-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathvariables.tf
More file actions
175 lines (147 loc) · 5.78 KB
/
variables.tf
File metadata and controls
175 lines (147 loc) · 5.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
# -----------------------------------------------------------------------------
# Variables: Common AWS Provider - Autoloaded from Terragrunt
# -----------------------------------------------------------------------------
variable "aws_region" {
description = "The AWS region (e.g. ap-southeast-2). Autoloaded from region.tfvars."
type = string
default = ""
}
variable "aws_account_id" {
description = "The AWS account id of the provider being deployed to (e.g. 12345678). Autoloaded from account.tfvars"
type = string
default = ""
}
variable "aws_assume_role_arn" {
description = "(Optional) - ARN of the IAM role when optionally connecting to AWS via assumed role. Autoloaded from account.tfvars."
type = string
default = ""
}
variable "aws_assume_role_session_name" {
description = "(Optional) - The session name to use when making the AssumeRole call."
type = string
default = ""
}
variable "aws_assume_role_external_id" {
description = "(Optional) - The external ID to use when making the AssumeRole call."
type = string
default = ""
}
variable "availability_zones" {
description = "(Required) - The AWS avaialbility zones (e.g. ap-southeast-2a/b/c). Autoloaded from region.tfvars."
type = list(string)
}
# -----------------------------------------------------------------------------
# Variables: TF-MOD-AWS-MYSQL-SECRET-ROTATION
# -----------------------------------------------------------------------------
variable "enabled" {
description = "(Optional) - A Switch that decides whether to create a terraform resource or run a provisioner. Default is true"
type = bool
default = true
}
variable "filename" {
type = string
description = "(Optional) - The path to the function's deployment package within the local filesystem. If defined, The s3_-prefixed options cannot be used."
default = ""
}
// vpc_config requires the following:
variable "subnet_ids" {
description = "(Required) - A list of subnet IDs associated with the Lambda function."
type = list(string)
default = []
}
variable "security_group_ids" {
type = list(string)
default = []
description = "(Optional) - List of Security Group IDs that are allowed ingress to the Lambda function"
}
variable "deletion_window_in_days" {
default = 10
description = "(Optional) - Duration in days after which the key is deleted after destruction of the resource"
}
variable "description" {
type = string
default = "Parameter Store KMS master key"
description = "(Optional) - The description of the key as viewed in AWS console"
}
variable "alias" {
type = string
default = "alias/secrets"
description = "(Optional) - The display name of the alias. The name must start with the word `alias` followed by a forward slash"
}
variable "policy" {
type = string
default = ""
description = "(Optional) - A valid KMS policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy."
}
variable "secret_config" {
description = "(Optional) A list of objects that contain RDS information including `username`, `password`, `port`, `hostname`, and 'arn' to create lambda rotation"
type = object({
engine = string
host = string
username = string
password = string
dbname = string
port = string
dbInstanceIdentifier = string
})
default = {
engine = "mysql"
host = ""
username = "root"
password = ""
dbname = ""
dbInstanceIdentifier = ""
port = "3306"
}
}
variable "secretsmanager_vpc_endpoint" {
description = "(Optional) The VPC endpoint configured for the AWS Secrets Manager service for private access from within the VPC"
default = ""
type = string
}
variable "automatically_after_days" {
default = 30
description = "(Required) Specifies the number of days between automatic scheduled rotations of the secret"
}
variable "recovery_window_in_days" {
default = 0
description = "(Optional) Specifies the number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30."
}
variable "enable_key_rotation" {
type = bool
default = true
description = "(Optional) - Specifies whether key rotation is enabled"
}
# -----------------------------------------------------------------------------
# Variables: TF-MOD-LABEL
# -----------------------------------------------------------------------------
variable "namespace" {
type = string
default = ""
description = "(Optional) - Namespace, which could be your abbreviated product team, e.g. 'rci', 'mi', 'hp', or 'core'"
}
variable "environment" {
type = string
default = ""
description = "(Optional) - Environment, e.g. 'dev', 'qa', 'staging', 'prod'"
}
variable "name" {
type = string
default = ""
description = "(Optional) - Solution name, e.g. 'vault', 'consul', 'keycloak', 'k8s', or 'baseline'"
}
variable "delimiter" {
type = string
default = "-"
description = "(Optional) - Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`"
}
variable "attributes" {
type = list(string)
default = []
description = "(Optional) - Additional attributes (e.g. `1`)"
}
variable "tags" {
type = map(string)
default = {}
description = "(Optional) - Additional tags"
}