-
Notifications
You must be signed in to change notification settings - Fork 12
/
variables.tf
183 lines (152 loc) · 4.57 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
# region
variable "aws_region" {
description = "The AWS region to deploy into (e.g. us-east-1)."
default = "eu-central-1"
}
# account alias
variable "create_account_alias" {
description = "Defines if an account alias should be created."
default = true
}
variable "account_alias" {
description = "The alias for the account, which can be used instead of the account ID when logging in."
default = "not_set"
}
# account password policy
variable "create_account_password_policy" {
description = "Defines if an account password policy should be created"
default = true
}
# password policy
variable "password_min_length" {
description = "The minimal length of passwords."
default = 10
}
variable "password_reuse_prevention" {
description = "Prevent reuse of the given amount of passwords."
default = 10
}
variable "password_hard_expiry" {
description = "Requires administrative reset of the user after expiring."
default = false
}
variable "password_max_age" {
description = "The maximum age before a password will expire."
default = 0
}
# cloud trail
variable "create_cloudtrail" {
description = "Defines if cloud trail should be created"
default = true
}
variable "create_cloudtrail_bucket" {
description = "Defines if the bucket should be created."
default = true
}
variable "cloudtrail_name" {
description = "Name of the cloudtrail trail."
default = "Default"
}
variable "cloudtrail_bucketname" {
description = "Name of the cloudtrail bucket. Will defaults to <account-id>-logs."
default = ""
}
variable "trail_bucket_default_encryption" {
description = "Defines if the Bucket is encrypted, defaults to AES256"
default = "AES256"
}
variable "trail_bucket_default_encryption_key" {
description = "Defines if the KMS encryption key, used if trail_bucket_default_encryption is set to aws:kms"
default = ""
}
# tags
variable "tags" {
description = "A map of tags to add to all resources"
default = {}
type = map(string)
}
variable "tag_name" {
description = "Name of the 'name' tag that is added to, for example, the S3 resources"
default = "Name"
}
# iam policies
variable "create_ec2_limit_policy_name" {
description = "Name of the IAM_Policy for EC2 Limit"
default = "AmazonEC2LimitInstanceCreation"
}
variable "create_ec2_limit_policy" {
description = "Activate (1) or deactivate (0) this policy"
default = "0"
}
variable "create_ec2_limit_policy_type" {
description = "Type of EC2 Instances, for example, xlarge; wildcards can be used"
default = "*xlarge"
}
variable "create_rds_limit_policy_name" {
description = "Name of the IAM_Policy for RDS Limit"
default = "AmazonRDSLimitInstanceCreation"
}
variable "create_rds_limit_policy" {
description = "Activate (1) or deactivate (0) this policy"
default = "0"
}
variable "create_rds_limit_policy_type" {
description = "Type of RDS Instances, for example, xlarge; wildcards can be used"
default = "*xlarge"
}
variable "create_reserved_instances_limit_policy_name" {
description = "Name of the IAM_Policy for Reserved Instances Limit"
default = "AmazonRILimitInstanceCreation"
}
variable "create_reserved_instances_limit_policy" {
description = "Activate (1) or deactivate (0) this policy"
default = "0"
}
variable "create_marketplace_disable_policy_name" {
description = "Disables Access to marketplace software"
default = "deny_marketplace"
}
variable "create_marketplace_disable_policy" {
description = "Activate (1) or deactivate (0) this policy"
default = "0"
}
# guardduty detector
variable "create_guardduty_detector" {
description = "Defines if guardduty detectory should be created."
default = false
}
variable "enable_guardduty_detector" {
description = "Enable/disable guardduty detector"
default = true
}
# ec2 key pair
variable "create_key_pair" {
description = "Defines if key pair should be created."
default = false
}
variable "key_name" {
description = "The name of the public key"
default = "default_key"
}
variable "public_key" {
description = "The public key value"
default = null
}
# kms keys
variable "create_kms_keys" {
description = "Defines if kms key(s) should be created."
default = false
}
variable "kms_keys" {
description = "List of kms key objects"
type = list(object({
alias_name = string
description = string
deletion_window_in_days = number
is_enabled = bool
enable_key_rotation = bool
#policy =
#tags =
}))
default = null
}