-
Notifications
You must be signed in to change notification settings - Fork 8
/
variables.tf
101 lines (85 loc) · 3.17 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
variable "cloudtrail_name" {
description = "Name of the trail to create"
type = string
default = null
}
variable "create_kms_key" {
description = "Controls whether to create a kms key that Cloudtrail will use to encrypt the logs"
type = bool
default = true
}
variable "enable_log_file_validation" {
description = "Specifies whether log file integrity validation is enabled"
type = bool
default = true
}
variable "enable_logging" {
description = "Specifies whether to enable logging if it is configured"
type = bool
default = true
}
variable "include_global_service_events" {
description = "Specifies whether the trail is publishing events from global services such as IAM to the log files"
type = bool
default = true
}
variable "is_multi_region_trail" {
description = "Specifies whether the trail is created in the current region or in all regions"
type = bool
default = true
}
variable "kms_key_alias" {
description = "(Optional) The display name of the alias"
type = string
default = "terraform-cloudtrail-kms-key"
}
variable "kms_key_id" {
description = "(Optional) ARN of the kms key used to encrypt the CloudTrail logs."
type = string
default = null
}
variable "cloudtrail_bucket" {
description = "Name of S3 bucket to send CloudTrail logs; bucket must already exist"
type = string
default = null
}
variable "s3_key_prefix" {
description = "S3 key prefix that follows the name of the bucket you have designated for log file delivery"
type = string
default = null
}
variable "use_cloud_watch_logs" {
description = "Specifies whether to use a CloudWatch log group for this trail"
type = bool
default = true
}
variable "cloud_watch_logs_group_name" {
description = "(Optional) Name of preexisting log group to use; by default the module will create a log group"
type = string
default = null
}
variable "cloud_watch_logs_role_arn" {
description = "(Optional) Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group."
type = string
default = null
}
variable "retention_in_days" {
description = "(Optional) Specifies the number of days to retain log events in the log group. Only works if module creates the log group"
type = number
default = 7
}
variable "event_selectors" {
description = "List of maps specifying `read_write_type`, `include_management_events`, `type`, and `values`. See https://www.terraform.io/docs/providers/aws/r/cloudtrail.html for more information regarding the map vales"
type = list(any)
default = []
}
variable "advanced_event_selectors" {
description = "Specifies an advanced event selector for enabling data event logging. Contains an options name for the selector and a list of maps specifying field_selectors. See https://www.terraform.io/docs/providers/aws/r/cloudtrail.html for more information regarding the field selectors"
type = list(any)
default = []
}
variable "tags" {
description = "A map of tags to add to the cloudtrail resource"
type = map(string)
default = {}
}