3 Logging bucket retention in days. Set to 0 to keep all logs."
type = number
default = 30
}
variable "tfvars_s3_tfvars_files" {
description = "Map of objects containing tfvar file paths"
type = map(
object({
path = string
key = optional(string, "")
}
))
default = {}
}
variable "tfvars_s3_tfvars_restrict_access_user_ids" {
description = "List of AWS User IDs that require access to the tfvars S3 bucket. If left empty, all users within the AWS account will have access"
type = list(string)
default = []
}
variable "enable_delete_default_resources" {
description = "Creates a Lambda function which deletes all default VPCs and resources within them. This only needs to be ran once, either through the AWS console or via the AWS CLI"
type = bool
}
variable "delete_default_resources_lambda_kms_encryption" {
description = "Conditionally encrypt the Delete Default Resources Lambda logs with KMS"
type = bool
}
variable "delete_default_resources_log_retention" {
description = "Log retention for the Delete Default Resources Lambda"
type = number
}
variable "enable_route53_root_hosted_zone" {
description = "Conditionally create Route53 hosted zone, which will contain the DNS records for resources launched within the account."
type = bool
}
variable "route53_root_hosted_zone_domain_name" {
description = "Route53 root hosted zone domain name"
type = string
}
variable "enable_cloudtrail" {
description = "Enable Cloudtrail"
type = bool
}
variable "cloudtrail_kms_encryption" {
description = "Use KMS encryption with CloudTrail"
type = bool
}
variable "cloudtrail_log_retention" {
description = "Cloudtrail log retention in days. Set to 0 to keep all logs."
type = number
}
variable "cloudtrail_log_prefix" {
description = "Cloudtrail log prefix"
type = string
}
variable "cloudtrail_s3_access_logs" {
description = "Enable CloudTrail S3 bucket access logging"
type = bool
}
variable "cloudtrail_athena_glue_tables" {
description = "Create the Glue database and tables for CloudTrail to be used with Athena"
type = bool
}
variable "cloudtrail_athena_s3_output_retention" {
description = "CloudTrail Athena Set to 0 to keep all logs"
type = number
}
variable "cloudtrail_athena_s3_output_kms_encryption" {
description = "Use KMS encryption with the CloudTrail Athena output S3 bucket"
type = bool
}
variable "enable_cloudwatch_slack_alerts" {
description = "Enable CloudWatch Slack alerts. This creates an SNS topic to which alerts and pipelines can send messages, which are then picked up by a Lambda function that forwards them to a Slack webhook."
type = bool
}
variable "cloudwatch_slack_alerts_hook_url" {
description = "The Slack webhook URL for CloudWatch alerts"
type = string
}
variable "cloudwatch_slack_alerts_channel" {
description = "The Slack channel for CloudWatch alerts"
type = string
}
variable "cloudwatch_slack_alerts_kms_encryption" {
description = "Use KMS encryption with the Slack Alerts SNS topic and logs"
type = bool
}
variable "cloudwatch_slack_alerts_log_retention" {
description = "Cloudwatch Slack Alerts log retention. Set to 0 to keep all logs"
type = number
}
variable "enable_cloudwatch_opsgenie_alerts" {
description = "Enable CloudWatch Opsgenie alerts. This creates an SNS topic to which alerts and pipelines can send messages, which are then sent to the Opsgenie SNS endpoint."
type = bool
}
variable "cloudwatch_opsgenie_alerts_sns_endpoint" {
description = "The Opsgenie SNS endpoint. https://support.atlassian.com/opsgenie/docs/integrate-opsgenie-with-incoming-amazon-sns/"
type = string
}
variable "cloudwatch_opsgenie_alerts_sns_kms_encryption" {
description = "Use KMS encryption with the Opsgenie Alerts SNS topic"
type = bool
}
variable "codestar_connections" {
description = "CodeStar connections to create"
type = map(
object({
provider_type = string,
})
)
}
variable "enable_ssm_dhmc" {
description = "Enables SSM Default Host Management Configuration"
type = bool
}
variable "logging_bucket_retention" {
description = "Logging bucket retention in days. Set to 0 to keep all logs."
type = number
}
variable "custom_iam_roles" {
type = map(object({
description = string
policies = map(object({
description = string
Version = string
Statement = list(object({
Action = list(string)
Effect = string
Resource = string
}))
}))
assume_role_policy = object({
Version = string
Statement = list(object({
Action = list(string)
Effect = string
Principal = map(string)
}))
})
}))
description = "Configure custom IAM roles/policies"
}