-
Notifications
You must be signed in to change notification settings - Fork 21
/
variables.tf
91 lines (76 loc) · 2.17 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
variable "prefix" {
description = "The descriptio for each environment, ie: bin-dev"
type = string
}
variable "tags" {
description = "The tags for the resources"
type = map(any)
default = {}
}
variable "description" {
description = "Description for the resources"
default = ""
type = string
}
variable "fivetuple_stateful_rule_group" {
description = "Config for 5-tuple type stateful rule group"
default = []
type = any
}
variable "domain_stateful_rule_group" {
description = "Config for domain type stateful rule group"
default = []
type = any
}
variable "suricata_stateful_rule_group" {
description = "Config for Suricata type stateful rule group"
default = []
type = any
}
variable "stateless_rule_group" {
description = "Config for stateless rule group"
type = any
}
variable "firewall_name" {
description = "firewall name"
type = string
default = "example"
}
variable "subnet_mapping" {
description = "Subnet ids mapping to have individual firewall endpoint"
type = list(string)
}
variable "vpc_id" {
description = "VPC ID"
type = string
}
variable "stateless_default_actions" {
description = "Default stateless Action"
type = string
default = "forward_to_sfe"
}
variable "stateless_fragment_default_actions" {
description = "Default Stateless action for fragmented packets"
type = string
default = "forward_to_sfe"
}
variable "firewall_policy_change_protection" {
type = string
description = "(Option) A boolean flag indicating whether it is possible to change the associated firewall policy"
default = false
}
variable "subnet_change_protection" {
type = string
description = "(Optional) A boolean flag indicating whether it is possible to change the associated subnet(s)"
default = false
}
variable "logging_config" {
description = "logging config for cloudwatch logs created for network firewall"
type = map(any)
default = {}
}
variable "aws_managed_rule_group" {
description = "List of AWS managed rule group arn"
type = list(any)
default = []
}