You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| <aname="input_additional_tag_map"></a> [additional\_tag\_map](#input\_additional\_tag\_map)| Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. |`map(string)`|`{}`| no |
118
-
| <aname="input_ami"></a> [ami](#input\_ami)| The AMI to use for the SSM Agent EC2 Instance. If not provided, the latest Amazon Linux 2 AMI will be used. Note: This will update periodically as AWS releases updates to their AL2 AMI. Pin to a specific AMI if you would like to avoid these updates. |`string`|`""`| no |
119
-
| <aname="input_attributes"></a> [attributes](#input\_attributes)| Additional attributes (e.g. `1`) |`list(string)`|`[]`| no |
120
-
| <aname="input_cloudwatch_retention_in_days"></a> [cloudwatch\_retention\_in\_days](#input\_cloudwatch\_retention\_in\_days)| The number of days to retain session logs in CloudWatch. This is only relevant if the session\_logging\_enabled variable is `true`. |`number`|`365`| no |
121
-
| <a name="input_context"></a> [context](#input\_context) | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. | <pre>object({<br> enabled = bool<br> namespace = string<br> environment = string<br> stage = string<br> name = string<br> delimiter = string<br> attributes = list(string)<br> tags = map(string)<br> additional_tag_map = map(string)<br> regex_replace_chars = string<br> label_order = list(string)<br> id_length_limit = number<br> })</pre> | <pre>{<br> "additional_tag_map": {},<br> "attributes": [],<br> "delimiter": null,<br> "enabled": true,<br> "environment": null,<br> "id_length_limit": null,<br> "label_order": [],<br> "name": null,<br> "namespace": null,<br> "regex_replace_chars": null,<br> "stage": null,<br> "tags": {}<br>}</pre> | no |
122
-
| <aname="input_create_run_shell_document"></a> [create\_run\_shell\_document](#input\_create\_run\_shell\_document)| Whether or not to create the SSM-SessionManagerRunShell SSM Document. |`bool`|`true`| no |
123
-
| <aname="input_delimiter"></a> [delimiter](#input\_delimiter)| Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.<br>Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. |`string`|`null`| no |
124
-
| <aname="input_enabled"></a> [enabled](#input\_enabled)| Set to false to prevent the module from creating any resources |`bool`|`null`| no |
125
-
| <aname="input_environment"></a> [environment](#input\_environment)| Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' |`string`|`null`| no |
126
-
| <aname="input_id_length_limit"></a> [id\_length\_limit](#input\_id\_length\_limit)| Limit `id` to this many characters.<br>Set to `0` for unlimited length.<br>Set to `null` for default, which is `0`.<br>Does not affect `id_full`. |`number`|`null`| no |
127
-
| <aname="input_instance_count"></a> [instance\_count](#input\_instance\_count)| The number of SSM Agent instances you would like to deploy. |`number`|`1`| no |
128
-
| <aname="input_instance_type"></a> [instance\_type](#input\_instance\_type)| The instance type to use for the SSM Agent EC2 Instnace. |`string`|`"t3.nano"`| no |
129
-
| <aname="input_key_pair_name"></a> [key\_pair\_name](#input\_key\_pair\_name)| The name of the key-pair to associate with the SSM Agent instances. This can be (and probably should) left empty unless you specifically plan to use `AWS-StartSSHSession`. |`string`|`null`| no |
130
-
| <aname="input_label_order"></a> [label\_order](#input\_label\_order)| The naming order of the id output and Name tag.<br>Defaults to ["namespace", "environment", "stage", "name", "attributes"].<br>You can omit any of the 5 elements, but at least one must be present. |`list(string)`|`null`| no |
131
-
| <aname="input_name"></a> [name](#input\_name)| Solution name, e.g. 'app' or 'jenkins' |`string`|`null`| no |
132
-
| <aname="input_namespace"></a> [namespace](#input\_namespace)| Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' |`string`|`null`| no |
133
-
| <aname="input_permissions_boundary"></a> [permissions\_boundary](#input\_permissions\_boundary)| The ARN of the permissions boundary that will be applied to the SSM Agent role. |`string`|`""`| no |
134
-
| <aname="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars)| Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. |`string`|`null`| no |
135
-
| <aname="input_region"></a> [region](#input\_region)| The region to deploy the S3 bucket for session logs. If not supplied, the module will use the current region. |`string`|`""`| no |
136
-
| <aname="input_additional_security_group_ids"></a> [additional\_security\_group\_ids](#input\_additional\_security\_group\_ids)| Additional security groups to attach to SSM agents |`list(string)`|`[]`| no|
137
-
| <aname="input_session_logging_bucket_name"></a> [session\_logging\_bucket\_name](#input\_session\_logging\_bucket\_name)| The name of the S3 Bucket to ship session logs to. This will remove creation of an independent session logging bucket. This is only relevant if the session\_logging\_enabled variable is `true`. |`string`|`""`| no |
138
-
| <aname="input_session_logging_enabled"></a> [session\_logging\_enabled](#input\_session\_logging\_enabled)| To enable CloudWatch and S3 session logging or not. Note this does not apply to SSH sessions as AWS cannot log those sessions. |`bool`|`true`| no |
115
+
| Name | Description | Type | Default | Required |
| <aname="input_additional_tag_map"></a> [additional\_tag\_map](#input\_additional\_tag\_map)| Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. |`map(string)`|`{}`| no |
118
+
| <aname="input_ami"></a> [ami](#input\_ami)| The AMI to use for the SSM Agent EC2 Instance. If not provided, the latest Amazon Linux 2 AMI will be used. Note: This will update periodically as AWS releases updates to their AL2 AMI. Pin to a specific AMI if you would like to avoid these updates. |`string`|`""`| no |
119
+
| <aname="input_attributes"></a> [attributes](#input\_attributes)| Additional attributes (e.g. `1`) |`list(string)`|`[]`| no |
120
+
| <aname="input_cloudwatch_retention_in_days"></a> [cloudwatch\_retention\_in\_days](#input\_cloudwatch\_retention\_in\_days)| The number of days to retain session logs in CloudWatch. This is only relevant if the session\_logging\_enabled variable is `true`. |`number`|`365`| no |
121
+
| <a name="input_context"></a> [context](#input\_context) | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. | <pre>object({<br> enabled = bool<br> namespace = string<br> environment = string<br> stage = string<br> name = string<br> delimiter = string<br> attributes = list(string)<br> tags = map(string)<br> additional_tag_map = map(string)<br> regex_replace_chars = string<br> label_order = list(string)<br> id_length_limit = number<br> })</pre> | <pre>{<br> "additional_tag_map": {},<br> "attributes": [],<br> "delimiter": null,<br> "enabled": true,<br> "environment": null,<br> "id_length_limit": null,<br> "label_order": [],<br> "name": null,<br> "namespace": null,<br> "regex_replace_chars": null,<br> "stage": null,<br> "tags": {}<br>}</pre> | no |
122
+
| <aname="input_create_run_shell_document"></a> [create\_run\_shell\_document](#input\_create\_run\_shell\_document)| Whether or not to create the SSM-SessionManagerRunShell SSM Document. |`bool`|`true`| no |
123
+
| <aname="input_delimiter"></a> [delimiter](#input\_delimiter)| Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.<br>Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. |`string`|`null`| no |
124
+
| <aname="input_enabled"></a> [enabled](#input\_enabled)| Set to false to prevent the module from creating any resources |`bool`|`null`| no |
125
+
| <aname="input_environment"></a> [environment](#input\_environment)| Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' |`string`|`null`| no |
126
+
| <aname="input_id_length_limit"></a> [id\_length\_limit](#input\_id\_length\_limit)| Limit `id` to this many characters.<br>Set to `0` for unlimited length.<br>Set to `null` for default, which is `0`.<br>Does not affect `id_full`. |`number`|`null`| no |
127
+
| <aname="input_instance_count"></a> [instance\_count](#input\_instance\_count)| The number of SSM Agent instances you would like to deploy. |`number`|`1`| no |
128
+
| <aname="input_instance_type"></a> [instance\_type](#input\_instance\_type)| The instance type to use for the SSM Agent EC2 Instnace. |`string`|`"t3.nano"`| no |
129
+
| <aname="input_key_pair_name"></a> [key\_pair\_name](#input\_key\_pair\_name)| The name of the key-pair to associate with the SSM Agent instances. This can be (and probably should) left empty unless you specifically plan to use `AWS-StartSSHSession`. |`string`|`null`| no |
130
+
| <aname="input_label_order"></a> [label\_order](#input\_label\_order)| The naming order of the id output and Name tag.<br>Defaults to ["namespace", "environment", "stage", "name", "attributes"].<br>You can omit any of the 5 elements, but at least one must be present. |`list(string)`|`null`| no |
131
+
| <aname="input_name"></a> [name](#input\_name)| Solution name, e.g. 'app' or 'jenkins' |`string`|`null`| no |
132
+
| <aname="input_namespace"></a> [namespace](#input\_namespace)| Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' |`string`|`null`| no |
133
+
| <aname="input_permissions_boundary"></a> [permissions\_boundary](#input\_permissions\_boundary)| The ARN of the permissions boundary that will be applied to the SSM Agent role. |`string`|`""`| no |
134
+
| <aname="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars)| Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. |`string`|`null`| no |
135
+
| <aname="input_region"></a> [region](#input\_region)| The region to deploy the S3 bucket for session logs. If not supplied, the module will use the current region. |`string`|`""`| no |
136
+
| <aname="input_additional_security_group_ids"></a> [additional\_security\_group\_ids](#input\_additional\_security\_group\_ids)| Additional security groups to attach to SSM agents |`list(string)`|`[]`| no|
137
+
| <aname="input_session_logging_bucket_name"></a> [session\_logging\_bucket\_name](#input\_session\_logging\_bucket\_name)| The name of the S3 Bucket to ship session logs to. This will remove creation of an independent session logging bucket. This is only relevant if the session\_logging\_enabled variable is `true`. |`string`|`""`| no |
138
+
| <aname="input_session_logging_enabled"></a> [session\_logging\_enabled](#input\_session\_logging\_enabled)| To enable CloudWatch and S3 session logging or not. Note this does not apply to SSH sessions as AWS cannot log those sessions. |`bool`|`true`| no |
139
139
| <aname="input_session_logging_encryption_enabled"></a> [session\_logging\_encryption\_enabled](#input\_session\_logging\_encryption\_enabled)| To enable CloudWatch and S3 session logging encryption or not. |`bool`|`true`| no |
140
-
| <aname="input_session_logging_kms_key_alias"></a> [session\_logging\_kms\_key\_alias](#input\_session\_logging\_kms\_key\_alias)| Alias name for `session_logging` KMS Key. This is only applied if 2 conditions are met: (1) `session_logging_kms_key_arn` is unset, (2) `session_logging_encryption_enabled` = true. |`string`|`"alias/session_logging"`| no |
141
-
| <aname="input_session_logging_kms_key_arn"></a> [session\_logging\_kms\_key\_arn](#input\_session\_logging\_kms\_key\_arn)| BYO KMS Key instead of using the created KMS Key. The session\_logging\_encryption\_enabled variable must still be `true` for this to be applied. |`string`|`""`| no |
142
-
| <aname="input_stage"></a> [stage](#input\_stage)| Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' |`string`|`null`| no |
143
-
| <aname="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids)| The Subnet IDs which the SSM Agent will run in. These *should* be private subnets. |`list(string)`| n/a | yes |
144
-
| <aname="input_tags"></a> [tags](#input\_tags)| Additional tags (e.g. `map('BusinessUnit','XYZ')`|`map(string)`|`{}`| no |
145
-
| <aname="input_user_data"></a> [user\_data](#input\_user\_data)| The user\_data to use for the SSM Agent EC2 instance. You can use this to automate installation of psql or other required command line tools. |`string`|`"#!/bin/bash\n# NOTE: Since we're using a latest Amazon Linux AMI, we shouldn't need this,\n# but we'll update it to be sure.\ncd /tmp\nsudo yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpmnsudo systemctl enable amazon-ssm-agent\nsudo systemctl start amazon-ssm-agent\n"`| no |
146
-
| <aname="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id)| The ID of the VPC which the EC2 Instance will run in. |`string`| n/a | yes |
140
+
| <aname="input_session_logging_kms_key_alias"></a> [session\_logging\_kms\_key\_alias](#input\_session\_logging\_kms\_key\_alias)| Alias name for `session_logging` KMS Key. This is only applied if 2 conditions are met: (1) `session_logging_kms_key_arn` is unset, (2) `session_logging_encryption_enabled` = true. |`string`|`"alias/session_logging"`| no |
141
+
| <aname="input_session_logging_kms_key_arn"></a> [session\_logging\_kms\_key\_arn](#input\_session\_logging\_kms\_key\_arn)| BYO KMS Key instead of using the created KMS Key. The session\_logging\_encryption\_enabled variable must still be `true` for this to be applied. |`string`|`""`| no |
142
+
| <aname="input_session_logging_ssm_document_name"></a> [session\_logging\_ssm\_document\_name](#input\_session\_logging\_ssm\_document\_name)| Name for `session_logging` SSM document. This is only applied if 2 conditions are met: (1) `session_logging_enabled` = true, (2) `create_run_shell_document` = true. |`string`|`"SSM-SessionManagerRunShell"`| no |
143
+
| <aname="input_stage"></a> [stage](#input\_stage)| Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' |`string`|`null`| no |
144
+
| <aname="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids)| The Subnet IDs which the SSM Agent will run in. These *should* be private subnets. |`list(string)`| n/a | yes |
145
+
| <aname="input_tags"></a> [tags](#input\_tags)| Additional tags (e.g. `map('BusinessUnit','XYZ')`|`map(string)`|`{}`| no |
146
+
| <aname="input_user_data"></a> [user\_data](#input\_user\_data)| The user\_data to use for the SSM Agent EC2 instance. You can use this to automate installation of psql or other required command line tools. |`string`|`"#!/bin/bash\n# NOTE: Since we're using a latest Amazon Linux AMI, we shouldn't need this,\n# but we'll update it to be sure.\ncd /tmp\nsudo yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpmnsudo systemctl enable amazon-ssm-agent\nsudo systemctl start amazon-ssm-agent\n"`| no |
147
+
| <aname="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id)| The ID of the VPC which the EC2 Instance will run in. |`string`| n/a | yes |
description="Whether or not to create the SSM-SessionManagerRunShell SSM Document."
116
116
}
117
+
118
+
variable"session_logging_ssm_document_name" {
119
+
default="SSM-SessionManagerRunShell"
120
+
type=string
121
+
description="Name for `session_logging` SSM document. This is only applied if 2 conditions are met: (1) `session_logging_enabled` = true, (2) `create_run_shell_document` = true."
0 commit comments